WSN Wiki

User Tools

Site Tools

You are here: Wireless Sensor Networks » proiecte » Encrypted communication on Sparrow v4
proiecte:encrypted-communication

This is an old revision of the document!

Table of Contents

Encrypted communication on Sparrow v4

Velciu Veronica-Mihaela - AAC

Introduction

Nowadays, security becomes a great concern, as the devices start to process more and more sensitive data, leading to an increased number of attacks. The nodes in an wireless sensors network usually collect environment-related information and then send the data to a gateway, in order to be processed. There might be cases when the collected information leaks sensitive user data, so encrypting the communication would be a good practice is this cases. This project proposes and implements a method of securing the radio communication using symmetric cryptography on Sparrow v4 nodes.

ATmega128RFA1 Security module

The security module (AES) is characterized by:

  • Hardware accelerated encryption and decryption;
  • Compatible with AES-128 standard (128 bit key and data block size);
  • ECB (encryption/decryption) mode and CBC (encryption) mode support;
  • Stand-alone operation, independent of other blocks;
  • Uses 16MHz crystal clock of the transceiver;

Controlling the security block is possible over 5 Registers within AVR I/O space:

  • AES_STATUS - AES status register
  • AES_CTRL - AES control register
  • AES_KEY - Access to 16 Byte key buffer
  • AES_STATE - Access to 16 Byte data buffer

The use of the security module requires a configuration of the security engine before starting a security operation. The following steps are required:

  1. Key Setup - Write encryption or decryption key to KEY buffer (16 consecutive byte writes to AES_KEY)
  2. AES configuration:
    • Select AES mode: ECB or CBC
    • Select encryption or decryption
    • Enable the AES Encryption Ready Interrupt AES_READY, if needed
  3. Write Data - Write plain text or cipher text to DATA buffer (16 consecutive byte writes to AES_STATE)
  4. Start operation - Start AES operation
  5. Wait until AES encryption/decryption is finished: AES_READY IRQ or polling AES_DONE bit (register AES_STATUS)
  6. Read Data - Read cipher text or plain text from DATA buffer (16 consecutive byte reads from AES_STATE)

AES library

In order to make use of the Security module presented in the previous section, I implemented a driver exposed as an Arduino library named AES. The library has the following interface: 

void encryptECB(uint8_t *key, uint8_t *plaintext, uint8_t len, uint8_t *ciphertext);

This function encrypts (using AES in ECB mode) len bytes of the plaintext buffer using the given key and writes the result to the ciphertext buffer. 

void decryptECB(uint8_t *key, uint8_t *ciphertext, uint8_t len, uint8_t *plaintext);

This function decrypts (using AES in ECB mode) len bytes of the ciphertext buffer using the given key and writes the result to the plaintext buffer. 

void encryptCBC(uint8_t *key, uint8_t *iv, uint8_t *plaintext, uint8_t len, uint8_t *ciphertext);

This function encrypts (using AES in CBC mode) len bytes of the plaintext buffer using the given key and writes the result to the ciphertext buffer.

As it can be observed, there is no function for AES in CBC mode decryption. This is due to the lack of support in the ATmega128RFA1 Security Module for this functonality.

Testing the AES library

In order to test the implemented interface, I created 6 tests:

  1. Encryption of a single block using ECB mode:
    • Plain text: 00000000000000000000000000000000
    • Key: 00000000000000000000000000000000
    • Cipher text: 66e94bd4ef8a2c3b884cfa59ca342b2e
  2. Decryption of a single block using ECB mode:
    • Cipher text: 66e94bd4ef8a2c3b884cfa59ca342b2e
    • Key: 00000000000000000000000000000000
    • Plain text: 00000000000000000000000000000000
  3. Encryption of a single block using CBC mode:
    • Plain text: 00000000000000000000000000000000
    • Key: 00000000000000000000000000000000
    • IV: 00000000000000000000000000000000
    • Cipher text: 66e94bd4ef8a2c3b884cfa59ca342b2e
  4. Encryption of two blocks using ECB mode:
    • Plain text: 000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f
    • Key: 000102030405060708090a0b0c0d0e0f
    • Cipher text: 0a940bb5416ef045f1c39458c653ea5a 07feef74e1d5036e900eee118e949293
  5. Decryption of two blocks using ECB mode:
    • Plain text: 0a940bb5416ef045f1c39458c653ea5a 07feef74e1d5036e900eee118e949293
    • Key: 000102030405060708090a0b0c0d0e0f
    • Cipher text: 000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f
  6. Encryption of two blocks using CBC mode:
    • Plain text: 000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f
    • Key: 000102030405060708090a0b0c0d0e0f
    • IV: 66e94bd4ef8a2c3b884cfa59ca342b2e
    • Cipher text: c58522244df6eff9c84cf1f84ec8609a 8de9747eb509687e1337028614be3893

The test vectors were generated using an AES online encryption tool.

Encrypted communication

Results

Resources

proiecte/encrypted-communication.1485125871.txt.gz · Last modified: 2017/01/23 00:57 by veronica.velciu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial 4.0 International
CC Attribution-Noncommercial 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki