background image

-6-

v7.0

Integrity

2. Integrity

The data integrity security ensures the correctness or accuracy of data. The data is protected against unauthorized modification, 

deletion, creation, and replication and provides an indication of these unauthorized. Integrity implies that the data is an exact 

copy of some original version.

Data integrity is provided by hash functions like Message Digest Algorithm (MD5) or Secure Hash Algorithm (SHA). The following 

methods are provided by the Encryption libraries:

 •

MD5

 algorithm takes as input a message of arbitrary length and produces as output a 128-bit “fingerprint” or “message 

digest” of the input message. MD5 is currently a standard, Internet Engineering Task Force (IETF) Request for Comments 

(RFC) 1321. In comparison, MD5 is not quite as fast as the MD4 algorithm, but offers much more assurance of data secu-

rity.

 •

SHA

 is considered to be the successor to MD5. The Federal Information Processing Standard (FIPS 180-2) specifies four 

secure hash algorithms:  SHA-1, SHA-256, SHA-384, and SHA-512. All algorithms are iterative, one-way hash functions 

that can process a message with a maximum length of 2

64

 bits to 2

128

 bits to produce a 160 to 512-bit condensed repre-

sentation called a message digest. The input message is processed in 512-bit to 1024-bit blocks. The four algorithms 

differ most significantly in the number of bits for the message digest length. Each SHA algorithm processes a message 

in two stages: preprocessing and hash computation. Preprocessing involves padding a message, parsing the padded 

message into 512-bit or 1024-bit blocks, and setting initialization values to be used in the hash computation. The hash 

computation generates a message schedule from the padded message and uses that schedule, along with functions, 

constants, and word operations to iteratively generate a series of hash values. The final hash value generated by the hash 

computation is used to determine the message digest.

2.1. Waspmote Libraries 

2.1.1. Waspmote Hash Files 

WaspHash.h is the header file of the class, and WaspHash.cpp is the class where the functions and variables are implemented.

It is mandatory to include the Hash library when using it. The following line must be introduced at the beginning of the code:

 #include <WaspHash.h>

2.1.2. Constructor 

To start using Waspmote Hash library, an object from class ‘WaspHash’ must be created. This object, called ‘

HASH

’, is created 

inside the Waspmote Hash library and it is public to all libraries. It is used through the guide to show how the Waspmote Hash 

library works. 

When creating this constructor, no variables are initialized by default.

2.1.3. Pre-Defined Constants

There are some constants defined in ‘WaspHash.h’ related with the different encryption and padding modes that can be used 

to encrypt and decrypt messages.

Summary of Contents for Waspmote v15 and Plug & Sense

Page 1: ...Waspmote Encryption Libraries Programming guide ...

Page 2: ...0 3 1 1 Waspmote RSA Files 10 3 1 2 Constructor 10 3 1 3 Pre Defined Constants 10 3 2 Encrypting Message 10 4 Confidentiality privacy 11 4 1 Waspmote Libraries 13 4 1 1 Waspmote AES Files 13 4 1 2 Constructor 13 4 1 3 Pre Defined Constants 13 4 2 Calculating the encrypted message length 13 4 3 AES Encryption 13 4 4 Printing Message 14 5 Secure Communication Scheme 15 6 Key Management on Meshlium 1...

Page 3: ... the intermediate nodes of the network the ones which forward the information to the destination will not be able to see the sensor data transmitted Messages are sent using AES implemented by the software library ensuring complete confidentiality and privacy while maintaining the minimum resources of the node in term of computing cycles and energy consumption Secure Web Server Connection The third...

Page 4: ... 4 v7 0 Introduction Figure Waspmote frame on OSI stack for communication via 802 15 4 Figure Waspmote frame structure for communication via 802 15 4 ...

Page 5: ...twork can see the general routing packets AES 128 in the link layer and after that we establish an encryption tunnel by direct P2P encryption between origin and destination using AES Data Integrity the new library uses hash algorithms such as MD5 and SHA to create the checksum of the message and to ensure that the final information received correspond with the original sent Non repudiation by sign...

Page 6: ... algorithms differ most significantly in the number of bits for the message digest length Each SHA algorithm processes a message in two stages preprocessing and hash computation Preprocessing involves padding a message parsing the padded message into 512 bit or 1024 bit blocks and setting initialization values to be used in the hash computation The hash computation generates a message schedule fro...

Page 7: ...12 2 1 32 The next code shows how to calculate the message digest with HASH md5 The inputs expected are the pointer to the buffer where the output is stored the input message pointer and the length of the input message char message Libelium HASH md5 hash_message_md5 uint8_t message strlen message 8 2 2 2 Calculating SHA hash The features that must be met in order to calculate the SHA algorithm are...

Page 8: ...ssage strlen message 8 char message Libelium HASH sha SHA384 hash_message uint8_t message strlen message 8 2 3 Printing Message Using the hash function HASH printMessageDigest the message digest is written via USB port Write message digest by USB port HASH printMessageDigest SHA 1 hash_message 20 HASH printMessageDigest MD5 hash_message 16 Example of use may be found in http www libelium com devel...

Page 9: ...ys Its length usually expressed in bits is the key length 3 Compute φ n p 1 q 1 4 Choose a public exponent e such that 1 e φ n which is coprime to φ n The number e is released as the public key exponent 5 Compute a private exponent d that satisfies the congruence ed 1 mod φ n The number d is kept as the private key exponent 6 The public key consists of the modulus n and the public exponent e The p...

Page 10: ...2 Constructor To start using Waspmote RSA library an object from class WaspRSA must be created This object called RSA is created inside the Waspmote RSA library and it is public to all libraries It is used through the guide to show how the Waspmote RSA library works When creating this constructor no variables are initialized by default 3 1 3 Pre Defined Constants There are some constants defined i...

Page 11: ...orithm to be very fast It has the advantage of occupying very little memory and consequently makes it very suitable for low memory capacity devices AES is able to encrypt and decrypt a block of data using an AES key The key and the block of data have a fixed length The length of the block of data is always 128 bit 16 bytes while the key size can be 128 bit key size 16 bytes 192 bit key size 24 byt...

Page 12: ...tion A block cipher works on fixed size blocks but messages come in a variety of lengths So some modes of operation require that the final block be padded before encryption Several padding schemes exist but this library provide two padding schemes ZEROS this method adds 0s until the last block size is completed Notice that this mode is the only one supported by Meshlium PKCS5 this method adds the ...

Page 13: ...t messages 4 2 Calculating the encrypted message length Before using an encryption function the length of the encrypted message is needed in order to create the proper memory buffers As the data block size is 16 bytes the final length is multiple of 16 The next code shows how to calculate the length of the ciphertext in bytes The function AES sizeOfBlocks returns the total length of the 16 byte da...

Page 14: ...ting Message Some functions have been created to write encrypted message to the USB port Writes the encrypted message to the USB port on Matrix format AES printMatrix encrypted_message length Example of use may be found in http www libelium com development waspmote examples aes 01 aes128 ecb pkcs http www libelium com development waspmote examples aes 02 aes192 ecb pkcs http www libelium com devel...

Page 15: ...56 bits The following diagram shows how the communication scheme works Figure Communication scheme Theuserhasthreedifferentpossibilities AES 128 AES 192andAES 256 Regardingthecipherblockmode onlyECBissupported to communicate to Meshlium Besides zeros padding is the only choice permitted The process of how to encrypt a previously created frame is as follows 1 Create a new Frame ASCII or BINARY 2 Ge...

Page 16: ...nly XBee Waspmote settings Encryption in this layer is provided through the AES 128b algorithm Specifically through the type AES CTR Only XBee modules support encryption in the link layer Encryption is done inside the XBees in a transparent way for the user The XBees take care of everything the sender XBee gets the not encrypted data to send cyphers it and transmits the secret message On the other...

Page 17: ...ete list PAN ID Personal Arena Network ID Channel frequency channel used Network Address 4 hex digits 16 bit address only for 802 15 4 Node ID maximum 20 characters Power level 0 4 by default 4 Encrypted mode true false by default false Encryption Key 16 characters MAC 64b hardware address It is a read only value divided in two parts MAC high 32 bit hex field MAC low 32 bit hex field The parameter...

Page 18: ...n section Figure Key Management For each Waspmote a new specific AES key must be specified Thus Waspmotes keys are added to a encryption Key file In this interface the user must specify both node ID and Waspmote AES secret key 128 192 or 256 bits for each Waspmote On the other hand in Waspmote codes the node ID is specified when frame setID function is called After defining the above fields it is ...

Page 19: ...ry to recognize the frames sent each Waspmote to Meshlium Figure Waspmote to Meshlium with AES 256 When an encrypted frame arrives to Meshlium the sensorParser will consult the encryptionKey file for the AES secret key and use the AES algorithm to decrypt the message ...

Page 20: ...hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU General Public License along with this program If not see http www gnu org licenses Version 0 4 Design David Gascón Implementation Alvaro Gonzalez Yuri Carmona inc...

Page 21: ... message encrypted_length AES sizeOfBlocks message 1 2 Calculate encrypted message with ECB cipher mode and PKCS5 padding AES encrypt AES_128 password message encrypted_message ECB PKCS5 1 3 Printing encrypted message USB print F AES Encrypted message AES printMessage encrypted_message encrypted_length 1 4 Printing encrypted message s length USB print F AES Encrypted length USB println int encrypt...

Page 22: ... 22 v7 0 API changelog 8 API changelog Keep track of the software changes on this link www libelium com development waspmote documentation changelog Encryption ...

Page 23: ...tifications See below the specific list of regulations passed More info at www libelium com products plug sense Besides Meshlium our multiprotocol router for the IoT is also certified with the certifications below Get more info at www libelium com products meshlium List of certifications for Plug Sense and Meshlium CE Europe FCC US IC Canada ANATEL Brazil RCM Australia PTCRB cellular certification...

Reviews: