background image

-12-

v7.0

Confidentiality (privacy)

 

CBC mode:

 Each 16-byte block of plaintext is XORed with the previous ciphertext block before being encrypted. This 

way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an 

initialization vector

 must be used in the first block. This initialization vector size is 16 bytes, so is the same size as the data 

block size. Notice that this mode is not supported by Meshlium.

Figure : ECB mode encryption

A block cipher works on fixed size blocks, but messages come in a variety of lengths. So some modes of operation require that 

the final block be padded before encryption. Several padding schemes exist, but this library provide two padding schemes:

 

ZEROS

: this method adds 0s until the last block size is completed. Notice that this mode is the only one supported by 

Meshlium.

 

PKCS5

: this method adds the input at the trailing end with k - (l mod k) octets all having value k - (l mod k), where l is the 

length of the input. Notice that this mode is not supported by Meshlium.

AES Algorithm

Key Size

Data Block Size

AES-128

128 bits

16 bytes

AES-192

192 bits

16 bytes

AES-256

256 bits

16 bytes

Содержание Waspmote v15 and Plug & Sense

Страница 1: ...Waspmote Encryption Libraries Programming guide ...

Страница 2: ...0 3 1 1 Waspmote RSA Files 10 3 1 2 Constructor 10 3 1 3 Pre Defined Constants 10 3 2 Encrypting Message 10 4 Confidentiality privacy 11 4 1 Waspmote Libraries 13 4 1 1 Waspmote AES Files 13 4 1 2 Constructor 13 4 1 3 Pre Defined Constants 13 4 2 Calculating the encrypted message length 13 4 3 AES Encryption 13 4 4 Printing Message 14 5 Secure Communication Scheme 15 6 Key Management on Meshlium 1...

Страница 3: ... the intermediate nodes of the network the ones which forward the information to the destination will not be able to see the sensor data transmitted Messages are sent using AES implemented by the software library ensuring complete confidentiality and privacy while maintaining the minimum resources of the node in term of computing cycles and energy consumption Secure Web Server Connection The third...

Страница 4: ... 4 v7 0 Introduction Figure Waspmote frame on OSI stack for communication via 802 15 4 Figure Waspmote frame structure for communication via 802 15 4 ...

Страница 5: ...twork can see the general routing packets AES 128 in the link layer and after that we establish an encryption tunnel by direct P2P encryption between origin and destination using AES Data Integrity the new library uses hash algorithms such as MD5 and SHA to create the checksum of the message and to ensure that the final information received correspond with the original sent Non repudiation by sign...

Страница 6: ... algorithms differ most significantly in the number of bits for the message digest length Each SHA algorithm processes a message in two stages preprocessing and hash computation Preprocessing involves padding a message parsing the padded message into 512 bit or 1024 bit blocks and setting initialization values to be used in the hash computation The hash computation generates a message schedule fro...

Страница 7: ...12 2 1 32 The next code shows how to calculate the message digest with HASH md5 The inputs expected are the pointer to the buffer where the output is stored the input message pointer and the length of the input message char message Libelium HASH md5 hash_message_md5 uint8_t message strlen message 8 2 2 2 Calculating SHA hash The features that must be met in order to calculate the SHA algorithm are...

Страница 8: ...ssage strlen message 8 char message Libelium HASH sha SHA384 hash_message uint8_t message strlen message 8 2 3 Printing Message Using the hash function HASH printMessageDigest the message digest is written via USB port Write message digest by USB port HASH printMessageDigest SHA 1 hash_message 20 HASH printMessageDigest MD5 hash_message 16 Example of use may be found in http www libelium com devel...

Страница 9: ...ys Its length usually expressed in bits is the key length 3 Compute φ n p 1 q 1 4 Choose a public exponent e such that 1 e φ n which is coprime to φ n The number e is released as the public key exponent 5 Compute a private exponent d that satisfies the congruence ed 1 mod φ n The number d is kept as the private key exponent 6 The public key consists of the modulus n and the public exponent e The p...

Страница 10: ...2 Constructor To start using Waspmote RSA library an object from class WaspRSA must be created This object called RSA is created inside the Waspmote RSA library and it is public to all libraries It is used through the guide to show how the Waspmote RSA library works When creating this constructor no variables are initialized by default 3 1 3 Pre Defined Constants There are some constants defined i...

Страница 11: ...orithm to be very fast It has the advantage of occupying very little memory and consequently makes it very suitable for low memory capacity devices AES is able to encrypt and decrypt a block of data using an AES key The key and the block of data have a fixed length The length of the block of data is always 128 bit 16 bytes while the key size can be 128 bit key size 16 bytes 192 bit key size 24 byt...

Страница 12: ...tion A block cipher works on fixed size blocks but messages come in a variety of lengths So some modes of operation require that the final block be padded before encryption Several padding schemes exist but this library provide two padding schemes ZEROS this method adds 0s until the last block size is completed Notice that this mode is the only one supported by Meshlium PKCS5 this method adds the ...

Страница 13: ...t messages 4 2 Calculating the encrypted message length Before using an encryption function the length of the encrypted message is needed in order to create the proper memory buffers As the data block size is 16 bytes the final length is multiple of 16 The next code shows how to calculate the length of the ciphertext in bytes The function AES sizeOfBlocks returns the total length of the 16 byte da...

Страница 14: ...ting Message Some functions have been created to write encrypted message to the USB port Writes the encrypted message to the USB port on Matrix format AES printMatrix encrypted_message length Example of use may be found in http www libelium com development waspmote examples aes 01 aes128 ecb pkcs http www libelium com development waspmote examples aes 02 aes192 ecb pkcs http www libelium com devel...

Страница 15: ...56 bits The following diagram shows how the communication scheme works Figure Communication scheme Theuserhasthreedifferentpossibilities AES 128 AES 192andAES 256 Regardingthecipherblockmode onlyECBissupported to communicate to Meshlium Besides zeros padding is the only choice permitted The process of how to encrypt a previously created frame is as follows 1 Create a new Frame ASCII or BINARY 2 Ge...

Страница 16: ...nly XBee Waspmote settings Encryption in this layer is provided through the AES 128b algorithm Specifically through the type AES CTR Only XBee modules support encryption in the link layer Encryption is done inside the XBees in a transparent way for the user The XBees take care of everything the sender XBee gets the not encrypted data to send cyphers it and transmits the secret message On the other...

Страница 17: ...ete list PAN ID Personal Arena Network ID Channel frequency channel used Network Address 4 hex digits 16 bit address only for 802 15 4 Node ID maximum 20 characters Power level 0 4 by default 4 Encrypted mode true false by default false Encryption Key 16 characters MAC 64b hardware address It is a read only value divided in two parts MAC high 32 bit hex field MAC low 32 bit hex field The parameter...

Страница 18: ...n section Figure Key Management For each Waspmote a new specific AES key must be specified Thus Waspmotes keys are added to a encryption Key file In this interface the user must specify both node ID and Waspmote AES secret key 128 192 or 256 bits for each Waspmote On the other hand in Waspmote codes the node ID is specified when frame setID function is called After defining the above fields it is ...

Страница 19: ...ry to recognize the frames sent each Waspmote to Meshlium Figure Waspmote to Meshlium with AES 256 When an encrypted frame arrives to Meshlium the sensorParser will consult the encryptionKey file for the AES secret key and use the AES algorithm to decrypt the message ...

Страница 20: ...hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU General Public License along with this program If not see http www gnu org licenses Version 0 4 Design David Gascón Implementation Alvaro Gonzalez Yuri Carmona inc...

Страница 21: ... message encrypted_length AES sizeOfBlocks message 1 2 Calculate encrypted message with ECB cipher mode and PKCS5 padding AES encrypt AES_128 password message encrypted_message ECB PKCS5 1 3 Printing encrypted message USB print F AES Encrypted message AES printMessage encrypted_message encrypted_length 1 4 Printing encrypted message s length USB print F AES Encrypted length USB println int encrypt...

Страница 22: ... 22 v7 0 API changelog 8 API changelog Keep track of the software changes on this link www libelium com development waspmote documentation changelog Encryption ...

Страница 23: ...tifications See below the specific list of regulations passed More info at www libelium com products plug sense Besides Meshlium our multiprotocol router for the IoT is also certified with the certifications below Get more info at www libelium com products meshlium List of certifications for Plug Sense and Meshlium CE Europe FCC US IC Canada ANATEL Brazil RCM Australia PTCRB cellular certification...

Отзывы: