Development website. You can get more information about the generation change on the document “New generation of Libelium product lines”. The new Encryption Libraries are designed to add to the Waspmote sensor platform the capabilities necessary to protect the information gathered by the sensors. To do so three cryptography layers are defined: Link Layer: In the first one all the nodes of the network share a common preshared key which is used to encrypt the •...
Page 4
Introduction Figure : Waspmote frame on OSI stack for communication (via 802.15.4) Figure : Waspmote frame structure for communication (via 802.15.4) v7.0...
Page 5
Waspmote IDE which is distributed under an open source license. Note: The Encryption Libraries are part of the Waspmote API and have been designed to work solely on top of the Waspmote and Waspmote Plug & Sense sensor platforms. More info at: http://www.libelium.com/waspmote http://www.libelium.com/plug_&_sense v7.0...
Integrity 2. Integrity The data integrity security ensures the correctness or accuracy of data. The data is protected against unauthorized modification, deletion, creation, and replication and provides an indication of these unauthorized. Integrity implies that the data is an exact copy of some original version.
. The inputs expected are: the pointer to the buffer HASH.md5() where the output is stored, the input message pointer and the length of the input message. char message[] = “Libelium”; HASH.md5(hash_message_md5, (uint8_t*)message, strlen(message)*8); 2.2.2. Calculating SHA hash The features that must be met in order to calculate the SHA algorithm are:...
. The inputs expected are: the SHA algorithm, the HASH.sha() pointer to the buffer where the output is stored, the input message pointer and the length of the input message. char message[] = “Libelium”; HASH.sha(SHA1, hash_message, (uint8_t*)message, strlen(message)*8); char message[] = “Libelium”;...
Authenticity 3. Authenticity Authenticity is the assurance that a message, transaction, or other exchange of information is from the source it claims to be from. Authenticity involves proof of identity. For ensuring message authenticity, RSA algorithm is used. The RSA cryptosystem is the most widely-used public key cryptography algorithm in the world.
‘e’ and the RSA.encrypt() modulus ‘n’ . Receiver can decrypt the message using the private key. RSA.encrypt( original_message, public_exponent, modulus, encrypted_message, sizeof(encrypted_message)); Note: The maximum input size message must be smaller than the modulus. Example of use: http://www.libelium.com/development/waspmote/examples/rsa-01-encryption -10- v7.0...
Confidentiality (privacy) 4. Confidentiality (privacy) Confidentiality refers to ensure that information is not accessed by unauthorized people. Information is intelligible only to its rightful recipients. Although third parties may be able to read (a copy of ) the message sent, they must not be able to make sense of it.
Page 12
Confidentiality (privacy) CBC mode: Each 16-byte block of plaintext is XORed with the previous ciphertext block before being encrypted. This • way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.
Confidentiality (privacy) 4.1. Waspmote Libraries 4.1.1. Waspmote AES Files WaspAES.h is the header file of the class, and WaspAES.cpp is the class where the functions and variables are implemented. It is mandatory to include the AES library when using it. The following line must be introduced at the beginning of the code: #include <WaspAES.h>...
4.4. Printing Message Some functions have been created to write encrypted message to the USB port. // Writes the encrypted message to the USB port on Matrix format AES.printMatrix(encrypted_message, length); Example of use may be found in: http://www.libelium.com/development/waspmote/examples/aes-01-aes128-ecb-pkcs/ http://www.libelium.com/development/waspmote/examples/aes-02-aes192-ecb-pkcs/ http://www.libelium.com/development/waspmote/examples/aes-03-aes256-ecb-pkcs/ http://www.libelium.com/development/waspmote/examples/aes-04-aes128-cbc-zeros/ http://www.libelium.com/development/waspmote/examples/aes-05-aes256-cbc-zeros/ http://www.libelium.com/development/waspmote/examples/aes-06-aes256-cbc-zeros/...
For more information about how to create encrypted frames go to: Data Frame guide Once the encrypted frame is received by Meshlium, the sensorParser decrypts the frame and stores the sensor fields inside the database automatically. Example of sending encrypted frames to Meshlium via XBee-802.15.4: http://www.libelium.com/development/waspmote/examples/aes-07-encryption-128-cbc-zeros/ -15- v7.0...
These features along with an aluminium IP65 enclosure allows Meshlium to be placed anywhere outdoor.. Figure : Meshlium More info: http://www.libelium.com/meshlium 6.1. Link layer key Management (only XBee) Waspmote settings Encryption in this layer is provided through the AES 128b algorithm. Specifically through the type AES-CTR. Only XBee modules support encryption in the link layer.
Page 17
Key Management on Meshlium Meshlium settings In Meshlium’s Manager System, inside Sensor Network section, users can set the encryption mode to the Meshlium’s XBee module receiver for the link layer. Depending on the kind of XBee model the parameters to be configured may vary. Complete list: •...
Key Management on Meshlium 6.2. Application Layer Key Management (AES libraries) Meshlium is capable to properly receive encrypted data from Waspmote. The coding process is made in the application layer, so it’s Waspmote and Meshlium processors (and not the XBee module) which encrypt and decrypt the messages. The user have to set a key for the encryption in Waspmote and Meshlium.
Page 19
Key Management on Meshlium The AES secret key is necessary to recognize the frames sent each Waspmote to Meshlium. Figure : Waspmote to Meshlium with AES 256 When an encrypted frame arrives to Meshlium, the sensorParser will consult the encryptionKey file for the AES secret key, and use the AES algorithm to decrypt the message.
- 128-bit key size - PKCS Padding - ECB Cipher Mode Copyright (C) 2015 Libelium Comunicaciones Distribuidas S.L. http://www.libelium.com This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.
Page 21
Code examples and extended information USB.println(message); USB.print(F(“Original length:”)); USB.println((int)strlen(message)); USB.println(); void loop() //////////////////////////////////////////////////////////////// // 1. Encrypt message //////////////////////////////////////////////////////////////// USB.println(F(“1. Encrypt message”)); // 1.1. Calculate length in Bytes of the encrypted message encrypted_length = AES.sizeOfBlocks(message); // 1.2. Calculate encrypted message with ECB cipher mode and PKCS5 padding. AES.encrypt( AES_128 , password...
API changelog 8. API changelog Keep track of the software changes on this link: www.libelium.com/development/waspmote/documentation/changelog/#Encryption -22- v7.0...
Certifications 9. Certifications Libelium offers 2 types of IoT sensor platforms, Waspmote OEM and Plug & Sense!: Waspmote OEM is intended to be used for research purposes or as part of a major product so it needs final certification on •...