IoT Lab 2

In this exercise you will learn how to implement basic crypto operations on constrained resources. We will use the same setup as we did for lab exercise 1. Ubuntu 18.04. (VM) with RIOT-OS and the IoT-Lab. The node is – again – IoT-Lab’s m3-node.

Group members: <Anna Kastlunger, Gaelle Knibbeler, Judyta Krzyzak>

RIOT Documentation Link:
https://riot-os.org/api/index.html

I. IoT-Security WrapUp

Describe the top 5 of the OWASP Top 10 IoT Vulnerabilities thoroughly (in your own words!).

1. Weak Passwords

   • Characteristics:
     • Simple letter combinations - firstnamelastname, companyname
     • Publicly available
     • Hardcoded passwords
     • Guessable - birthday date, pet's names
     • Simple number combinations: 1234, 4321

2. Insecure Network Services

   • Many network services that are running are unnecessary (or not required by the user). These are often insecure and require access to the Internet, which means that unauthorized people can access sensitive data. This often also leads to violations of the CIA principles.

3. Insecure Ecosystem Interfaces

   • You can imagine that a device is surrounded by several services called the ecosystem. It contains of web API's, backend API's, cloud and mobile interfaces to this system. If one of them is insecure, it can lead to lack of authentication / authorization, weak encryption and / or lack of input and output filtering.

4. Lack of Secure Update Mechanism

   • You should be able to securely update your device and its services. A lack of this important feature causes problems like: lack of firmware validation on device, unencrypted transitions which means no secure delivery, lack of anti-rollback mechanisms, and lack of notifications of security changes due to updates.

5. Use of Insecure or Outdated Components

   • There is a reason for updates and new components and it is not always to frustrate the user. Attackers pretty easily find ways to hack services and devices therefore the use of deprecated or insecure software components/libraries leads to insecure customization of operating system platforms, and the use of third-party software or hardware components from a compromised supply chain.

II. Implement basic crypto operations on IoT-Lab’s m3-node

Download the zip files from Moodle:

• lab2_01_shell.zip
• lab2_02_crypto.zip

Move the unzipped directories into your /myRIOT/examples/ directory and follow the steps in

​	https://tinyurl.com/riotoslab2 

1) Warm up: shell exercise

1. Edit the file Makefile: add the shell module to the build

​​​​    USEMODULE += shell

2. Include the header(s) required at the beginning of the main.c file

​​​​    #include "shell.h"

3. In the main function, the shell can be started by adding the following code before return 0:

​​​​    char line_buf[SHELL_DEFAULT_BUFSIZE];
​​​​    shell_run(NULL, line_buf, SHELL_DEFAULT_BUFSIZE);

4. Now test the application on native:

​​​​    make
​​​​    make term

By default, the shell module provides the help command to list available commands. Try it. You should see that there is no available command at this stage.

5. In main.c, add the callback functions for the board and cpu commands, just below the line #include "shell.h:

​​​​       /* board handler */
​​​​            static int _board_handler(int argc, char **argv)
​​​​            {
​​​​                /* These parameters are not used, avoid a warning during build */
​​​​                (void)argc;
​​​​                (void)argv;

​​​​    puts(RIOT_BOARD);

​​​​    return 0;
​​​​    }

​​​​    /* cpu handler */
​​​​    static int _cpu_handler(int argc, char **argv)
​​​​    {
​​​​        /* These parameters are not used, avoid a warning during build */
​​​​        (void)argc;
​​​​        (void)argv;

​​​​    puts(RIOT_CPU);

​​​​    return 0;
​​​​   }

6. Define the command name, the help message and the associated callback function in the list of available shell commands.

This is simply done by adding the following code between the function callbacks and the main function:

​​​​    static const shell_command_t shell_commands[] = {
​​​​        { "board", "Print the board name", _board_handler },
​​​​        { "cpu", "Print the cpu name", _cpu_handler },
​​​​        { NULL, NULL, NULL }
​​​​    };

7. Test your application on native & on the IoT-Lab testbed

If everything works fine create a new experiment at the IoT-Lab, build your application for the m3 node and upload it to your experiment. Run the experiment - interact with the shell to get the command output. Finally, make screenshots for your documentation.

Use the following command to create a connection to grenoble (to be able to create your own programms on RIOT):

​​​​export PATH=$PATH:/home/(your user)/gcc-arm-none-eabi-7-2018-q2-update/bin/

Now you can login to grenoble with ssh

​​​​ssh krzyzak@grenoble.iot-lab.info

On RIOT start new experiment with the m3-node

Working on Anna's machine:

Working on Anna's IoT-Lab:

Working on Judyta's IoT-Lab:

Damit wir den Exportpfad nicht jedes Mal neu eingeben müssen, schreiben wir ihn in ein Bash-Script:
nano .bashrc
export PATH=$PATH:/home/anna/gcc-arm-none-eabi-7-2018-q2-update/bin/
Speichern (Strg+X -> y)

Einspielen der Firmware für das Board mit dem wir im IoT-Lab arbeiten in den aktuellen Arbeitsordner:
cd myRIOT/examples/lab2_01_shell
make BOARD=iotlab-m3 all

2) Crypto Exercise

In this exercise, you will write 2 RIOT shell commands to encrypt and decrypt simple messages. The algorithm will use AES 128 symmetric encryption and more precisely, this exercise will use the CTR cipher mode which is able to encrypt/decrypt messages of arbitrary sizes.

AES encryption is provided by crypto module of RIOT and CTR cipher mode is provided by the cipher_modes module.

Document your steps here with screenshots (IoT-Lab) and thorough explanation. Provide a README for your application (don’t forget: no prosa, etc).

Message encryption/decryption

1. Add required modules to the build

Since the application is about to implement shell functions, the shell module must be added, as well as the fmt, crypto and cipher_modes modules.

Edit the file Makefile and add there the required modules to the build.

2. Add the required includes

Add the inculdes corresponding to the fmt, shell and crypto modules that will be used by the application:

​​​​    #include "shell.h"
​​​​    #include "fmt.h"
​​​​    #include "crypto/ciphers.h"
​​​​    #include "crypto/modes/ctr.h"

3. Define the symmetric key and the nonce:

​​​​    static const uint8_t key[] = {
​​​​    0x23, 0xA0, 0x18, 0x53, 0xFA, 0xB3, 0x89, 0x23,
​​​​    0x65, 0x89, 0x2A, 0xBC, 0x43, 0x99, 0xCC, 0x00
​​​​    };

​​​​    static const uint8_t ctr[] = {
​​​​    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
​​​​    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
​​​​    };

4. Implement the encrypt command handler function

This function will return the input message in its encrypted form. The encrypted message is printed as a string of hexadecimal characters:

In the _encrypt_handler function, call the functions that will encrypt the message:

​​​ cipher_t cipher;
​​​ cipher_init(&cipher, CIPHER_AES_128, key, sizeof(key));
​​​ size_t enc_len = cipher_encrypt_ctr(&cipher, ctr_copy, 0, (uint8_t *)argv[1], strlen(argv[1]), data);

We use a copy of the nonce buffer because it is modifed by the call to cypher_encrypt_ctr.

In the _encrypt_handler function, convert the encrypted message (a byte array) to its hexadecimal string representation:

size_t len = fmt_bytes_hex(buf_str, data, enc_len);
buf_str[len] = 0;
/* The hexadecimal string buffer must be closed to ensure a proper output. */

5. Implement the decrypt command handler function:

In the _decrypt_handler function, you must first convert the hexadecimal representation of the input encrypted message into a byte array:

​​​​    size_t len = fmt_hex_bytes(data, argv[1]);

Then, decrypt the content of the data buffer:

The output should directly be readable, so there's no need to convert it to hexadecimal.

In the 6th step we should test the application. We did not do it, since it would be necessary to uncomment the rest of the code which is a lot of work. Now, by entering 'make' we are getting a series of errors.

We checked the errors and realized they were only about the parts of code that we didn't write yet, e.g.:

We can say that there are no errors in the lines we have already written, since the compiler checks the file chronologically.

Sign & Verify Messages

In this exercise, you will write RIOT shell commands to sign and verify simple messages:

• One command that signs and prints the signature
• One command that verifies the signature
• One command to generate the key pair used to sign/verify the message

1. Add required modules

Add the module random and the external package c25519 to your Makefile

2. Add the corresponding includes to the main.c file

For the c25519 you will need an additional header file: edsign.h besides the common header file.

3. Implement the key command handler function that will generate a new pair of key each time it is called

First, under the header includes, declare 2 buffers where the asymmetric keys are stored:

​​​​    static uint8_t secret_key[EDSIGN_SECRET_KEY_SIZE] = { 0 };
​​​​    static uint8_t public_key[EDSIGN_PUBLIC_KEY_SIZE] = { 0 };

In the _key_handler function, call the functions that will create the new keypair:

​​​​    random_bytes(secret_key, sizeof(secret_key));
​​​​    ed25519_prepare(secret_key);
​​​​    /* implement the derivation of the public_key here */

Then print the new keypair:

puts("New keypair generated:");
printf("  - Secret: ");
for (uint8_t i = 0; i < EDSIGN_SECRET_KEY_SIZE; ++i) 
{
  printf("%02X", secret_key[i]);
}

printf("\n  - Public: ");
for (uint8_t i = 0; i < EDSIGN_PUBLIC_KEY_SIZE; ++i) 
{
  printf("%02X", public_key[i]);
}
puts("");

4. Implement the sign command handler function that will generate a signature from an input message:

First, under the header includes, declare 2 buffers where the signatures (byte and hex representation) are stored:

​​​​    static uint8_t signature[EDSIGN_SIGNATURE_SIZE] = { 0 };
​​​​    static char signature_hex[EDSIGN_SIGNATURE_SIZE * 2 + 1] = { 0 };

Note: the size of the hexadecimal string signature buffer is twice as large as the signature buffer itself, because a single byte is represented by 2 hexadecimal characters.

In the _sign_handler function, call the functions that will generate the signature of the input command argument message in argv[1]:

​​​​    edsign_sign(signature, public_key, secret_key, (uint8_t *)argv[1], strlen(argv[1]));

Implement the conversion of the signature (a byte array) to its hexadecimal string representation:

​​​​    signature to signature_hex

5. Implement the verify command handler function

The message and the signature are provided as command line argument respectively in argv[1] and argv[2].

In the _verify_handler function, you must first convert the signature provided as a string of hex characters to a byte array, this is done with the hex_bytes function (from the fmt module):

​​​​    fmt_hex_bytes(signature, argv[2]);

Then call the functions that verify the signature:

if (edsign_verify(signature, public_key, (uint8_t *)argv[1], strlen(argv[1]))) 
{
  puts("Message verified");
}
else 
{
  puts("Message not verified");
}

6. Test your application

If everything works fine create got to next section "Hash Computation".

Not really:

3) Hash Computation

In this exercise, you will write RIOT shell commands to compute the hash of a given input string:

• One command that produces and prints the hash using the SHA256 algorithm
• One command that produces and prints the hash using the SHA3-256 algorithm

In both cases, the hash is stored in memory in a byte array and, to print it, it must be converted to a string of hexadecimal characters. Use an appropriate module for the conversion.

Hash functions of several algorithms (SHA256, SHA3-256, SHA1, MD5, CMAC) are provided by the hashes module.

1. Add required modules

Add the hashes module.

2. Add the corresponding header files

Hint: You will need the header files for sha256 and sha3.

3. Implement the sha256 command handler function:

Declare 2 buffers, the first one for the computed hash itself, and the second one for its hexadecimal string representation:

​​​​    static uint8_t sha256_hash[SHA256_DIGEST_LENGTH];
​​​​    static char sha256_hash_hex[SHA256_DIGEST_LENGTH * 2 + 1];

Note: the size of the hexadecimal string buffer is twice as large as the hash itself, because a single byte is represented by 2 hexadecimal characters.

In the _sha256_handler function call the functions that will compute the hash from the command line argument argv[1]:

​​​​    implement the functions to compute a sha256 hash of a string (argv[1])

Convert the computed hash (a byte array) to its hexadecimal string representation:

​​​​    you know what to use by now ;) (sha256_hash to sha256_hash_hex)

4. Implement the sha3 command handler function

Declare 2 buffers, the first one for the computed hash itself, and the second one for its hexadecimal string representation:

​​​​    static uint8_t sha3_hash[SHA3_256_DIGEST_LENGTH];
​​​​    static char sha3_hash_hex[SHA3_256_DIGEST_LENGTH * 2 + 1];

Call the functions that will compute the hash from the command line argument argv[1]:

​​​​    implement the functions to compute a sha256 hash of a string (argv[1])

Convert the computed hash (a byte array) to its hexadecimal string representation:

Since we are programming in C and don't like to see something like:

we need to THINK and declare the functions in the last step:

5. Test your application on native & on the IoT-Lab testbed

If everything works fine create a new experiment at the IoT-Lab, build your application for the m3 node and upload it to your experiment. Run the experiment - interact with the shell to get the command output. Finally, make screenshots for your documentation.

Enter 'make'

Make term and trying out the functions:

It works!
On native:

And on the IoT-Server:

And another IoT-Server:

III. Upload to Moodle

Submit 1 zip file for the crypto exercise containing your app’s main.c, Makefile, and README.