☀️ ✊🏾 🐴 Internet of Things in Russian. Security in OpenUNB ✊🏿 👨🏼‍⚕️ 👵🏾

At present, in the era of the developed Internet, we are so accustomed to good information security of information transfer protocols that the topic of creating new protocols has somewhat receded into the shadows. Why invent something else? Just choose from the available ones. But the Internet of Things is bringing this up anew.

To illustrate the relevance, I will cite as an example the CRISP protocol , by the way, domestic development. The presence of such a development, already brought to the status of methodological recommendations of the Technical Committee for Standardization "Cryptographic information security", confirms the practical unsuitability of conventional "heavy" security protocols for the Internet of Things. They turn out to be too resource intensive.

A huge variety of various radio protocols of the Internet of Things have now spawned, but in the LPWAN field, not everywhere the developers of the transmission protocol take on the heavy burden of protecting information. It can be argued for a long time whether it is necessary to include protection in the LPWAN radio protocol at all, and not to shift it to higher levels, but if the proposed scheme is good, then one should hope for a high probability of introducing the standard into the industry. The main thesis: in general, it is no longer possible without protection on the Internet of Things. And it should be up to par.

The OpenUNB developers also reasoned, putting energy efficiency and built-in information security at the forefront. For those who still do not know anything about OpenUNB, I advise you to read the previous articles on this topic:

and also study the original source on the Skoltech website.

Today we will consider the mechanism of cryptographic protection of transmitted data (encryption, integrity and authenticity control).

, - , , . OpenUNB K0, k, 128 256 . , , , . .

K0 () , . ( , : ). , , .

OpenUNB Na Ne, . :

K a = C T R (K 0, N a | | 0^{n / 2 - 16}, 0^{k}) .

$Ka = CTR (K0, Na || 0^{n/2-16}, 0^k).$

Km Ke:

K m = C T R (K a, 0 x 02 | | N e | | 0^{n / 2 - 32}, 0^{k}),

$Km = CTR (Ka, 0x02 || Ne || 0^{n/2-32}, 0^k),$

K e = C T R (K a, 0 x 03 | | N e | | 0^{n / 2 - 32}, 0^{k}) .

$Ke = CTR (Ka, 0x03 || Ne || 0^{n/2-32}, 0^k).$

OpenUNB «», n = 64 k = 256 , 34.12-2015.

E n c r y p t e d M A C P a y l o a d = C T R (K e, N n | | 0^{n / 2 - 16}, M A C P a y l o a d),

$EncryptedMACPayload = CTR (Ke, Nn || 0^{n/2-16}, MACPayload),$

Nn — , :

M I C = C M A C 24 (K m, P),

$MIC = CMAC24 (Km, P),$

P n MACPayload. len –

,

MACPayload ( len 16 48), :

len = 48 n = 64,

P = D e v A d d r | | M A C P a y l o a d | | N n | | 0^{2 n - l e n - 48} | | l e n;

$P = DevAddr || MACPayload || Nn || 0^{2n-len-48} || len;$

P = D e v A d d r | | M A C P a y l o a d | | N n | | 0^{n - l e n - 48} | | l e n .

$P = DevAddr || MACPayload || Nn || 0^{n-len-48} || len.$

CMAC24 " " .

. :

In more detail, with all the details, you can read about security in OpenUNB in the primary source .

As we can see, the developers have tried to make energy efficiency and protection in OpenUNB uncompromising. However, one of the goals of my publications is to get experts to take a close look at OpenUNB and constructively criticize the protocol.

As always, the sources of crypto-transformations from deef137available on Github .

Internet of Things in Russian. Security in OpenUNB

More articles: