/***********************************************************
* Hints to use the hardware security in CC2420
* By Kun Sun,  [EMAIL PROTECTED],  NC State University
************************************************************/
 
The hardware security in CC2420 provides two types of security
operations: stand-alone encryption operation and in-line security
operation.
 
The stand-alone encryption operation provides a plain AES encryption,
with 128 bit plaintext and 128 bit keys. To encrypt a plaintext, a
node first writes the plaintext to the stand-alone buffer SABUF, and
then issues a SAES command to initiate the encryption operation.  When
the encryption is complete, the ciphertext is written back to the
stand-alone buffer, overwriting the plaintext.
 
The in-line security operation can provide encryption, decryption, and
authentication on frames within the receive buffer (RXFIFO) and the
transmit buffer (TXFIFO) of CC2420 on a frame basis.  It supports
three modes of security: counter mode (CTR), CBC-MAC, and CCM.  CTR
mode performs encryption on the outgoing MAC frames in the TXFIFO
buffer, and performs decryption on the incoming MAC frames in the
RXFIFO buffer.  CBC-MAC mode can generate and verify the message
integrity code (MIC) of the messages. The length of MIC is variable
with even values between 4 bytes and 16 bytes. CCM mode combines CTR
mode encryption and CBC-MIC authentication in one operation.  All the
three security modes are based on AES encryption/decryption using 128
bit keys.
 
In the following, I will list some critical points on using both
stand-alone and in-line modes in MICAz motes using TinyOS 1.14. MICAz
motes are equipped with CC2420 radio. To understand the following
content, you may need to download the CC2420 datasheet form:
 
 
 
1. How to use stand-alone mode?
 
In the following, all the description words are in quotation marks.
 
(1) ``Use the following interfaces:''
 
    interface HPLCC2420 as HPLChipcon;
    interface HPLCC2420RAM as HPLChipconRAM;
  
  ``The two interfaces are provided by component HPLCC2420C.''
 
 
(2) ``Set the security control register: (refer to page 71, 72 in CC2420 datasheet)''
 
    call HPLChipcon.write(CC2420_SECCTRL0, 0x030d );   
    call HPLChipcon.write(CC2420_SECCTRL1, 0x0000 );
 
  ``In the above setting, we use Key 0 as Stand-alone key, TX key and
  RX key; 8 bytes MIC in CBC-MAC mode; the length byte is
  authenticated. ''
 

(3) ``Set Key 0:''
 
    uint8_t mykey[16];
    for (i=0; i<16; i++ ){
      mykey[i] = (uint8_t) 0x33;  //change to your key
    }
    call HPLChipconRAM.write(CC2420_RAM_KEY0, 16, mykey);     //set key
 

(4) ``Send plaintext into the SABUF buffer:''
 
    call HPLChipconRAM.write(CC2420_RAM_SABUF, 16, (uint8_t *)&mydata);    //input data
 

(5) ``Begin the encryption:''
 
    call HPLChipcon.cmd(CC2420_SAES);
    do {
      status = call HPLChipcon.cmd(CC2420_SNOP);
    } while ((status >> CC2420_ENC_BUSY) & 0x01) ;  //wait until the encrytion finish.
 

(6) ``Read out the ciphertext:''
 
    call HPLChipconRAM.read(CC2420_RAM_SABUF, 16, (uint8_t *) &mydata);
 
 
 
2. How to use in-line CBC-MAC mode?
 
One thing to know is that the encryption happens after the message
is buffered into the TXFIFO buffer, and the decryption happens before
the message is read out of the RXFIFO buffer.  Therefore, the MAC
layer is the suitable layer to implement the in-line security.
 
The first 3 steps are the same as in the stand-alone mode and are
required on both sender and receiver.
 

*** Encrypt the sending message on sender:
 
You can perform in-line encryption in function ``void sendPacket()''
in file ``tos\lib\CC2420Radio\CC2420RadioM.nc'' with the following
command:
 
    call HPLChipcon.cmd(CC2420_STXONCCA);
 
which will start in-line encryption if the security mode is enabled.
According to our setting of the security control register (SECCTRL0),
it will add 8 bytes CBC-MAC into the message. 
 

*** Decrypt the receiving message on receiver:
 
You can launch the decryption in function ``void delayedTXFIFO()'' in
file ``tos\lib\CC2420Radio\CC2420RadioM.nc'' with the following
command:
 
    call HPLChipcon.cmd(CC2420_SRXDEC);
 
which will start RXFIFO in-line authentication. Then, after the
message is read out from the RXFIFO buffer, if the last byte of MIC
equals to 0, the message is authenticated; otherwise, if it
equals to 255, the message should be dropped.
 
 
*************************************************
Hope it may help you a little bit, thank you!
Kun
 
 
 
_______________________________________________
Tinyos-help mailing list
[email protected]
https://mail.millennium.berkeley.edu/cgi-bin/mailman/listinfo/tinyos-help

Reply via email to