|
/***********************************************************
* Hints to use the hardware security in CC2420 * By Kun Sun, [EMAIL PROTECTED], NC State University ************************************************************/ The hardware security in CC2420 provides two types
of security
operations: stand-alone encryption operation and in-line security operation. The stand-alone encryption operation provides a
plain AES encryption,
with 128 bit plaintext and 128 bit keys. To encrypt a plaintext, a node first writes the plaintext to the stand-alone buffer SABUF, and then issues a SAES command to initiate the encryption operation. When the encryption is complete, the ciphertext is written back to the stand-alone buffer, overwriting the plaintext. The in-line security operation can provide
encryption, decryption, and
authentication on frames within the receive buffer (RXFIFO) and the transmit buffer (TXFIFO) of CC2420 on a frame basis. It supports three modes of security: counter mode (CTR), CBC-MAC, and CCM. CTR mode performs encryption on the outgoing MAC frames in the TXFIFO buffer, and performs decryption on the incoming MAC frames in the RXFIFO buffer. CBC-MAC mode can generate and verify the message integrity code (MIC) of the messages. The length of MIC is variable with even values between 4 bytes and 16 bytes. CCM mode combines CTR mode encryption and CBC-MIC authentication in one operation. All the three security modes are based on AES encryption/decryption using 128 bit keys. In the following, I will list some critical points
on using both
stand-alone and in-line modes in MICAz motes using TinyOS 1.14. MICAz motes are equipped with CC2420 radio. To understand the following content, you may need to download the CC2420 datasheet form: 1. How to use stand-alone mode?
In the following, all the description words are in
quotation marks.
(1) ``Use the following interfaces:''
interface HPLCC2420 as
HPLChipcon;
interface HPLCC2420RAM as HPLChipconRAM; ``The two interfaces are provided by component HPLCC2420C.'' (2) ``Set the security control register: (refer to page 71, 72 in CC2420 datasheet)'' call
HPLChipcon.write(CC2420_SECCTRL0, 0x030d );
call HPLChipcon.write(CC2420_SECCTRL1, 0x0000 ); ``In the above setting, we use Key 0 as Stand-alone key, TX key and RX key; 8 bytes MIC in CBC-MAC mode; the length byte is authenticated. '' (3) ``Set Key 0:'' uint8_t mykey[16];
for (i=0; i<16; i++ ){ mykey[i] = (uint8_t) 0x33; //change to your key } call HPLChipconRAM.write(CC2420_RAM_KEY0, 16, mykey); //set key (4) ``Send plaintext into the SABUF buffer:'' call HPLChipconRAM.write(CC2420_RAM_SABUF, 16, (uint8_t
*)&mydata); //input data
(5) ``Begin the encryption:'' call HPLChipcon.cmd(CC2420_SAES);
do { status = call HPLChipcon.cmd(CC2420_SNOP); } while ((status >> CC2420_ENC_BUSY) & 0x01) ; //wait until the encrytion finish. (6) ``Read out the ciphertext:'' call HPLChipconRAM.read(CC2420_RAM_SABUF, 16, (uint8_t
*) &mydata);
2. How to use in-line CBC-MAC mode?
One thing to know is that the encryption happens after the message
is buffered into the TXFIFO buffer, and the decryption happens before the message is read out of the RXFIFO buffer. Therefore, the MAC layer is the suitable layer to implement the in-line security. The first 3 steps are the same as in the stand-alone mode and
are
required on both sender and receiver. *** Encrypt the sending message on sender: You can perform in-line encryption in function ``void sendPacket()''
in file ``tos\lib\CC2420Radio\CC2420RadioM.nc'' with the following command: call HPLChipcon.cmd(CC2420_STXONCCA);
which will start in-line encryption if the security mode is
enabled.
According to our setting of the security control register (SECCTRL0), it will add 8 bytes CBC-MAC into the message. *** Decrypt the receiving message on receiver: You can launch the decryption in function ``void delayedTXFIFO()''
in
file ``tos\lib\CC2420Radio\CC2420RadioM.nc'' with the following command: call HPLChipcon.cmd(CC2420_SRXDEC);
which will start RXFIFO in-line authentication. Then, after the
message is read out from the RXFIFO buffer, if the last byte of MIC equals to 0, the message is authenticated; otherwise, if it equals to 255, the message should be dropped. *************************************************
Hope it may help you a little bit, thank you! Kun
|
_______________________________________________ Tinyos-help mailing list [email protected] https://mail.millennium.berkeley.edu/cgi-bin/mailman/listinfo/tinyos-help
