Close
0%
0%

IoT security for the masses

Last-mile RF packet encryption for mass produced IoT devices through Telehash

kumar-abhishekKumar, Abhishek
Following
Liked Like project

Just one more thing

To make the experience fit your profile, pick a username and tell us what interests you.

Pick an awesome username
hackaday.io/
Your profile's URL: hackaday.io/username. Max 25 alphanumeric characters.
Pick a few interests
Projects that share your interests
People that share your interests

We found and based on your interests.

Choose more interests.

OK, I'm done! Skip
Similar projects worth following
2.7k views
3 comments
2.8k followers
View Gallery
IoT devices are rapidly proliferating, and they will be mass-produced and installed in homes, cities everywhere. Managing such a network of devices is going to be a huge challenge which many upcoming companies are tackling but I feel that the biggest danger is of unsecured RF communication occuring between physical hardware (lighting, air-conditioning, heating) and the central server, which is usually unencrypted and packets can be very easily reverse-engineered and made to misbehave by flipping a few bits here and there.

This project is an idea to secure that last-mile RF packet. For a start I'd like to design something like a middle-layer between an RF module (eg an nRF24L01 or a RFM69) and the microcontroller that does per-session key exchange and packet-level encryption of the transmitted data.

I think I might need an experienced cryptographer to help with the fine details.

LICENSES:
* Telehash - Public Domain
* Arduino libraries - RF24 is GPLv2
* Hardware under CE

I've taken an introductory cryptography course this semester. My inspiration for this project has been the TLS/SSL protocol, which negotiates a unique key for each session and encrypts the communication channel regardless of the data sent through it.

Aspects:

  • Negotiating a different key for every exchange: Needs reliable duplex connectivity, hardware PRNG.
  • Encryption: 128-bit / 256-bit AES
  • Securing networks like 802.15.4 which also involve packet routing and are not exactly point-to-point.
  • For the first prototype this may be a device sitting between the microcontroller and the RF transceiver that transparently encrypts and decrypts data so no large-scale changes to existing hardware would be needed.
  • I think the nRF24L01s and RFM69s might be good candidates for initial prototypes.

Thanks to the comments on the project, I was directed to the Telehash library that pretty much covers these aspects. So I'm going to try to write a few good example scenarios of using Telehash with Arduino first, the idea being to make it easy to use E2E encryption.

The Deliverables:

  • Level 1 - Getting Telehash to work over two Arduino and nRF24L01s.
  • Level 2 - A library layer over the RF24 Arduino library for the nRF24L01, that handles the key negotiation and packet encryption transparently.
  • Level 2 stretch - A SPI slave that shares the same command set as some of the popular RF modules (I'll start with the nRF24L01) and handles everything transparently. So no changes in user code.

  • 2 × Arduino Nano The run-of-the-mill Arduino
  • 2 × nRF24L01+ modules For testing

  • Enter Telehash

    Kumar, Abhishek04/18/2016 at 19:41 0 comments

    It's been a while but for suggestions on my project, I had contacted Joshua Datko [of BeagleBone Cryptocape fame] and he suggested I check out Telehash (in the comments below). What it uncovered was interesting.

    Telehash is a secure mesh protocol , you can read more about it here . What can be understood from it is that a logical link between any two nodes in the network is private to them only and all communication between nodes are encrypted.

    The Telehash project is led by Jeremie Miller (creator of Jabber), who is now the CTO of Filament, a startup which is actively working on hardware based on the Telehash framework.

    The idea of this project is to supplement the work they are already doing, to try and make it more accessible. I could not find a lot of example code to get started with on the Arduino and the RF module front, so I hope my experience in getting it working might help others out there.

View project log

Enjoy this project?

Share

Discussions

Kumar, Abhishek wrote 04/18/2016 at 07:42 point

I remember seeing that one. From what I understand, it's signed messages, not end-to-end encryption. The idea here is not just to sign messages but also ensure that it is encrypted in transit.

Signed + Encryption can also be done for extra security.

[EDIT: Read the section titled "Why encryption is not a part of this" on the forum post"]

  Are you sure? yes | no

Josh wrote 03/28/2016 at 23:44 point

Hey Kumar, I strongly suggest you check out telehash. This is a good high-level introduction: https://github.com/telehash/telehash.org/blob/master/v3/intro.md

(docs: https://github.com/telehash/telehash.org/tree/master/v3, c (including arduino lib: https://github.com/telehash/telehash-c).

It's basically design for all the points that you mentioned :) There's a bit of terminology to learn but basically every session has unique session keys and devices can have long-term identity keys. It's physical layer agnostic, so you can put telehash over your existing RF platform.

There's a few implementations of it, include a node module so you can quickly play around with a few lines of code: https://www.npmjs.com/package/telehash (if you like node.js that is ).

So you could, for example, put telehash over existing nRF bluetooth layer, which might be cool.

  Are you sure? yes | no

Similar Projects

An affordable RFID, motion-sensing, anti-theft alarm and GPS tracker for bicycles, e-bikes and other small vehicles. Based on Arduino
Project Owner Contributor

Nano Bike Alarm

alpha-charlieAlpha Charlie

Communication platform: Text can be felt, as it is expressed
Project Owner Contributor

Neotype: Haptic Computing

paulbeaudetPaul_Beaudet

Don't want to hard code your Blynk AuthID or WiFi credentials into your code? Then use Embedis to store and change them on-the-fly!
Project Owner Contributor

Blynk using Embedis for Settings

pattern-agentsPattern Agents

So Hi everyone this is me Rohan. In this project I demonstrate you that how you can create your very own AirTag or Object Finder
Project Owner Contributor

Create Your Own Apple AirTag

rohan-barnwalRohan Barnwal

Does this project spark your interest?

Become a member to follow this project and never miss any updates

Going up?

About Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API

© 2025 Hackaday

Yes, delete it Cancel

Report project as inappropriate

You are about to report the project "IoT security for the masses", please tell us the reason.

Send message

Your application has been submitted.

Remove Member

Are you sure you want to remove yourself as a member for this project?

Project owner will be notified upon removal.