如何在Contiki / Cooja模拟器中启用消息加密？ [英] How to enable message encryption in Contiki / Cooja simulator?

问题描述

我想对传感器节点之间交换的消息进行加密。

I want to encrypt the messages that are exchanged between sensor nodes.

我可以在没有访问真实硬件传感器节点（例如Tmote Sky）的情况下进行此操作吗？

Can I do it without having access to real hardware sensor nodes, such as Tmote Sky?

能否仅在Tmote Sky节点上模拟软件加密/分组密码？如果我需要使用硬件加密算法，那我应该有一个真实的传感器节点吗？

Can software encryption/block ciphers only be simulated on Tmote Sky nodes? If I need to use hardware encryption algorithms, then should I have a real sensor node?

此外，我读到对于对称加密，必须有一个真实的传感器节点，但是不对称加密也可以与仿真节点一起使用吗？

Also, I read that for symmetric encryption one must have real sensor nodes, but asymmetric encryption can work with emulated nodes as well?

任何文档或说明都将有所帮助。

Any documentation or description would be helpful.

推荐答案

Contiki具有LLSEC（链路层安全性）层。该层与硬件无关，因为它使用通用AES驱动程序API而不是直接访问硬件。 Contiki中实现了多个AES驱动程序-一个纯软件版本和几个硬件加速的驱动程序，包括CC2420（Tmote Sky上的无线电芯片）。

Contiki has LLSEC (link-layer security) layer. This layer is hardware independent, as it uses generic AES driver API instead of directly accessing the hardware. There are multiple AES drivers implemented in Contiki - a software-only version and a couple of hardware accelerated ones, including for CC2420 (the radio chip on Tmote Sky).

The Cooja的问题在于 mspsim 模拟器未实现CC2420的硬件加速功能。因此，与真实的Tmote Sky节点相反，HW加速在Cooja中不起作用。您必须在配置中明确选择基于软件的AES驱动程序：

The problem with Cooja is that the HW acceleration feature of CC2420 is not implemented in the mspsim emulator. So HW acceleration is not going to work in Cooja as opposed to real Tmote Sky nodes; you must explicitly select the software-based AES driver in configuration:

#define AES_128_CONF aes_128_driver

最重要的是，AES加密可以在Cooja中使用，但速度较慢。

The bottom line is that AES encryption will work in Cooja, but will be slow.

现在是LLSEC的示例配置-几乎没有LLSEC文档，但是基本设置在此自述文件：

Now the example configuration of LLSEC - there is little LLSEC documentation around, but the basic setup is described in this README file:

将这些行添加到您的 project_conf.h 启用 noncoresec ：

#undef LLSEC802154_CONF_ENABLED
#define LLSEC802154_CONF_ENABLED          1
#undef NETSTACK_CONF_FRAMER
#define NETSTACK_CONF_FRAMER              noncoresec_framer
#undef NETSTACK_CONF_LLSEC
#define NETSTACK_CONF_LLSEC               noncoresec_driver
#undef NONCORESEC_CONF_SEC_LVL
#define NONCORESEC_CONF_SEC_LVL           1

NONCORESEC_CONF_SEC_LVL定义MIC的长度以及是否启用
加密。 / p>

NONCORESEC_CONF_SEC_LVL defines the length of MICs and whether encryption is enabled or not.

这里的重要参数是 NONCORESEC_CONF_SEC_LVL ，它对应于IEEE 802.15.4成帧器安全级别，其数值从0x0到0x07。

The important paramter here is NONCORESEC_CONF_SEC_LVL, which corresponds to the IEEE 802.15.4 framer security levels, with numerical values from 0x0 to 0x07.

要启用加密，请将其设置为0x4：

#define NONCORESEC_CONF_SEC_LVL 0x4

其他值是：

• 0x00没有安全性数据未加密。数据真实性未经验证。


• 0x01 AES-CBC-MAC-32 MIC-32数据未加密。数据真实性已验证。


• 0x02 AES-CBC-MAC-64 MIC-64数据未加密。数据真实性已验证。


• 0x03 AES-CBC-MAC-128 MIC-128数据未加密。数据真实性已验证。


• 0x04 AES-CTR ENC数据已加密。数据真实性未经验证。


• 0x05 AES-CCM-32 AES-CCM-32数据已加密。数据真实性已验证。


• 0x06 AES-CCM-64 AES-CCM-64数据已加密。数据真实性已验证。


• 0x07 AES-CCM-128 AES-CCM-128数据已加密。数据真实性已得到验证。

• 0x00 No security Data is not encrypted. Data authenticity is not validated.
• 0x01 AES-CBC-MAC-32 MIC-32 Data is not encrypted. Data authenticity is validated.
• 0x02 AES-CBC-MAC-64 MIC-64 Data is not encrypted. Data authenticity is validated.
• 0x03 AES-CBC-MAC-128 MIC-128 Data is not encrypted. Data authenticity is validated.
• 0x04 AES-CTR ENC Data is encrypted. Data authenticity is not validated.
• 0x05 AES-CCM-32 AES-CCM-32 Data is encrypted. Data authenticity is validated.
• 0x06 AES-CCM-64 AES-CCM-64 Data is encrypted. Data authenticity is validated.
• 0x07 AES-CCM-128 AES-CCM-128 Data is encrypted. Data authenticity is validated.

要同时启用加密和身份验证，请将级别设置为0x5、0x6或0x7。

To enable both encryption and authentication, set the level to 0x5, 0x6 or 0x7.

另一个有用的配置参数是网络范围内的共享密钥 NONCORESEC_CONF_KEY 。

Another useful configuration parameter is NONCORESEC_CONF_KEY, the network-wide shared key.

对于其他问题，传感器节点上不支持硬件加速的不对称加密。另外，在主线Contiki中没有基于软件的实现；相对于链路层安全性，此操作系统中一般还没有支持端到端安全性。有一些项目为Contiki开发了DTLS和IPSEC，但描述超出了这个答案。

As for the other questions, there is no support for hardware-accelerated asymmetric encryption on sensor nodes. Also, there are no software based implementations for that in mainline Contiki; there is no support (yet) for end-to-end security in general in this OS, as opposed to link-layer security. There are some projects that have developed DTLS and IPSEC for Contiki, but describing that goes beyond this answer.

这篇关于如何在Contiki / Cooja模拟器中启用消息加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！