Go Down

Topic: I want some idea/library to defense "Replay Attack" for my NRF24L01+Arduino. (Read 10183 times) previous topic - next topic

Halry

I am thinking a lot of time about this.I am so sorry for my English.

I am making a computer control program.About controlling the fans/water pump/LEDs/beeper,etc.

I am going to use nrf24l01+ for making the wireless control.

I have to prevent the hacker from who want to make "man in the middle"(aka replay attack,right?) .

I am thinking about AES/SipHack.But I don't know these things at all,and message authentication.How to do it

I used some libraries.But when I enter a same number.It gave me the same code(AES).About the Siphack I don't know how to use it at all.

I had thought about exchanging the random number.But I think that is too easy to crack.
So Please help me about this. I just a student in high school.I don't know these thing at all.

Halry


SurferTim

This is what my routers use for preventing replay attacks.
http://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol

The router sends a different unique chap-challenge to the client with each login request. The client uses the chap challenge to encypt the password with md5. The challenge and the encrypted password is sent to the router (the Arduino in your case) for authentication.

It is a dual encryption method. The router does not use the challenge to decrypt the client's password. It gets the correct password from the user database and encrypts it with the same challenge. If both encrypted passwords match, it is an accept. If not, reject.

Maybe you can use something like that.

Halry

Thanks for your answer.I am going to use your way.Using the random number from avr.Then encrypt it.TX will send the random number and encrypted random number.Then RX will receive it.And decrypted it. then compare the encrypted number with the random number in clear text.If ture,than run the command.If false then drop it.Or the random number is the same.then drop it.But I think if communicate with rx or tx too busy.then hacker can attack again.If rx or tx remember all the random number which is used.It will run out of RAM.
And I don't know how to create the unique Challenge value

SurferTim

Use the value returned from millis(). It won't repeat for over a month. And when it does, the odds are very slim that it will hit exactly the same value when the login is attempted. That way you just have to remember the last challenge you sent to the client. Any other value would be invalid.

Halry

Good idea,but when the millis goes to zero(or I reset the system/watchdog reset).Is there any idea to reset the counter?

Halry

Let the server knows I reset the system without being attack risk.

SurferTim

Have you tried to hit the same value of millis with a serial entry? Even if you reset the Arduino, it would be close to impossible to hit the same value again. Even 1 digit off is invalid.

edit: The way this works in its simplest form is:
1) the client sends a request to login.
2) server calls millis(), saves that value, and sends that as the challenge to the client.
3) client sends the password and challenge back to the server.
4) both must match to login.

Halry

But..I don't know why it can't be the same...I :smiley-sweat: think I am stupid or I am suspicious :smiley-mr-green:

SurferTim

The millis() value is a long data type. The value will increase once every millisecond from 0 to 4,294,967,295 over a period of 47 days. It is possible to hit it again in 6 weeks, but to get that exact millisecond again is highly improbable.

You are preventing a replay attack on an Arduino, not protecting Fort Knox. Here is a game for you. Compile and run this code. Open the serial monitor. Press t to get the millis setting. Then see if you can hit that same value again.
Code: [Select]
void setup() {
  Serial.begin(9600);
  Serial.println("Enter t to get millis");
}

void loop() {
  if(Serial.available()) {
    char ch = Serial.read();
    if(ch == 't') {
      unsigned long thisMilli = millis();
      Serial.println(thisMilli);
    }
  }
}


Halry

Get that.Now I am working on that.I am going to use random number to increase security.Thanks your idea.And can you introduce some AES library.Easy to use.Support Char/Unsigned Long.....

tylernt


Get that.Now I am working on that.I am going to use random number to increase security.Thanks your idea.And can you introduce some AES library.Easy to use.Support Char/Unsigned Long.....



https://github.com/DavyLandman/AESLib

Personally, I think AES on an Arduino is hitting a fly with a sledgehammer. The CHAP already mentioned is reasonably secure for any noncommercial Arduino application I can imagine. But that's just my .02.

Halry

I just use AES to encrypt the random number and millis.CHAP doesn't safe if no encrypt random number and encrypt millis.I just use AES.Because it if hard to crack.And AES128 isn't too slow.

tylernt


I just use AES to encrypt the random number and millis.
Just curious, how are you getting entropy for your random number?

Halry

No entropy :smiley-roll-sweat:.Use the millis() to check the time.And use RandomSeed to make the random number.I make a data format by myself.Both millis() and random will be encrypted.And millis() and random will send in clear text.Clear text and encryption will be sent at the same time.The receiver will encrypt the clear text and compare the encryption data and the clear text which will being encrypted to compare.(So sorry for my English)
Like this:
TX:|ID||PC||Time||millis()||random1||random1()||Enc||the encrypted "millis()"and"random1"|
RX:received the TX millis and random.than encrypt it .And compare the TX Enc with self enc.If true than pass.If false that ask tx re-transmit.
Of course I will make them together by this way."millis*random"/"millis+random"/"millis/random"/"millis^random"
It need about 50 days to reset the millis.When millis has been reset.TX can send a packet let RX reset the time log.Of course it need auth.

It is hard to let hacker crack the AES128.And the millis log won't reset utill the TX send a ask.
RX has a millis logger to make sure TX millis will bigger than last received.
With the random number.I think it is enough hard to crack my system.Of course this it personal use.Not for the business or DOD or NSA....
Edit:
I know the random number doesn't so random.But with millis it can be more safe

Go Up