I want some idea/library to defense "Replay Attack" for my NRF24L01+Arduino.

I am thinking a lot of time about this.I am so sorry for my English.

I am making a computer control program.About controlling the fans/water pump/LEDs/beeper,etc.

I am going to use nrf24l01+ for making the wireless control.

I have to prevent the hacker from who want to make "man in the middle"(aka replay attack,right?) .

I am thinking about AES/SipHack.But I don't know these things at all,and message authentication.How to do it

I used some libraries.But when I enter a same number.It gave me the same code(AES).About the Siphack I don't know how to use it at all.

I had thought about exchanging the random number.But I think that is too easy to crack. So Please help me about this. I just a student in high school.I don't know these thing at all.

Plus,I am using the RF24 library.thanks to maniacbug.

This is what my routers use for preventing replay attacks. http://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol

The router sends a different unique chap-challenge to the client with each login request. The client uses the chap challenge to encypt the password with md5. The challenge and the encrypted password is sent to the router (the Arduino in your case) for authentication.

It is a dual encryption method. The router does not use the challenge to decrypt the client's password. It gets the correct password from the user database and encrypts it with the same challenge. If both encrypted passwords match, it is an accept. If not, reject.

Maybe you can use something like that.

Thanks for your answer.I am going to use your way.Using the random number from avr.Then encrypt it.TX will send the random number and encrypted random number.Then RX will receive it.And decrypted it. then compare the encrypted number with the random number in clear text.If ture,than run the command.If false then drop it.Or the random number is the same.then drop it.But I think if communicate with rx or tx too busy.then hacker can attack again.If rx or tx remember all the random number which is used.It will run out of RAM. And I don't know how to create the unique Challenge value

Use the value returned from millis(). It won't repeat for over a month. And when it does, the odds are very slim that it will hit exactly the same value when the login is attempted. That way you just have to remember the last challenge you sent to the client. Any other value would be invalid.

Good idea,but when the millis goes to zero(or I reset the system/watchdog reset).Is there any idea to reset the counter?

Let the server knows I reset the system without being attack risk.

Have you tried to hit the same value of millis with a serial entry? Even if you reset the Arduino, it would be close to impossible to hit the same value again. Even 1 digit off is invalid.

edit: The way this works in its simplest form is: 1) the client sends a request to login. 2) server calls millis(), saves that value, and sends that as the challenge to the client. 3) client sends the password and challenge back to the server. 4) both must match to login.

But..I don't know why it can't be the same...I :sweat_smile: think I am stupid or I am suspicious :grin:

The millis() value is a long data type. The value will increase once every millisecond from 0 to 4,294,967,295 over a period of 47 days. It is possible to hit it again in 6 weeks, but to get that exact millisecond again is highly improbable.

You are preventing a replay attack on an Arduino, not protecting Fort Knox. Here is a game for you. Compile and run this code. Open the serial monitor. Press t to get the millis setting. Then see if you can hit that same value again.

void setup() {
  Serial.begin(9600);
  Serial.println("Enter t to get millis");
}

void loop() {
  if(Serial.available()) {
    char ch = Serial.read();
    if(ch == 't') {
      unsigned long thisMilli = millis();
      Serial.println(thisMilli);
    }
  }
}

Get that.Now I am working on that.I am going to use random number to increase security.Thanks your idea.And can you introduce some AES library.Easy to use.Support Char/Unsigned Long.....

Halry: Get that.Now I am working on that.I am going to use random number to increase security.Thanks your idea.And can you introduce some AES library.Easy to use.Support Char/Unsigned Long.....

https://github.com/DavyLandman/AESLib

Personally, I think AES on an Arduino is hitting a fly with a sledgehammer. The CHAP already mentioned is reasonably secure for any noncommercial Arduino application I can imagine. But that's just my .02.

I just use AES to encrypt the random number and millis.CHAP doesn't safe if no encrypt random number and encrypt millis.I just use AES.Because it if hard to crack.And AES128 isn't too slow.

Halry: I just use AES to encrypt the random number and millis.

Just curious, how are you getting entropy for your random number?

No entropy :cold_sweat:.Use the millis() to check the time.And use RandomSeed to make the random number.I make a data format by myself.Both millis() and random will be encrypted.And millis() and random will send in clear text.Clear text and encryption will be sent at the same time.The receiver will encrypt the clear text and compare the encryption data and the clear text which will being encrypted to compare.(So sorry for my English) Like this: TX:|ID||PC||Time||millis()||random1||random1()||Enc||the encrypted "millis()"and"random1"| RX:received the TX millis and random.than encrypt it .And compare the TX Enc with self enc.If true than pass.If false that ask tx re-transmit. Of course I will make them together by this way."millis*random"/"millis+random"/"millis/random"/"millis^random" It need about 50 days to reset the millis.When millis has been reset.TX can send a packet let RX reset the time log.Of course it need auth.

It is hard to let hacker crack the AES128.And the millis log won't reset utill the TX send a ask. RX has a millis logger to make sure TX millis will bigger than last received. With the random number.I think it is enough hard to crack my system.Of course this it personal use.Not for the business or DOD or NSA.... Edit: I know the random number doesn't so random.But with millis it can be more safe

tylernt:

Halry:
Get that.Now I am working on that.I am going to use random number to increase security.Thanks your idea.And can you introduce some AES library.Easy to use.Support Char/Unsigned Long…

GitHub - DavyLandman/AESLib: Arduino Library for AES Encryption (source based on avr-crypto-lib)

Personally, I think AES on an Arduino is hitting a fly with a sledgehammer. The CHAP already mentioned is reasonably secure for any noncommercial Arduino application I can imagine. But that’s just my .02.

And the library which you told me can’t encrypt char…

#include <AESLib.h>
void setup()
{
  Serial.begin(9600);
uint8_t key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
char data[] = "a"; //16 chars == 16 bytes
aes128_enc_single(key, data);
Serial.print("encrypted:");
Serial.println(data);
aes128_dec_single(key, data);
Serial.print("decrypted:");
Serial.println(data);
 }

void loop()
{ 
}

Than I got this:
encrypted:Z¹}?
²YÒ;;W?j.h
decrypted:s«?¬×Ò<Õ Iì0>h

Halry:

tylernt:

Halry: can you introduce some AES library.Easy to use.Support Char/Unsigned Long.....

https://github.com/DavyLandman/AESLib

Personally, I think AES on an Arduino is hitting a fly with a sledgehammer. The CHAP already mentioned is reasonably secure for any noncommercial Arduino application I can imagine. But that's just my .02.

And the library which you told me can't encrypt char.....

I never said that. I just said AES was overkill. And if millis() isn't secure enough because someone might guess it, I don't see how RandomSeed (which easier to find out the value of than millis()) is going to help.

Now, analogRead() on a floating input -- an input connected to a long wire or PCB trace so it can pick up all sorts of RF hash -- that would be a better source of entropy for AES.

Yes.I mean that using the analogRead().Leave a analog pin float.

And I just found a AES library is better.https://github.com/una1veritas/Arduino/tree/master/libraries/AES128

And can you tell me without AES which is suitable to use? :roll_eyes:.I know AES is overkill.But I don't find out which is better.I use AES just because AES is famous......

if one random number doesn't enough.You can make random2/random3.But AES will make system more slow.

All for that I just want to use CHAP to make sure TX is TX.not the hacker.

If there is a better way to get that.Please tell me.