cosmos - cordis · cosmos cultivate resilient ... called apb [3], was used. in order to connect the...
TRANSCRIPT
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 1 of 44
COSMOS Cultivate resilient smart Objects for Sustainable city applicatiOnS
Grant Agreement Nordm 609043
D322 End-to-end Security and Privacy Software prototype (Updated)
WP3 End-to-end Security and Privacy Version
Due Date
Delivery Date
Nature
Dissemination Level
Lead partner
Authors
Internal reviewers
10
30062015
30062015
Prototype
Public
Siemens
Leonard Pitu (Siemens) Paula Ta-Shma (IBM)
Achilleas Marinakis (NTUA) Juan Sancho
(ATOS)
Panagiotis Bourelos (NTUA) Juan Rico (ATOS)
Ref Ares(2015)2760105 - 01072015
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 2 of 44
wwwiot-cosmoseu
The research leading to these results has received funding from the European Communitys Seventh Framework Programme under grant
agreement ndeg 609043
Version Control
Version Date Author Authorrsquos Organization Changes
01 25052015 Leonard Pitu Siemens Internal draft
02 04062015 Juan Sancho ATOS Node-RED Security
03 12062015 Achilleas Marinakis NTUA Privelets
04 26062015 Leonard Pitu Siemens New chapters
05 29062015 Leonard Pitu Siemens Include review 1
10 30062015 Juan Sancho ATOS Release version
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 3 of 44
Table of Contents 1 Introduction 5
11 About this deliverable 5
12 Document structure 5
2 Hardware Coded Security 6
21 Implementation 6
211 Functional description 6
212 Fitting into overall COSMOS solution 6
213 ECC (Diffie-Hellman) 17
214 Hardware Random Number Generator 28
215 Technical specifications 29
22 Delivery and usage 29
221 Package information 29
222 Installation instructions 30
223 User Manual 31
224 Licensing information 31
3 Privelets 32
31 Implementation 32
311 Functional description 32
312 Fitting into overall COSMOS solution 32
313 Technical specifications 32
32 Delivery and usage 32
321 Package information 32
322 Installation instructions 33
323 User Manual 33
324 Licensing information 38
325 Download 38
4 Cloud Storage Security 39
5 Node-RED Security 40
51 Introduction 40
52 Functional description 40
53 Surveillance Service 41
6 Conclusions 43
7 References 44
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 4 of 44
List of Figures Figure 1 COSMOS high level view 7
Figure 2 Hardware Coded Security 8
Figure 3 Zynq-7000 AP SoC Overview 9
Figure 4 AES Module Instantiation 9
Figure 5 AES module internal structure 10
Figure 6 AES Timing Diagram 11
Figure 7 AES Module Functionality Chart 12
Figure 8 ECC module internal structure 17
Figure 9 ECC operation hierarchy 18
Figure 10 Public Key Generation 19
Figure 11 Private Key Generation 20
Figure 12 Noise generator 28
Figure 13 Zynq ZC702 boot switch configuration 30
Figure 14 Followers list 33
Figure 15 wrong requestKey output 34
Figure 16 wrong requestKey response 34
Figure 17 Privelets Configuration File 34
Figure 18 right requestKey private data output 35
Figure 19 right requestKey private data response 35
Figure 20 right requestKey public data output 36
Figure 21 right requestKey public data response 36
Figure 22 right requestKey repetitive request output 37
Figure 23 right requestKey repetitive request response 37
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 5 of 44
1 Introduction
11 About this deliverable
The present deliverable describes the first modules of the COSMOS platform demonstrator It provides technical details with respect to the implemented modules their usage and the requirements needed
12 Document structure
The document is structured as according to work package 3 structure Each task has a dedicated section which details the results of the activities performed The present document covers the individual activities which are going to converge into a unified demonstrator over the course of the next month
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 6 of 44
2 Hardware Coded Security
21 Implementation
211 Functional description
The Hardware Coded Security component of COSMOS provides the necessary link between the physical world and the COSMOS platform The hardware security board implements a root-of-trust mechanism to support the functionality described in[1]
The hardware security board provides security primitives implemented in hardware for the software applications Therefore the hardware coded security components help build up the chain of trust based on high performance cryptographic applications
The main advantages of the hardware coded security components are the high speed and reliability as compared to software implementations Also the structure and architectural model in place have been developed to enable on the fly cryptographic operation without user interaction This is provided by a mixture of hardware and software design Common security attacks are targeting software andor software implementations of security mechanisms therefore having a hardware enabled secure foundation allow for better security and reliability
The delivered prototype is the second step in enabling the seamless enrollment and authentication of hardware based security components in the COSMOS platform Currently it provides hardware components which integrate seamlessly with an ARM CPU sub-system and with a modern Linux based operating system The provided components implement the cryptographic accelerator a cryptographic key agreement mechanism based on a full in hardware implemented true random number generator but also the necessary Linux drivers for the above mentioned hardware components
212 Fitting into overall COSMOS solution
As depicted in Figure 1 the COSMOS platform receives data from VEs These VEs can be of three types (as presented in [2])
Highly secured (HW + SW)
Low secured (SW only)
Unsecured (no security mechanisms)
As non- or low secure ldquoThingsrdquo are of little interest we have focused our activities on the high secure solution envisioned by COSMOS which relies on hardware components The demonstrator showcase for this endeavor is the Hardware Security Board which consists of a physical hardware device linking the physical world (ie VEs) and the COSMOS environmentplatform The Hardware Security Board can host one or many VEs and be connected to one or more physical sensors (eg temperature pressure humidity presence cameras etc)
The architectural components of COSMOS are depicted in [1]
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 7 of 44
Figure 1 COSMOS high level view
The HW Security Board (or HW Board for short) is therefore the physical implementation of a ldquothingrdquo enriched with security and privacy components such as
HW encryptiondecryption module
Key exchange module (ie Diffie-Hellman key exchange implementation)
Hashingchecksum module
Privacy filters
2121 Technical description
The hardware coded security components are implemented inside the Xilinx Zynq FPGA fabric and are connected to the CPU using a standard AXI bus interface This device part ASIC and part FPGA provides a cheap development platform which can be used to depict both hardware and software security mechanisms while enabling software developers by using standard components such as the CPU memory and interrupt controller etc
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 2 of 44
wwwiot-cosmoseu
The research leading to these results has received funding from the European Communitys Seventh Framework Programme under grant
agreement ndeg 609043
Version Control
Version Date Author Authorrsquos Organization Changes
01 25052015 Leonard Pitu Siemens Internal draft
02 04062015 Juan Sancho ATOS Node-RED Security
03 12062015 Achilleas Marinakis NTUA Privelets
04 26062015 Leonard Pitu Siemens New chapters
05 29062015 Leonard Pitu Siemens Include review 1
10 30062015 Juan Sancho ATOS Release version
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 3 of 44
Table of Contents 1 Introduction 5
11 About this deliverable 5
12 Document structure 5
2 Hardware Coded Security 6
21 Implementation 6
211 Functional description 6
212 Fitting into overall COSMOS solution 6
213 ECC (Diffie-Hellman) 17
214 Hardware Random Number Generator 28
215 Technical specifications 29
22 Delivery and usage 29
221 Package information 29
222 Installation instructions 30
223 User Manual 31
224 Licensing information 31
3 Privelets 32
31 Implementation 32
311 Functional description 32
312 Fitting into overall COSMOS solution 32
313 Technical specifications 32
32 Delivery and usage 32
321 Package information 32
322 Installation instructions 33
323 User Manual 33
324 Licensing information 38
325 Download 38
4 Cloud Storage Security 39
5 Node-RED Security 40
51 Introduction 40
52 Functional description 40
53 Surveillance Service 41
6 Conclusions 43
7 References 44
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 4 of 44
List of Figures Figure 1 COSMOS high level view 7
Figure 2 Hardware Coded Security 8
Figure 3 Zynq-7000 AP SoC Overview 9
Figure 4 AES Module Instantiation 9
Figure 5 AES module internal structure 10
Figure 6 AES Timing Diagram 11
Figure 7 AES Module Functionality Chart 12
Figure 8 ECC module internal structure 17
Figure 9 ECC operation hierarchy 18
Figure 10 Public Key Generation 19
Figure 11 Private Key Generation 20
Figure 12 Noise generator 28
Figure 13 Zynq ZC702 boot switch configuration 30
Figure 14 Followers list 33
Figure 15 wrong requestKey output 34
Figure 16 wrong requestKey response 34
Figure 17 Privelets Configuration File 34
Figure 18 right requestKey private data output 35
Figure 19 right requestKey private data response 35
Figure 20 right requestKey public data output 36
Figure 21 right requestKey public data response 36
Figure 22 right requestKey repetitive request output 37
Figure 23 right requestKey repetitive request response 37
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 5 of 44
1 Introduction
11 About this deliverable
The present deliverable describes the first modules of the COSMOS platform demonstrator It provides technical details with respect to the implemented modules their usage and the requirements needed
12 Document structure
The document is structured as according to work package 3 structure Each task has a dedicated section which details the results of the activities performed The present document covers the individual activities which are going to converge into a unified demonstrator over the course of the next month
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 6 of 44
2 Hardware Coded Security
21 Implementation
211 Functional description
The Hardware Coded Security component of COSMOS provides the necessary link between the physical world and the COSMOS platform The hardware security board implements a root-of-trust mechanism to support the functionality described in[1]
The hardware security board provides security primitives implemented in hardware for the software applications Therefore the hardware coded security components help build up the chain of trust based on high performance cryptographic applications
The main advantages of the hardware coded security components are the high speed and reliability as compared to software implementations Also the structure and architectural model in place have been developed to enable on the fly cryptographic operation without user interaction This is provided by a mixture of hardware and software design Common security attacks are targeting software andor software implementations of security mechanisms therefore having a hardware enabled secure foundation allow for better security and reliability
The delivered prototype is the second step in enabling the seamless enrollment and authentication of hardware based security components in the COSMOS platform Currently it provides hardware components which integrate seamlessly with an ARM CPU sub-system and with a modern Linux based operating system The provided components implement the cryptographic accelerator a cryptographic key agreement mechanism based on a full in hardware implemented true random number generator but also the necessary Linux drivers for the above mentioned hardware components
212 Fitting into overall COSMOS solution
As depicted in Figure 1 the COSMOS platform receives data from VEs These VEs can be of three types (as presented in [2])
Highly secured (HW + SW)
Low secured (SW only)
Unsecured (no security mechanisms)
As non- or low secure ldquoThingsrdquo are of little interest we have focused our activities on the high secure solution envisioned by COSMOS which relies on hardware components The demonstrator showcase for this endeavor is the Hardware Security Board which consists of a physical hardware device linking the physical world (ie VEs) and the COSMOS environmentplatform The Hardware Security Board can host one or many VEs and be connected to one or more physical sensors (eg temperature pressure humidity presence cameras etc)
The architectural components of COSMOS are depicted in [1]
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 7 of 44
Figure 1 COSMOS high level view
The HW Security Board (or HW Board for short) is therefore the physical implementation of a ldquothingrdquo enriched with security and privacy components such as
HW encryptiondecryption module
Key exchange module (ie Diffie-Hellman key exchange implementation)
Hashingchecksum module
Privacy filters
2121 Technical description
The hardware coded security components are implemented inside the Xilinx Zynq FPGA fabric and are connected to the CPU using a standard AXI bus interface This device part ASIC and part FPGA provides a cheap development platform which can be used to depict both hardware and software security mechanisms while enabling software developers by using standard components such as the CPU memory and interrupt controller etc
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 3 of 44
Table of Contents 1 Introduction 5
11 About this deliverable 5
12 Document structure 5
2 Hardware Coded Security 6
21 Implementation 6
211 Functional description 6
212 Fitting into overall COSMOS solution 6
213 ECC (Diffie-Hellman) 17
214 Hardware Random Number Generator 28
215 Technical specifications 29
22 Delivery and usage 29
221 Package information 29
222 Installation instructions 30
223 User Manual 31
224 Licensing information 31
3 Privelets 32
31 Implementation 32
311 Functional description 32
312 Fitting into overall COSMOS solution 32
313 Technical specifications 32
32 Delivery and usage 32
321 Package information 32
322 Installation instructions 33
323 User Manual 33
324 Licensing information 38
325 Download 38
4 Cloud Storage Security 39
5 Node-RED Security 40
51 Introduction 40
52 Functional description 40
53 Surveillance Service 41
6 Conclusions 43
7 References 44
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 4 of 44
List of Figures Figure 1 COSMOS high level view 7
Figure 2 Hardware Coded Security 8
Figure 3 Zynq-7000 AP SoC Overview 9
Figure 4 AES Module Instantiation 9
Figure 5 AES module internal structure 10
Figure 6 AES Timing Diagram 11
Figure 7 AES Module Functionality Chart 12
Figure 8 ECC module internal structure 17
Figure 9 ECC operation hierarchy 18
Figure 10 Public Key Generation 19
Figure 11 Private Key Generation 20
Figure 12 Noise generator 28
Figure 13 Zynq ZC702 boot switch configuration 30
Figure 14 Followers list 33
Figure 15 wrong requestKey output 34
Figure 16 wrong requestKey response 34
Figure 17 Privelets Configuration File 34
Figure 18 right requestKey private data output 35
Figure 19 right requestKey private data response 35
Figure 20 right requestKey public data output 36
Figure 21 right requestKey public data response 36
Figure 22 right requestKey repetitive request output 37
Figure 23 right requestKey repetitive request response 37
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 5 of 44
1 Introduction
11 About this deliverable
The present deliverable describes the first modules of the COSMOS platform demonstrator It provides technical details with respect to the implemented modules their usage and the requirements needed
12 Document structure
The document is structured as according to work package 3 structure Each task has a dedicated section which details the results of the activities performed The present document covers the individual activities which are going to converge into a unified demonstrator over the course of the next month
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 6 of 44
2 Hardware Coded Security
21 Implementation
211 Functional description
The Hardware Coded Security component of COSMOS provides the necessary link between the physical world and the COSMOS platform The hardware security board implements a root-of-trust mechanism to support the functionality described in[1]
The hardware security board provides security primitives implemented in hardware for the software applications Therefore the hardware coded security components help build up the chain of trust based on high performance cryptographic applications
The main advantages of the hardware coded security components are the high speed and reliability as compared to software implementations Also the structure and architectural model in place have been developed to enable on the fly cryptographic operation without user interaction This is provided by a mixture of hardware and software design Common security attacks are targeting software andor software implementations of security mechanisms therefore having a hardware enabled secure foundation allow for better security and reliability
The delivered prototype is the second step in enabling the seamless enrollment and authentication of hardware based security components in the COSMOS platform Currently it provides hardware components which integrate seamlessly with an ARM CPU sub-system and with a modern Linux based operating system The provided components implement the cryptographic accelerator a cryptographic key agreement mechanism based on a full in hardware implemented true random number generator but also the necessary Linux drivers for the above mentioned hardware components
212 Fitting into overall COSMOS solution
As depicted in Figure 1 the COSMOS platform receives data from VEs These VEs can be of three types (as presented in [2])
Highly secured (HW + SW)
Low secured (SW only)
Unsecured (no security mechanisms)
As non- or low secure ldquoThingsrdquo are of little interest we have focused our activities on the high secure solution envisioned by COSMOS which relies on hardware components The demonstrator showcase for this endeavor is the Hardware Security Board which consists of a physical hardware device linking the physical world (ie VEs) and the COSMOS environmentplatform The Hardware Security Board can host one or many VEs and be connected to one or more physical sensors (eg temperature pressure humidity presence cameras etc)
The architectural components of COSMOS are depicted in [1]
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 7 of 44
Figure 1 COSMOS high level view
The HW Security Board (or HW Board for short) is therefore the physical implementation of a ldquothingrdquo enriched with security and privacy components such as
HW encryptiondecryption module
Key exchange module (ie Diffie-Hellman key exchange implementation)
Hashingchecksum module
Privacy filters
2121 Technical description
The hardware coded security components are implemented inside the Xilinx Zynq FPGA fabric and are connected to the CPU using a standard AXI bus interface This device part ASIC and part FPGA provides a cheap development platform which can be used to depict both hardware and software security mechanisms while enabling software developers by using standard components such as the CPU memory and interrupt controller etc
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 4 of 44
List of Figures Figure 1 COSMOS high level view 7
Figure 2 Hardware Coded Security 8
Figure 3 Zynq-7000 AP SoC Overview 9
Figure 4 AES Module Instantiation 9
Figure 5 AES module internal structure 10
Figure 6 AES Timing Diagram 11
Figure 7 AES Module Functionality Chart 12
Figure 8 ECC module internal structure 17
Figure 9 ECC operation hierarchy 18
Figure 10 Public Key Generation 19
Figure 11 Private Key Generation 20
Figure 12 Noise generator 28
Figure 13 Zynq ZC702 boot switch configuration 30
Figure 14 Followers list 33
Figure 15 wrong requestKey output 34
Figure 16 wrong requestKey response 34
Figure 17 Privelets Configuration File 34
Figure 18 right requestKey private data output 35
Figure 19 right requestKey private data response 35
Figure 20 right requestKey public data output 36
Figure 21 right requestKey public data response 36
Figure 22 right requestKey repetitive request output 37
Figure 23 right requestKey repetitive request response 37
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 5 of 44
1 Introduction
11 About this deliverable
The present deliverable describes the first modules of the COSMOS platform demonstrator It provides technical details with respect to the implemented modules their usage and the requirements needed
12 Document structure
The document is structured as according to work package 3 structure Each task has a dedicated section which details the results of the activities performed The present document covers the individual activities which are going to converge into a unified demonstrator over the course of the next month
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 6 of 44
2 Hardware Coded Security
21 Implementation
211 Functional description
The Hardware Coded Security component of COSMOS provides the necessary link between the physical world and the COSMOS platform The hardware security board implements a root-of-trust mechanism to support the functionality described in[1]
The hardware security board provides security primitives implemented in hardware for the software applications Therefore the hardware coded security components help build up the chain of trust based on high performance cryptographic applications
The main advantages of the hardware coded security components are the high speed and reliability as compared to software implementations Also the structure and architectural model in place have been developed to enable on the fly cryptographic operation without user interaction This is provided by a mixture of hardware and software design Common security attacks are targeting software andor software implementations of security mechanisms therefore having a hardware enabled secure foundation allow for better security and reliability
The delivered prototype is the second step in enabling the seamless enrollment and authentication of hardware based security components in the COSMOS platform Currently it provides hardware components which integrate seamlessly with an ARM CPU sub-system and with a modern Linux based operating system The provided components implement the cryptographic accelerator a cryptographic key agreement mechanism based on a full in hardware implemented true random number generator but also the necessary Linux drivers for the above mentioned hardware components
212 Fitting into overall COSMOS solution
As depicted in Figure 1 the COSMOS platform receives data from VEs These VEs can be of three types (as presented in [2])
Highly secured (HW + SW)
Low secured (SW only)
Unsecured (no security mechanisms)
As non- or low secure ldquoThingsrdquo are of little interest we have focused our activities on the high secure solution envisioned by COSMOS which relies on hardware components The demonstrator showcase for this endeavor is the Hardware Security Board which consists of a physical hardware device linking the physical world (ie VEs) and the COSMOS environmentplatform The Hardware Security Board can host one or many VEs and be connected to one or more physical sensors (eg temperature pressure humidity presence cameras etc)
The architectural components of COSMOS are depicted in [1]
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 7 of 44
Figure 1 COSMOS high level view
The HW Security Board (or HW Board for short) is therefore the physical implementation of a ldquothingrdquo enriched with security and privacy components such as
HW encryptiondecryption module
Key exchange module (ie Diffie-Hellman key exchange implementation)
Hashingchecksum module
Privacy filters
2121 Technical description
The hardware coded security components are implemented inside the Xilinx Zynq FPGA fabric and are connected to the CPU using a standard AXI bus interface This device part ASIC and part FPGA provides a cheap development platform which can be used to depict both hardware and software security mechanisms while enabling software developers by using standard components such as the CPU memory and interrupt controller etc
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 5 of 44
1 Introduction
11 About this deliverable
The present deliverable describes the first modules of the COSMOS platform demonstrator It provides technical details with respect to the implemented modules their usage and the requirements needed
12 Document structure
The document is structured as according to work package 3 structure Each task has a dedicated section which details the results of the activities performed The present document covers the individual activities which are going to converge into a unified demonstrator over the course of the next month
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 6 of 44
2 Hardware Coded Security
21 Implementation
211 Functional description
The Hardware Coded Security component of COSMOS provides the necessary link between the physical world and the COSMOS platform The hardware security board implements a root-of-trust mechanism to support the functionality described in[1]
The hardware security board provides security primitives implemented in hardware for the software applications Therefore the hardware coded security components help build up the chain of trust based on high performance cryptographic applications
The main advantages of the hardware coded security components are the high speed and reliability as compared to software implementations Also the structure and architectural model in place have been developed to enable on the fly cryptographic operation without user interaction This is provided by a mixture of hardware and software design Common security attacks are targeting software andor software implementations of security mechanisms therefore having a hardware enabled secure foundation allow for better security and reliability
The delivered prototype is the second step in enabling the seamless enrollment and authentication of hardware based security components in the COSMOS platform Currently it provides hardware components which integrate seamlessly with an ARM CPU sub-system and with a modern Linux based operating system The provided components implement the cryptographic accelerator a cryptographic key agreement mechanism based on a full in hardware implemented true random number generator but also the necessary Linux drivers for the above mentioned hardware components
212 Fitting into overall COSMOS solution
As depicted in Figure 1 the COSMOS platform receives data from VEs These VEs can be of three types (as presented in [2])
Highly secured (HW + SW)
Low secured (SW only)
Unsecured (no security mechanisms)
As non- or low secure ldquoThingsrdquo are of little interest we have focused our activities on the high secure solution envisioned by COSMOS which relies on hardware components The demonstrator showcase for this endeavor is the Hardware Security Board which consists of a physical hardware device linking the physical world (ie VEs) and the COSMOS environmentplatform The Hardware Security Board can host one or many VEs and be connected to one or more physical sensors (eg temperature pressure humidity presence cameras etc)
The architectural components of COSMOS are depicted in [1]
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 7 of 44
Figure 1 COSMOS high level view
The HW Security Board (or HW Board for short) is therefore the physical implementation of a ldquothingrdquo enriched with security and privacy components such as
HW encryptiondecryption module
Key exchange module (ie Diffie-Hellman key exchange implementation)
Hashingchecksum module
Privacy filters
2121 Technical description
The hardware coded security components are implemented inside the Xilinx Zynq FPGA fabric and are connected to the CPU using a standard AXI bus interface This device part ASIC and part FPGA provides a cheap development platform which can be used to depict both hardware and software security mechanisms while enabling software developers by using standard components such as the CPU memory and interrupt controller etc
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 6 of 44
2 Hardware Coded Security
21 Implementation
211 Functional description
The Hardware Coded Security component of COSMOS provides the necessary link between the physical world and the COSMOS platform The hardware security board implements a root-of-trust mechanism to support the functionality described in[1]
The hardware security board provides security primitives implemented in hardware for the software applications Therefore the hardware coded security components help build up the chain of trust based on high performance cryptographic applications
The main advantages of the hardware coded security components are the high speed and reliability as compared to software implementations Also the structure and architectural model in place have been developed to enable on the fly cryptographic operation without user interaction This is provided by a mixture of hardware and software design Common security attacks are targeting software andor software implementations of security mechanisms therefore having a hardware enabled secure foundation allow for better security and reliability
The delivered prototype is the second step in enabling the seamless enrollment and authentication of hardware based security components in the COSMOS platform Currently it provides hardware components which integrate seamlessly with an ARM CPU sub-system and with a modern Linux based operating system The provided components implement the cryptographic accelerator a cryptographic key agreement mechanism based on a full in hardware implemented true random number generator but also the necessary Linux drivers for the above mentioned hardware components
212 Fitting into overall COSMOS solution
As depicted in Figure 1 the COSMOS platform receives data from VEs These VEs can be of three types (as presented in [2])
Highly secured (HW + SW)
Low secured (SW only)
Unsecured (no security mechanisms)
As non- or low secure ldquoThingsrdquo are of little interest we have focused our activities on the high secure solution envisioned by COSMOS which relies on hardware components The demonstrator showcase for this endeavor is the Hardware Security Board which consists of a physical hardware device linking the physical world (ie VEs) and the COSMOS environmentplatform The Hardware Security Board can host one or many VEs and be connected to one or more physical sensors (eg temperature pressure humidity presence cameras etc)
The architectural components of COSMOS are depicted in [1]
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 7 of 44
Figure 1 COSMOS high level view
The HW Security Board (or HW Board for short) is therefore the physical implementation of a ldquothingrdquo enriched with security and privacy components such as
HW encryptiondecryption module
Key exchange module (ie Diffie-Hellman key exchange implementation)
Hashingchecksum module
Privacy filters
2121 Technical description
The hardware coded security components are implemented inside the Xilinx Zynq FPGA fabric and are connected to the CPU using a standard AXI bus interface This device part ASIC and part FPGA provides a cheap development platform which can be used to depict both hardware and software security mechanisms while enabling software developers by using standard components such as the CPU memory and interrupt controller etc
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 7 of 44
Figure 1 COSMOS high level view
The HW Security Board (or HW Board for short) is therefore the physical implementation of a ldquothingrdquo enriched with security and privacy components such as
HW encryptiondecryption module
Key exchange module (ie Diffie-Hellman key exchange implementation)
Hashingchecksum module
Privacy filters
2121 Technical description
The hardware coded security components are implemented inside the Xilinx Zynq FPGA fabric and are connected to the CPU using a standard AXI bus interface This device part ASIC and part FPGA provides a cheap development platform which can be used to depict both hardware and software security mechanisms while enabling software developers by using standard components such as the CPU memory and interrupt controller etc
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 8 of 44
2122 Prototype architecture
The Hardware Coded Security diagram is presented below
Figure 2 Hardware Coded Security
For the system to be secure the following items are needed
Secure boot ndash this allows the system to ldquostartrdquo in a pre-defined state where the security level is high and uncompromised
Secure storage ndash this allows for the safe storage of secret information (eg configuration data encryption keys)
Cryptographic primitives ndash runs partially autonomously and uses the secret information to provide the basic building blocks in order to raise the security level
Key agreement mechanism ndash a mechanism to exchange a cryptographic key using the Diffie Hellman key agreement protocol
Secure execution environment ndash allows for the security critical applications to run in a safe and secure compartment which safe-guards the critical information
Privacy ndash data has to be privacy enriched and in ownership of the rightful owner
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 9 of 44
2123 Components description
Figure 3 illustrates the functional blocks of the Zynq-7000 AP SoC
IO
MUX
CRUIO Peripherals
2 x USB
2 x GigE
2 x SD
GPIO
2 x UART
2 x I2C
2 x CAN
2 x SPI
Memory IF
QSPI CTRL
SRAM
Interconnect
MatrixARM
Core1
ARM
Core2
FPGA Programmable
Logic
AX
I
Zynq-7000 AP SoC
AXI
AXI
AXI
AXI
DDR23
LPDDR2
CTRL
AXI
Config
Figure 3 Zynq-7000 AP SoC Overview
The hardware security board uses the ARM subsystem and the provided peripherals (hard macros) as depicted in Figure 3 The security component that is the cryptographic accelerator is implemented in the FPGA fabric The connection between the FPGA Programmable Logic and the ARM subsystem is implemented using an AXI bus interface
Figure 4 AES Module Instantiation
The FPGA fabric currently holds 2 main modules that is the cryptographic accelerator and the Diffie Hellman key agreement protocol
In order to facilitate the usage of hardware based security modules an easier bus system called APB [3] was used In order to connect the APB to the AXI bus a bridge is needed The used bridge is provided by the platform FPGA manufacturer (Xilinx) and is freely available in the tool-chain the demonstrator board was delivered with
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 10 of 44
2124 AES
cmbo[310]
clk_irstn_i
pwdata_i[310]
psel_ipenable_ipaddr_ipwrite_i
AK
prdata_o[310]pready_o
APB INTERFACE
aes_enable
aes_clk
aes_encrypt dec
StateRegister
clk_i
rstn_i
load_i
dat_i
se_i
state_reg_i
state_reg_o
KeyRegister
clk_i
rstn_i
kload_i
dat_i
kshift_i
rnd0_i
key_reg0_o
round_key_i
key_reg2_o
key_reg3_o
S-BOXA
encryptQ
SB
dec_i
subbytes_isbsel_i
sb_o[310]
MCdec_i
data_i
mc_o[310]
Key Scheduler
clk_i
rstn_idec_ctrl_ircon_updt_ikshift_ikey_reg0_i[310]key_reg2_i[310]key_reg3_i[310]start_irn0_iksel_i
round_key_o[310]
aes_reset
load
dat[310]
AES Control
clk_i
rstn_idec_istart_iload_ikload_iread_i
cmb_i
fsel_ose_o
ready_osbsel_okshift_o
rn0_oksel_o
rcon_updt_odec_ctrl_o
dat_o
aes_start
kload
aes_read
aes_ready
dec
dat_o
data_i
round_key_i
ar_o[310]
cmbi[310]
cmbi[310]
0
0
1
2
3
Figure 5 AES module internal structure
The AES module is implemented according to the fips-197 standard and has the internal structure as depicted in Figure 5The module implements the basic building blocks the AES computing rounds rely on The AES Control sub-module implements a state machine which controls the AES computation The module implements both encryption and decryption according to the AES standard
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 11 of 44
clk_i
load_i
kload_i
ready_o
read_i
dat_i
dat_o
rsnt_i
start_i
0 10 260
K0 K1 K2 K3 D0 D1 D2 D3
D0 D1 D2 D3
dat_i and dat_o are 32 bits wide
an encryption or decryption(without key expansion) takes 240clk
Figure 6 AES Timing Diagram
The timing diagram of the AES cryptographic accelerator is depicted in Figure 6 As the diagram shows the data and key are loaded over a 32bit bus and therefore need 4 clock cycles to load
21241 AES Functionality Description
Certain steps must be followed in order to encryptdecrypt data correctly with the AES module described in this chapter (see Figure 7) After the chip Power On the software has to enable the AES module ndash set bit [1] (aes_enable) of the AES_CTRL register This bit gates the modulersquos input clock After the clock enable a software reset must be provided by writing bit [0] (aes_reset) of the same control register In this phase the AES is initialized and enters the IDLE state waiting for an encryptiondecryption operation
In case of an encryption AES_CTRL bit [3] (aes_encrypt) must be set and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers The encryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the encryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
In case of a decryption AES_CTRL bit [3] (aes_encrypt) must be cleared and then 128 bits of data have to be first loaded into the LOAD_DATA1hellip4 registers followed by writing 128 bits of key into the LOAD_KEY1hellip4 registers if the decryption keys are not the same with the encryption keys The decryption operation starts when bit [4] (aes_start) of AES_CTRL is set This register bit is automatically cleared by hardware Having the decryption started the SW must poll bit [5] of AES_CTRL register (aes_ready) in order to detect the operation end This bit is set by hardware and automatically cleared (by hardware) when 128 bits of result are read out from READ_DATA1hellip4 registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 12 of 44
Power On
Enable
Module
Reset
Module
aes_encrypt
Write bit[1] from
AES_CTRL register
Write bit[0] from
AES_CTRL register
Load Data
[cnt]
cnt = 4Yes No
Yes
Load Keys
[cnt]
cnt = 4Yes No
No
same keysNo
START
Write bit[4] from
AES_CTRL register
aes_ready
Wait
No
Yes
IDLE
Write
LOAD_DATA[cnt]
registers
Write
LOAD_KEY[cnt]
registers
Read Data
[cnt]
cnt = 4NoYes
Read bit[5] from
AES_CTRL register
Read
READ_DATA[cnt]
registers
Figure 7 AES Module Functionality Chart
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 13 of 44
21242 AES Address Space
The AES address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 90h AES
Module RegisterMemory Read Write Address
AES
LOAD_DATA1
w 0h
LOAD_DATA2
w 4h
LOAD_DATA3
w 8h
LOAD_DATA4
w Ch
LOAD_KEY1
w 10h
LOAD_KEY2
w 14h
LOAD_KEY3
w 18h
LOAD_KEY4
w 1Ch
READ_DATA1
w 20h
READ_DATA2
w 24h
READ_DATA3
w 28h
READ_DATA4
w 2Ch
AES_CTRL (r)(h) (w) 90h
Table 1 AES address space
21243 AES Register Description
In order to address the AES peripheral using software the following register map has been implemented
Register LOAD_DATA1 Address 0h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA1 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA2 Address 4h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA2 00000000h
w Load register for the data to be encrypted
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 14 of 44
Register LOAD_DATA3 Address 8h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA3 00000000h
w Load register for the data to be encrypted
Register LOAD_DATA4 Address Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the data to be encrypted
Bit Identifier Reset Attr Function Description
31dt0 LOAD_DATA4 00000000h
w Load register for the data to be encrypted
Table 2 Load data registers
Register LOAD_KEY1 Address 10h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY1 00000000h
w Load register for the encryption key
Register LOAD_KEY2 Address 14h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY2 00000000h
w Load register for the encryption key
Register LOAD_KEY3 Address 18h
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY3 00000000h
w Load register for the encryption key
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 15 of 44
Register LOAD_KEY4 Address 1Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Load the encryption key
Bit Identifier Reset Attr Function Description
31dt0 LOAD_KEY4 00000000h
w Load register for the encryption key
Table 3 Load key registers
Register READ_DATA1 Address 20h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA1 00000000h
w Read register for the decrypted data
Register READ_DATA2 Address 24h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA2 00000000h
w Read register for the decrypted data
Register READ_DATA3 Address 28h
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA3 00000000h
w Read register for the decrypted data
Register READ_DATA4 Address 2Ch
Bits 31dt0 Reset value 0h Attributes
w
Description Read decrypted data
Bit Identifier Reset Attr Function Description
31dt0 READ_DATA4 00000000h
w Read register for the decrypted data
Table 4 Read data registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 16 of 44
Register AES_CTRL Address 90h
Bits 31dt0 Reset value 0h Attributes (r)(h) (w)
Description AES Control register
Bit Identifier Reset Attr Function Description
0 AES_RESET 0h r w AES module Reset bit
0 - Reset is asserted
1 AES_ENABLE 0h r w AES module Enable
1 - AES module enabled
2 reserved 0h
3 AES_ENCRYPT 0h r w
Select between encryptiondecryption operation 1 - encryption
0 - decryption
4 AES_START 0h
w
AES operation start (pulse always read 0)
1 - start the encryptiondecryption opeartion
0 - idleoperation in progress
5 AES_READY 0h rh
AES operation ready set by HW reset by SW when reading from address 0x2X
31dt6 reserved 0000000h
Table 5 AES control register
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 17 of 44
213 ECC (Diffie-Hellman)
Figure 8 ECC module internal structure
In order to use the AES hardware module an encryption key is needed This key is to be generated in the COSMOS platform and published to the HW Security Board For this reason a hardware implementation of Elliptic Curve Diffie-Hellman is needed Diffie-Hellman is an anonymous key agreement protocol that allows two parties each having an elliptic curve publicndashprivate key pair to establish a shared secret over an insecure channel
The current implementation is focused on developing a hardware prototype of a Diffie-Hellman key agreement protocol The implementation considers only fixed-length 164 bits key and a standard APB interface
A general description of the Diffie-Hellman protocol between two entities Alice and Bob
Alice and Bob agree on a finite cycle group (in this case a Galois group) and a
generating element a point on the elliptic curve These parameters are usually
recommended in NIST or Certicom documents
Alice chooses a random natural number 119886 and sends 119886 lowast 119875 to Bob
Bob chooses a random natural number 119887 and sends 119887 lowast 119875 to Alice
Alice computes the secret shared key 119886 lowast (119887 lowast 119875)
Bob computes the secret shared key 119887 lowast (119886 lowast 119875)
ec_point_ad
dition_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
Xtemp_i
Ytemp_i
ec_point_do
ubling_inst
clk_i
rst_n_i
start_i
164
164
164
164
164
Xr_o
Yr_o
done_oa_i
Xp_i
Yp_i
degree
degree
Glue Logic
ecc_inst
clk_i
rst_n_i
start_i
scalar_i
Xp_i
Yp_i
a_i
164
164
164
164
164
164
Xr_o
Yr_o
done_o
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 18 of 44
The ECC operation hierarchy is depicted in Figure 9
Figure 9 ECC operation hierarchy
The main modules forming the ECC module are the EC Point Addition and EC Point Doubling Both modules rely on a limited set of mathematical operations executed over Galois Fields such as addition subtraction multiplication and division
21311 ECC Functionality Description
The Diffie-Hellman key agreement protocol flow-charts for the public key is depicted in Figure 10 and for the private key in Figure 11
ECC Protocol
EC Point Add EC Point Double
GF addsub GF mul GF divinv
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 19 of 44
Figure 10 Public Key Generation
Powerup reset ECDH_reset new key gen
WRITE RANDOM_data_5
WRITE_RANDOM_data_4
WRITE_RANDOM_data_3
WRITE_RANDOM_data_2
WRITE_RANDOM_data_1
WRITE_RANDOM_data_0
(in any order)
Start_public_key_generation
WRITE ECDH_Control
(Set bit ECDH_control[1])
READ ECDH_public_key_A_5
READ ECDH_public_key_A_4
READ ECDH_public_key_A_3
READ ECDH_public_key_A_2
READ ECDH_public_key_A_1
READ ECDH_public_key_A_0
(in any order)
WRITE ECDH_Control
(clear ECDH_public_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
1
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
0
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 20 of 44
Figure 11 Private Key Generation
Powerup reset ECDH_reset new key gen
WRITE Public_Key_B_5
WRITE Public_Key_B_4
WRITE Public_Key_B_3
WRITE Public_Key_B_2
WRITE Public_Key_B_1
WRITE Public_Key_B_0
(in any order)
WRITE Random_data_5
WRITE Random_data_4
WRITE Random_data_3
WRITE Random_data_2
WRITE Random_data_1
WRITE Random_data_0
(in any order)
[optional this regs should contains same random data
that was used to generate the public key]
Start Private Key gen
WRITE ECDH_Control
(Set bit ECDH_Control[2])
1
READ ECDH_private_key_5
READ ECDH_private_key_4
READ ECDH_private_key_3
READ ECDH_private_key_2
READ ECDH_private_key_1
READ ECDH_private_key_0
(in any order)
WRITE ECDH_Control
(clear ECDH_private_key_gen_done bit)
ECDH_status[0]
(ECDH_busy)
ECDH_status[0]
(ECDH_busy)
0
1
0
ECDH_status[2]
(ECDH_private_key_gen_done)
0
1
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 21 of 44
21312 ECC Address Space
The ECC address space has been designed to allow further improvements The data and control registers are directly addressable by the CPU using the implemented APB bus
Start-Address End-Address ModuleMemory-Name
0h 100h ECC
Module RegisterMemory Read Write Address
ECC
ECDH_Control r w 0000h
ECDH_Status 4 w 0004h
ECDH_random_data_5 r w 0008h
ECDH_random_data_4 r w 000Ch
ECDH_random_data_3 r w 0010h
ECDH_random_data_2 r w 0014h
ECDH_random_data_1 r w 0018h
ECDH_random_data_0 r w 001Ch
ECDH_public_key_B_5 r w 0020h
ECDH_public_key_B_4 r w 0024h
ECDH_public_key_B_3 r w 0028h
ECDH_public_key_B_2 r w 002Ch
ECDH_public_key_B_1 r w 0030h
ECDH_public_key_B_0 r
0034h
ECDH_public_key_A_5 r
0038h
ECDH_public_key_A_4 r
003Ch
ECDH_public_key_A_3 r
0040h
ECDH_public_key_A_2 r
0044h
ECDH_public_key_A_1 r
0048h
ECDH_public_key_A_0 r
004Ch
ECDH_private_key_5 r
0050h
ECDH_private_key_4 r
0054h
ECDH_private_key_3 r
0058h
ECDH_public_key_B_2 r
005Ch
ECDH_private_key_1 r
0060h
ECDH_private_key_0 r
0064h
Table 6 ECDH address space
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 22 of 44
21313 ECC Register Description
In order to address the ECC peripheral using software the following register map has been implemented
ECDH registers Name
ECDH_Control
Address 0000h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Reset lsquo1rsquo ndash active local reset signal 0b0
1 ECDH_Start_Public_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the public key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
2 ECDH_Start_Private_Key_Gen
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash Start the private key generation is automatically reset by the ECDH module after 1 clk cycle
0b0
313 Reserved 0
Name ECDH_Status
Address 0004h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
0 ECDH_Busy lsquo0rsquo ndash ECDH module is available
lsquo1rsquo ndash ECDH module is busy
0b0
1 ECDH_public_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The public key is computed should be cleared by SW
0b0
2 ECDH_private_key_gen_done
lsquo0rsquo ndash default reset value
lsquo1rsquo ndash The private key is computed should be cleared by SW
0b0
313 Reserved 0
Table 7 ECDH Control amp Status Registers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 23 of 44
Name ECDH_random_data_5
Address 0008h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_5 ECDH random data [163132] 0x0000
Name ECDH_random_data_4
Address 000Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_4 ECDH random data [131100] 0x0000
Name ECDH_random_data_3
Address 0010h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_3 ECDH random data [9968] 0x0000
Name ECDH_random_data_2
Address 0014h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Random_data_2 ECDH random data [6736] 0x0000
Name ECDH_random_data_1
Address 0018h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 24 of 44
310 Random_data_1 ECDH random data [354] 0x0000
Name ECDH_random_data_0
Address 001Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Random_data_0 ECDH random data [30] 0x0000
314 Reserved
Table 8 ECDH Random Data Registers
Name ECDH_public_key_B_5
Address 0020h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_5 ECDH public key B (from partner) [163132] 0x0000
Name ECDH_public_key_B_4
Address 0024h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_4 ECDH public key B (from partner) [131100] 0x0000
Name ECDH_public_key_B_3
Address 0028h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_3 ECDH public key B (from partner) [9968] 0x0000
Name ECDH_public_key_B_2
Address 002Ch
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 25 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_2 ECDH public key B (from partner) [6736] 0x0000
Name ECDH_public_key_B_1
Address 0030h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
310 Public_Key_B_1 ECDH public key B (from partner) [354] 0x0000
Name ECDH_public_key_B_0
Address 0034h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access RW (APB Access)
Bits Name Description Init Value
30 Public_Key_B_0 ECDH public key B (from partner) [30] 0x0000
314 Reserved
Table 9 ECDH Public Key [B] Registers
Name ECDH_public_key_A_5
Address 0038h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_5 ECDH public key A (to partner) [163132] 0x0000
Name ECDH_public_key_A _4
Address 003Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 26 of 44
310 Public_Key_A_4 ECDH public key A (to partner) [131100] 0x0000
Name ECDH_public_key_A_3
Address 0040h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_3 ECDH public key A (to partner) [9968] 0x0000
Name ECDH_public_key_A_2
Address 0044h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_2 ECDH public key A (to partner) [6736] 0x0000
Name ECDH_public_key_A_1
Address 0048h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Public_Key_A_1 ECDH public key A (to partner) [354] 0x0000
Name ECDH_public_key_A_0
Address 004Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Public_Key_A_0 ECDH public key A (to partner) [30] 0x0000
314 Reserved
Table 10 ECDH Public Key [A] Registers
Name ECDH_private_key_5
Address 0050h
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 27 of 44
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private_Key_5 ECDH private key [163132] 0x0000
Name ECDH_private_key_4
Address 0054h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_4 ECDH private key [131100] 0x0000
Name ECDH_private_key_3
Address 0058h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_3 ECDH private key [9968] 0x0000
Name ECDH_private_key_2
Address 005Ch
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_2 ECDH private key [6736] 0x0000
Name ECDH_private_key_1
Address 0060h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
310 Private _Key_1 ECDH private key [354] 0x0000
Name ECDH_private_key_0
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 28 of 44
Address 0064h
Bit-Nr 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Access R (APB Access)
Bits Name Description Init Value
30 Private _Key_0 ECDH private key [30] 0x0000
314 Reserved
Table 11 ECDH Private Key Registers
214 Hardware Random Number Generator
In order to provide the proper level of security the ECC module needs a random seed ndash a true random number generator A TRNG can only be realised using a natural occurring phenomena which cannot be controlled modelled or anticipated
Due to the physical structure of the transistor the fabrication process and the materials it is made out of transistors are characterized by a natural occurring noise For this reason the developed TRNG uses a transistor as a noise source in the schematic depicted in Figure 12 where the main components are
Noise device ndash a base-emitter junction of a discrete bipolar junction transistor biased at a small dc current (few micro-amps to tens of micro-amps)
Amplifier ndash high frequency voltage amplifier (voltage gain of 4 to 60)
VCCS (or VCIS) ndash voltage controlled current source (a current source for a grounded load with a current of a few mA controlled by the input voltage ndash the amplified noise)
OSC ndash an oscillator realized with a classic LM555 timer based on a capacitor charged by the current source (and discharged by a hundred ohm resistor through the discharge transistor of the 555 resulting an oscillation frequency of a few hundred kHz)
Output stage (or Output Buffer) ndash consists on a level shifter and a voltage follower
Figure 12 Noise generator
The goals set up for designing a random number generator were to create an easy to use device (eg without the need of an expensive analog-to-digital converter ndash one that can be directly ldquosampledrdquo by a digital circuit) as well as a cheap solution using simple off-the-shelf components The goal was to obtain a cheap - both in terms of complexity and ease of usage ndash random number generator which is easy to duplicate and to attach to any digital circuit regardless of its complexity
V Reg1 V Reg2
VCCSNoise
DeviceO SC
Level
ShifterBufferAm plif
Vcc
12V
6V 33V
Digital
O utput
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 29 of 44
The developed TRNG output a one bit digital signal which needs no interface or additional components or hardwaresoftware modules The output signal is simply sampled by the FPGa using a single input pin The resulting bit stream is a random number which is used by the ECC module as an input seed for its computations
215 Technical specifications
The AES ECC and data acquisition modules are coded entirely in the Verilog hardware description language The rest of the HW subsystem is instantiated using the XILINX standard libraries which require no other licenses
The software components are written in CC++ and Python The main component is the Linux driver which enabled user-level (level 5) access to the cryptographic accelerators inside the FPGA fabric The driver is developed in ANSI C The test application as well as all other software components is developed in C++ and Python There are no other software components in use except for the Linux operating system stock libraries The custom libraries which are used to access Xilinxrsquos own proprietary hardware components inside the Zynq Platform FPGA device are freely available and usable from directly the tool-chain IDE
Tools used
Xilinx ISE 146
GCC
Linux 36 based operating system (ARM branch)
The usage of security components will be showcased using a demonstrator application which
Exchanges a key and enrolls it
Encrypts and decrypts data
Verifies data for validity and correctness (aka the 4 security pillars)
22 Delivery and usage
221 Package information
An SD card image is provided with the following structure
bootbin ndash contains also the bitstream file with the hardware set-up and the custom
hardware AES cryptographic accelerator
imageub ndash is the bootloader
HW_SECtest vectors ndash contains test vectors
HW_SECapp_drvelf ndash contains the application using the custom AES and ECC
hardware
HW_SEC aes_driver_ampko ndash contains the AES driver
HW_SEC ecc_driver_ampko ndash contains the ECC driver
HW_SEC load_driver_ampsh ndash is the script used to load the drivers
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 30 of 44
222 Installation instructions
In order to start the application the following steps are necessary
1 Copy the content of HW_SEC Linux App Image Folder on the root of the SD card
- HW_SEC directory
- test_vectors directory
- app_drvelf
- aes_driver_ampko
- ecc_driver_ampko
- load_driver_ampsh
- bootbin
- imageub
2 Set board for booting from SD card using the SW16 switch from the Zynq ZC702 board
Figure 13 Zynq ZC702 boot switch configuration
3 Place SD card in the MMC slot and power ON the board
4 Start a terminal application (eg PuTTY) with the following serial settings
baudrate 115200
data bits 8
stop bits 1
parity none
flow control none
5 After board initialization the DS16 and DS17 LEDs are blinking to indicate the systemrsquos
activity
6 In order to boot from SD card enter the following commands
- fatload mmc 01
- bootm
7 Linux is booting up login with user = root password = root
8 Mount the SD card using the following commands
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 31 of 44
- cd
- mkdir sdcard
- mount devmmcblk0p1 sdcard
9 Load the kernel driver using the following commands
- cd sdcardHW_SEC
- ls
- source load_driver_ampsh
10 Run application using the following command
- app_drvelf
223 User Manual
Once the steps above have been executed the security modules can be accessed from the user level This enables the usage of cryptographic primitives from the application level such as OpenSSL (with the correct modifications)
The provided components enable a standard Linux usage model for the custom hardware security components This mechanism will be further extended in order to enable the COSMOS platform to fully use the capabilities of the provided hardware platform (as stated in D312 ndash encryption authentication and privacy (updated))
224 Licensing information
The provided files are as-is and are provided to the COSMOS consortium partners for demonstration purposes Redistribution andor modification of the files are prohibited without notifying Siemens SRL
All used components are available under the same license as the Xilinx ISE tool chain
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 32 of 44
3 Privelets
31 Implementation
311 Functional description
Privelets component is an essential part of the COSMOS chain VEs are able to communicate with each other as well as with COSMOS platform and thus expose information linked to the VErsquos user and hisher environment In this way of information exchange there is high possibility that the user shares information that violate hisher privacy in an undesirable way and consequently heshe may be exposed and vulnerable to any malicious behaviour Privelets aims to ensure that the user shares only hisher public data and leaves out all the other that heshe considers as private and believes that may affect hisher privacy
312 Fitting into overall COSMOS solution
Privelets component is responsible for the authentication process on top of any kind of VE2VE communication in order to avoid possible VE impersonation VE2VE communication includes
Accessing a VErsquos IoT service from another VE
Decentralized discovery
Recommendation service between VEs
Information (eg Experience) Sharing
By preventing VEs impersonation Privelets component tries to give added value to the Trust amp Reputation model introduced in the context of WP5 whereas by ignoring repetitive requests it aims to enable the VEs to protect themselves from wasting valuable computational resources caused by malicious attacks
313 Technical specifications
Privelets componentrsquos source code is developed in Java programming language and depends on Jetty Server Apache-Jena Pellet-Jena json-simple and other Java libraries The prototype also relies on FreeLan which is an open source software in order to establish the COSMOS VPN and connect the VEs to it
32 Delivery and usage
321 Package information
The delivered package contains the following folders and files under Privelets folder
Folders
classes contains the Java classes
lib contains all the dependency jar files
Files
Privelets-Y2jar the executable jar file
followers_listowl
Privelets_inputjson contains the VErsquos data
Privelets_configurationjson
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 33 of 44
322 Installation instructions
Please follow these steps to install and start up the prototype (Java SEEE Runtime Environment is a prerequisite)
Download the package and install it under the main root of a machine
Inside the Privelets directory execute the jar file java ndashjar Privelets-Y2jar
In another machine send a GET request to the URL ipAddress_of_the_machine_where_Privelets_run3030getTemprequestKey=hellip using Postman ndash REST Client or any browser
323 User Manual
In this section we demonstrate the outputs in different cases while running Privelets component following the steps mentioned above We simulate the process that takes place when VE1 tries to access an IoT-Service of VE2 called ldquogetTemprdquo (please refer to section 632 of D312 [1]) VE2 could be for example the representation of a flat in the Cyber world and through ldquogetTemprdquo it exposes its indoor temperature Before running the component we assume that both VEs have entered COSMOS VPN using FreeLan and have acquired the virtual IP addresses 10001 and 10002 respectively In addition both VEs have received the necessary keys to communicate with each other safely (please refer to section 631 of D312 [1])
All this information is stored in VE2 Followersrsquo list as below
Figure 14 Followers list
Case 1 wrong requestKey
In this case a VE tries to access the service using a wrong requestKey (eg req3to2 instead of req1to2) This may happen if for example VE3 has stolen the virtual IP address of VE1 and tries to impersonate it
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 34 of 44
Figure 15 wrong requestKey output
Figure 16 wrong requestKey response
Case 2 right requestKey private data (temperature)
In this case VE2 considers its temperature as private data This is declared in its configuration file as below
Figure 17 Privelets Configuration File
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 35 of 44
Figure 18 right requestKey private data output
Figure 19 right requestKey private data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 36 of 44
Case 3 right requestKey public data (temperature)
In this case the value of the ldquotemperaturerdquo key in the configuration file is ldquopublicrdquo Consequently VE2 sends back its temperature
Figure 20 right requestKey public data output
Figure 21 right requestKey public data response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 37 of 44
Case 4 right requestKey repetitive request
In this case VE2 receives a second request from VE1 in a time interval smaller than the one defined in the configuration file (eg 10 seconds) Therefore VE2 refuses to provide the data
Figure 22 right requestKey repetitive request output
Figure 23 right requestKey repetitive request response
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 38 of 44
324 Licensing information
The librariestools used in the development of the prototype are listed below along with their short descriptions and licences
APACHE-JENA-2100 Apache Jena is an API and toolkit for working with semantic web technologies such as RDF and SPARQL using Java This artefact represents the source and binary distribution packages generated for releases Licenses Apache 20 License
Jetty-Maven-Plugin-915-v20140505 Administrative parent pom for Jetty modules Licenses Apache 20 License
Pellet-Jena-232 The Clark and Parsia Pellet OWL Reasoner Licenses GNU Affero General Public License 30
Maven Dependency Plugin 28 Provides utility goals to work with dependencies like copying unpacking analyzing resolving and many more Licenses The Apache Software License Version 20
Maven JAR Plugin 24 Builds a Java Archive (JAR) file from the compiled project classes and resources Licenses The Apache Software License Version 20
FreeLan Freelan is a free open-source multi-platform peer-to-peer VPN software Licenses GPLv3 License
325 Download
The Privelets package will be available in the COSMOS SVN repository
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 39 of 44
4 Cloud Storage Security
The Cloud Storage Security components are described in D422 Information and Data Lifecycle Management Software Prototype (Updated) as stated in the DoW Please refer to section 7 ndash Cloud Storage Security and Privacy of the deliverable for technical details
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 40 of 44
5 Node-RED Security
51 Introduction
The visual tool for wiring the Internet of Things is a platform-independent software framework that has been developed having in mind its usage not only in big servers or the cloud but also in small embedded computers as the Raspberry PI Arduino and similar ones Traditional IoT development can be very technical access to the GPIO and other hardware modules require skills in C or assembler output of data to web services or sending tweets and emails requires the use of complex APIs Node-RED [4] takes care of the technicalities to let concentrate on the logic of the workflow While most programming in Node-RED is done visually using pre-defined functions (aka lsquonodesrsquo) any additional functionality can be added in JavaScript In this chapter we are going to describe the security features applied in our Node-RED deployments and the rationale behind them
52 Functional description
While it is very easy to install Node-RED using the Node Package Manager ($ npm install node-red) the default configuration comes with no security countermeasures at all Then it
is a must to apply good security practices since Node-RED exposes a public Web Server from within direct access to lsquosystem callsrsquo is provisioned Therefore the first actions we are taking concerns securitizing the HTTP access to the platform
To begin activate Secure HTTP The configuration file in which all the needed parameters are being set up is $HOMEnode-redsettingsjs
https
key fsreadFileSync($HOMEnoderedkey)
cert fsreadFileSync($HOMEnoderedcrt)
The creation of the certificate can be requested to a well-known Certification Authority (CA) but for prototyping purposes we can create and signed them ourselves
$ openssl req -new -x509 -nodes -out noderedpem -keyout noderedkey
After that we are going to differentiate the services provided by Node-RED into two separate URL endpoints
1 the Web GUI Editor would be accessible from httpsdomainextportui 2 the HTTP REST Service would be accessible from httpsdomainextportep
The configuration file in which all these parameters can be set up is $HOMEnode-redsettingsjs
httpAdminRoot ui ui stands for User Interface
httpNodeRoot ep ep stands for End Point
For each URL different access rights can be set what is a mandatory requirement due to the fact that Application Developers would be given access to the GUI Editor while the System
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 41 of 44
Components would only be given access to the HTTP services exposed by the different Node-RED flows
httpAdminAuth userappdevpass4df81a3ffe0
httpNodeAuth usersyscompass2tge34hdf23
There are several ways to generate a password hash for example issuing the following command
$ node -e consolelog(require(bcryptjs)hashSync(processargv[1] 8))
It is also possible to disable the GUI Editor in case the Application Developer decides not to use this feature right in the deployed board
disableEditor true
This feature is really useful in such scenarios in which several Virtual Entities perform particular actions (what is similar to say that run certain Node-RED Flows) especially in production environments where no changes in said flows are foreseen in the long term
Finally is it advisable to add a new layer of security by toggling which Hosts are allowed to access the resources provided by Node-RED and in which port We are setting the following parameter
uiPort 1880
And also updating the systemrsquos firewall with the required IP addresses
filter
INPUT DROP [00]
FORWARD DROP [00]
OUTPUT ACCEPT [00]
-A INPUT -m state --state NEW -m tcp -p tcp
--dport 1880 ndashs WWWXXXYYYZZZ -j ACCEPT
53 Surveillance Service
Given that Node-RED would be running in several embedded devices characterized by constrained memory resources and processor capacity it falls under the security scope the ability to ensure that our component behaves in an efficient manner In order to do so pm2 (Process Manager 2) is being used PM2 [5] is a production process manager for Nodejs iojs applications with a built-in load balancer It allows keeping applications alive forever to reload them without downtime and to facilitate common system admin tasks
We can safely launch a number of Node-RED instances using PM2
$ pm2 start -f -n node-red-madrid usrlocalbinnode-red
--settings $HOMEnode-red-madridsettingsjs
$ pm2 start -f -n node-red-camden usrlocalbinnode-red
--settings $HOMEnode-red-camdensettingsjs
$ pm2 start -f -n node-red-general usrlocalbinnode-red
--settings $HOMEnode-red-generalsettingsjs
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 42 of 44
Then list them
$ pm2 list
And also monitor
$ pm2 monit
There are a number of additional features to infer in the behavior of the running apps what allows developers to program their components and applications focusing in the problem to solve leveraging in PM2 the following advanced tasks
- Load balancer - Clustering - Startup script generation - Watch amp restart apps at file changes - Graceful reload - Hot reload - Max memory restart - Ease deployment with ecosystemjson - Advanced log management
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 43 of 44
6 Conclusions
This document describes the prototypes for the End-to-End Security and Privacy work-package Each individual component implemented independently during the past year will be integrated over the course of year 3 of the COSMOS project into a demonstrator Also all components will be extended to include more functionality such as implementing a security-on-demand approach using Node-RED and security and privacy enabled nodes
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2
D322 End-to-end Security and Privacy Software prototype (Updated)
Date 30062015 Grant Agreement number 609043 Page 44 of 44
7 References
[1] COSMOS Project 312 End-to-end Security and Privacy - Design and open specification (Updated) [2] COSMOS Project 311 End-to-End Security and Privacy - Design and Open Specfication (Initial) [3] AMBA specification retrieved feb 2015
httpinfocenterarmcomhelpindexjsptopic=comarmdocihi0011aindexhtml [4] Node-Red A visual tool for wiring the Internet of Things httpnoderedorg [5] Process Manager 2 ndash PM2 httpsgithubcomUnitechpm2