gmag11/EnigmaIOT gmag11/EnigmaIOT

  • Stars
    star
    237
  • Rank 169,885 (Top 4 %)
  • Language
    C++
  • License
    MIT License
  • Created almost 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
gmag11/EnigmaIOT
github

gmag11

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Secure sensor and gateway platform based on ESP8266 and ESP32

EnigmaIoT

EnigmaIoT Logo

ESP8266

ESP32

Introduction

EnigmaIoT is an open source solution for wireless multi sensor systems. It has two main components, multiple nodes and one gateway.

A number of nodes with one or more sensors each one communicate in a secure way to a central gateway in a star network using EnigmaIoT protocol.

This protocol has been designed with security on mind. All node data is encrypted with a random key that changes periodically. Key is unique for each node and dynamically negotiated, so user do not have to enter any key. Indeed, all encryption and key agreement is transparent to user.

I designed this because I was searching for a way to have a relatively high number of nodes at home. I thought about using WiFi but it would overload my home router. So I looked for an alternative. I evaluated LoRa or cheap nRF24 modules but I wanted the simplest solution in terms of hardware.

ESP8266 and ESP32 microcontrollers implement a protocol known as ESP-NOW. It is a point to point protocol, based on vendor specific WiFi management action frames, that works in a connectionless fashion and every packet is a few milliseconds long. Because of this, it eases to have a battery powered node so that it enables designing totally wireless sensors.

But use of encryption on ESP-NOW limits the number of nodes to only 6 nodes. So I thought that I could implement encryption on payload but I found many problems I should solve to grade this as "secure enough".

Find library documentation on https://gmag11.github.io/EnigmaIOT

Quick start

It you are courious to quickly test how does EnigmaIOT performs you can follow this howto guide. This will guide you on how to:

  • Setup your gateway
  • Build simplest EnigmaIOT node
  • Configure your first node
  • Develop custom nodes with advanced features

Project requirements

During this project conception I decided that it should fulfil this list of requirements.

  • Use the simplest hardware, based on ESP8266 and/or ESP32.
  • Secure by design. Make use of a secure channel for data transmission.
  • Automatic dynamic key agreement.
  • Do not require connection to the Internet.
  • Do not overload my home WiFi infrastructure. Only Gateway will be connected to LAN.
  • Able to use deep sleep to run on batteries.
  • Enough wireless range for a house.
  • Support for a high number of nodes.

Features

  • Encrypted communication using ChaCha20/Poly1305
  • Dynamic key, shared between one node and gateway. Keys are independent for each node
  • Shared keys are expired after a certain (configurable) time.
  • Number of nodes is only limited by memory on gateway (60 bytes per node)
  • Key is never on air so it is cannot be captured
  • Key expiration and renewal is managed transparently
  • Avoid repeatability attack having a new random initialization vector on every message. This is mandatory for ChaCha20/Poly1305 in order to keep cipher secure
  • Automatic and transparent node attachment
  • Avoid rogue node, rogue gateway and man-in-the-middle attack

Notice that network key used to implement this feature is stored on flash. ESP8266 do not allow flash encryption so network key may be recovered reading flash.

  • Pluggable physical layer communication. Right now only ESP-NOW protocol is developed but you can easily add more communication alternatives

  • When using ESP-NOW only ESP8266 or ESP32 is needed. No more electronics apart from sensor

  • Data message counter to detect lost or repeated messages

  • Designed as two libraries (one for gateway, one for node) for easier use

  • Crypto algorithm could be changed with low effort

  • Node and Gateway do store shared keys only on RAM. They are lost on power cycle. This protects system against flash reading attack. All nodes attach automatically with a new shared key after gateway is switched on

  • Downlink available. If deep sleep is used on sensor nodes, it is queued and sent just after node send a data message

  • Optional sleep mode management. In this case key and context has to be stored temporally. Normally RTC memory is the recommended place, and it is the one currently implemented. Note: There is the alternative to store context on flash memory so that node can be completely switched off between massages without requiring a new registering. Notice that on every received or sent message node updates this context so consider that a high number of writes in flash may degrade it in the medium term. If messages counters are disabled in configuration the number of writes is decreased drastically but this reduces security level as it makes possible to repeat messages.

  • Initial configuration over WiFi portal on each device

  • Node configuration while in service using control downlink commands

  • OTA over WiFi. Question: Is it really useful? Place an issue explaining an use case.

  • OTA over MQTT/ESP-NOW. Check OTA script guide.

  • Node identification by using a flashing LED. This is useful when you have a bunch of nodes together :D

  • Broadcast messages that go to all nodes. This is implemented by sending messages to broadcast address (ff:ff:ff:ff:ff:ff in esp-now). Only nodes that are always listening are able to receive these messages, they are not queued. In order to send a broadcast message using EnigmaIOTGatewayMQTT you may use <network name>/broadcast/... as topi beginning. Any control or data message will arrive all nodes that have broadcast enabled. Control messages are processed normally except OTA and SET NAME, which are ignored. Data messages are passed to user code for processing.

    A shared encryption key is used to encrypt broadcast messages. It is generated automatically by Gateway on every restart.

    If a node registers with broadcast flag active, gateway sends broadcast key using this message just after successful registration. Broadcast key is automatically generated on gateway on boot, so it will be different after every restart. Nodes will be synchronized as soon they register again.

    A node may not send broadcast messages, only gateway can.

  • Both gateway or nodes may run on ESP32 or ESP8266

  • Simple REST API to get information and send commands to gateway and nodes. Check api.md

  • Node library includes methods to configure Home Assistant automatic integration using MQTT discovery

Technical background

If you want to know the internals about EnigmaIOT check Technical Background Guide.

More Repositories

1

painlessMesh

ESP8266 based mesh. This is a mirror copy of https://gitlab.com/painlessMesh/painlessMesh PLEASE ADD COMMENTS, ISSUES and PULL REQUESTS ON GITLAB so that all information is centralized.
C++
519
star
2

WifiLocation

Google GeoLocation API wrapper for Arduino MKR1000, ESP8266 and ESP32
C++
211
star
3

NtpClient

NTP client libary for sync ESP8266 time via WiFi
C++
186
star
4

FSBrowserNG

Full autocontained (on SPIFFS) async web server on ESP8266. Written as a Library.
C++
158
star
5

ESPNtpClient

High accuracy NTP library for ESP32 and ESP8266
C++
118
star
6

QuickESPNow

Wrapper for easy use of ESP-NOW on ESP32 and ESP8266
C++
90
star
7

MetaTrader5-Docker-Image

Docker image that runs Metatrader 5 with VNC web server
Shell
88
star
8

FSBrowser

Full autocontained (on SPIFFS) web server on ESP8266
HTML
31
star
9

FailSafeMode

Fail Safe mode implementation for ESP8266 and ESP32 to avoid OTA update problems
C++
16
star
10

Curso-ESP32

C++
8
star
11

BTClassicSPP

Bluetooth Classic serial library to work as master of slave
C++
8
star
12

FirmataMaster

Firmata client (master) library for ESP8266 (or any other Arduino compatible board)
C++
7
star
13

QuickDebug

C++
4
star
14

CayenneLPPdec

CayenneLPP data decoder for Arduino platform
C++
4
star
15

OpenLedRace-Wireless-Remote

Make your OpenLedRace game wireless with EnigmaIOT
C++
4
star
16

QuickLoRaWAN

LMIC wrapper library to create LoRaWAN OTAA nodes with a few lines of code with ESP32 and ESP8266
C++
3
star
17

MQTT-MQL5-Library

MQTT client library for MetaTrader 5
MQL5
3
star
18

rne.es-program-guide-XMLTV-generator

Small Python program I've made to learn web scrapping. It takes program schedules from www.rne.es and export it to a XMLTV file
Python
2
star
19

WeatherDisplay

Weather information display without sensors using ESP8266 and OLED display
Arduino
2
star
20

CurrentCostLib

Library for getting XML feed from CurrentCost devices via softserial connections. For Arduino IDE
C++
1
star
21

CurrentCost

CurrentCost WiFi Monitor
C++
1
star
22

CoulombMeter

Power meter for low power devices using LTC4150
1
star