Hi everyone, Trying to complete my ICA paper that requre a WSN design that includes all the network parts including operating system and drivers. Having selected RIOT as the operating system for the WSN neede to jusify that selection from the security prospective. Could not find any papers, surveys, jornals or articles regarding RIOT security features. The onley thing i could find was a survey that compares OS for WSN and RIOT was recomended but no mention about security. Is any one able to point me to the reight direction to find more information regarding RIOT security features that can help in securing the WSN from the start point.
Welcome to the RIOT community @mnguindy! I am going to move this topic to the “Help” category, since this seems more fitting, even though this is a non-technical question.
Ok That is not a problem. Thank you. It is a help request more than a technical issue.
Support for 802.15.4 security was recently merged. This allows you to encrypt all wireless traffic with a shared key. (I assume that is the link-layer type you are using)
There is no key management yet, it’s up to you to provide all the nodes with the shared key, e.g. by including it in the firmware. Sequence numbers are also not tracked yet, which opens the possibility for replay attacks. But the implementation already provides the means to handle those once we have the infrastructure in place to keep track of those on a per-node basis. It would also allow for per-node encryption keys, but this requires a neighbor database.
For now only basic encryption with a shared key is implemented, but this is already better than no security
benpicco, I thought that riot is installed as an OS on the H/W were the sensor is implemented so each sensor has its own H/w platform that has the riot OS installed on which means that the increption key is already implemented in the OS, so if each platform has a sensor that is operated by the Riot OS dosen’t that mean they all have the same Key? I was actually thinking of doing a survey on WSN OS security since i have not seen many papers talking about that or comparing the security part in WSN OS.
The problem if all nodes share the same key is that only one node needs to be compromised to be able to decrypt all the traffic.
A possible solution would be to use Diffie-Hellman key exchange to negotiate a session key and use certificates to authenticate themselves. But I’m not sure how others are handling that, i.e. how the security of e.g the Thread or ZigBee stack are implemented.
What kind of radio technology are you looking at?