IoT security for the masses

Last-mile RF packet encryption for mass produced IoT devices through Telehash

Similar projects worth following
IoT devices are rapidly proliferating, and they will be mass-produced and installed in homes, cities everywhere. Managing such a network of devices is going to be a huge challenge which many upcoming companies are tackling but I feel that the biggest danger is of unsecured RF communication occuring between physical hardware (lighting, air-conditioning, heating) and the central server, which is usually unencrypted and packets can be very easily reverse-engineered and made to misbehave by flipping a few bits here and there.

This project is an idea to secure that last-mile RF packet. For a start I'd like to design something like a middle-layer between an RF module (eg an nRF24L01 or a RFM69) and the microcontroller that does per-session key exchange and packet-level encryption of the transmitted data.

I think I might need an experienced cryptographer to help with the fine details.

* Telehash - Public Domain
* Arduino libraries - RF24 is GPLv2
* Hardware under CE

I've taken an introductory cryptography course this semester. My inspiration for this project has been the TLS/SSL protocol, which negotiates a unique key for each session and encrypts the communication channel regardless of the data sent through it.


  • Negotiating a different key for every exchange: Needs reliable duplex connectivity, hardware PRNG.
  • Encryption: 128-bit / 256-bit AES
  • Securing networks like 802.15.4 which also involve packet routing and are not exactly point-to-point.
  • For the first prototype this may be a device sitting between the microcontroller and the RF transceiver that transparently encrypts and decrypts data so no large-scale changes to existing hardware would be needed.
  • I think the nRF24L01s and RFM69s might be good candidates for initial prototypes.

Thanks to the comments on the project, I was directed to the Telehash library that pretty much covers these aspects. So I'm going to try to write a few good example scenarios of using Telehash with Arduino first, the idea being to make it easy to use E2E encryption.

The Deliverables:

  • Level 1 - Getting Telehash to work over two Arduino and nRF24L01s.
  • Level 2 - A library layer over the RF24 Arduino library for the nRF24L01, that handles the key negotiation and packet encryption transparently.
  • Level 2 stretch - A SPI slave that shares the same command set as some of the popular RF modules (I'll start with the nRF24L01) and handles everything transparently. So no changes in user code.

  • 2 × Arduino Nano The run-of-the-mill Arduino
  • 2 × nRF24L01+ modules For testing

  • Enter Telehash

    Kumar, Abhishek04/18/2016 at 19:41 0 comments

    It's been a while but for suggestions on my project, I had contacted Joshua Datko [of BeagleBone Cryptocape fame] and he suggested I check out Telehash (in the comments below). What it uncovered was interesting.

    Telehash is a secure mesh protocol , you can read more about it here . What can be understood from it is that a logical link between any two nodes in the network is private to them only and all communication between nodes are encrypted.

    The Telehash project is led by Jeremie Miller (creator of Jabber), who is now the CTO of Filament, a startup which is actively working on hardware based on the Telehash framework.

    The idea of this project is to supplement the work they are already doing, to try and make it more accessible. I could not find a lot of example code to get started with on the Arduino and the RF module front, so I hope my experience in getting it working might help others out there.

View project log

Enjoy this project?



Kumar, Abhishek wrote 04/18/2016 at 07:42 point

I remember seeing that one. From what I understand, it's signed messages, not end-to-end encryption. The idea here is not just to sign messages but also ensure that it is encrypted in transit.

Signed + Encryption can also be done for extra security.

[EDIT: Read the section titled "Why encryption is not a part of this" on the forum post"]

  Are you sure? yes | no

Josh wrote 03/28/2016 at 23:44 point

Hey Kumar, I strongly suggest you check out telehash. This is a good high-level introduction:

(docs:, c (including arduino lib:

It's basically design for all the points that you mentioned :) There's a bit of terminology to learn but basically every session has unique session keys and devices can have long-term identity keys. It's physical layer agnostic, so you can put telehash over your existing RF platform.

There's a few implementations of it, include a node module so you can quickly play around with a few lines of code: (if you like node.js that is ).

So you could, for example, put telehash over existing nRF bluetooth layer, which might be cool.

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates