I've taken an introductory cryptography course this semester. My inspiration for this project has been the TLS/SSL protocol, which negotiates a unique key for each session and encrypts the communication channel regardless of the data sent through it.
- Negotiating a different key for every exchange: Needs reliable duplex connectivity, hardware PRNG.
- Encryption: 128-bit / 256-bit AES
- Securing networks like 802.15.4 which also involve packet routing and are not exactly point-to-point.
- For the first prototype this may be a device sitting between the microcontroller and the RF transceiver that transparently encrypts and decrypts data so no large-scale changes to existing hardware would be needed.
- I think the nRF24L01s and RFM69s might be good candidates for initial prototypes.
Thanks to the comments on the project, I was directed to the Telehash library that pretty much covers these aspects. So I'm going to try to write a few good example scenarios of using Telehash with Arduino first, the idea being to make it easy to use E2E encryption.
- Level 1 - Getting Telehash to work over two Arduino and nRF24L01s.
- Level 2 - A library layer over the RF24 Arduino library for the nRF24L01, that handles the key negotiation and packet encryption transparently.
- Level 2 stretch - A SPI slave that shares the same command set as some of the popular RF modules (I'll start with the nRF24L01) and handles everything transparently. So no changes in user code.