DRM-114 will allow both public (broadcast) and private messages to be exchanged with other DRM-114 badges optically. It will be entirely open hardware and almost open firmware (keep reading for why).
The messages will be encrypted with AES-128, with a (pseudo-)randomly chosen key for every message. The key will be sent along with the message, but the key will be protected with a proprietary key protection algorithm that will not be open-sourced. The key protection mechanism will be a trade secret and will act as an "effective access control mechanism" as defined by the DMCA, and thus reverse-engineering it will be a violation of US Federal law. The entire project's source code (including a software AES ECB, OFB and CMAC implementation) will be open-sourced, with the sole exception of the file that provides the key protection function.
This will be an SAO and the host badge would need to provide the functionality of a dumb terminal. The device will have a traditional async serial terminal for user I/O and the infrared port. The controller will be the ATXMega32E5. Its XCL module will be used for the UART dedicated to the IR I/O. The XCL will modulate the serial output with a 36 kHz square wave (so a 0 is represented by 36 kHz pulses and a 1 is represented by the LED being off). The IR UART output will go to a MOSFET driven IR LED directly, and an IR receiver will provide decoded (that is, the 36 kHz modulation removed) serial back. The IR receiver module will be a "side look" version, and the IR LED will mounted on a right angle to direct the energy out the edge parallel to the receiver. In use, a user would hold a badge horizontally somewhat like a remote control.
The UART dedicated to the user terminal will be line based and have a simple ">" prompt to start with. Three commands would be recognized, each starting with "/" (somewhat like IRC of old). "/name name" sets the name of the badge for receiving private messages (nothing will be done to prevent multiple badges having the same private name and receiving the same messages). "/talk name" sets the destination badge name and will change the prompt to "name>" "/talk" by itself reverts to the broadcast message mode (to all badges). "/help" or "/?" prints out help. Any other line of text will be taken as a message to transmit to the appropriate destination. The message will be formatted with the target name and the message text and a new random message key will be generated. The key will be used to generate a CMAC over the plaintext, and then a random IV chosen and the plaintext and CMAC will be encrypted. The key will then be altered by the key protection method. The final message will consist of the protected key, the IV and the ciphertext.
The message will be sent with a DLE type protocol. A start-of-frame will be sent, followed by the message and an end-of-frame. Both the start and end byte-pairs start with the same introduction byte. If that byte appears organically in the message it is repeated. The receiver will always restart reception when it receives a start-of-frame and will submit the accumulated frame whenever it receives an end-of-frame (with some added protection against buffer overrun, of course).
Properly received messages will be displayed by sending a carriage return (without a linefeed), then printing the message and then a CR-LF and then re-printing the command prompt and any text already entered.
For best range, the IR LED needs about 80 mA of current. This seems like a lot, but remember that it's modulated with a 36 kHz square wave, so the duty cycle is at most 50% when it's sending a 0 bit and the pulses are quite short (13 µs). But because the current draw is so high, we can't directly drive it from the controller. So an N channel MOSFET is used as a low-side switch (this allows the controller logic to be positive - high for LED on). The badge also sports a visible LED, which is blinked...Read more »