Close
0%
0%

TSensor

Trusted and Secure Lorawan Sensor

Similar projects worth following
Most Lorawan sensor nodes are based on insecure micro-controllers like the STM32L072 micro-controller embedded in Murata's module. This is usually not a problem until someone tampers with the data sent by your sensor nodes or sells counterfeited version of your high added value IoT module. All these threats can be mitigated using secure pieces of hardware known as Secure Elements.

This project aims at developing and building a trusted Lorawan sensor node based on the Murata Type ABZ module and the NXP SE050 Secure Element. Thanks to this Secure Element, you will be able to protect your intellectual property and to enforce the authenticity of your measurments right from the embedded sensor output.

TSensor is a secure Lorawan sensor node intended to secure your IP and your data. As STM32L072 MCU embedded in Murata's Type ABZ module is not really secure, the NXP's SE050 Secure Element (SE) chip has been chosen to secure TSensor. SE050 chip and OS are certified under common criteria at level EAL6+ which demonstrates how this product is actually secure against attackers.

In concrete term, SE acts as a secure coprocessor for the Murata's module. It supports a wide range of cryptographic features like symmetric or asymmetric encryption, cryptographic grade hashing, secure storage of data and counters, data attestation and so on.

In addition, this SE acts as a gateway for a secure I2C bus. All I2C transactions between secured sensors and the host MCU pass through the SE which can be used to attest (i.e. authenticate) all the responses from  I2C sensors. Such a feature allows to enforce measurements authenticity and integrity right from their source. Even if the host MCU software is compromised, a remote attacker cannot tamper with sensor measurements as they are authenticated in the SE. A detailed description of this feature is provided on the NXP's website

TSensor development follows a two-step methodology. First firmware is developed thanks to ST/Murata's Type ABZ and NXP's SE050 development boards (B-L072Z-LRWAN1 and OM-SE050ARD) . Then a hardware prototype is designed based on these components. The intended usage of the TSensor board and its firmware is to help designers in their works by providing some kind of open source reference hardware and software design. Thus it is not a final product but a development board with the following features:

  • Really smal PCB (27,4mm x 62,7mm)
  • Murata's Type ABZ module (CMWX1ZZABZ-091)
  • NXP's SE050 Secure Element (SE050C2)
  • SMA connector
  • MIKROBUS Connector
  • JST connector (battery)
  • USB connector
  • JTAG port
  • UART port
  • 1 LED, 1 reset button and 1 bootloader button.

Further posts will detail both TSensor hardware and software design.

TSens.zip

Kicad v5.1.5-3 archive for TSensor board

x-zip-compressed - 292.91 kB - 05/18/2020 at 18:37

Download

TSens_schematic.pdf

Schematic of the TSensor board v1.0

Adobe Portable Document Format - 110.77 kB - 05/18/2020 at 18:36

Preview
Download

  • 1 × B-L072Z-LRWAN1 Lorawan discovery board from ST fetauring a Murata's Type ABZ lorawan module
  • 1 × OM-SE050ARD SE050 Arduino compatible shield from NXP
  • 1 × Pmod TMP3 Pmod module featuring a Microchip TCN75A temperature sensor

  • Schematic and Kicad Project

    Michael Grand05/18/2020 at 19:23 0 comments

    I have made one prototype of the TSensor board using the PCBA service from Macrofab. The prototype cost was about 120$, however the unit price for a small batch of 50 boards is about 40$. Prototype is fully functional and was tested with a Pmod TMP3 sensor and a Dragino LPS8 gateway.

    The only problem with this prototype is the lack of user button as the BOOT0 pin can only be used to boot the Murata's module in "flash loader" mode.

    Design files are available on this website (see "Files" section) under CC-BY-4.0 license. Feels free to use it and modify it for your own usage.

  • Authenticating Sensor Messages

    Michael Grand05/17/2020 at 08:59 0 comments

    In the previous post we have seen that TTN services can be use to collect messages from our sensor node. These messages are composed of :

    • a TLV field encoding the authenticated responses from our node's I2C sensor,
    • the 18-byte unique ID of the SE050 chip,
    • a 16-byte random (which is actually set to 0 in this example),
    • a 12-byte timestamp computed by the SE050,
    • the signature of all the previous data using ECDSA-SHA512 (on NIST P256).

    To validate the authenticity of the received data, someone would have to compute the SHA512 hash of the TLV field, chip ID, random and timestamp and use the known sensor public key together with the computed hash and the received signature to check its validity. More information on how this is done can be found on Wikipedia.

    So to check the authenticity of our sensor messages, we have to :

    1. retrieve messages from TTN,
    2. verify the authenticity using a library such as OpenSSL.

    First, you will have to obtain the certificate corresponding to the SE050 private key use for the attestation generation. To retrieve this certificate from the SE050 chip, use the firmware provided by mbed-tsensor-vcom repository. You will have to retrieve the certificate stored at the address 0xF0000013 thanks to the instructions provided by the README file of this repo.

    Second, we will use a Python script to perform these two steps. First, you will have to install TTN and pyOpenSSL library using pip:

    pip install ttn
    pip install pyopenssl

    Then, using only a few lines of Python 3, we can retrieve the data and authenticate them (this script is available in mbed-tsensor-lorawan repo):

    import time
    import ttn
    import OpenSSL
    import base64
    
    app_id = "YOUR_APP_ID"
    access_key = "YOUR_ACCES_KEY"
    
    with open("certificate.pem", 'r') as f:
      pubkey = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read())
    
    def uplink_callback(msg, client):
      print("Received uplink from ", msg.dev_id)
      packet = base64.b64decode(msg.payload_raw)
      temp = packet[10] + packet[11]/256
      data = packet[:12+16+18+12]
      signature = packet[12+16+18+12:]
      print("temperature: " + str(temp))
    
      try:
        OpenSSL.crypto.verify(pubkey, signature, data, 'sha512')
      except Exception:
        print("invalid signature")
      else:
        print("valid signature")
      print()
    
    handler = ttn.HandlerClient(app_id, access_key)
    
    # using mqtt client
    mqtt_client = handler.data()
    mqtt_client.set_uplink_callback(uplink_callback)
    mqtt_client.connect()
    time.sleep(60)
    mqtt_client.close()
    
    # using application manager client
    app_client =  handler.application()
    my_app = app_client.get()
    print(my_app)
    my_devices = app_client.devices()
    print(my_devices)

     If you turn on your board (wait a few seconds for the JOIN request to be processed by TTN) and then launch this script, you will see the measured temperature and an output showing if the sensor message can be or cannot be authenticated.

    In the next post, I will present you the design of the TSensor board, its schematic and its PCB layout.

  • Trusted Lorawan Sensor Application

    Michael Grand05/10/2020 at 18:34 0 comments

    Mbed OS comes with a Lorawan stack that can be used to easily implement a Lora end-node. An example demonstrating how to use the Lorawan API is also provided by ARM. In this post, we reuse the Mbed Lorawan example to build a Lorawan trusted temperature sensor.

    First, a dummy (fake) sensor class is implemented in the Mbed example. In our application, this fake sensor is replaced by a real one : a Pmod TMP3 I2C sensor has to be connected to the SE050 I2C master to use this application. This sensor can be replaced by another but you will have to modify or replace the implemented `getTemp()` function.

    Second, the Mbed example is designed to send regularly data through the Lora interface. In this example, we keep all the Lora mechanic except the content of the `send()` function. This function is modified to send the whole attestation object generated by the SE050 when it signs the response of the Pmod TMP3 sensor to host requests (in our case temperature measurements are returned).

    RSA or ECC can be used to generate the attestation object, ECC attestation objects are a way smaller than RSA attestation objects so this application uses ECC cryptography. However, ECC attestation objects are still really large (about 150 bytes) so this kind of application will consume slightly more energy that some really low power applications sending only few bytes. Unfortunately, this is the price of the security. Some kind of attestation can also be achieved using symmetric cryptography (smaller keys and therefore less data) but, in this case, both the sensor and a server will have to store one or more secret keys which can be a problem. With asymmetric cryptography, only a public certificate has to be stored.

    You can download the trusted lorawan sensor application from github repo mbed-tsensor-lorawan. You will also need a lorawan gateway (or use a public one) and a lorawan network provider (like The Things Network). More information on how to build the application is given in the repo `README.md` file.

    In the next post, i am going to show you how to authenticate data sent by the Lorawan node using Python and pyOpenSSL.

  • TSensor OS and SE050 Driver

    Michael Grand05/04/2020 at 18:13 0 comments

    The first step of the TSensor development was to choose an OS natively supporting most of the required features. Nowadays, there is a large number of embedded OS which could be used to build the TSensor node. If we only consider Open Source (and free) OS, my short list was :

    At the end, MBED was chosen as the B-L072Z-LRWAN1 board is natively supported by this OS (including the Lorawan stack). Unfortunately, this is not the case for the SE050 secure element (others OS do not natively support this component neither). At this point, there is two strategies: either port the NXP Plug & Trust middleware to MBED OS or develop a driver from scratch.

    There is two problems with the former strategy: First, a large part of the NXP's middleware source code is licensed under a restrictive license which does not allow to share it. In addition, its source code analysis shows that this piece of software is really memory hungry. Several buffers as large as 1024 bytes are used to store temporary data during command building. In the same time, one of the main concern when dealing with MBED OS is its memory footprint. Indeed, MBED OS and the Lorawan stack consume almost all the available volatile memory of the STM32L072 MCU. In consequence, it is hardly possible to use both MBED OS with its Lorawan stack and the NXP's Plug & Trust middleware at the same time on such a cheap chip like the STM32L072. Therefore the only viable strategy is to develop an SE050 driver from scratch keeping in mind that its volatile memory footprint should be as small as possible.

    TSensor development platform is designed to meet the use case where measures from an environmental sensor have be authenticated. Thus, only the management of the SE050 attestation mechanism used to authenticate the data exchanged on a I2C bus connecting a sensor with a host MCU has to be implemented. In addition, because measurements are not confidential (at least in the vicinity of the sensor) and because attestation mechanism is based on asymmetric cryptography, exchanges between the host MCU and the SE050 do not need to be encrypted to be secure. Consequently, the minimal SE050 driver required to build a trusted node is not so complex.

    SE050 driver is composed of two layers:

    • Low level T1 over I2C layer implemented using NXP's open source (Apache 2.0) code
      • This layer implements low level mechanics allowing to wrap ISO7816 APDUs into I2C frames.
    • High level SE050 API implemented using open source (Apache 2.0) code.
      • This layer implements a comprehensive API allowing to easily use the features provided by the SE050 chip.

    On the following github repo (mbed-se050-drv), you will find an MBED library implementing the previously described minimal driver, it allows to use the SE050 I2C attestation feature. You can use repo mbed-se050-example to test this library.

    In the next post, you will learn how to use the mbed-se050-drv library to build a trusted lorawan end-node.

View all 4 project logs

Enjoy this project?

Share

Discussions

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates