In the previous post we have seen that TTN services can be use to collect messages from our sensor node. These messages are composed of :

• a TLV field encoding the authenticated responses from our node's I2C sensor,
• the 18-byte unique ID of the SE050 chip,
• a 16-byte random (which is actually set to 0 in this example),
• a 12-byte timestamp computed by the SE050,
• the signature of all the previous data using ECDSA-SHA512 (on NIST P256).

To validate the authenticity of the received data, someone would have to compute the SHA512 hash of the TLV field, chip ID, random and timestamp and use the known sensor public key together with the computed hash and the received signature to check its validity. More information on how this is done can be found on Wikipedia.

So to check the authenticity of our sensor messages, we have to :

1. retrieve messages from TTN,
2. verify the authenticity using a library such as OpenSSL.

First, you will have to obtain the certificate corresponding to the SE050 private key use for the attestation generation. To retrieve this certificate from the SE050 chip, use the firmware provided by mbed-tsensor-vcom repository. You will have to retrieve the certificate stored at the address 0xF0000013 thanks to the instructions provided by the README file of this repo.

Second, we will use a Python script to perform these two steps. First, you will have to install TTN and pyOpenSSL library using pip:

pip install ttn
pip install pyopenssl

Then, using only a few lines of Python 3, we can retrieve the data and authenticate them (this script is available in mbed-tsensor-lorawan repo):

import time
import ttn
import OpenSSL
import base64

app_id = "YOUR_APP_ID"
access_key = "YOUR_ACCES_KEY"

with open("certificate.pem", 'r') as f:
  pubkey = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read())

def uplink_callback(msg, client):
  print("Received uplink from ", msg.dev_id)
  packet = base64.b64decode(msg.payload_raw)
  temp = packet[10] + packet[11]/256
  data = packet[:12+16+18+12]
  signature = packet[12+16+18+12:]
  print("temperature: " + str(temp))

  try:
    OpenSSL.crypto.verify(pubkey, signature, data, 'sha512')
  except Exception:
    print("invalid signature")
  else:
    print("valid signature")
  print()

handler = ttn.HandlerClient(app_id, access_key)

# using mqtt client
mqtt_client = handler.data()
mqtt_client.set_uplink_callback(uplink_callback)
mqtt_client.connect()
time.sleep(60)
mqtt_client.close()

# using application manager client
app_client =  handler.application()
my_app = app_client.get()
print(my_app)
my_devices = app_client.devices()
print(my_devices)

 If you turn on your board (wait a few seconds for the JOIN request to be processed by TTN) and then launch this script, you will see the measured temperature and an output showing if the sensor message can be or cannot be authenticated.

In the next post, I will present you the design of the TSensor board, its schematic and its PCB layout.