Python implementation of the protocol described in Naranjo et al. (2013).
-
At the time of sensor deployment, the latter receives a master secret MSS, which is secretly shared by the Base Station BS and the sensor S (see the end of this section for secret channels).
-
Upon arrival, user A sends her credentials (e.g. an authorization certificate) to BS so high-level access control can be performed, and the list of sensors she wants to communicate with (in the figure we only consider S). This step is run only at user arrival.
-
BS computes:
-
a, random integer salt
-
(init time, exp time), keying material validity interval
-
KencS,A , KauthS,A = KDF (MSS, {a, IDA || init time || exp time_})
-
BS sends the information generated in the previous step to A under a secure channel (see the end of this section).
-
A encrypts her first message to S with KencS,A in counter mode (thus using a fresh counter ctr), attaches parameters IDA , a, init time, exp time, ctr in plain text and a MAC obtained with KauthS,A.
-
Upon reception of the message, S obtains the key pair KencS,A, KauthS,A by feeding the Key Derivation Function with the attached parameters; S can now decrypt the message. The reply is encrypted in counter mode with KencS,A and ctr + 1 and authenticated with a MAC using KauthS,A.
-
Any subsequent message is encrypted and authenticated with the same key pair after increasing the counter by one.
| Symbol | Explanation |
|---|---|
| KencS,A | Encryption key for communication between sensor S and user A |
| KauthS,A | Authentication key for communication between sensor S and user A |
| KencS,A {x, ctr} | x is encrypted in counter mode using key KencS,A and counter ctr |
| MACKauthS,A (x) | A MAC is done on x using KauthS,A |
| KDF (x, {a, b}) | A Key Derivation Function is applied to master secret x using a as public salt and b as user-related information |
| H(x) | A hash function is applied to x |
| x||y | Concatenation of x and y |
| a | Random integer salt |
| IDA | Identifier of user A |
| IDp | Identifier of privilege group p |
| MSS | Master secret for sensor S |
| MSp | Master secret for privilege group p |
| init_time | Absolute initial time of a given key |
| exp_time | Expiration time of a given key |
| Kencp,A | Encryption key for communication between sensors offering services for group p and user A |
| Kauthp,A | Authentication key for communication between sensors offering services for group p and user A |
| A → * | User A sends a message to any listening sensor |
| Sp → A | One sensor giving services from privilege group p sends a message to A |
J. A. M. Naranjo, Pablo Orduña, Aitor Gómez-Goiri, Diego López-de-Ipiña, L. G. Casado. Enabling user access control in energy-constrained wireless smart environments. Journal of Universal Computer Science, Volume 19, number 17, Pages 2490-2505, November 2013.
pip install git+https://github.com/lightsec/liblightsec.git
The required packages are automatically installed in the procedure described above.
However, if you are going to contribute to this project, you might want to install only the project's dependencies in your virtualenv.
You can install them using the requirements.txt file in the following way:
pip install -r requirements.txt