Hide menu

TDDE21 Advanced Project: Secure Distributed and Embedded Systems

Course information

It looks like we will have 2 projects for 4-6 students in Fall 2021: 1) Continuing OpenHIP development 2) Cryptographic Drone ID

The course goes for whole Fall, September - December.

Welcome slides 2020. IETF slides.

Project 1: HIPv2

Host Identity Protocol (HIPv2) is a newly standardized network security protocol by the IETF (RFC 7401). It establishes encrypted IPsec tunnels between hosts identified by public/private keys. While commercial use of HIP is rapidly progressing (By Tempered) its open-source implementations are somewhat outdated. Your task is to setup a virtual machine environment to test basic HIP functions such as Base Exchange, mobility update, multihoming with wireshark packet capture. OpenHIP can be run with CORE network simulator. OpenHIP software should be updated to support the latest RFCs.

2020 Students: David, Simon, Mathilda, Johan, Joakim K

You can study background material:

Main changes from HIPv1 to HIPv2

  • cryptographic agility features
  • update of mandatory/optional algorithms, including ECDSA and ECDH, HMAC-SHA-256, RSASSA-PSS
  • Initiator may express DH group preference in I1
  • Different crypto hash algorithms to generate the HIT
  • HIT Suites group together pub key sig, hash fn, and hash truncation
  • Puzzle uses HIT hash function
  • Procedures for aborting HIP BEX added.
  • Guidance on preventing downgrade attacks on crypto algorithms.
  • Key derivation function now negotiable aspect of protocol.
  • Clarifications on multiple ACKs and echo requests

Classic code implements RFC5201 and RFC5202. The minimum goal is to implement and test in CORE the v2 base exchange and IPsec (RFC7401 and RFC7402). (That was done by students in 2017-2019).

Full HIPv2 implemenation should support mobility (RFC8046), multihoming (RFC8047), and ideally also certificates (RFC8002), registration (RFC8003), rendezvous (RFC8004), and DNS (RFC8005).

Goals for 2020: New Orchids update of RFC7343. Support of EdDSA25519, new crypto in HIP. Hierarchical HITs.

Goals for 2021: Support of Xoodyak, new crypto in HIP, revision 10. Support of OpenSSL 1.1.1 and test of 3.0. Improve: New Orchids update of RFC7343, Hierarchical HITs. Implement draft-ietf-hip-dex-24.

Project 2: Cryptographic Drone ID

The goal of this project is to prototype drone ID as specified by DRIP IETF Working Group.

The drone ID is broadcasted over Bluetooth or WiFi as a HIP Host Identity Tag (HIT) in 20 Bytes.

Prototyping can happen with Raspberry Pi4 (Bluetooth 5--) or Pi 3B+ (Bluetooth 4.2)

This project and interact and get help with HIP features from project 1.

We have a real drone Phantom 4 pro V2.0 for testing;)

Students 2020: Oliver, Mathias, Niklas, Hampus, Joakim F

Accomplished: prototype Broadcast Remote Drone ID over Bluetooth/WiFi. Also write an Android application for Observer than can see drones nearby. Store drone track to a blockchain (Iroha). Material: Iroha demo video and gitlab code, archieve with code for app-frontend-backend.

Goals for 2021: Update to draft-ietf-drip-rid-09, draft-ietf-drip-auth-01, test BT 5 dongle, test battery powered RP with GPS on a Phantom drone.

Half-time presentation

For half-time seminar, can each group please make 20-30 min presentation focusing on following topics
  • problem statement
  • state of the art
  • current status
  • development strategy, hardware used
  • division of tasks within the group
  • main challenges so far
  • work plan for 2nd half
Slides should be enough at this point, but if you can show some running code with devices, it would be nice!

Final presentation

Presentation covering same topics as half-time, but having lessons learned and conclusions instead of work plan.
A demo and code walkthrough must be presented also.
A report (about 7-10 pages) summarizing main results and advice for future students should be provided before the presentation.

Page responsible: Andrei Gurtov
Last updated: 2021-08-18