TDDE21 Advanced Project: Secure Distributed and Embedded Systems
It looks like we will have 2 projects for 4-6 students in Fall 2021: 1) Continuing OpenHIP development 2) Cryptographic Drone ID
The course goes for whole Fall, September - December.
Project 1: HIPv2
Host Identity Protocol (HIPv2) is a newly standardized network security protocol by the IETF (RFC 7401). It establishes encrypted IPsec tunnels between hosts identified by public/private keys. While commercial use of HIP is rapidly progressing (By Tempered) its open-source implementations are somewhat outdated. Your task is to setup a virtual machine environment to test basic HIP functions such as Base Exchange, mobility update, multihoming with wireshark packet capture. OpenHIP can be run with CORE network simulator. OpenHIP software should be updated to support the latest RFCs.
2020 Students: David, Simon, Mathilda, Johan, Joakim K
You can study background material:
- What is HIP?
- HIP book
- Practical use of HIP to secure cruising ships, university campuses, etc
- CORE Simulator
Latest code, Core setup, Running HIP
- OpenHIP code on Bitbucket
Send your BitbucketID to Andrei to get full access.
- Host Identity Protocol v2. RFC7401 RFC7402 Other relevant RFCs
- Alternative HIPL implementation
- Project Report 2018
- Project Report 2019
- Project Report 2020
Main changes from HIPv1 to HIPv2
- cryptographic agility features
- update of mandatory/optional algorithms, including ECDSA and ECDH, HMAC-SHA-256, RSASSA-PSS
- Initiator may express DH group preference in I1
- Different crypto hash algorithms to generate the HIT
- HIT Suites group together pub key sig, hash fn, and hash truncation
- Puzzle uses HIT hash function
- Procedures for aborting HIP BEX added.
- Guidance on preventing downgrade attacks on crypto algorithms.
- Key derivation function now negotiable aspect of protocol.
- Clarifications on multiple ACKs and echo requests
Classic code implements RFC5201 and RFC5202. The minimum goal is to implement and test in CORE the v2 base exchange and IPsec (RFC7401 and RFC7402). (That was done by students in 2017-2019).
Full HIPv2 implemenation should support mobility (RFC8046), multihoming (RFC8047), and ideally also certificates (RFC8002), registration (RFC8003), rendezvous (RFC8004), and DNS (RFC8005).
Goals for 2021: Support of Xoodyak, new crypto in HIP, revision 10. Support of OpenSSL 1.1.1 and test of 3.0. Improve: New Orchids update of RFC7343, Hierarchical HITs. Implement draft-ietf-hip-dex-24.
Project 2: Cryptographic Drone IDThe goal of this project is to prototype drone ID as specified by DRIP IETF Working Group.
The drone ID is broadcasted over Bluetooth or WiFi as a HIP Host Identity Tag (HIT) in 20 Bytes.
Prototyping can happen with Raspberry Pi4 (Bluetooth 5--) or Pi 3B+ (Bluetooth 4.2)
This project and interact and get help with HIP features from project 1.
We have a real drone Phantom 4 pro V2.0 for testing;)
Students 2020: Oliver, Mathias, Niklas, Hampus, Joakim F
- IETF DRIP WG
- drone ID architecture
- drone ID testbed
- Message formats
- ASTM standard
- Sample code from OpenDroneID
- On Application of Host Identity Protocol in Wireless Sensor Networks
- Project Report 2020
Goals for 2021: Update to draft-ietf-drip-rid-09, draft-ietf-drip-auth-01, test BT 5 dongle, test battery powered RP with GPS on a Phantom drone.
Half-time presentationFor half-time seminar, can each group please make 20-30 min presentation focusing on following topics
- problem statement
- state of the art
- current status
- development strategy, hardware used
- division of tasks within the group
- main challenges so far
- work plan for 2nd half
Final presentationPresentation covering same topics as half-time, but having lessons learned and conclusions instead of work plan.
A demo and code walkthrough must be presented also.
A report (about 7-10 pages) summarizing main results and advice for future students should be provided before the presentation.
Page responsible: Andrei Gurtov
Last updated: 2021-08-18