Hide menu

TDDE21 Advanced Project: Secure Distributed and Embedded Systems

Course information

It looks like we will have 2 projects for 4-6 students in Fall 2020: 1) Continuing OpenHIP development 2) Cryptographic Drone ID

The course goes for whole Fall, September - December.

Welcome slides 2020

Project 1: HIPv2

Host Identity Protocol (HIPv2) is a newly standardized network security protocol by the IETF (RFC 7401). It establishes encrypted IPsec tunnels between hosts identified by public/private keys. While commercial use of HIP is rapidly progressing (By Tempered) its open-source implementations are somewhat outdated. Your task is to setup a virtual machine environment to test basic HIP functions such as Base Exchange, mobility update, multihoming with wireshark packet capture. OpenHIP can be run with CORE network simulator. OpenHIP software should be updated to support the latest RFCs.

2020 Students: David, Simon, Mathilda, Johan, Joakim K

You can study background material:

Main changes from HIPv1 to HIPv2

  • cryptographic agility features
  • update of mandatory/optional algorithms, including ECDSA and ECDH, HMAC-SHA-256, RSASSA-PSS
  • Initiator may express DH group preference in I1
  • Different crypto hash algorithms to generate the HIT
  • HIT Suites group together pub key sig, hash fn, and hash truncation
  • Puzzle uses HIT hash function
  • Procedures for aborting HIP BEX added.
  • Guidance on preventing downgrade attacks on crypto algorithms.
  • Key derivation function now negotiable aspect of protocol.
  • Clarifications on multiple ACKs and echo requests

Classic code implements RFC5201 and RFC5202. The minimum goal is to implement and test in CORE the v2 base exchange and IPsec (RFC7401 and RFC7402). (That was done by students in 2017-2019).

Full HIPv2 implemenation should support mobility (RFC8046), multihoming (RFC8047), and ideally also certificates (RFC8002), registration (RFC8003), rendezvous (RFC8004), and DNS (RFC8005).

Goals for 2020: New Orchids update of RFC7343. Support of EdDSA25519, new crypto in HIP. Hierarchical HITs.

Project 2: Cryptographic Drone ID

The goal of this project is to prototype drone ID as specified by DRIP IETF Working Group.

The drone ID is broadcasted over Bluetooth or WiFi as a HIP Host Identity Tag (HIT) in 20 Bytes.

Prototyping can happen with Raspberry Pi4 (Bluetooth 5) or Pi 3B+ (Bluetooth 4.2)

This project and interact and get help with HIP features from project 1.

We have a real drone for testing Phantom 4 pro V2.0 for testing;)

Students 2020: Oliver, Mathias, Niklas, Hampus, Joakim F

The goal is to prototype Broadcast Remote Drone ID over Bluetooth/WiFi. Also write an Android application for Observer than can see drones nearby.

Half-time presentation

For half-time seminar, can each group please make 20-30 min presentation focusing on following topics
  • problem statement
  • state of the art
  • current status
  • development strategy, hardware used
  • division of tasks within the group
  • main challenges so far
  • work plan for 2nd half
Slides should be enough at this point, but if you can show some running code with devices, it would be nice!

Final presentation

Presentation covering same topics as half-time, but having lessons learned and conclusions instead of work plan.
A demo and code walkthrough must be presented also.
A report (about 7-10 pages) summarizing main results and advice for future students should be provided before the presentation.

Page responsible: Andrei Gurtov
Last updated: 2020-08-31