Confidentiality (privacy)

Confidentiality refers to ensure that information is not accessed by unauthorized people. Information is intelligible only to its rightful recipients. Although third parties may be able to read (a copy of) the message sent, they must not be able to make sense of it. Confidentiality is assurance of data privacy. Sending frames with confidentiality can be achieved through symmetric key encryption. AES algorithm has been implemented for this purpose.

Advanced Encryption Standard (AES) is a symmetric key encryption algorithm that supports key lengths of 128, 192, and 256 bits. AES encrypts a block of bytes at the same time, unlike stream ciphers that encode each single item individually. This feature allows the algorithm to be very fast. It has the advantage of occupying very little memory and consequently makes it very suitable for low memory capacity devices.

AES is able to encrypt and decrypt a block of data using an AES key. The key and the block of data have a fixed length. The length of the block of data is always 128-bit (16 bytes), while the key size can be:

• 128-bit key size (16 bytes)

• 192-bit key size (24 bytes)

• 256-bit key size (32 bytes)

As AES is classified as a block cipher algorithm, there are different modes of operation. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block. This library implements two modes of operation:

• ECB mode: The simplest of the encryption modes is the electronic codebook (ECB) mode. The message is divided into blocks of 16 bytes and each block is encrypted separately. Notice that this mode is the only one supported by Meshlium.

• CBC mode: Each 16-byte block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block. This initialization vector size is 16 bytes, so is the same size as the data block size. Notice that this mode is not supported by Meshlium.

A block cipher works on fixed size blocks, but messages come in a variety of lengths. So some modes of operation require that the final block be padded before encryption. Several padding schemes exist, but this library provide two padding schemes:

• ZEROS: this method adds 0s until the last block size is completed. Notice that this mode is the only one supported by Meshlium.

• PKCS5: this method adds the input at the trailing end with k - (l mod k) octets all having value k - (l mod k), where l is the length of the input. Notice that this mode is not supported by Meshlium.

Waspmote Libraries

Waspmote AES Files

WaspAES.h is the header file of the class, and WaspAES.cpp is the class where the functions and variables are implemented.

It is mandatory to include the AES library when using it. The following line must be introduced at the beginning of the code:

#include <WaspAES.h>

Constructor

To start using Waspmote AES library, an object from class ‘WaspAES’ must be created. This object, called ‘AES’, is created inside the Waspmote AES library and it is public to all libraries. It is used through the guide to show how the Waspmote AES library works.

When creating this constructor, no variables are initialized by default.

Pre-Defined Constants

There are some constants defined in ‘WaspAES.h’ related with the different encryption and padding modes that can be used to encrypt messages.

Calculating the encrypted message length

Before using an encryption function, the length of the encrypted message is needed in order to create the proper memory buffers. As the data block size is 16 bytes, the final length is multiple of 16.

The next code shows how to calculate the length of the ciphertext in bytes. The function AES.sizeOfBlocks() returns the total length of the 16-byte data blocks that will be included within the message.

{
 char plaintext[] = ”Original Text”;
 uint16_t length;
 length = AES.sizeOfBlocks(plaintext);
}

AES Encryption

The next code shows how to encrypt a message from a plaintext with the function AES.encrypt().

When calling this function, the mode of operation must be specified between: ECB or CBC. In the case that the mode of operation is CBC, the initialization vector must be defined as a 16-byte array of bytes.

Finally, the padding mode must be specified between two possibilities: PKCS5 or ZEROS.

{
			// AES 128 encryption: ECB mode, PKCS5 padding
			AES.encrypt( 128,
			             password,
			             message,
			             encrypted_message,
			             ECB,
			             PKCS5);

			// AES 128 encryption: CBC mode, ZEROS padding
			uint8_t IV[16] =
			{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F};

			AES.encrypt( 128,
			             password,
			             message,
			             encrypted_message,
			             CBC,
			             ZEROS,
			             IV);
}

The input message length can be any value. However, the output message length will be a multiple of 16 bytes.

The AES password is padded with zeros in the case it does not reach the proper length selected by the AES encryption function.

Printing Message

Some functions have been created to write encrypted message to the USB.

{
 // Writes the encrypted message to the USB port on Matrix format
 AES.printMatrix(encrypted_message, length);
}

Example of use may be found in: