Skip to content

[read-only mirror of] coap-ace-poc-firmware: Firmware for the CoAP-ACE-OAuth-PoC project – securely communicating with embedded devices using Bluetooth, CoAP and OSCORE

Notifications You must be signed in to change notification settings

coap-security/coap-ace-poc-firmware

Repository files navigation

CoAP/ACE-OAuth PoC: Firmware

This repository contains the firmware part of the CoAP/ACE-OAuth proof-of-concept implementation. The firmware is written in Rust, and designed to run on nRF52-DK hardware based on the S132 softdevice (but is easy to adjust to other nRF devices).

What this does

With this firmware, the device it is running on simulates a simple network enabled sensor -- it reports the temperature it measures over a radio interface to authorized users, and allows some users to alter the identification LEDs.

The technology stack it demonstrates by this is

  • an [ACE-OAuth (RFC9200)] Resource Server (RS) -- this limits the interactions of users according to an authorization server's decisions
  • OSCORE (RFC8613) -- this secures communication with symmetric keys, independent of the precise transport mechanism used
  • EDHOC (RFC9528) -- this establishes fresh symmetric key material from asymmetric keys with forward secrecy
  • at runtime, any of
  • CoAP (RFC7252) -- this gives a compact and versatile application protocol with flexible forwarding options
  • CoAP-over-GATT (draft-amsuess-core-coap-over-gatt-02) -- this allows transporting CoAP over Bluetooth Low Energy (BLE) without the need to set up a Bluetooth IP network

Quick start: Running the proof-of-concept demo

  • Obtain an nRF52-DK device; connect it via USB to a computer and move its power switch to the "on" position.

  • Download the latest build of this firmware from the build site as coap-ace-poc-firmware-.d??.hex. When using just a single nRF52-DK, pick any of numbered images. When using multiple devices, pick distinct ones, and consider labelling the devices accordingly.

  • Copy the file coap-ace-poc-firmware-d??.hex onto the "JLINK" USB drive that has appeared on your computer. Once copying is done, the device will restart, show two LEDs indicating the application's readiness, and USB drive will reappear without the file.

  • Direct a Bluetooth capable's cellphone web browser (Chrome or Chromium) to the corresponding web app. Press "Search nearby devices" and pick the device that is shown.

  • As the device requires authentication, follow the "Login" link, and use the name technician (password: technician) or junior (password: junior).

  • Use the web application's controls to read the device's temperature, to find the device (making its LEDs spin briefly), or to alter its identification LEDs (not available to junior).

    For illustration purposes, the web application is not made aware of the permission levels, and unauthorized control attempts will fail.

  • You may also install the mobile application through the browser's "Install app" button.

The workings -- getting to know the components

License

This project and all files contained in it is published under the BSD-3-Clause license as defined in LICENSES/BSD-3-Clause.txt.

Copyright: 2022-2024 EDF (Électricité de France S.A.)

Author: Christian Amsüss

Note that additional terms may apply to the built output. In particular, the softdevice's license terms become part of what governs the use of the resulting program.

About

[read-only mirror of] coap-ace-poc-firmware: Firmware for the CoAP-ACE-OAuth-PoC project – securely communicating with embedded devices using Bluetooth, CoAP and OSCORE

Topics

Resources

Stars

Watchers

Forks