Home
Lehre
MNM Team
Projekte
ATV2 Cluster
DASH
Embedded MSec Lab
EnvComp
PROCESS
QuaSiModO
Previous Projects
Publikationen
en
![[PRINT]](/_images/printer1.png)
![[FLAG]](/_images/flag-en.png)
The Embedded Multicast Security Lab
Securing group communication in constrained networks requires new solutions to be found, implemented and evaluated. This is especially true when group communication is desired, which turns out to be much more difficult to secure than point-to-point communications, as the sharing of keys along the group potentially lowers the security of the solutions. There is a variety of work on security in constrained networks, but most of them only pick one particular security property (e.g. μTesla) or are simply designed for a very specific use case (e.g. Group-DTLS for the lightening industry). This is especially true for group communication, which is a niche, but turns out to be very attractive for constrained networks.
Smart Homes, Cars, Factories, etc. are networks of such devices acting as one system from an outside point of view. Applying well known models of informatics, this networks can be seen as administrative domains (ADs). Following this idea, the owner of a certain system (e.g. the owner of a Smart Home) acts as the administrator to the system, who in turn should decide on who to give access the system and its data. In current deployments, this access is usually managed on top of the cloud instance by registering an external actor (e.g. a smartphone) with access to the cloud service. The external actor sends control messages or data requests to the cloud, acting as some sort of "proxy" forwarding or translating the messages to the constrained device or the network.
Testbed
With multicasting being an interesting option for many use cases, we are currently developing a testbed, allowing flexible deployment of group communication scenarios and implementations of different solution for secure group communication. The testbed contains devices with different constraints, such as different microprocessor architectures - namely ARM Cortex M0 and ATmega328P, but also single board computers with the ARMv7 and ARMv8 architectures. They all communicate wired (Ethernet) or wireless (Bluetooth or WiFi). The testbed is able to simulate different kinds of communication groups:
- spatial
- a group of devices connected to one and the same access point. Each AP is managed by an Area Server (AS) separated with VLAN.
- logical
- a group of devices sharing information using IP multicasting and being managed by the Group Management Server (GMS).
- secure
- a group of devices sharing secure information using IPsec, being managed by the GMS, implemented on constrained devices.
Hardware
Computing Hardware:
| Device | Architecture | Clock Speed |
Flash Memory |
SRAM |
|---|---|---|---|---|
| Arduino Uno |
ATmega328 | 16MHz | 32KB | 2KB |
| Arduino M0+ |
ARM Cortex-M0+ | 48MHz | 256KB | 32KB |
| Arduino Due |
ARM Cortex-M3 | 84MHz | 512KB | 96KB |
| ST NUCLEO-F091RC |
ARM Cortex-M0 | 48MHz | 256KB | 32KB |
| ST NUCLEO-F103RB |
ARM Cortex M3 | 72MHz | 128KB | 20KB |
| ST Nucleo F401 |
ARM Cortex-M4 | 84MHz | 512Kb | 96Kb |
| ST Nucleo144-F429 |
ARM Cortex-M4 | 180MHz | 2Mb | 256Kb |
Network Modules
- Semtech SX1272 868/915MHZ Lora MBED SHIELD
- Texas Instruments SimpleLinkWi-Fi CC3200
- Microchip AT86RF233 Zigbee / 802.15.4
- WIZnet Ethernet-Module W5100
- SparkFun nRF51822 Bluetooth / 802.15.1
Controller Hardware:
| Device | Architecture | Clock Speed |
Flash Memory |
SRAM |
|---|---|---|---|---|
| Raspbery Pi v1 |
ARM1176JZF-S | 700MHz |
256MB | |
| Raspbery Pi v3 |
ARM cortex-a53 | 1.2GHz Quad Core |
1GB | |
| Beaglebone Black |
Cortex-A8 + Dual PRU | 1000MHz | 4GB |
512MB |
Networking Hardware
- Netgear Prosafe GS748T Switch
- Colubris MAP-625 Access Point
- Laird Sentrius RG1 LoRa-Enabled Gateway
- Digi CONNECTPORT X4 Gateway - ZigBee to Ethernet
Current activities
- Design, Implementation and Evaluation of a Identity Based Signature (IBS) Scheme for group communication in constrained environments
- Implementation and Evaluation of G-IKEv2 for Strongswan
- Implementation and Evaluation of Walnut DSA for RIOT, FreeRTOS and Linux
- Implementation and Evaluation of Diet-ESP for RIOT and Linux
Publications
NOT READABLEArray ( [SCRIPT_URL] => /projects/embedded/ [SCRIPT_URI] => https://lxnm08.nm.ifi.lmu.de/projects/embedded/ [HTTPS] => on [SSL_TLS_SNI] => lxnm08.nm.ifi.lmu.de [HTTP_ACCEPT] => */* [HTTP_USER_AGENT] => Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) [HTTP_COOKIE] => XTCsid=da6d8414cecaa54bf84225f8b28255e2 [HTTP_ACCEPT_ENCODING] => gzip, br, zstd, deflate [HTTP_REFERER] => https://lxnm08.nm.ifi.lmu.de/projects/embedded [HTTP_HOST] => lxnm08.nm.ifi.lmu.de [PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache/2.4.38 (Debian) mpm-itk/2.4.7-04 PHP/5.6.40-0+deb8u11 OpenSSL/1.1.1d mod_python/3.3.1 Python/2.7.16 mod_perl/2.0.10 Perl/v5.28.1 [SERVER_NAME] => lxnm08.nm.ifi.lmu.de [SERVER_ADDR] => 141.84.218.28 [SERVER_PORT] => 443 [REMOTE_ADDR] => 3.149.255.239 [DOCUMENT_ROOT] => /proj/www/mnm/htdocs [REQUEST_SCHEME] => https [CONTEXT_PREFIX] => [CONTEXT_DOCUMENT_ROOT] => /proj/www/mnm/htdocs [SERVER_ADMIN] => webmaster@nm.informatik.uni-muenchen.de [SCRIPT_FILENAME] => /proj/www/mnm/htdocs/projects/embedded/index.php [REMOTE_PORT] => 48625 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /projects/embedded/ [SCRIPT_NAME] => /projects/embedded/index.php [PHP_SELF] => /projects/embedded/index.php [REQUEST_TIME_FLOAT] => 1735377882.834 [REQUEST_TIME] => 1735377882 ) /proj/www/conf/lxnm08/Port443/etc/.dbmap---------------------
Datenbank-Connect fehlerhaft