This week will be the last week of my senior project. Over the period of six weeks, I enjoyed dwelling in the field of cryptography and IoT security. I initially started with very preliminary knowledge about IoT devices and cryptography. Over time not only I learned the details of IoT devices but also how the cryptographic algorithms can secure the communication with such devices.
IoT devices are a network of physical devices connected to the Internet. They consist of low power, small memory, and no general-purpose Operating System like Windows and Mac. I came to know that IoT devices can be as small as few sensors but can connect anywhere from home network to driverless cars. Among the different cryptographic algorithms, I started with the basics of public key encryption (asymmetric key encryption) and symmetric key encryption. Symmetric key encryption consists of only one key. If I type a text message, the text message will be jumbled and scrambled using a key and an algorithm. This new message will be known as the ciphertext. This ciphertext will be decrypted using the same key and algorithm back to the original text. Asymmetric key encryption is also known as public key encryption. Public key encryption consists of two keys: One for encryption and the other for decryption. Similarly, if I type a text message, the text message will be jumbled and scrambled using the decryption (public key) key. This new message will be known as ciphertext. Now, however, the same public key can’t be used to decrypt the message. A private key will be used and will decrypt the message and return it to the original form. The private key is never known to the public.
I learned the advantages and disadvantages of using pubic key encryption and symmetric key encryption. I have also learned the different type of algorithms that are associated with public key encryption and symmetric key encryption. I have studied all the AES (Advanced Encryption Standard) algorithms. This includes ECB (Electronic Code Book), OFB (Output Feedback), and GCM (Galois/Counter Mode) Operation. All algorithms are symmetric key encryption. I have also studied the common public key encryption algorithms like ECC (Elliptic Curve Cryptography) and RSA (Rivest-Shamir-Adelman).
My goal at the end was to benchmark these different algorithms regarding memory usage and time taken and see if I can recommend certain specific schemes for securing IoT devices. If time permits I planned to build the entire IoT network and demonstrate that I can use the combinations of these algorithms to secure such network. I am pleased to announce that I was able to build such product using Arduino Uno board and Ethernet shield. I was able to connect to the Internet using the web browser via Arduino. I was able to poll analog inputs on Arduino board. Such usage of accessing analog inputs and outputs on Arduino board gave me the ability to access sensors connected these ports of Arduino over the Internet. I was also able to demonstrate the encryption and decryption of my chosen algorithms on the same Arduino board. I plan to patent my idea of building such an IoT secured port with the minimal cost which can communicate to sensors on one side and internet on the other.
Personally, through this process, I learned patience, perseverance and thinking creatively when faced with different problems. I was not able to get the WIFI module working with the Arduino. After reading a lot of documentation and experimenting with several different libraries, I realized that the WIFI module was not compatible with libraries I was using. It is difficult to determine such things because all Arduino libraries are open source and no specific responsible person or entity can explain the differences. But through the experiments, I learn how to debug an electronic circuit. I consulted with my external advisor regularly. I also got help from my internal advisor.
Reading through all the algorithms was not a one-day job nor a one-week job. It took me a couple of weeks to thoroughly read and understand all the algorithms. I also wrote my applications to test all these algorithms. Writing my applications was fun, but it was also frustrating to correct errors and deal with communication problems with the Arduino board. The purpose of the applications was to note the amount of time used and amount of memory taken for each algorithm. I used the data I got to benchmark the algorithms and choose which would be the most appropriate to use. I enjoyed learning about cryptography, and I also ventured into a field with lots of job growth and current research. Cryptography is one of the fastest growing fields in Computer Science, and its importance in Government Security and Cybersecurity has never been greater.
I would like to share the final product that I built which uses Arduino Uno board and Ethernet shield: