Out-of-band transfer with Android to configure pre-shared secrets into sensor nodes

Abstract: Applications based on Wireless Sensor Networks are making their way into all kinds of industries. Today, they can do anything from off-loading hospitals by monitoring patients in their homes to regulating production lines in factories. More often than not, they perform some kind of surveillance and tracking. Thus, in most cases the information they carry is sensitive, rendering good encryption schemes suited for performance-constrained sensor nodes a valuable commodity. As traditional encryption is not well suited for performance constrained environments, there are many new "lightweight" encryption schemes emerging. However, many of the popular up and coming schemes make the assumption of already having a pre-shared secret available in the sensor node beforehand which can act as the base for their encryption key. The procedure of configuring this pre-shared secret into the sensor node is crucial and has the potential of breaking any scheme based on that assumption. Therefore, we have looked at different procedures of configuring this pre-shared secret into a sensor node securely, using nothing more than a smartphone to configure the sensor node. This would eventually eliminate the assumption of how the pre-shared secret got into the sensor node in the first place. We used an Arduino Uno R3 running an Atmega328p MCU as a simulation of a potential sensor node. Moreover, using a smartphone as the configuration device, we chose to base the communication on two types of OOB based side-channels; Namely, a visual-based using the flashlight and screen as well as audio-based, using the loudspeaker. We concluded that using a smartphone as configuration device has its difficulties, although, in this specific environment it is still a viable choice. The solution can decrease the previous knowledge required by the user performing the configuration while simultaneously upholding a high security level. The findings of this thesis highlight the fact that: technology has evolved to a point where the smartphones of today can outperform the specialized devices of yesterday. In other words, solutions previously requiring specialized hardware can today be achieved with much less "specialized" equipment. This is desirable because with less specialized equipment, it becomes easier to further develop and improve a system like this, increasing its viability.