/coap-ace-poc-firmware

[read-only mirror of] coap-ace-poc-firmware: Firmware for the CoAP-ACE-OAuth-PoC project – securely communicating with embedded devices using Bluetooth, CoAP and OSCORE

Primary LanguageRust

CoAP/ACE-OAuth PoC: Firmware

This repository contains the firmware part of the CoAP/ACE-OAuth proof-of-concept implementation. The firmware is written in Rust, and designed to run on nRF52-DK hardware based on the S132 softdevice (but is easy to adjust to other nRF devices).

What this does

With this firmware, the device it is running on simulates a simple network enabled sensor -- it reports the temperature it measures over a radio interface to authorized users, and allows some users to alter the identification LEDs.

The technology stack it demonstrates by this is

  • an [ACE-OAuth (RFC9200)] Resource Server (RS) -- this limits the interactions of users according to an authorization server's decisions
  • the ACE OSCORE profile (RFC9203) -- this connects the ACE framework with OSCORE, and generates OSCORE keys
  • OSCORE (RFC8613) -- this secures communication with symmetric keys, independent of the precise transport mechanism used
  • CoAP (RFC7252) -- this gives a compact and versatile application protocol with flexible forwarding options
  • CoAP-over-GATT (draft-amsuess-core-coap-over-gatt-02) -- this allows transporting CoAP over Bluetooth Low Energy (BLE) without the need to set up a Bluetooth IP network

Quick start: Running the proof-of-concept demo

  • Obtain an nRF52-DK device; connect it via USB to a computer and move its power switch to the "on" position.

  • Download the latest build of this firmware from the build site as coap-ace-poc-firmware-.d??.hex. When using just a single nRF52-DK, pick any of numbered images. When using multiple devices, pick distinct ones, and consider labelling the devices accordingly.

  • Copy the file coap-ace-poc-firmware-d??.hex onto the "JLINK" USB drive that has appeared on your computer. Once copying is done, the device will restart, show two LEDs indicating the application's readiness, and USB drive will reappear without the file.

  • Direct a Bluetooth capable's cellphone web browser (Chrome or Chromium) to the corresponding web app. Follow the login instructions, picking either the role of the "junior" or the "senior". Note that in the course of the login, the BLE connection is severed and needs to be reestablished.

    You may also install the mobile application through the browser's "Install app" button.

  • Use the web application's controls to read the device's temperature, to find the device (making its LEDs spin briefly), or to alter its identification LEDs ("senior" only).

    For illustration purposes, the web application is not made aware of the permission levels, and unauthorized control attempts will fail.

The workings -- getting to know the components

  • Instructions on how to build the firmware, as well as how to alter or extend it, can be found in the firmware's documentation.

    That also contains further references for the components used inside the firmware.

  • The web application is built from source at https://gitlab.com/oscore/coap-ace-poc-webapp/ and documented there as well. The web application is built into a static web site, which can be served by any modern web server.

  • Backing the authentication is an ACE Authorization Server (AS). Its setup and operatioins are described on TBD.

License

This project and all files contained in it is published under the BSD-3-Clause license as defined in LICENSES/BSD-3-Clause.txt.

Copyright: 2022 EDF (Électricité de France S.A.)

Author: Christian Amsüss

Note that additional terms may apply to the built output. In particular, the softdevice's license terms become part of what governs the use of the resulting program.