Changes between Version 9 and Version 10 of SCU
- Timestamp:
- Oct 5, 2010, 4:25:51 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SCU
v9 v10 1 = SCU - Secure Code Update Cookbook =2 3 TODO:4 * Upload SCU software package5 * Test procedure on other environments6 7 This document includes instructions how to install and to run the Secure Code Update protocol.8 9 [[PageOutline(2-3,Table of Contents,inline)]]10 11 == Introduction ==12 13 == Architectural Overview ==14 15 == Installation ==16 17 === Hardware and Software Requirements18 Installing the SCU protocol requires the following hardware tools and software packages:19 20 * [http://www.ubuntu.com/ Linux PC] This guide has been tested using Ubuntu 8.10 and 10.0421 * [http://docs.tinyos.net/index.php/Getting_started TinyOS-2.x SDK]22 * SCU software package23 * At least 2 TelosB sensor nodes24 25 26 Appunti:27 Config files in28 CONFIG_FILE=HOME_PATH+"/synapse-config.txt";29 SECRET_KEYS_FILE=HOME_PATH+"/synapse-secret-keys.xml";30 PUBLIC_KEYS_FILE=HOME_PATH+"/synapse-public-keys.bin";31 32 Security bits configured during deployment33 34 == Running a Secure Code Update session ==35 36 37 1 === Folder structure 38 2 {{{ 39 3 scu 40 4 | … … 52 16 +-- quick_start.sh 53 17 Simple script that execute a guided step-by step deployment, followed by a Secure Code Update operation. 54 18 }}} 55 19 === Shortest HOWTO: 56 20 … … 75 39 A typical setting is -deploy 80 30 128 128 -use-authentication -use-encryption -use-dos-protection. 76 40 77 This command will generate the keys, and install all necessary stuff on the nodes detected by motelist command 78 These nodes will be given id starting from 1, in order of serial number. 41 This command will generate the keys, and install all necessary stuff on the nodes detected by motelist command. The keys will be stored in the following files: $HOME/synapse-secret-keys.xml , $HOME/synapse-public-keys.bin . 42 These nodes will be given an id starting from 1, in order of serial number. 43 79 44 80 45 * Now all nodes can be disconnected from the pc, keeping the base station connected. If more than 1 nodes are connected, the one with the minimum serial number will be used as a base station. The command to execute in order to start the dissemination is … … 92 57 93 58 94 95 96 59 === Detailed HOWTO 97 60 … … 105 68 * Java application: net.tinyos.signet.SecurityEncrypterV0 106 69 * Java application: net.tinyos.signet.Suino 70 * Bash script: ihex_to_binary.sh 71 * Bash script: get_tags_size.sh 107 72 * TinyOS SDK tools 108 73 … … 111 76 ==== SynapseKeyStorage tool 112 77 113 This tool manages the private key storage and permits to export the public keys. This tool generates and uses the configuration file "$HOME/synapse-config.txt". The inv acation syntax is the following:78 This tool manages the private key storage and permits to export the public keys. This tool generates and uses the configuration file "$HOME/synapse-config.txt". The invocation syntax is the following: 114 79 {{{ 115 80 java net.tinyos.signet.SynapseKeyStorage [-generate <# of security bits for authentication> <#of uses per key> <# of security bits for encryption> <# of security bits for DoS protection> <filename>] [-get-public <key storage filename> <destination filename>] … … 126 91 ==== KeyVolumeManagerClient tool 127 92 93 This tool is used to store and retrieved keys from the nodes' flash memory, communicating with the TinyOS application KeyVolumeManager, which must be installed on the node in order to use this tool. The invocation syntax is the following: 94 {{{ 128 95 java net.tinyos.signet.KeyVolumeManagerClient [-comm <source>] [-verbose] [-progress] [-upload <public key file>] [-download <output file>] 96 }}} 97 If the "upload" option is given, the public keys contained in the given file are uploaded in the node. 98 If the "download" option is given, the public keys contained in the node are downloaded in the given file. 129 99 130 java net.tinyos.signet.KeyVolumeManagerClient -comm serial@/dev/ttyUSB0:telosb -progress -upload /tmp/pippo/synapse-public-keys.bin 100 An example of invocation is the following 101 {{{ 102 java net.tinyos.signet.KeyVolumeManagerClient -comm serial@/dev/ttyUSB0:telosb -progress -upload $HOME/synapse-public-keys.bin 103 }}} 131 104 132 105 ==== FlashManagerClient tool 133 106 134 java net.tinyos.signet.FlashManagerClient [-comm <source>] [-verbose] [-progress] [-print-table] [-format] [-read <read_addr> <read_size> <output filename>] [-readid <partition ID,4 digits radix 16> <output file>] [-writefile <desired partition ID, 4 digits radix 16> <local filename> <program start offset radix, 4 digits radix 16>] 107 This tool is used to format, store and retrieve applications from the nodes' flash memory. This tool communicates with the TinyOS application FlashManager, which must be installed on the node in order to use this tool. The invocation syntax is the following: 108 {{{ 109 java net.tinyos.signet.FlashManagerClient [-comm <source>] [-verbose] [-progress] [-print-table] [-format] [-readid <partition ID,4 digits radix 16> <output file>] [-writefile <desired partition ID, 4 digits radix 16> <local filename> <program start offset radix, 4 digits radix 16>] 110 }}} 111 112 If the "print-table" option is given, then the partition table is printed on standard output. 113 If the "format" option is given, then the node's flash is formatted. 114 If the "readid" option is given, then the partition with given ID is read and stored in the given file. 115 If the "writefile" option is given, then the given file is stored in a new partition with the given ID. Multiple partition with the same ID can coexists on the node's flash memory, and the last will be always used when required. The program start offset indicates the offset at the beginning of the file where the executable code starts (this is useful when the security tags are prefixed to the application code). 116 135 117 136 118 ==== SecurityTaggerV0 tool 137 119 120 This tool is used to generate the security tags necessary for the authentication functionality. The invocation syntax is the following: 121 {{{ 138 122 java net.tinyos.signet.SecurityTaggerV0 [-sign <keys filename> <block size> <inputfile> <outputfile> [-update-keys [-low-overhead]] [-use-key-refresh] ] 123 }}} 124 The only command executable with this tool is the "sign" command. The "keys filename" parameter is the name of the file containing the private keys (i.e. the one generated with the SynapseKeyStorage tool). Block size must be 800, as defined in the Synapse application. Inputfile is the file containing the binary code of the application. This file is obtained using the ihex_to_binary script. Outputfile is the generated file. 139 125 140 126 ==== SecurityEncrypterV0 tool 141 127 142 java net.tinyos.signet.SecurityEncrypterV0 <private keys file> <imputfile> <outputfile> 128 This tool is used to encrypt a file, using the AES block cipher in OFB operation mode. The invocation syntax is the following: 129 {{{ 130 java net.tinyos.signet.SecurityEncrypterV0 <private keys file> <inputfile> <outputfile> 131 }}} 143 132 144 133 ==== Suino tool 145 134 135 This tool is used in order to communicate with the Synapse Base Station. So the Synapse application, compiled with the IS_BASESTATION flag, must be installed on the node in order to communicate with this tool. The invocation syntax is the following: 136 {{{ 146 137 java net.tinyos.signet.Suino [-comm <source>] < --prepare | --format | --reset | --load <app.id> | --transfer <app.id> | --alive > 138 }}} 139 140 Commands description: 141 * Prepare: stops dissemination, prepares the network for other commands as format, reset or load. 142 * Format: all nodes in the network (except the base station) format their flash memory (Synapse is then re-stored). Use FlashManager to format the base station. 143 * Reset: all nodes in the network reboot. 144 * Load: all nodes in the network (except the base station) load the application corresponding to the given id. 145 * Transfer: the application with the given ID in the base station's flash memory is disseminated. The command returns when all the nodes in the network ended receiving the application. 146 * Alive: check whether Synapse Base Station is installed. This command waits indefinitely for a response from the node, which should be immediate. 147 148 ==== Bash tools 149 150 The ihex_to_binary script has the following invocation syntax: 151 {{{ 152 ihex_to_binary.sh <ihex file> 153 }}} 154 where "ihex file" is the application to disseminate, in ihex format. 155 This tool generates a <ihex file>.compact.binary file, which contains the application to disseminate, in binary format. 156 157 The get_tags_size script has the following invocation syntax: 158 {{{ 159 get_tags_size.sh <tagged file> <untagged file> 160 }}} 161 where <untagged file> usually is the application binary file, and <tagged file> is the file obtained using the SecurityTaggerV0 tool. 162 This tool simply calculates the difference between the size of these two files, to obtain the size of the security tags. This size can then be used as the parameter to provide to the FlashManager tool.