Changes between Version 9 and Version 10 of SCU


Ignore:
Timestamp:
Oct 5, 2010, 4:25:51 PM (14 years ago)
Author:
fornasiero
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SCU

    v9 v10  
    1 = SCU - Secure Code Update Cookbook =
    2 
    3 TODO:
    4 * Upload SCU software package
    5 * Test procedure on other environments
    6 
    7 This document includes instructions how to install and to run the Secure Code Update protocol.
    8 
    9 [[PageOutline(2-3,Table of Contents,inline)]]
    10 
    11 == Introduction ==
    12 
    13 == Architectural Overview ==
    14 
    15 == Installation ==
    16 
    17 === Hardware and Software Requirements
    18 Installing the SCU protocol requires the following hardware tools and software packages:
    19 
    20  * [http://www.ubuntu.com/ Linux PC] This guide has been tested using Ubuntu 8.10 and 10.04
    21  * [http://docs.tinyos.net/index.php/Getting_started TinyOS-2.x SDK]
    22  * SCU software package
    23  * At least 2 TelosB sensor nodes
    24 
    25 
    26 Appunti:
    27 Config files in
    28 CONFIG_FILE=HOME_PATH+"/synapse-config.txt";
    29 SECRET_KEYS_FILE=HOME_PATH+"/synapse-secret-keys.xml";
    30 PUBLIC_KEYS_FILE=HOME_PATH+"/synapse-public-keys.bin";
    31 
    32 Security bits configured during deployment
    33 
    34 == Running a Secure Code Update session ==
    35 
    36 
    371=== Folder structure
    38 
     2{{{
    393scu
    404 |
     
    5216 +-- quick_start.sh
    5317        Simple script that execute a guided step-by step deployment, followed by a Secure Code Update operation.
    54 
     18}}}
    5519=== Shortest HOWTO:
    5620
     
    7539        A typical setting is -deploy 80 30 128 128 -use-authentication -use-encryption -use-dos-protection.
    7640
    77         This command will generate the keys, and install all necessary stuff on the nodes detected by motelist command
    78         These nodes will be given id starting from 1, in order of serial number.
     41        This command will generate the keys, and install all necessary stuff on the nodes detected by motelist command. The keys will be stored in the following files: $HOME/synapse-secret-keys.xml , $HOME/synapse-public-keys.bin .
     42        These nodes will be given an id starting from 1, in order of serial number.
     43
    7944
    8045* Now all nodes can be disconnected from the pc, keeping the base station connected. If more than 1 nodes are connected, the one with the minimum serial number will be used as a base station. The command to execute in order to start the dissemination is
     
    9257
    9358
    94 
    95 
    9659=== Detailed HOWTO
    9760       
     
    10568* Java application: net.tinyos.signet.SecurityEncrypterV0
    10669* Java application: net.tinyos.signet.Suino
     70* Bash script: ihex_to_binary.sh
     71* Bash script: get_tags_size.sh
    10772* TinyOS SDK tools
    10873
     
    11176==== SynapseKeyStorage tool
    11277
    113 This tool manages the private key storage and permits to export the public keys. This tool generates and uses the configuration file "$HOME/synapse-config.txt". The invacation syntax is the following:
     78This tool manages the private key storage and permits to export the public keys. This tool generates and uses the configuration file "$HOME/synapse-config.txt". The invocation syntax is the following:
    11479{{{
    11580 java net.tinyos.signet.SynapseKeyStorage [-generate <# of security bits for authentication> <#of uses per key> <# of security bits for encryption> <# of security bits for DoS protection> <filename>] [-get-public <key storage filename> <destination filename>]
     
    12691==== KeyVolumeManagerClient tool
    12792
     93This tool is used to store and retrieved keys from the nodes' flash memory, communicating with the TinyOS application KeyVolumeManager, which must be installed on the node in order to use this tool. The invocation syntax is the following:
     94{{{
    12895 java net.tinyos.signet.KeyVolumeManagerClient [-comm <source>] [-verbose] [-progress] [-upload <public key file>] [-download <output file>]
     96}}}
     97If the "upload" option is given, the public keys contained in the given file are uploaded in the node.
     98If the "download" option is given, the public keys contained in the node are downloaded in the given file.
    12999
    130  java net.tinyos.signet.KeyVolumeManagerClient -comm serial@/dev/ttyUSB0:telosb -progress -upload /tmp/pippo/synapse-public-keys.bin
     100An example of invocation is the following
     101{{{
     102 java net.tinyos.signet.KeyVolumeManagerClient -comm serial@/dev/ttyUSB0:telosb -progress -upload $HOME/synapse-public-keys.bin
     103}}}
    131104
    132105==== FlashManagerClient tool
    133106
    134  java net.tinyos.signet.FlashManagerClient [-comm <source>] [-verbose] [-progress] [-print-table] [-format] [-read <read_addr> <read_size> <output filename>] [-readid <partition ID,4 digits radix 16> <output file>] [-writefile <desired partition ID, 4 digits radix 16> <local filename> <program start offset radix, 4 digits radix 16>]
     107This tool is used to format, store and retrieve applications from the nodes' flash memory. This tool communicates with the TinyOS application FlashManager, which must be installed on the node in order to use this tool. The invocation syntax is the following:
     108{{{
     109 java net.tinyos.signet.FlashManagerClient [-comm <source>] [-verbose] [-progress] [-print-table] [-format] [-readid <partition ID,4 digits radix 16> <output file>] [-writefile <desired partition ID, 4 digits radix 16> <local filename> <program start offset radix, 4 digits radix 16>]
     110}}}
     111
     112If the "print-table" option is given, then the partition table is printed on standard output.
     113If the "format" option is given, then the node's flash is formatted.
     114If the "readid" option is given, then the partition with given ID is read and stored in the given file.
     115If the "writefile" option is given, then the given file is stored in a new partition with the given ID. Multiple partition with the same ID can coexists on the node's flash memory, and the last will be always used when required. The program start offset indicates the offset at the beginning of the file where the executable code starts (this is useful when the security tags are prefixed to the application code).
     116
    135117
    136118==== SecurityTaggerV0 tool
    137119
     120This tool is used to generate the security tags necessary for the authentication functionality. The invocation syntax is the following:
     121{{{
    138122 java net.tinyos.signet.SecurityTaggerV0 [-sign <keys filename> <block size> <inputfile> <outputfile> [-update-keys [-low-overhead]] [-use-key-refresh] ]
     123}}}
     124The only command executable with this tool is the "sign" command. The "keys filename" parameter is the name of the file containing the private keys (i.e. the one generated with the SynapseKeyStorage tool). Block size must be 800, as defined in the Synapse application. Inputfile is the file containing the binary code of the application. This file is obtained using the ihex_to_binary script. Outputfile is the generated file.
    139125
    140126==== SecurityEncrypterV0 tool
    141127
    142  java net.tinyos.signet.SecurityEncrypterV0 <private keys file> <imputfile> <outputfile>
     128This tool is used to encrypt a file, using the AES block cipher in OFB operation mode. The invocation syntax is the following:
     129{{{
     130 java net.tinyos.signet.SecurityEncrypterV0 <private keys file> <inputfile> <outputfile>
     131}}}
    143132
    144133==== Suino tool
    145134
     135This tool is used in order to communicate with the Synapse Base Station. So the Synapse application, compiled with the IS_BASESTATION flag, must be installed on the node in order to communicate with this tool. The invocation syntax is the following:
     136{{{
    146137 java net.tinyos.signet.Suino [-comm <source>] < --prepare | --format | --reset | --load <app.id> | --transfer <app.id> | --alive >
     138}}}
     139
     140Commands description:
     141* Prepare: stops dissemination, prepares the network for other commands as format, reset or load.
     142* Format: all nodes in the network (except the base station) format their flash memory (Synapse is then re-stored). Use FlashManager to format the base station.
     143* Reset: all nodes in the network reboot.
     144* Load: all nodes in the network (except the base station) load the application corresponding to the given id.
     145* Transfer: the application with the given ID in the base station's flash memory is disseminated. The command returns when all the nodes in the network ended receiving the application.
     146* Alive: check whether Synapse Base Station is installed. This command waits indefinitely for a response from the node, which should be immediate.
     147
     148==== Bash tools
     149
     150The ihex_to_binary script has the following invocation syntax:
     151{{{
     152 ihex_to_binary.sh <ihex file>
     153}}}
     154where "ihex file" is the application to disseminate, in ihex format.
     155This tool generates a <ihex file>.compact.binary file, which contains the application to disseminate, in binary format.
     156
     157The get_tags_size script has the following invocation syntax:
     158{{{
     159 get_tags_size.sh <tagged file> <untagged file>
     160}}}
     161where <untagged file> usually is the application binary file, and <tagged file> is the file obtained using the SecurityTaggerV0 tool.
     162This tool simply calculates the difference between the size of these two files, to obtain the size of the security tags. This size can then be used as the parameter to provide to the FlashManager tool.