Tutorial: RPL Secure - simonduq/contiki-ng GitHub Wiki
We will now look at connecting to a secure network running RPL and link-layer security.
In the room, we are running another RPL network with IEEE 802.15.4 PAN-ID 0xABBC and IPv6 prefix fd02::1/64.
You will connect to this network, providing your node with connectivity to the Internet as well as to other nodes in the room.
In this tutorial you will add link-layer security to your project-conf.h file. If your project does not already have such a file, create a new one, in your project directory (and clean your build with make distclean). In your project-conf.h file, add:
#define LLSEC802154_CONF_ENABLED 1
After that compile and flash the node.
Default security level is 5 and the security key-mode is "Implicit key", i.e., there is no key specified so the default key is just for all packets.
First see if the node joins the border router or not. If it joins - you are lucky as the key is expected to be wrong at start. Using the shell you can set another correct key:
> llsec
LLSEC level: 5, key-id-mode: 0, default key index: 0
> llsec set-key 0 0123456789abcdef
Setting ASCII key.
...
To see your PAN id, type:
> radio
RADIO channel: 26, PAN ID: 0xabba
Also remember to set the correct PAN id:
> radio set-panid 0xabbc
Set PAN ID to 0xabbc
...
After a while the node should get into the RPL network as the key is now correct.
Security level of 802.15.4
| Level | Encryption | Authentication | Description |
|---|---|---|---|
| 0x00 | No security | Data is not encrypted. Data authenticity is not validated. | |
| 0x01 | AES-CBC-MAC-32 | MIC-32 | Data is not encrypted. Data authenticity is validated. |
| 0x02 | AES-CBC-MAC-64 | MIC-64 | Data is not encrypted. Data authenticity is validated. |
| 0x03 | AES-CBC-MAC-128 | MIC-128 | Data is not encrypted. Data authenticity is validated. |
| 0x04 | AES-CTR | ENC | Data is encrypted. Data authenticity is not validated. |
| 0x05 | AES-CCM-32 | AES-CCM-32 | Data is encrypted. Data authenticity is validated. |
| 0x06 | AES-CCM-64 | AES-CCM-64 | Data is encrypted. Data authenticity is validated. |
| 0x07 | AES-CCM-128 | AES-CCM-128 | Data is encrypted. Data authenticity is validated. |
Configuring a Native Border Router for LLSEC
If you want to set-up your own border-router to make use of the configuration described above you can change the project-conf.h with the following (add these lines):
#define LLSEC802154_CONF_ENABLED 1
#define IEEE802154_CONF_PANID 0xabbc
#define CSMA_CONF_LLSEC_DEFAULT_KEY0 \
{'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}