Skip to content
/ needham-schroeder Public

A simple C-library to perform an extended variant of the Needham-Schroeder-protocol

4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

abender/needham-schroeder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits

aes

aes

 
 

examples

examples

 
 

sha2

sha2

 
 

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

Makefile.needham-schroeder

Makefile.needham-schroeder

 
 

README.md

README.md

 
 

ccm.c

ccm.c

 
 

ccm.h

ccm.h

 
 

needham.c

needham.c

 
 

needham.h

needham.h

 
 

ns_util.c

ns_util.c

 
 

ns_util.h

ns_util.h

 
 

rin_wrapper.c

rin_wrapper.c

 
 

rin_wrapper.h

rin_wrapper.h

 
 

uthash.h

uthash.h

 
 

Repository files navigation

Discontinued!

Please note: this project is only for archiving reasons on Github. You may use the code as you like (on your own risk), but I'm neither working on it anymore nor have time to answer questions about its usage or the Needham Schroeder protocol.

seNS - a simple extended Needham-Schroeder C-library

seNS is a small and simple C-library to perform an extended (symmetric) Needham-Schroeder(NS)-protocol. Extended means, that the basic NS-Protocol has been extended to make use of timestamps, which are used to solve several vulnerabilities by the original protocol. (See "Security Engineering" Chapter 3.7.2 by Ross Anderson). It provides basic functions to:

  • Run a NS-server, creating and distributing keys for securing some other protocol (for example DTLS in pre-shared-key mode)
  • Run a NS-daemon, waiting for clients to initialize the communication
  • Run a NS-client, retrieving keys from the server and connecting to NS-daemons.

The library provides callback functions so the user may decide how keys will be stored/retrieved and how events will be handled. Encryption of the protocol messages is done via CCM.

The library has been tested with Debian/Linux Systems and OS X. Basic compatibility with Contiki-OS is there, but needs improvements.

Usage

  • Checkout the Git-repository, go to the main directory and run make to build the library.
  • Go to the examples directory and run in seperate terminal(tab)s: 1) The server and daemon 2) The client.
  • The client will connect to the server and daemon and perform the key exchange.
  • See the examples code and needham.h for further informations and configuration.

Configuration

It is intended, that the user may choose lengths for all attributes of the NS-protocol (e.g. The length of identities, nonces and keys). While those for identities and nonces can be freely chosen, the lengths of the keys must be 16 Bytes, so they can be used for CCM.

The NS-client performs retransmissions to deal with lossy networks. To adjust its parameters change NS_RETRANSMIT_TIMEOUT and NS_RETRANSMIT_MAX accordingly.

See needham.h for a description of all modifiable values.

TODOs

  • The timestamp validation is currently disabled for Contiki Applications until I've found a proper way to handle timestamps on constrained devices
  • Create callback function for timestamp validation
  • Move some defines to a config.h
  • Implement tests
  • Improve Contiki compatibility
  • Vary the timeout of retransmissions (e.g. lineary/exponentially increasing intervals)

Authors and Contact

seNS was written by Andreas Bender

License

This software is published under MIT License

Some parts of the code are taken (e.g. the CCM implementation) or based on code from tinydtls by Olaf Bergmann, published under MIT License

Used libraries:

About

A simple C-library to perform an extended variant of the Needham-Schroeder-protocol

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages