Posts | Comments

Planet Arduino

Archive for the ‘encryption’ Category

Even if you wouldn’t describe yourself as a history buff, you’re likely familiar with the Enigma machine from World War II. This early electromechanical encryption device was used extensively by Nazi Germany to confound Allied attempts to eavesdrop on their communications, and the incredible effort put in by cryptologists such as Alan Turing to crack the coded messages it created before the end of the War has been the inspiration for several books and movies. But did you know that there were actually several offshoots of the “standard” Enigma?

For their entry into the 2019 Hackaday Prize, [Arduino Enigma] is looking to shine a little light on one of these unusual variants, the Enigma Z30. This “Baby Enigma” was intended for situations where only numerical data needed to be encoded. Looking a bit like a mechanical calculator, it dropped the German QWERTZ keyboard, and instead had ten buttons and ten lights numbered 0 through 9. If all you needed to do was send off numerical codes, the Z30 was a (relatively) small and lightweight alternative for the full Enigma machine.

Creating an open source hardware simulator of the Z30 posses a rather unique challenge. While you can’t exactly order the standard Enigma from Digi-Key, there are at least enough surviving examples that they’ve been thoroughly documented. But nobody even knew the Z30 existed until 2004, and even then, it wasn’t until 2015 that a surviving unit was actually discovered in Stockholm.

Of course, [Arduino Enigma] does have some experience with such matters. By modifying the work that was already done for full-scale Enigma simulation on the Arduino, it only took a few hours to design a custom PCB to hold an Arduino Nano, ten buttons with matching LEDs, and of course the hardware necessary for the iconic rotors along the top.

The Z30 simulator looks like it will make a fantastic desk toy and a great way to help visualize how the full-scale Enigma machine worked. With parts for the first prototypes already on order, it shouldn’t be too long before we get our first good look at this very unique historical recreation.

Even if you wouldn’t describe yourself as a history buff, you’re likely familiar with the Enigma machine from World War II. This early electromechanical encryption device was used extensively by Nazi Germany to confound Allied attempts to eavesdrop on their communications, and the incredible effort put in by cryptologists such as Alan Turing to crack the coded messages it created before the end of the War has been the inspiration for several books and movies. But did you know that there were actually several offshoots of the “standard” Enigma?

For their entry into the 2019 Hackaday Prize, [Arduino Enigma] is looking to shine a little light on one of these unusual variants, the Enigma Z30. This “Baby Enigma” was intended for situations where only numerical data needed to be encoded. Looking a bit like a mechanical calculator, it dropped the German QWERTZ keyboard, and instead had ten buttons and ten lights numbered 0 through 9. If all you needed to do was send off numerical codes, the Z30 was a (relatively) small and lightweight alternative for the full Enigma machine.

Creating an open source hardware simulator of the Z30 posses a rather unique challenge. While you can’t exactly order the standard Enigma from Digi-Key, there are at least enough surviving examples that they’ve been thoroughly documented. But nobody even knew the Z30 existed until 2004, and even then, it wasn’t until 2015 that a surviving unit was actually discovered in Stockholm.

Of course, [Arduino Enigma] does have some experience with such matters. By modifying the work that was already done for full-scale Enigma simulation on the Arduino, it only took a few hours to design a custom PCB to hold an Arduino Nano, ten buttons with matching LEDs, and of course the hardware necessary for the iconic rotors along the top.

The Z30 simulator looks like it will make a fantastic desk toy and a great way to help visualize how the full-scale Enigma machine worked. With parts for the first prototypes already on order, it shouldn’t be too long before we get our first good look at this very unique historical recreation.

Enigma machines are fascinating devices, especially for young Makers looking to explore the world of electronics. Awhile back we featured a similar project from Italy, and we’re once again amazed by the work of 14-year-old Andy Eggebraaten, who built a retro-modern gadget of his own. The project, which was for his high school’s science fair, took nine months to complete.

These electro-mechanical rotor cipher machines were developed  in the early 20th century to protect commercial, diplomatic and military communication, used especially by German military intelligence during World War II.

In the video below, Andy opens the machine to show its inner workings: the unit runs on Arduino Mega along with 1,800 other parts and 500 color-coded wires. We can see that he evolved the rotors into electronic modules that plug into D-Sub sockets, and the interface is made using a 16-segment display showing the rotor position as well as an LCD screen to read the plain- and the encoded text.

Hackaday.io user [Abderraouf] has written an implementation of the new(ish) Spritz cipher and hash for Arduino. While we’re not big enough crypto-nerds to assess the security of the code, it looks like it’s going to be pretty handy.

Spritz itself is a neat cipher. Instead of taking in fixed blocks of data and operating on them, it allows you to process it in (almost) whatever chunks it comes in naturally, and then extract out the encrypted results piecewise. It works both as a two-way cipher and as a one-way hash function. It looks like Spritz is a one-stop-shop for all of your encryption needs, and now you can run it on your Arduino.

In case you are afraid of new implementations of new ciphers (and you should be), Spritz’s pedigree should help to put you at ease: it was developed by [Ron Rivest] to be a successor to his RC4 algorithm, and it incorporates a lot of the lessons learned about that algorithm over the past. This doesn’t exclude subtle flaws in the implementation of the library (no offence, [Abderraouf]!) or your work downstream, but at least the underlying algorithm seems to be the real deal.

[Abderraouf] links it in his writeup, but just for completeness, here’s the Spritz paper (PDF). What crypto libraries do you currently use for Arduino or microcontroller projects? We’ve been fans of XXTEA for ages, but more because it’s simple and small than because it’s secure. Spritz may be simple enough to implement easily, and still more secure. Sweet.


Filed under: Arduino Hacks, security hacks

thumbnail

We are excited to announce Arduino Wifi Shield 101 developed with Atmel is now available for purchase on the Arduino Store US (49.90$).

Arduino WiFi Shield 101 is a powerful IoT shield with crypto-authentication that connects your Arduino or Genuino board to the internet wirelessly. Connecting it to a WiFi network is simple, no further configuration in addition to the SSID and the password are required. The WiFI library allows you to write sketches which connect to the internet using the shield.

The shield is based on the Atmel SmartConnect-WINC1500 module, compliant with the IEEE 802.11 b/g/n standard. The WINC1500 module provided is a network controller capable of both TCP and UDP protocols.  The main feature is an hardware encryption/decryption security protocol provided by the ATECC508A CryptoAuthentication chip that is an ultra secure method to provide key agreement for encryption/decryption, specifically designed for the IoT market.

Last year, Massimo Banzi introduced the shield:

“In this increasingly connected world, the Arduino Wi-Fi Shield 101 will help drive more inventions in the IoT market. Expanding our portfolio of Arduino extensions, this new shield can flawlessly connect to any modern Arduino board giving our community more options for connectivity, along with added security elements to their creative projects.”

The WiFi Shield 101 is the first Arduino product fully supporting SSL and all the communication between your board and our secured server. With the power of the Arduino Zero and the WiFi Shield 101 it is possible to make secure IoT applications simply and just using the Arduino Language.

A working example and instructions on how to get started are available on Arduino Cloud, a work-in-progress project that gives you access to a pre-configured MQTT server for your IoT sketches using only your Arduino account. More examples and features will be available in the next months.

Feel like knowing more about the shield? Explore the  Getting Started guide.

Mar
07

Encrypting messages with Cuckoo and Arduino Yún

arduino, Arduino Yún, encryption, Featured, temboo, Yun Commenti disabilitati su Encrypting messages with Cuckoo and Arduino Yún 

cuckoo

Jochen Maria Weber is a Researcher and Designer at the intersection of Interaction- and Industrial Design. He shared with us Project Cuckoo, a project running on Arduino Yún and looking at our interactions with intercepted social networks and how alternative ways of communicating might change them:

Twitter, Facebook, Google+ and co. collect our data and are forced to have a backdoor for state surveillance. Therefore Cuckoo encrypts messages into randomly generated words, meanings and noise in order to scatter them over multiple communication networks simultaneously. Each letter of an original message gets translated into complex forms of certain length forming new sentences. Those sentences get posted to aforementioned social networks, next to randomly generated noise-sentences for distraction. The encryption method can be changed with every new message. Any receiving Cuckoo-unit following the respective social network accounts can filter and decrypt the important posts according to their encryption method and time stamp. Cuckoo combines social networks to build a hidden one on top of their infrastructure. An egg in the others’ nests.

Cuckoo uses an Arduino YUN to connect wirelessly as a stand-alone device to the internet. It also does the en- and decryption of all messenges and made it comfortable to connect to Twitter, Skype and Tumblr API with Temboo.

Take a look at the video on Cuckoo’s website.

cuckoo-yun

Lug
30

Why the NSA Can’t Listen to His Mixtape – Interview with David Huerta

arduino, encryption, Featured, inspiration, NSA Commenti disabilitati su Why the NSA Can’t Listen to His Mixtape – Interview with David Huerta 

mixtape1

David Huerta is a technologist who recently published a provocative work to make everyone think a little bit more about privacy and what governments should be allowed to do or not:

I work outside the Pokemon business model of catching every user’s data or abusing it for state surveillance. I work instead surrounded by priceless art and in giving it a voice inside and outside the thick, Faraday cage walls of the museum it lives in.

He created an encrypted mixtape and sent it to NSA. The device runs on Arduino and other open hardware and for David is a:

machinery that can be trusted not to spy on you because of the disclosure of its design, schematics and bill of materials to anyone who wishes to inspect, build, or build upon the device. The device contains a soundtrack for the modern surveillance state. It’s designed to be enjoyed only by people I have consented it to be listened to. A second copy of this device will also be sent to the NSA’s headquarters in Maryland, but without the private key needed to decrypt it; a reminder that the rules of mathematics are more powerful than the rules of even the most powerful states.

We got in touch with him and was happy to answer a couple of questions for the blog:

Z: What makes you more uncomfortable about NSA actions which made you react and build this device?

D: The NSA’s mass surveillance encompasses a lot of programs which run counter to what I feel is a fundamental right to privacy. In the US Constitution there’s an expression of that in its fourth amendment.
What the NSA is doing goes against the spirit of that much like petting a cat backwards; It’s the wrong direction to go towards and a cat/society will swipe its paw at the offender.

mixtape3

Z: Arduino community is always interested in understanding how things are made. Where we can find source code and technical specs to build one? It would be great if we all could share more practical knowledge on these topics.

D: The mixtape device is basically just an Arduino and Adafruit wave shield. The code to play each wave file on the SD card on a loop (when unencrypted) is right off their list of examples.
I made one slight modification, which is to turn on a purple LED to indicate when it’s working. Purple is not an easy LED color to source, but it’s the global Pirate Party color and I wanted to give them subtle props for working towards a free and secure internet on the policy side of things.

I will at some point publish a way to do the encryption part of this using a Beaglebone Black and CryptoCape to make it a fully open hardware proof-of-concept, but in this case the SD card encryption was done off-device. I also plan on going through a full tutorial based on that at this year’s Open Hardware Summit in Rome.

Z: You said: “The NSA can read my stupid Facebook updates but without my consent it will never be able to listen to my kick-ass mix tape, even if it’s sitting right in front of them.” – What makes you believe that your encryption is strong enough?

D: The truth is that everyone sucks at information security, including myself, so no one can really make the claim something they’ve built is “NSA-proof.” Generally though, the less hardware and software you have, the less complexity and thus, opportunity for attack vectors or human errors there are. The playlist was kept offline, is not on the Arduino sketch, or anywhere in the hardware except encrypted in the SD card. The only place the audio existed aside from in the various sources I collected it from was on the hard drive of the PC I used to compose the mix tape, which has since been removed and stored offsite and offline. The encryption was also ran by a different machine, and one that I generally keep on my person. This goes beyond mass surveillance capabilities and into TAO/FBI “partyvan” surveillance; I can’t imagine an intelligence analyst is going to go to their very serious boss to explain that they need to expense a vehicle to go after some guy’s mix tape in a city where they won’t even be able to find a parking spot close enough to run a tempest attack from.

ZDo you have the pictures of the inside showing the components and the circuits?

D: They’re not too exciting since its just the Arduino + Wave Shield, but I attached a photo of the unencrypted version (clear acrylic instead of red clear acrylic), which I’ll also be bringing with me to the Open Hardware Summit.

mixtape2

 

Looking forward to meet him at Open Hadware Summit!

Nov
20

Turning encryption On with Light Cryptalk

arduino, DUE, encryption, enigma, machine, MakerFaire Commenti disabilitati su Turning encryption On with Light Cryptalk 

cryptlight

Light Crytpalk is an Enigma machine implemented by Michele Lizzit with Arduino Due. Enigma machines have an historical meaning as they were  used in 20th century to enciphering and deciphering secret messages and were adopted by military and government services of several countries.

We met Michele during Maker Faire Rome and he received a Maker of Merit badge directly from Massimo Banzi:

The idea of the Maker Faire project came to me when Google dedicated a doodle to Alan Turing. Reading on Wikipedia his story I’ve learned about the Enigma machine. This project was initially realized to be presented as final project of Middle School (junior high – seventh grade). In the first version I used Xbee to transmit and cryptography was just a table substitution.

He chose to use the Arduino DUE because it allows hosting a USB keyboard in order to write the messages to be sent.

Michele Lizzit

Michele did a great job and also shared documentation on his website, it’s pretty cool for his age and we asked him a couple of questions to know more about his experience as a young maker:

How do your friends see your projects? Do you share them with people of your age or is it more a family activity?  

Until now, I have not had the possibility to share this passion with other people of my age: even when I went to my regional hacklab or to the linux day, I did not find anybody of my age. Soon after returning from Maker Faire Rome, my English teacher asked me to tell to my class mates (in English) how my experience have been; after a general description of the faire, I started to explain my project. But at a certain point, my teacher interrupted me saying: “ Explain it to poor mortals”: and yet I thought I had been clear enough!
Probably, if I had have the possibility of bringing the Light Cryptalk in my class and let my friends try it, it would have been better.

You did a lot of work to share documentation of Enigma hardware and software on the website and translating it also in english. Do you think it’s important to share? Do you think you are contributing to the open source community?

I use Linux for everything I do with my computer and I am very grateful to the open source community and to Arduino for making available online for free a huge amount of documentation. I believe that it is important to share your ideas freely and for free so that others like me can learn and so that the opportunities to know, learn and make do not remain available only to those who can spend more. I know that so far I have contributed only in minimal part to the open source community but I am just at the beginning.

Have you got any plan yet for your  next project?

Now I’ve in mind the idea of building a 3d printer and I’m finishing up my quadcopter which I made using as a controller a joystick connected to Arduino and Xbee and for which I wrote the whole code by myself.

—–

 



  • Newsletter

    Sign up for the PlanetArduino Newsletter, which delivers the most popular articles via e-mail to your inbox every week. Just fill in the information below and submit.

  • Like Us on Facebook