This repository contains the two central components of our TEE-assisted remote denial-of-sleep defense, namely the Filtering host app and TEE. Other components are scattered across these repositories:
- https://github.com/kkrentz/contiki-ng
- https://github.com/kkrentz/libcoap
- https://github.com/kkrentz/filtering-keystone
- https://github.com/kkrentz/micro-ecc
- https://github.com/kkrentz/libcoap-minimal
We also use tinyalloc (© 2016 - 2017 Karsten Schmidt - Apache Software License 2.0).
Please find our paper here.
sudo apt install autoconf \
automake \
build-essential \
curl \
doxygen \
git \
libtool \
makeself \
net-tools \
openjdk-21-jdk \
pip \
pkg-config \
rlwrap \
srecord \
wireshark
pip install pyserial
Install the ARM compiler. Download and extract Gradle, too.
Switch to a directory where you like to store the repositories in.
git clone https://github.com/kkrentz/contiki-ng.git
pushd contiki-ng
git submodule update --init --recursive
popd
git clone https://github.com/kkrentz/filtering-keystone.git
pushd filtering-keystone
git submodule update --init --recursive
popd
git clone https://github.com/kkrentz/filtering-proxy.git
pushd filtering-proxy
git submodule update --init --recursive
popd
git clone https://github.com/kkrentz/libcoap-minimal.git
Add this to ~/.bashrc
:
export CNG_PATH=<path to contiki-ng>
export KEYSTONE_PATH=<path to filtering-keystone>
export FILTERING_PROXY_PATH=<path to filtering-proxy>
export LD_LIBRARY_PATH=/usr/local/lib
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
PATH=/opt/gradle-8.3/bin:$PATH
CNG_PATH
and KEYSTONE_PATH
are only used within the bash snippets of this README.
For an introduction to Keystone's build system, see here.
cd $KEYSTONE_PATH && make
For inspecting build errors, run less build-generic64/build.log
. It sometimes already helps to clean a package. This cleans the most relevant packages:
make BUILDROOT_TARGET=filtering-libcoap-dirclean \
&& make BUILDROOT_TARGET=filtering-proxy-dirclean \
&& make BUILDROOT_TARGET=keystone-bootrom-dirclean \
&& make BUILDROOT_TARGET=keystone-sm-dirclean \
&& make BUILDROOT_TARGET=host-keystone-sdk-dirclean \
&& make BUILDROOT_TARGET=keystone-driver-dirclean \
&& make BUILDROOT_TARGET=keystone-examples-dirclean \
&& make BUILDROOT_TARGET=opensbi-dirclean
cd $CNG_PATH/os/net/app-layer/libcoap/ \
&& ./autogen.sh \
&& ./configure \
--prefix=$LD_LIBRARY_PATH/../ \
--disable-documentation \
--disable-dtls \
--with-epoll \
--disable-examples \
--disable-examples-source \
--disable-tcp \
--disable-oscore \
--enable-oscore-ng \
--disable-q-block \
&& make -j$(nproc) \
&& sudo make install
cd $KEYSTONE_PATH \
&& pushd build-generic64 \
&& rm -rf overlay/root/.ssh \
&& mkdir -p overlay/etc/network \
&& cp $FILTERING_PROXY_PATH/overlay/interfaces overlay/etc/network/ \
&& popd \
&& make \
&& sudo make run
Log in as root
with password sifive
.
Once logged in, run:
./run.sh
Note: You can stop QEMU using CTRL+A,X
To establish a network connection with QEMU:
cd $FILTERING_PROXY_PATH && ./connect.sh
Start Cooja:
cd $CNG_PATH/tools/cooja \
&& gradle run --args='../../examples/filtering/basic.csc'
Open a terminal and run:
cd $CNG_PATH/examples/filtering/aggregator/ \
&& make TARGET=openmote BOARD=openmote-cc2538 BOARD_REVISION=REV_A1 savetarget \
&& make connect-router-cooja
To check if networking works, ping the border router and the IoT device like so:
ping6 fd00::ff:fe00:1
ping6 fd00::ff:fe00:2
cd <path to libcoap-minimal>
make -j${nproc}
./client
- As for flashing OpenMotes, see here.
Note: client.cc
and smor-l3.c
contain hardcoded addresses. These need to be adapted to the real hardware.