I got some Amazon money for Christmas, so I got an Arduino Nano and a few NRF24L01+ radios

[G+_Ben Reese]

I got some Amazon money for Christmas, so I got an Arduino Nano and a few NRF24L01+ radios. After watching several YouTube video and reading sample code, I got the Arduino to talk to my Raspberry Pi. I've seen these radios used a lot for IoT stuff, but I've also seen a couple demonstrations of wireless packet sniffing. If someone can read the signal wirelessly, he can replay that same message.

 

So, I want this encrypted. I found an AES library that works very nicely on the Arduino and can now send encrypted messages between the two devices. But because I want this to be secure, I have some concerns and questions. 1) How important is it to keep the AES Initialization Vector private? Isn't keeping the IV single-use more important than it's randomness? 2) I think I've seen programming of Atmega chips programmed through the the SPI bus - the same connection as the 2.4GHz radio. Would it be possible for a bad actor to to reprogram the Arduino over the wireless chip?

 

Overall, this has been a very fun project and I've learned a lot about AES encryption!

[G+_610GARAGE]

In order for the arduino(or any embedded device) to be reprogrammed, it needs to be in the boot loader to be reprogrammed. So I wouldn't worry about that.

[G+_Ben Reese]

Ah, very good.

[G+_Ben Yanke]

That's pretty cool....nice job Ben Reese?! I'm looking for a good excuse to play with those...

[G+_Ben Reese]

I was too. I'm now building out the database side on the Raspberry Pi to store the AES keys and logs. I figured if each remote device has its own encryption key, I'll need a flexible way to manage those.