Professional Documents
Culture Documents
Establishing Secure IoT Devices Connection (Report)
Establishing Secure IoT Devices Connection (Report)
WITH WIREGUARD
A PROJECT REPORT
Submitted by
MAY 2024
ⅰ
St.XAVIER’S CATHOLIC COLLEGE OF ENGINEERING
(An Autonomous Institution)
Chunkankadai, Nagercoil – 629 003.
BONAFIDE CERTIFICATE
Certified that this project report “ESTABLISHING SECURE IoT DEVICES
CONNECTION WITH WIREGUARD” is the bonafide work of “AHAMED
SAMEER A (962220205006), JERFIN A (962220205028), RIJO PRAKASH M
(962220205036)” who carried out the project work under my supervision.
SIGNATURE SIGNATURE
Dr. G. Sahaya Stalin Jose, M.E, Dr. G. Sahaya Stalin Jose, M.E,
Ph.D Ph.D
HEAD OF THE DEPARTMENT SUPERVISOR
Assistant Professor Assistant Professor
Department of Information Department of Information
Technology Technology
St .Xavier’s Catholic College Of St .Xavier’s Catholic College Of
Engineering, Chunkankadai, Engineering, Chunkankadai,
Nagercoil-629003 Nagercoil-629003.
Submitted for Bachelor of Technology degree Project Work (IT8811) Viva-Voice held
at St.Xavier’s Catholic College Of Engineering on 06-05-2024
First of all, we praise the almighty God for this presence and abundant grace in
giving us knowledge, wisdom, and strength to take up this project and complete it on
time. We express our gratitude to our parents, who have been major contributors of
inspiration and encouragement to us throughout our careers.
Rev. Fr. Dr. M. Maria William, our Correspondent, deserves our heartfelt
gratitude for providing facilities that contributed to the successful completion of our
work. We also express sincere thanks to Dr. J. Maheswaran, M.E., Ph.D., our
Principal, for wholeheartedly encouraging us and providing spontaneous support
throughout the project, leading to its successful completion.
Dr. G. Sahaya Stalin Jose, M.E., Ph.D., our Head of the Department, we are
especially indebted to you for your keen support in enabling the successful completion
of our project work. Your guidance and assistance have been instrumental in our
achievements, and we express our heartfelt appreciation for your invaluable
contribution.
Dr. G. Sahaya Stalin Jose, M.E., Ph.D., our supervisor, we extend our gratitude
and thanks to you for providing us with innovative ideas and wholehearted
encouragement throughout the completion of our project. Your guidance and support
have been invaluable, and we appreciate your contributions to our success.
Dr. Suja A. Alex, M.E., Ph.D., Assistant Professor, and our project coordinator,
we convey our gratitude to you for your motivation and guidance. Additionally, we
would like to express our appreciation to all the other staff members of our department
for their timely suggestions, which were instrumental in completing our thesis.
Last but not least, we would like to thank our team members for their valuable
contributions to this project. We shall gratefully acknowledge all suggestions received
for further improvement in the project.
ABSTRACT
ABSTRACT iii
LIST OF FIGURES
LIST OF TABLES
LIST OF ABBREVIATIONS
1 INTRODUCTION 00
1.1 Introduction
1.2 Cybersecurity
1.3 Problem Statement
2 LITERATURE REVIEW
2.1 Introduction
2.2 Literature Survey
2.2.1 “ A Security-Enabled Safety Assurance
Framework for IoT-Based Smart Homes”
2.2.2 “ A Survey on Cyber Security Threats in IoT
Enabled Maritime Industry”
2.2.3 “ ACKE: Asymmetric Computing Key Exchange
Protocol for IoT Environments”
2.2.4 “ Advances in IoT Security: Vulnerabilities,
Enabled Criminal Services, Attacks, and
Countermeasures”
2.2.5 “ Implementations of Integration Functions in IoT
Application Server Platform”
2.2.6 “ Design of Elixir-Based Edge Server for
Responsive IoT Applications”
2.2.7 “ Wireguard: An Efficient Solution for Securing
IoT Device”
2.2.8 “ Detecting Vulnerability on IoT Device Firmware
A Survey”
2.2.9 “ Secure, Efficient, and Weighted Access Control
for Cloud-Assisted Industrial IoT”
2.2.10 “ Everything Under Control: Secure Data Sharing
Mechanism for Cloud-Edge Computing”
2.2.11 “ ChaCha, a variant of Salsa20”
2.2.12 “A Mechanised Cryptographic Proof of the
WireGuard Virtual Private Network Protocol”
2.2.13 “WireGuard: Next Generation Kernel Network
Tunnel”
2.2.14 “Formal Verification of the WireGuard Protocol”
2.2.15 “Fast, Small, and Area-Time Efficient
Architectures for Key-Exchange on Curve25519”
2.3 Conclusion
3 PROPOSED SYSTEM
3.1 Introduction 00
3.2 Existing System
3.2.1 Drawbacks of Existing System
3.3 Proposed System
3.4 Block Diagram
3.5 Proposed Method
3.5.1 Cloud Server
3.5.2 IoT Devices
3.5.3 Wireguard VPN Connections
3.5.4 VPN Tunnel
3.5.5 VPN Client
3.5.6 API for IoT Devices
3.5.7 Authentication Token
3.6 Workflow
3.7 Benefits
3.8 Security Protocol
3.8.1 Noise Protocol Framework
3.8.2 Chacha20
3.8.3 Poly1305
3.8.4 Curve25519
4 COMPONENTS DESCRIPTION 00
4.1 Introduction
4.2 System Specification
4.2.1 Hardware Requirements
4.2.2 Software Requirements
4.2.3 Raspberry Pi
4.2.4 Application Programming Interface
4.2.5 Wireguard VPN Application
5 SYSTEM TESTING 00
5.1 Introduction
5.2 Testing Configuration
5.3 API Testing
5.4 Integration Testing
5.5 Security Testing
6.1 Result
6.2 Comparative Study
6.2.1 Virtual Private Networks (VPN) vs. SSL/TLS
7 CONCLUSION AND FUTURE WORK
7.1 Conclusion
7.2 Future Work
APPENEDICE 1
REFERENCES
LIST OF FIGURES
4.1 Raspberry Pi 00
5.1 Testing-To check user login 00
5.2 Testing-Generate access token
5.3 Testing-Add peer
6.1 Adding the public Key
LIST OF TABLES
INTRODUCTION
1.1 INTRODUCTION
ⅰ
compliance to safeguard IoT devices and the data they generate. One promising
solution is WireGuard, a modern and efficient VPN protocol designed for simplicity
and security. WireGuard offers several advantages over traditional VPN protocols,
including a lightweight codebase, strong encryption, and streamlined key exchange
mechanisms. This project explores the potential of WireGuard in enhance the security
of IoT device connections by establishing secure tunnels over the internet.
Wireguard is a new VPN protocol launched in 2017 by Jason A. Donenfeld.
Donenfeld’s goal was to improve on OpenVPN and IPsec. This VPN has been
welcomed for numerous reasons, listed as follows:
Wireguard, residing in the kernel, offers significant advantages for IoT security.
Its kernel-level implementation enhances performance by bypassing
resource-intensive processes in the userspace layer, making it power-efficient—a
crucial feature for battery-powered IoT devices. Moreover, Wireguard's small
codebase of just 3,800 lines ensures easy auditability, reducing the likelihood of
security flaws and minimizing the attack surface for hackers. The simplicity of
Wireguard is another key benefit; it's much easier to configure compared to other VPN
protocols like OpenVPN and IPsec. With predetermined encryption (ChaCha20),
authentication (Poly1305), and hashing (BLAKE2s), Wireguard streamlines setup
processes akin to SSH.
Beyond simplicity, Wireguard boasts better performance, a critical aspect of IoT
security. Its modern, lightweight design, coupled with its ease of auditing, promises
substantially improved performance over other VPN solutions. This is particularly
valuable for IoT deployments where efficiency is paramount. Additionally,
Wireguard's compatibility with mesh networks eliminates the need for a central server
device, reducing communication latency between nodes. In IoT environments where
devices often need to communicate quickly and independently, this capability is
invaluable, as it can halve the time required for node-to-node communication.
In essence, Wireguard's presence in the kernel, coupled with its small codebase,
simplicity, and performance benefits, makes it a compelling choice for securing IoT
environments. Its efficient resource usage, combined with its ease of auditability and
configuration, addresses many of the challenges associated with securing
interconnected devices. Furthermore, its compatibility with mesh networks enhances
communication efficiency, crucial for IoT ecosystems where devices need to make
decisions autonomously. Overall, Wireguard represents a significant advancement in
VPN technology, offering a streamlined, efficient, and secure solution tailored to the
unique needs of IoT deployments.
One of the key features of WireGuard is its use of cryptography, including the
Noise protocol framework for key exchange and authenticated encryption.By using
the "least astonishment" approach, WireGuard attempts to offer the safest and most
secure default configuration settings without requiring the users to make difficult
configuration decisions.
Testing the most popular secure tunneling solutions available that can be
potentially used for securing IoT devices on the Internet. These include:
1. SSL/TLS protocols are cryptographic methods that ensure secure
communication over networks. They operate at the application layer, providing
encryption, authentication, and integrity verification for data exchange between
clients and servers. Widely used for securing web traffic, SSL/TLS protocols
offer simplicity and effectiveness, particularly in securing specific applications
such as web browsing.
2. Virtual Private Networks (VPNs) establish secure, encrypted connections
between client devices and remote servers. Operating at the network or
transport layer, they encrypt all transmitted data. Commonly employed for
remote access to private networks and safeguarding online privacy, VPNs offer
versatility and comprehensive protection for all network traffic beyond web
browsing, making them an effective solution for securing IoT devices on the
Internet.
LITERATURE REVIEW
2.1 INTRODUCTION
With a focus on the marine industry, the survey explores the unique
cybersecurity issues brought on by the use of Internet of Things (IoT) technology. It
highlights the vulnerabilities in marine IoT systems and looks into possible entry
points of attack, such as hacking into ship systems or data breaches, which might
seriously compromise maritime operations. Maintaining safety and operational
integrity at sea in the marine environment necessitates a sophisticated comprehension
of the particular challenges associated with safeguarding maritime IoT devices. In
order to reduce these risks, the report highlights the significance of putting strong
defenses in place. Examples of these defenses include network segmentation, secure
communication protocols, and intrusion detection systems. While secure
communication protocols guarantee the security and integrity of data transferred
between IoT devices aboard ships, intrusion detection systems assist in identifying and
responding to malicious activity or unauthorized access attempts. Network
segmentation separates important systems from less secure components, reducing the
impact of security breaches. The marine industry can improve the resilience of its IoT
infrastructure and protect against potential attacks by addressing these cybersecurity
risks and putting in place the necessary defenses. This will eventually ensure the
safety and dependability of maritime operations.Its advantages lie in its
comprehensive examination of various threats faced by IoT-enabled maritime systems,
providing valuable insights for industry stakeholders. However, potential limitations
may include a lack of specific mitigation strategies tailored to the maritime context
and the need for further empirical validation of identified threats. Nevertheless, its
contribution in raising awareness and laying the groundwork for future research
makes it a significant resource in addressing cybersecurity concerns in maritime IoT
applications.
This paper explores techniques aimed at ensuring the security of deployed IoT
devices by investigating methods for identifying vulnerabilities in their firmware. It
delves into various methodologies, including fuzzing, dynamic analysis, and static
analysis, to uncover security holes in firmware images effectively. By employing these
techniques, researchers and security professionals can comprehensively evaluate IoT
device firmware for potential weaknesses and vulnerabilities. The survey emphasizes
that understanding and addressing firmware issues are crucial for reducing potential
security risks for IoT device manufacturers and operators. Fuzzing, dynamic analysis,
and static analysis enable thorough examination of firmware code, helping to identify
vulnerabilities such as buffer overflows, injection flaws, and authentication bypasses.
By addressing these vulnerabilities proactively, manufacturers can enhance the
security posture of their IoT devices and mitigate the risk of exploitation by malicious
actors. Additionally, the survey underscores the importance of ongoing security
assessments and updates to firmware throughout the lifecycle of IoT devices to
maintain robust security measures. The insights provided by this survey offer valuable
guidance for stakeholders involved in IoT device development and deployment,
facilitating the adoption of best practices for firmware security and ultimately
contributing to the overall resilience of IoT ecosystems.Advantages include its
systematic review of various detection techniques, providing valuable insights for
researchers and practitioners involved in IoT security. Additionally, the survey's scope
encompasses a wide range of approaches, from static analysis to dynamic testing,
offering a holistic understanding of the landscape. However, potential limitations may
arise from the rapidly evolving nature of IoT technology, necessitating frequent
updates to reflect the latest advancements in firmware analysis. Nonetheless, the paper
serves as a valuable resource for enhancing the security posture of IoT devices
through proactive vulnerability detection measures.
2.3 CONCLUSION
3.1 INTRODUCTION
This project seeks to solve the security issues raised by the increasing
development of Internet of Things (IoT) devices by investigating the potential of
WireGuard, a developing VPN protocol. IoT system connection security is essential
for protecting sensitive data and avoiding potential cyberattacks. This study assesses
the efficacy and performance of WireGuard in a simulated Internet of Things
environment by comparing it with industry standards such as IPsec and OpenVPN.
Because WireGuard has strong encryption, a lightweight design, and an easy
deployment process compared to traditional VPN protocols, it is particularly suitable
for Internet of Things devices with a limited amount of resources.This project seeks to
solve the safety concerns created by the increasing development of Internet of Things
(IoT) devices by exploring the potential of WireGuard, a developing VPN protocol.
IoT system connection security is crucial for protecting sensitive data and avoiding
potential cyberattacks. This study assesses the efficacy and performance of WireGuard
in a simulated Internet of Things environment by comparing it with industry standards
such as IPsec and OpenVPN. Because WireGuard has strong encryption, a lightweight
design, and an easy deployment process compared to traditional VPN protocols, it is
particularly suitable for Internet of Things devices with a limited number of resources.
This project explores the potential of WireGuard, an emerging VPN protocol, to
address the security challenges faced by the rapid growth of Internet of Things (IoT)
devices. Specifically, WireGuard's security protocols, including chacha, Poly, etc., are
utilized to secure connections in IoT systems, ensuring the protection of sensitive data
and mitigation of cyber threats. By obtaining a public IP from the IoT devices,
WireGuard facilitates secure connections with verified user access. Through a
comparative analysis with standard protocols like OpenVPN and IPsec in a simulated
IoT environment, the project evaluates WireGuard's performance and effectiveness.
WireGuard stands out with its robust encryption, lightweight architecture, and simple
deployment, making it ideal for resource-constrained IoT systems. WireGuard's
scalability and compatibility with diverse IoT device architectures, including its
integration with various IoT platforms, operating systems, and communication
protocols commonly used in IoT environments. Additionally, the project aims to
provide insights into the potential cost savings and efficiency gains associated with
adopting WireGuard for IoT security. By leveraging its lightweight architecture and
streamlined configuration, WireGuard offers a cost-effective solution that minimizes
overhead while maximizing security.
In general, it contributes to the existing collection of research on IoT ecosystem
security and promotes the use of strong but effective security methods to safeguard
private information and guarantee the integrity of IoT systems throughout a range of
industries.
The Fig.3.1 shows the block diagram for Establishing Secure IoT Devices
Connection with WireGuard and web application, illustrating the interconnection and
flow of data among the different components of the system.
Fig 3.1
3.6 WORKFLOW
3.7 BENEFITS
3. Simplified Integration:
The system simplifies the integration of IoT devices into applications and
services through a standardized API interface. This allows developers to easily access
and interact with IoT devices using familiar programming paradigms, reducing
development time and effort. The standardized API interface also promotes
interoperability and compatibility across different devices and platforms.
4. Efficient Device Management:
Users can securely authenticate and manage multiple IoT devices
simultaneously through the system's authentication token mechanism and API
interface. This enables efficient device management, allowing users to monitor device
status, retrieve data, and send commands securely from a centralized location. By
streamlining device management tasks, the system improves operational efficiency
and enhances overall productivity.
Fig 3.2
3.8.2 ChaCha20
The ChaCha20 cipher. This is a high-speed cipher first described in [ChaCha].
It is considerably faster than AES in software-only implementations, making it around
three times as fast on platforms that lack specialized AES hardware. See Appendix B
for some hard numbers. ChaCha20 is also not sensitive to timing attacks .
ChaCha20 is a stream cipher designed by D. J. Bernstein. It is a refinement of the
Salsa20 algorithm, and it uses a 256-bit key. ChaCha20 successively calls the
ChaCha20 block function, with the same key and nonce, and with successively
increasing block counter parameters. ChaCha20 then serializes the resulting state by
writing the numbers in little-endian order, creating a keystream block. Concatenating
the keystream blocks from the successive blocks forms a keystream. The ChaCha20
function then performs an XOR of this keystream with the plaintext. Alternatively,
each keystream block can be XORed with a plaintext block before proceeding to
create the next block, saving some memory. There is no requirement for the plaintext
to be an integral multiple of 512 bits. If there is an extra keystream from the last
block, it is discarded. Specific protocols may require that the plaintext and ciphertext
have a certain length. Such protocols need to specify how the plaintext is padded and
how much padding it receives. The inputs to ChaCha20 are:
● A 256-bit key
● A 32-bit initial counter. This can be set to any number, but will usually be zero
or one. It makes sense to use one if we use the zero block for something else,
such as generating a one-time authenticator key as part of an AEAD algorithm.
● A 96-bit nonce. In some protocols, this is known as the Initialization Vector.
● An arbitrary-length plaintext The output is an encrypted message, or
"ciphertext", of the same length.
3.8.3 POLY1305
Block #1
Acc = 00
Block = 6f4620636968706172676f7470797243
Block with 0x01 byte = 016f4620636968706172676f7470797243
Acc + block = 016f4620636968706172676f7470797243
(Acc+Block) * r =
b83fe991ca66800489155dcd69e8426ba2779453994ac90ed284034da565ecf
Acc = ((Acc+Block)*r) % P = 2c88c77849d64ae9147ddeb88e69c83fc
Block #2
Acc = 2c88c77849d64ae9147ddeb88e69c83fc
Block = 6f7247206863726165736552206d7572
Block with 0x01 byte = 016f7247206863726165736552206d7572
Acc + block = 437febea505c820f2ad5150db0709f96e
(Acc+Block) * r =
21dcc992d0c659ba4036f65bb7f88562ae59b32c2b3b8f7efc8b00f78e548a26
Acc = ((Acc+Block)*r) % P = 2d8adaf23b0337fa7cccfb4ea344b30de
Last Block
Acc = 2d8adaf23b0337fa7cccfb4ea344b30de
Block = 7075
Block with 0x01 byte = 017075
Acc + block = 2d8adaf23b0337fa7cccfb4ea344ca153
(Acc + Block) * r =
16d8e08a0f3fe1de4fe4a15486aca7a270a29f1e6c849221e4a6798b8e45321f
((Acc + Block) * r) % P = 28d31b7caff946c77c8844335369d03a7
Adding s, we get this number, and serialize if to get the tag:
Acc + s = 2a927010caf8b2bc2c6365130c11d06a8
Tag: a8:06:1d:c1:30:51:36:c6:c2:2b:8b:af:0c:01:27:a9
3.8.4 CURVE25519
4.1 INTRODUCTION
4.2.3 RASPBERRY PI
The Raspberry Pi comes with several key specifications, including a Broadcom
BCM2711 quad-core Cortex-A72 (ARM v8) 64-bit System-on-Chip (SoC) running at
1.8GHz. It is equipped with 4GB of LPDDR4-3200 SDRAM and features Bluetooth
5.0, BLE, and Gigabit Ethernet for connectivity. The device also includes 2 USB 3.0
ports and 2 USB 2.0 ports for peripheral connectivity, along with 2 micro-HDMI ports
for display output. Additionally, it features a 2-lane MIPI DSI display port, a 2-lane
MIPI CSI camera port, and a 4-pole stereo audio and composite video port. The
Raspberry Pi also includes a micro-SD card slot for storage expansion and can be
powered via a 5V DC supply through either the USB-C connector or the GPIO header,
with a minimum requirement of 3A. Furthermore, it supports Power over Ethernet
(PoE) for convenient power delivery. These specifications make the Raspberry Pi a
versatile and powerful platform for various projects and applications.
Fig 4.1
4.2.4 APPLICATION PROGRAMING INTERFACE
Web applications require APIs because they make it possible for various
software systems and services to interface and communicate with one another
seamlessly. Web applications do not need to comprehend the internal workings of
external sources, such as databases, third-party services, or other apps, in order to
access and utilize their capabilities and data thanks to APIs. This saves time and
resources by allowing developers to incorporate different features and services into
their applications fast and effectively. APIs offer a common interface that makes it
simple for systems to communicate with one another, irrespective of the underlying
architectures or technologies. Furthermore, by abstracting the complexity of
underlying systems, APIs enable developers to create scalable and reliable online
applications more easily.
5.1 INTRODUCTION
Software development requires testing as a basic component to guarantee a
project's operation, quality, and dependability. It entails methodically checking and
confirming the program to find flaws, mistakes, or errors and to make sure it satisfies
the user's expectations and requirements. To find and fix any problems before the
software is put into production, testing entails a number of tasks, such as planning,
creating test cases, running tests, and evaluating the outcomes. Good testing
procedures not only aid in the early detection and correction of flaws in the software
development process, but they also enhance the program's overall performance,
stability, and user experience. Thorough testing is necessary in today's fast-paced,
dynamic software development environment to produce high-quality software that
satisfies the criteria.
An access token is produced by the API following the collection of user login
credentials. To add peers, you need to have been allowed access with this token. Users
can safely authenticate themselves and obtain the required rights to use the system's
features, such as adding peers, by going through this process.
6.1 RESULT
Large-scale cyberattacks are a result of the spread of weak Internet-of-things
(IoT) devices. This research examines whether WireGuard, an emerging VPN
protocol, can offer effective security optimized for resource-constrained IoT devices.
While current solutions like Hestia and HomeSnitch have failed to handle IoT security
fully, this research highlights the potential benefits of WireGuard. Evaluation of
WireGuard's performance in a simulated Internet of Things environment using
common protocols OpenVPN and IPsec, assessing parameters including speed,
latency, and jitter during file transfers. According to preliminary findings, WireGuard
has the potential to be a reliable and lightweight IoT security solution, even though
there were several issues with our testing configuration. Although further testing is
required, WireGuard seems to have potential for general adoption due to its ease of
use, low overhead, and advantages in setup time, speed, and compatibility—especially
when integrating with subpar IoT processors and networks.
The project's results show how well WireGuard works to create secure
connections between databases and Internet of Things devices. A private IP address is
produced during the WireGuard connection process, greatly improving connectivity
security. This private IP guarantees data transport encryption and security, preventing
unwanted access or interception. After extensive testing, it was discovered that
WireGuard effectively addressed any possible security issues with the connection,
offering a solid and trustworthy means of securing data exchange between IoT devices
and databases. All things considered, the results highlight how well WireGuard works
to improve the security of IoT device database access.
Fig.6.1 Adding the public key
An innovative VPN protocol called WireGuard offers a viable way to deal with the
security issues that come with Internet of Things devices. In contrast to conventional
VPN protocols like IPsec and OpenVPN, WireGuard has a more efficient codebase
that lowers vulnerability risk. Because of its lightweight construction, it works
especially well in Internet of Things contexts with limited resources, where cutting
down on overhead is crucial.
It is possible to gain insight into how well IPsec (ChaPoly), IPsec (AES-GCM),
OpenVPN, and WireGuard perform in protecting IoT device connections by
comparing their throughput and ping metrics. Because of its effective encryption
techniques, WireGuard is anticipated to exhibit excellent throughput and low latency
despite its lightweight architecture. IPsec with AES-GCM strikes a compromise
between security and performance, whereas IPsec with ChaPoly combines robust
security with competitive throughput. Despite being extensively used, OpenVPN's
more intricate architecture may result in somewhat poorer performance and increased
latency. By doing comprehensive testing in a simulated Internet of Things (IoT)
environment, which includes file transfer rate measurements and ICMP echo queries,
the best protocol may be identified based on how well it maintains security while
having the least negative influence on network performance.
Fig. 6.3 Comparing Low Latency
7.1 CONCLUSION
In this project, we assessed WireGuard's suitability as a VPN solution optimized for
resource-limited IoT devices. Our findings highlight WireGuard's simplicity, rapid
connection speed, and stability, outperforming both OpenVPN and IPsec. Although
experimental constraints hindered a comprehensive simulation of an IoT environment,
WireGuard exhibited promising traits such as minimal overhead and jitter. Further
testing under optimal conditions may reveal WireGuard as a lightweight yet resilient
security solution for the IoT. Its efficiency could promote widespread adoption of
VPNs, bolstering the defense of susceptible IoT devices against potential attacks.
● Repeat the data collection using an open internet infrastructure that does not
require an additional tunnel layer to provide connectivity to the tested protocols.
● Conduct tests on non-Intel devices like Raspberry Pi, which lack AES-NI
instructions.
● Gather CPU usage data during tests to potentially demonstrate WireGuard's
advantage in minimizing processing overhead.
● Explore further advantages of WireGuard by efficiently securing blockchain
networks, showcasing its compatibility with diverse systems.
APPENEDICE 1
API
#login page
<?php
#for Signup
<?php
try{
$s = new Signup($username, $password, $email);
$data = [
"message" => "Signup success",
"userid" => $s->getInsertID()
];
$this->response($this->json($data), 200);
} catch(Exception $e) {
$data = [
"errorr" => $e->getMessage()
];
$this->response($this->json($data), 409);
}
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#geeting data
<?php
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#refresh token
<?php
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#get peer
<?php
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#get peers
<?php
${basename(__FILE__, '.php')} = function(){
if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = $this->json($wg->getPeers());
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#remove peers
<?php
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
API
all.php
<?php
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#next.php
<?php
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
API
#reserve.php
<?php
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
API
#un reserve.php
<?php
${basename(__FILE__, '.php')} = function(){
if($this->get_request_method() == "POST" and $this->isAuthenticated() and
!empty($this->_request['ip']) and !empty($this->_request['email'])){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = $wg->unreserve($this->_request['ip'], $this->_request['email']);
$data = $this->json(['result'=>$data]);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
REFERENCES
2. Imran Ashraf, Yongwan Park, Soojung Hur, Sung Won Kim, Roobaea
Alroobaea, Yousaf Bin Zikria and Summera Nosheen. (2023) ‘A Survey on
Cyber Security Threats in IoT-Enabled Maritime Industry’ IEEE
TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS,
VOL. 24, NO. 2, FEBRUARY
3. Houzhen Wang, Jiaming Wen, Jinhui Liu, and Huanguo Zhang. (2023) ‘ACKE:
Asymmetric Computing Key Exchange Protocol for IoT Environments’, IEEE
INTERNET OF THINGS JOURNAL, VOL. 10, NO. 20, 15 OCTOBER
4. Yuba Raj Siwakoti , Manish Bhurtel , Danda B. Rawat, Adam Oest, and R. C.
Johnson. (2023) ‘Advances in IoT Security: Vulnerabilities, Enabled Criminal
Services, Attacks, and Countermeasures’ , IEEE INTERNET OF THINGS
JOURNAL, VOL. 10, NO. 13, 1 JULY
6. Yushan Li, Satoshi Fujita. (2022) ‘Design of Elixir-Based Edge Server for
Responsive IoT Applications’ ,2022 Tenth International Symposium on
Computing and Networking Workshops (CANDARW)
8. Xiaotao Feng, Xiaogang Zhu, Qing-Long Han, Wei Zhou, Sheng Wen and Yang
Xiang. (2023) ‘Detecting Vulnerability on IoT Device Firmware: A Survey’.
IEEE/CAA JOURNAL OF AUTOMATICA SINICA, VOL. 10, NO. 1,
JANUARY
9. Qi Li, Qianqian Zhang, Haiping Huang, Wei Zhang, Wei Chen and Huaqun
Wang. (2022) ‘Secure, Efficient, and Weighted Access Control for
Cloud-Assisted Industrial IoT’ ,IEEE INTERNET OF THINGS JOURNAL,
VOL. 9, NO. 18, 15 SEPTEMBER
10.Zishuai Song, Hui Ma, Rui Zhang, Wenhan Xu and Jianhao Li. (2023)
‘Everything Under Control: Secure Data Sharing Mechanism for
Cloud-Edge Computing’, IEEE TRANSACTIONS ON INFORMATION
FORENSICS AND SECURITY, VOL. 18