Cipherbox V2.0

A while ago, I made the first version of the Cipherbox. In my opinion, it was already resembling a fortress, but it was in no way flawless.

It had two serious vulnerabilities:

1) Absence of the integrity verification feature;

2) Receiver's vulnerability to the replay attack.

I've fixed these vulnerabilities in this version of the Cipherbox, which of course, in no way made the Cipherbox perfect, but at least it's a bit better now.

If you missed the previous tutorial, let me remind you that Cipherbox is what I consider to be a cryptographic swiss knife.

It utilizes six encryption algorithms, and it's also a vault that's locked with four RFID cards, your username, and password. Not to mention that several people can use it without interfering with one another (I guess you can also turn it into service).

Cipherbox V2.0 consists of four microcontrollers: ESP32, Arduino Uno, ESP8266, and Arduino Nano.

ESP32 is the device's core. All encryption algorithms and SQLite run on it.

Arduino Uno - serves as a keyboard driver and an intermediary between the ESP32 and RFID reader.

ESP8266 is the receiver. It runs the AES + Serpent encryption algorithm in the decryption mode.

Arduino Nano - serves as an intermediary between the ESP8266 and 4x4 Keypad.

Supplies for the vault:

• ESP32 x1
• Arduino Uno x1
• 2.4 Inch TFT LCD with ILI9341 x1
• Mifare RC522 x1
• RFID cards x4
• PS/2 Keyboard x1
• PS/2 Port x1
• 580 ohm resistors x2
• LED x1
• 10µF capacitor x1 *optional

Supplies for the receiver:

• ESP8266 x1
• Nokia 5110 display x1
• Arduino Nano/Uno/Compatible board x1
• 4x4 Keypad x1
• 580 ohm resistor x1
• Piece of paper with the letter "E" x1
• Piece of paper with the letter "F" x1

Out of 6 encryption algorithms utilized by this device, 4 perform something called superencryption.

As defined by NIST, superencryption is an encryption operation for which the plaintext input to be transformed is the ciphertext output of a previous encryption operation.

Organizing encryption algorithms in that way allows to easily build a combined encryption algorithm that is at least as strong as the strongest one in the cascade, has a longer key, might be more resistant to some attacks, and might produce a ciphertext with higher entropy. Anyway, it won't hurt to have an additional layer of security (or several of them).

Now, let's get to the description part.

I would like to begin with the fact that all encryption algorithms utilized by this device are symmetric (the same key is used to both - encrypt and decrypt data).

The first three algorithms on the list make use of the integrity verification feature.

The first four perform superencryption.

The first five make use of the initialization vectors and random numbers during the encryption process to prevent the chosen-plaintext attack and increase the entropy of the ciphertext.

• Blowfish + AES + Serpent + AES is the strongest encryption algorithm utilized by this device. It takes 8 characters as input and produces 64 characters long output. (I bet it can also be classified as quantum-resistant).
• AES + Serpent + AES is almost the same as Blowfish + AES + Serpent + AES, except for the Blowfish part.
• Blowfish + Serpent is an encryption algorithm that takes 8 characters as input and produces 32 characters long output.
• AES + Serpent is a bit weaker than the first two but still strong enough to keep your data secure.
• Serpent is a bare minimum for keeping your data secure. It takes 8 characters as input and produces 32 characters long output.
• AES. If I were you - I would pay attention to that one. The implementation of AES utilized by this device is not exactly what I would call secure. It still works, and it's still able to encrypt your data, but it doesn't utilize the advantages of IV and random numbers during the encryption process. It produces the same ciphertext each time you encrypt the same message which makes it vulnerable to the chosen plaintext attack, and especially vulnerable to cryptanalysis. The only reason why I even put it there - is because I wanted to give you an option to play with the "bare AES."

The absence of integrity verification was, in my opinion, a serious vulnerability present in the previous version of the Cipherbox. Although that wouldn't've allowed the attacker to decrypt your ciphertexts, that would allow the attacker to forge a new ciphertext using the legitimate ciphertexts produced by the Cipherbox.

Let me explain how it works (and how it won't work anymore). The previous version of the Cipherbox (let's call it Cipherbox 1 from now on) was in no way an easy target. It's been already protected from the brute-force attack, chosen-plaintext attack, and "somewhat protected" from the block swapping attack. I wrote "somewhat protected" because even though an attacker couldn't change the block order within the ciphertext without causing it to become at least partially undecryptable, an attacker could still swap the block N1 of the ciphertext N1 with the block N1 of the ciphertext N2, they could swap the block N2 of the ciphertext N1 with the block N2 of the ciphertext N2, so on and so forth.

By doing so, an attacker could forge a new ciphertext that would appear legitimate to Cipherbox 1 and even would've been decrypted correctly.

To fix that vulnerability, I've used HMAC-SHA256 (Hash-Based Message Authentication Code) to verify the integrity of the information encrypted by the Cipherbox. Unlike the usual hash function that only takes a string-to-be-hashed as an input, HMAC also takes the key to make sure that even if an attacker gets their hands on the hashes, stuff like the rainbow table will be useless.

Now let me show you how it works in practice.

Before I continue, I would like to remind you that I DO NOT ENCOURAGE HACKING IN ANY WAY!!!

I hacked MY OWN Cipherbox because I wanted to show you how the integrity verification feature works and why it's crucial to have it.

Let's suppose that there are three records:

• Send John Smith $100
• Send Anna Smith $250
• Send Mark Brown $500

Now, let's suppose that an attacker obtained physical access to the device and extracted the database from it.

An attacker found these three Ciphertexts that they're unable to decrypt. But, let's suppose that an attacker knows where the ciphertext with the value of the bonus for Mark Brown is stored, which block has the encrypted value of the bonus, and where the ciphertext with the value of the bonus for the John Smith is stored. Let's suppose that attacker knows that the bonus received by Mark Brown is more than the bonus received by John Smith, and an attacker wants to increase the bonus for John Smith. To do so, the attacker takes the block with the encrypted value of the bonus for Mark Brown and replaces John Smith's bonus with Mark Brown's bonus. That trick would've worked with Cipherbox 1, and the forged ciphertext "Send John Smith $500" would've been decrypted without any problems. Cipherbox 2 would decrypt that ciphertext too. But unlike Cipherbox 1, Cipherbox 2 computes a tag for each plaintext and then prints that tag in an encrypted form. When Cipherbox 2 decrypts the ciphertext, it also decrypts the tag and computes the new tag for the decrypted text. It then compares both tags. If these tags don't match, it turns the decrypted text red and throws the alert "Integrity verification failed!"

All names demonstrated here are fictional (just in case)

If you've never flashed ESP32 or ESP8266 before you'll need to configure Arduino IDE and install drivers to upload the firmware to the boards, you can find drivers here:

CP210x driver for ESP32: https://www.silabs.com/developers/usb-to-uart-brid...

CH340 driver for ESP8266: https://sparks.gogo.co.nz/ch340.html

In case you don't have Arduino IDE, you can download it here: https://www.arduino.cc/en/software

Configuring IDE isn't a part of this tutorial, you can read about it here:

ESP32: https://randomnerdtutorials.com/installing-the-esp...

ESP8266: https://randomnerdtutorials.com/how-to-install-esp...

You can download firmware here https://github.com/Northstrix/Cipherbox

The firmware for this version is located in the "V2.0" folder.

Adafruit-GFX-Library: https://github.com/adafruit/Adafruit-GFX-Library

Adafruit_ILI9341: https://github.com/adafruit/Adafruit_ILI9341

Adafruit_BusIO: https://github.com/adafruit/Adafruit_BusIO

PS2Keyboard: https://github.com/PaulStoffregen/PS2Keyboard

esp32_arduino_sqlite3_lib: https://github.com/siara-cc/esp32_arduino_sqlite3_lib

rfid: https://github.com/miguelbalboa/rfid

espsoftwareserial: https://github.com/plerup/espsoftwareserial/

nokia-5110-lcd-library: https://github.com/platisd/nokia-5110-lcd-library

Keypad: https://github.com/Chris--A/Keypad

The process of unpacking libraries is typical. You can unpack the content of the archive into the folder: ...\Arduino\libraries. Or open the Arduino IDE, click to the Sketch -> Include Library -> Add .ZIP Library... and select every archive with libraries.

Other required libraries are already present in one way or another.

The primary purpose of the ESP32 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.

Download the "ESP32FS-1.0.zip" file here https://github.com/me-no-dev/arduino-esp32fs-plugin/releases/

And then extract the content of that archive into the "...\Arduino\Tools\" folder.

After that, restart the Arduino IDE.

Click Tools -> ESP32 Sketch Data Upload. Then click Yes in the pop-up window. The program is going format the built-in flash memory.

Some boards will flash without any problems.

Unfortunately, that's not the case for all boards. If you configured IDE correctly, installed drivers, selected the corresponding port, and still keep getting this error: A fatal error occurred: Failed to connect to ESP32: Timed out waiting for packet header. Connect a 10µF capacitor to the board while flashing.

Connect the positive lead of the capacitor to the EN pin of the ESP32;

Connect the negative lead of the capacitor (usually indicated by the gray stripe) to the GND pin of the ESP32.

Don't forget to disconnect the capacitor after the board flashes.

To make the unauthorized deciphering of your data computationally infeasible - It is crucial to generate your own keys and never reuse them.

The best way to generate the keys is to throw 20-sided dice.

If you get a number from 1 to 9, write it down.

If you get a number from 10 to 15, write down a letter corresponding to that number.

10 = A;

11 = B;

12 = C;

13 = D;

14 = E;

15 = F.

If you get 20, write down 0.

If you get something else, don't write anything and throw the dice again.

There's also an easier option.

I modified one of my previous projects to work as a random number generator, the generated output seems "random enough" for me, but I haven't run any tests. So, I can't guarantee that it's random.

Use it at your own risk.

To generate the keys - launch gen.exe from the "Cipherbox-main\V2.0\Untested RNG" folder, and then click the "Generate keys for Cipherbox V2.0" button. The background turns from black to blue when you press that button.

To get the receiver's MAC address, upload this code into the ESP8266.

#include <ESP8266WiFi.h>

void setup(){
  Serial.begin(115200);
  Serial.println();
  Serial.println(WiFi.macAddress());
}
 
void loop(){

}

Then open the Serial Monitor, and reboot the board.

If done correctly, you should see the MAC address in the console.

The MAC address of this board is 5C:CF:7F:FD:85:1D

Open the files "Firmware_for_ESP32.ino" and "Firmware_for_ESP8266.ino" from the folders "Cipherbox-main\V2.0\Firmware for the vault\Firmware_for_ESP32" and "Cipherbox-main\V2.0\Firmware for the receiver\Firmware_for_ESP8266" and then replace my keys with those you've generated.

The vault requires eight keys, while the receiver only needs three. Make sure that projection_key, hmackey_for_session_key and proj_serp_key are the same on both devices.

Don't forget to replace the receiver's MAC address in the line

uint8_t broadcastAddress[] = {0x5C, 0xCF, 0x7F, 0xFD, 0x85, 0x1D}; // Receiver's MAC address

in the file called "Firmware_for_ESP32.ino"

Upload the firmware from the folder "Cipherbox-main\V2.0\Firmware for the vault\Firmware_for_ESP32" into the ESP32.

Upload the firmware from the folder "Cipherbox-main\V2.0\Firmware for the vault\Firmware_for_Arduino_UNO" into the Arduino Uno.

Upload the firmware from the folder "Cipherbox-main\V2.0\Firmware for the receiver\Firmware_for_ESP8266" into the ESP8266.

Upload the firmware from the folder "Cipherbox-main\V2.0\Firmware for the receiver\Firmware_for_Arduino" into the Arduino.

Assembling the vault shouldn't be hard. In my opinion, the most tangled part of it is to connect the PS/2 port in the right way.

That shouldn't be hard either.

Ok, it's time to unlock the vault. Power the vault up and consequently approximate four RFID cards to it. You need to approximate cards in exactly the same order every time you unlock the vault, or you won't be able to decrypt your stuff.

Important thing: If you want to reboot ESP32, reboot all boards. And if the keyboard suddenly stops working as intended, only reboot the Arduino Uno.

Well, it's more like "sign up and immediately log in" the first time you're entering a new username and password. Every other time, it's just "log in."

You can enter any username and password you want, just make sure to keep them both secret. Let me explain why. The username determines the name of the database that will be used to store your notes, while the password is used in the key derivation process.

If an attacker discovers your username, an attacker will be able to delete all your logins and notes. If an attacker discovers your username and password, an attacker will be able to decrypt all your stuff.

Although if you don't need the vault capabilities and only want to use ciphers, you can log in under any username or leave the username field empty. Just make sure to always enter the same password, or you won't be able to decrypt your ciphertexts.

Press "Tab" (↹) to move between fields. The current field is indicated by the inscription below. When you're done, press "Enter" to log into the vault.

I got the verification number 3092 for the password "1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,./+_)(*&^%$#@!"

After logging in and getting to the main menu.

Press ↓ (Down Arrow) to go down the menu.

Press ↑ (Up Arrow) to go up the menu.

Press ← (Left Arrow) or → (Right Arrow) to change the AES mode.

Open the Serial Monitor and set the baud rate to "115200" because the ciphertext will be printed into the Serial Monitor.

To encrypt text. Select the desired encryption algorithm in the menu and press "1" on the keyboard. After that, enter the text that you want to encrypt and press "Enter" to encrypt it.

Eventually, I came up with these results:

Plaintext:

Cipherbox V2.0 is what I consider to be a cryptographic swiss knife. The existence of this device wouldn't've been possible without a lot of open source code that I've found on the Internet and put together.

Ciphertext:

7c50372aa601d06ac290071f82ba69f8f66e8052fdc8ebea1441d9eb86bff31f81abf8a5908bf43beb5ea06b8877caf8cabd28e5d41fbf87cc905025090f1acd258b0d855382cb7e056fb3d837739f73648edd276dc008b719f56ad49ee869189794b706efe2bd7594d396235d0590865ec9aef5f8a8be60cc5b39b8050ffaaafa9f21598857a117cdb62e93d1d3b6aa266c43dd83613b8afa262cd489378119ce9eb53ca4948b974ab2622292af01d1fd3d8c748b7656273c08697d583da4cde50450547e34b9f5ffa0d494c224462466d5bc2688871b9aee6756b421c4e2d0aa41a847a3fa17b3a316d8fcc5145f61d873537339b0fa42b0394ccda52e9c190328601f7860880244b677d3fa01d747c5bd56274a8c6cd3f89bb7c769dfdd5e74989d52633ec44b50db0ebe8937000d5f992af132b79fd9b3e4c8a2a25f39e1764ae3375d08e1d2d2b93ec4571deba896464426a9e420439ac2a46d02892501b050c715f3a7621e2396e28bea8533970a4d3583e5ba3356692d098022a4794f4ef395810c38bc3bb4d7124cbfb5ad8a1e76497f38b659649b16f200993bfca276c1d035fd3770e0fe7cd073ba46f232b209aaedee70510285cd79f3229e63d1fff8d5c2f9369da5fb39a051d625773864e26ab548cc8240235f61dc5550bd3246917ee6c94f080e1733aa5138dd3ab8974bdd3718fbe43a7fe3f8cd8d1f15126d36c2be47e2e8c8115d910be372d9da75a85fce584e0c09eceff4948a4dd7331deb4eecc1f9c5cbdb6c483469437d657c6aebfc49536fed7f0a33a996d98b48a73ac151ac2b03a53bbd039c3a4f633ef8233bc32e2c7006fdcffb1e01292e61256337131c9016584067e0de970feb9379889667fb2d68ee23216f9806658f4fe28738e7aa3b30e173aff2b385b09969622d679e7c6562cb93176c3a2747753860bc6d447fc00d78efccdd7ee6ce0fc2072d578a2e378a7eada22f693a7ff6b2d7fd400581d4d51d4d9369b8e830e96e908c25f28e193f5cf11d2cea8bd71c6dd34a0330886036d8c540c5bb5a380ddf2e0a34df878ebdb460cd5b3fdc9cf51601f6857b17d1a2f1bb1dd215b4a6731b5b12b69d92b20afc80d8922afae795e6e4e81b65f0a5ba6208e047f350fc5717b130a34cbb3aa17d6d9fc9417c190f18f952e32718f7961ea70f8c7f8f0edc74c94c551ee20139ec022e916d247fdb053f1a008f6dc1027ca83ca20581bc25fac0ecfde217296270c5f5a4034a53b546f753446f234a15c442dba1fcd3d3f426f6e4714ef2a9ef0c378583c5a7e5dab1cd71668933d1059a7cd2b1eabd5bc9e33c5586d166f61a193126f8eb81259a1a

Open the Serial Monitor and set the baud rate to "115200" because you'll need to paste the ciphertext into the Serial Monitor.

To decrypt text. Select the encryption algorithm that was used to encrypt the text in the menu and press "2" on the keyboard. After that, paste the ciphertext into the Serial Monitor and press "Send."

Eventually, I came up with these results:

Ciphertext:

7c50372aa601d06ac290071f82ba69f8f66e8052fdc8ebea1441d9eb86bff31f81abf8a5908bf43beb5ea06b8877caf8cabd28e5d41fbf87cc905025090f1acd258b0d855382cb7e056fb3d837739f73648edd276dc008b719f56ad49ee869189794b706efe2bd7594d396235d0590865ec9aef5f8a8be60cc5b39b8050ffaaafa9f21598857a117cdb62e93d1d3b6aa266c43dd83613b8afa262cd489378119ce9eb53ca4948b974ab2622292af01d1fd3d8c748b7656273c08697d583da4cde50450547e34b9f5ffa0d494c224462466d5bc2688871b9aee6756b421c4e2d0aa41a847a3fa17b3a316d8fcc5145f61d873537339b0fa42b0394ccda52e9c190328601f7860880244b677d3fa01d747c5bd56274a8c6cd3f89bb7c769dfdd5e74989d52633ec44b50db0ebe8937000d5f992af132b79fd9b3e4c8a2a25f39e1764ae3375d08e1d2d2b93ec4571deba896464426a9e420439ac2a46d02892501b050c715f3a7621e2396e28bea8533970a4d3583e5ba3356692d098022a4794f4ef395810c38bc3bb4d7124cbfb5ad8a1e76497f38b659649b16f200993bfca276c1d035fd3770e0fe7cd073ba46f232b209aaedee70510285cd79f3229e63d1fff8d5c2f9369da5fb39a051d625773864e26ab548cc8240235f61dc5550bd3246917ee6c94f080e1733aa5138dd3ab8974bdd3718fbe43a7fe3f8cd8d1f15126d36c2be47e2e8c8115d910be372d9da75a85fce584e0c09eceff4948a4dd7331deb4eecc1f9c5cbdb6c483469437d657c6aebfc49536fed7f0a33a996d98b48a73ac151ac2b03a53bbd039c3a4f633ef8233bc32e2c7006fdcffb1e01292e61256337131c9016584067e0de970feb9379889667fb2d68ee23216f9806658f4fe28738e7aa3b30e173aff2b385b09969622d679e7c6562cb93176c3a2747753860bc6d447fc00d78efccdd7ee6ce0fc2072d578a2e378a7eada22f693a7ff6b2d7fd400581d4d51d4d9369b8e830e96e908c25f28e193f5cf11d2cea8bd71c6dd34a0330886036d8c540c5bb5a380ddf2e0a34df878ebdb460cd5b3fdc9cf51601f6857b17d1a2f1bb1dd215b4a6731b5b12b69d92b20afc80d8922afae795e6e4e81b65f0a5ba6208e047f350fc5717b130a34cbb3aa17d6d9fc9417c190f18f952e32718f7961ea70f8c7f8f0edc74c94c551ee20139ec022e916d247fdb053f1a008f6dc1027ca83ca20581bc25fac0ecfde217296270c5f5a4034a53b546f753446f234a15c442dba1fcd3d3f426f6e4714ef2a9ef0c378583c5a7e5dab1cd71668933d1059a7cd2b1eabd5bc9e33c5586d166f61a193126f8eb81259a1a

Plaintext:

Cipherbox V2.0 is what I consider to be a cryptographic swiss knife. The existence of this device wouldn't've been possible without a lot of open source code that I've found on the Internet and put together.

To add login. Select the "Login" in the menu and press "1" on the keyboard. After that, enter the title, username, password, and website. Press "Enter" when you've finished entering the data to move to the next window.

According to the tests that I've conducted during the development of my previous projects - ESP32 is able to encrypt and decrypt a record with a length of 600-characters without any problems. So, technically, you can put 600 characters into each field in every category.

All credentials are fictional (just in case).

To show all logins. Select the "Login" in the menu and press "5" on the keyboard. You will see all titles with usernames. If all logins don't fit on the screen, you can always open the Serial Monitor and see the complete list there.

I've added another record to fill the list.

All credentials are fictional (just in case).

To view login. Select the "Login" in the menu and press "4" on the keyboard. You will see all titles with their corresponding numbers on the left. To view a record, enter the number of the record on the keyboard and press "Enter."

The "Remove" option works exactly the same as the view option with only one exception. It's called by pressing "2."

All credentials are fictional (just in case).

To edit login. Select the "Login" in the menu and press "2" on the keyboard. You will see all titles with their corresponding numbers on the left. To edit a record, enter the number of the record on the keyboard and press "Enter." After that, enter the new password for the record and press "Enter" to save the changes. Press "Esc" to cancel.

All credentials are fictional (just in case).

Let me start with the fact that, unlike the Cipherbox 1's receiver, that one is protected from the replay attack. To ensure that the receiver won't correctly decrypt any package that is resent to it, I've combined the key incrementation after every received package with the session key. The session key consists of 20 characters generated by the vault. The session key is valid until you either reboot ESP32 or power it off. After the key derivation process completes, both devices present you with the three verification numbers to ensure that there were no errors in the process. These numbers must match on both the vault and the receiver! If these numbers don't match, I would advise you to reboot the ESP8266 and enter the session key again. If that won't work, open the firmware and check if the keys are the same.

To send the text to the receiver: Press the "Tab." button on the keyboard, enter the text you want to send, and press "Enter." to send it. I was able to send an 84-character text without any problems. The received text is also shown in the Serial Monitor.

Even though that version of the Cipherbox is more secure than the previous one, it's in no way perfect. It can significantly raise the cost of unauthorized access to your data, but even that "cryptographic fortress" can't guarantee that your personal data would stay untouchable to anyone. It's not about the 100% guarantee, and it never was. It's about raising the costs as high as possible. Perhaps, there is no limit to perfection, and there's still a long way to go to make the Cipherbox even more secure.

I hope you will find a good use for this device.

If you like this tutorial, please share it.

Thank you for reading this tutorial.