Security

There are several layers to the security architecture of ChatterBox. ChatterBox makes use symmetric encryption, asymmetric encryption, and digital signatures.

Physical Security

  • Store data only as long as necessary, and preferably only in memory (usually encrypted there too)

  • At rest, data is stored in non-removable FRAM or on a micro SD card, depending on the model

  • No egress connection to the internet, WiFi, your phone, or anything other than its LoRa transceiver

  • Onboard realtime clock (varies depending on model) and GPS/GNSS module provide reliable time for enforcing message expiry

Symmetric Encryption

  • ECC public/private keypair is automatically generated randomly when you factory reset (or enter a blank SD card, if the device supports it)

  • When the device is initialized, it also creates a new cluster, including two symmetric keys that are utilized by all devices in a cluster

  • Private key and symmetric keys are stored encrypted (using your password or a unique device hash if you don’t set a password)

  • Public key is shared as necessary to other devices in the cluster

  • Root device only shares symmetric key via encrypted LoRa transmission during once-per-device “onboard’ process.

Asymmetric Encryption

Symmetric generally means “the same”, and it’s no different with encryption. With symmetric encryption, a single key/phrase is used to both encrypt and decrypt some data. Sometimes people call these keys “shared secrets” or passwords.

Each ChatterBox cluster has two symmetric keys that all devices in the cluster know. Symmetric encryption is used for:

  • Encrypting data on your device, using your password

  • Messages you broadcast to all devices in range, not intended for a specific recipient

  • Pings that announce a device is around, which may include data about connectivity of other devices in the cluster

  • Location coordinates (if you have location sharing enabled)

  • Choosing frequencies to hop to at certain intervals

Digital Signatures

Asymmetric generally means “not the same.” So as you might expect, for encryption, this means one key is used to encrypt a chunk of data and a different key is used to decrypt the same chunk of data.

ChatterBox prefers asymmetric encryption in all cases possible. Specifically, asymmetric encryption is used for:

  • Messages sent to a specific recipient in the cluster

  • Selecting the next frequency to hop to for each packet when interaction between two ChatterBox devices is happening

  • When onboarding, after the root device and soon-to-be onboarded device exchange public keys, asymmetric encryption is utilized for the remaining packets exchanged for onboarding (including transmission of cluster symmetric keys)

Unpredictable Channel Hopping

When you send messages through ChatterBox, they are broken into pieces (packetized). The last packet of a message is a digital signature. All messages are required to have a valid digital signature or they are ignored.

  • Every message sent in your cluster includes a digital signature

  • The signature is verifiable using the sender’s public key

  • Included in the signed payload are: message content, nbf/na, any message headers/flags, the original sender ID and intended recipient ID, encryption-related flags

  • ECCDSA is the signature algorithm used

Elliptic Curve Cryptography

When you define your cluster, you can choose how the cluster will utilize (or not) channel hopping. You will choose a center frequency, number of channels (between 1 and 64), and a hopping schedule (how many seconds between hops).

  • Your cluster unpredictably hops according to the schedule/settings you chose during cluster setup (only devices with the symmetric keys will know the next channel).

  • As a group, the cluster centers around the same channel and hops regularly and simultaneously.

  • When packets intended for a specific device are exchanged, the two devices exchanging packets switch to a new schedule, based on their asymmetric keys. The channel hopping happens very fast during this sequence. Each packet is exchanged on a different channel, so the hopping happens several times per second.

  • Each “channel” is a separate LoRa frequency. The lower number of channels your cluster has, the closer to your chosen center frequency devices remain. Channels are separated by gaps of 0.1 mHz.

  • Hopping allows the cluster to be somewhat resilient to interference on specific frequencies, given they will never sit on a specific frequency for long, and also that packets can be held encrypted for up to 24 hours, awaiting delivery.