Spaces:
Running
Running
M6 β Cybersecurity Layer
MicroPlastiNet treats cybersecurity as a first-class concern alongside ML, Deep Learning, GenAI, and Data Science β because environmental monitoring data is only as trustworthy as the channel it travels over.
Why this exists
Pollution-monitoring IoT systems are a tampering-magnet. An industrial actor with skin in the game has direct financial incentive to spoof or replay readings β yet almost no published microplastic IoT paper addresses message integrity. M6 closes that gap.
What it does
| Threat | Mitigation |
|---|---|
| Payload tampering on the wire | HMAC-SHA256 over canonical JSON |
| Replay of an old payload | Per-payload nonce + bounded LRU nonce cache |
| Stale messages | 5-minute timestamp freshness window |
| Long-lived key compromise | Per-station key rotation with 30-minute grace |
| Eavesdropping | TLS 1.3 transport (MQTT over TLS) |
Files
signing.pyβsign_payload()/verify_payload()/NonceCachekeystore.pyβKeyStorewith rotate + grace windowtls.pyβbuild_tls_context()for paho-mqtt
Usage
from src.m6_security import sign_payload, verify_payload, NonceCache, KeyStore
ks = KeyStore(Path("data/keys.json"))
secret = ks.get_or_create_secret("station-ogeechee-03")
# Edge side:
payload = SensorPayload.new(...)
sign_payload(payload, secret)
mqtt_client.publish("microplastinet/data", payload.to_json())
# Broker side:
nonce_cache = NonceCache()
ok, reason = verify_payload(payload, secret, nonce_cache)
if not ok:
log.warning("rejected: %s", reason)
References
- RFC 2104 β HMAC: Keyed-Hashing for Message Authentication
- NIST SP 800-107 r1 β Recommendation for Applications Using Approved Hash Algorithms
- OWASP IoT Top 10 (2018) β I3 Insecure Communications