naidusai's picture
Initial deploy: MicroPlastiNet Dash dashboard (synthetic data, honest disclosure)
3a5b233 verified
|
Raw
History Blame Contribute Delete
1.81 kB

M6 β€” Cybersecurity Layer

MicroPlastiNet treats cybersecurity as a first-class concern alongside ML, Deep Learning, GenAI, and Data Science β€” because environmental monitoring data is only as trustworthy as the channel it travels over.

Why this exists

Pollution-monitoring IoT systems are a tampering-magnet. An industrial actor with skin in the game has direct financial incentive to spoof or replay readings β€” yet almost no published microplastic IoT paper addresses message integrity. M6 closes that gap.

What it does

Threat Mitigation
Payload tampering on the wire HMAC-SHA256 over canonical JSON
Replay of an old payload Per-payload nonce + bounded LRU nonce cache
Stale messages 5-minute timestamp freshness window
Long-lived key compromise Per-station key rotation with 30-minute grace
Eavesdropping TLS 1.3 transport (MQTT over TLS)

Files

  • signing.py β€” sign_payload() / verify_payload() / NonceCache
  • keystore.py β€” KeyStore with rotate + grace window
  • tls.py β€” build_tls_context() for paho-mqtt

Usage

from src.m6_security import sign_payload, verify_payload, NonceCache, KeyStore

ks = KeyStore(Path("data/keys.json"))
secret = ks.get_or_create_secret("station-ogeechee-03")

# Edge side:
payload = SensorPayload.new(...)
sign_payload(payload, secret)
mqtt_client.publish("microplastinet/data", payload.to_json())

# Broker side:
nonce_cache = NonceCache()
ok, reason = verify_payload(payload, secret, nonce_cache)
if not ok:
    log.warning("rejected: %s", reason)

References

  • RFC 2104 β€” HMAC: Keyed-Hashing for Message Authentication
  • NIST SP 800-107 r1 β€” Recommendation for Applications Using Approved Hash Algorithms
  • OWASP IoT Top 10 (2018) β€” I3 Insecure Communications