naidusai's picture
Initial deploy: MicroPlastiNet Dash dashboard (synthetic data, honest disclosure)
3a5b233 verified
|
Raw
History Blame Contribute Delete
1.81 kB
# M6 β€” Cybersecurity Layer
> *MicroPlastiNet treats cybersecurity as a first-class concern alongside ML, Deep Learning, GenAI, and Data Science β€” because environmental monitoring data is only as trustworthy as the channel it travels over.*
## Why this exists
Pollution-monitoring IoT systems are a tampering-magnet. An industrial actor with skin in the game has direct financial incentive to spoof or replay readings β€” yet **almost no published microplastic IoT paper addresses message integrity**. M6 closes that gap.
## What it does
| Threat | Mitigation |
|---|---|
| Payload tampering on the wire | HMAC-SHA256 over canonical JSON |
| Replay of an old payload | Per-payload nonce + bounded LRU nonce cache |
| Stale messages | 5-minute timestamp freshness window |
| Long-lived key compromise | Per-station key rotation with 30-minute grace |
| Eavesdropping | TLS 1.3 transport (MQTT over TLS) |
## Files
- `signing.py` β€” `sign_payload()` / `verify_payload()` / `NonceCache`
- `keystore.py` β€” `KeyStore` with rotate + grace window
- `tls.py` β€” `build_tls_context()` for paho-mqtt
## Usage
```python
from src.m6_security import sign_payload, verify_payload, NonceCache, KeyStore
ks = KeyStore(Path("data/keys.json"))
secret = ks.get_or_create_secret("station-ogeechee-03")
# Edge side:
payload = SensorPayload.new(...)
sign_payload(payload, secret)
mqtt_client.publish("microplastinet/data", payload.to_json())
# Broker side:
nonce_cache = NonceCache()
ok, reason = verify_payload(payload, secret, nonce_cache)
if not ok:
log.warning("rejected: %s", reason)
```
## References
- RFC 2104 β€” HMAC: Keyed-Hashing for Message Authentication
- NIST SP 800-107 r1 β€” Recommendation for Applications Using Approved Hash Algorithms
- OWASP IoT Top 10 (2018) β€” I3 Insecure Communications