This project implements a lightweight and secure communication system for IoT devices using encryption and authentication.
- ChaCha20 encryption (confidentiality)
- HMAC-SHA256 authentication (integrity)
- MQTT communication protocol
- Protection against tampered or fake messages
IoT Device (Sender) → MQTT Broker → Receiver
- Sender encrypts and signs data
- Receiver verifies and decrypts
- Invalid messages are rejected
| Test Case | Result |
|---|---|
| Valid message | ✅ Accepted |
| Tampered message | ❌ Rejected |
| Fake HMAC | ❌ Rejected |
Make sure Python is installed, then run:
pip install -r requirements.txt
Open a terminal and start the receiver:
python iot_receiver.py
You should see: 📡 Listening...
Open a second terminal and run:
python iot_device.py
You will see encrypted messages being sent: 📡 Sent: <encrypted_data>|
In the receiver terminal, you should see:
✅ Decrypted: Temperature: 22C
This confirms that:
- Data is encrypted before transmission
- Message integrity is verified using HMAC
Open a third terminal and run:
python attacker.py
The receiver will reject the fake message:
🚨 Tampered or fake message rejected!
- Secure communication using lightweight encryption (ChaCha20)
- Message integrity verification with HMAC-SHA256
- Protection against tampering and unauthorized message injection
- Uses a public MQTT broker: test.mosquitto.org
- Internet connection is required
- Run sender and receiver at the same time for proper operation