In [4]:
# Part I: IoT Data Encryption Simulation using AES

from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.Padding import pad, unpad
import json
import random
import base64

# توليد قراءة عشوائية للمستشعر
def generate_sensor_reading():
    temp = random.randint(20, 40)
    humidity = random.randint(20, 80)
    return {"temperature": temp, "humidity": humidity}

# تشفير AES CBC
def encrypt_data(key, plaintext):
    iv = get_random_bytes(16)
    cipher = AES.new(key, AES.MODE_CBC, iv)
    ciphertext = cipher.encrypt(pad(plaintext, AES.block_size))
    return iv + ciphertext  # IV + Ciphertext

# فك التشفير
def decrypt_data(key, iv_ciphertext):
    iv = iv_ciphertext[:16]
    ciphertext = iv_ciphertext[16:]
    cipher = AES.new(key, AES.MODE_CBC, iv)
    plaintext = unpad(cipher.decrypt(ciphertext), AES.block_size)
    return plaintext

# توليد مفتاح AES
key = get_random_bytes(16)

# جهاز IoT يقرأ بيانات
reading = generate_sensor_reading()
reading_json = json.dumps(reading).encode()

# تشفير البيانات
ciphertext = encrypt_data(key, reading_json)

# محاكاة الإرسال
received = ciphertext

# فك التشفير
decrypted = decrypt_data(key, received)
decrypted_reading = json.loads(decrypted.decode())

print("Original Data:", reading)
print("Encrypted (Base64):", base64.b64encode(ciphertext).decode())
print("Decrypted Data:", decrypted_reading)


Original Data: {'temperature': 40, 'humidity': 45}
Encrypted (Base64): 5hwLOGNFuhSiUsWxE1gCUw0Qp5I4Io6b+8y33LPU0TmHDf2lrR88hZzCULZTsxBCmC6rcnUsEiO2GAaD+rzGjg==
Decrypted Data: {'temperature': 40, 'humidity': 45}


In [5]:
# Part II: IoT Device Lifecycle Simulation

import time
import datetime

def log(stage, message):
    print(f"[{datetime.datetime.utcnow().isoformat()}Z] [Stage {stage}] {message}")

# المرحلة 1
log(1, "Threat model created (assets and attack vectors identified).")

# المرحلة 2
time.sleep(0.3)
log(2, "Secure boot verified (firmware integrity OK).")

# المرحلة 3
time.sleep(0.3)
log(3, "Keys injected securely (mock key values).")

# المرحلة 4
time.sleep(0.3)
log(4, "OTA update checked and signature verified.")

# المرحلة 5
time.sleep(0.3)
log(5, "Device decommissioned, keys deleted, storage wiped.")


  print(f"[{datetime.datetime.utcnow().isoformat()}Z] [Stage {stage}] {message}")


[2025-11-27T17:14:29.187959Z] [Stage 1] Threat model created (assets and attack vectors identified).
[2025-11-27T17:14:29.488441Z] [Stage 2] Secure boot verified (firmware integrity OK).
[2025-11-27T17:14:29.788960Z] [Stage 3] Keys injected securely (mock key values).
[2025-11-27T17:14:30.089559Z] [Stage 4] OTA update checked and signature verified.
[2025-11-27T17:14:30.390053Z] [Stage 5] Device decommissioned, keys deleted, storage wiped.


In [1]:
# Part III: Secure Boot Verification (Firmware Integrity Check)

import hashlib

# -------------------------------
# Function to calculate SHA-256 hash
# -------------------------------
def firmware_hash(data_bytes):
    """
    This function takes firmware bytes as input
    and returns the SHA-256 hash in hexadecimal format.
    """
    return hashlib.sha256(data_bytes).hexdigest()


# ----------------------------------------------------
# Simulating firmware stored at manufacturing time
# ----------------------------------------------------
original_firmware = b"firmware-image-v1.0"   # This represents the genuine firmware
stored_signature = firmware_hash(original_firmware)

print("Stored Firmware Signature (SHA-256):")
print(stored_signature)
print("-" * 60)


# ----------------------------------------------------
# Simulating firmware loaded during boot
# You can modify this string to simulate an attack
# ----------------------------------------------------
firmware_at_boot = b"firmware-image-v1.0"   # Try changing text to simulate tampering
current_hash = firmware_hash(firmware_at_boot)

print("Current Firmware Hash (SHA-256):")
print(current_hash)
print("-" * 60)


# ----------------------------------------------------
# Secure Boot Decision
# ----------------------------------------------------
if current_hash == stored_signature:
    print("✅ Secure Boot Passed: Firmware is genuine and unmodified.")
else:
    print("❌ Secure Boot Failed: Firmware integrity compromised!")


Stored Firmware Signature (SHA-256):
de157f3690a42d3fe767d57ec330467d50883edf34a1ea3e3d594ce65dc2c9f1
------------------------------------------------------------
Current Firmware Hash (SHA-256):
de157f3690a42d3fe767d57ec330467d50883edf34a1ea3e3d594ce65dc2c9f1
------------------------------------------------------------
✅ Secure Boot Passed: Firmware is genuine and unmodified.
