Black Lager: A Secure Mesh Network

Ad-hoc LoRa radio communications network for emergency communications.

Open-source, multi-platform, embedded device development.

Designed for secure messaging


Black Lager is a text messaging application that runs without cell service or internet. Data is sent over a mesh network of small, power-efficient, inexpensive long-range radios. Messages are authenticated with lightweight public key certificates and digital signatures. Built on top of Meshtastic open source software that forms an off-grid, decentralized, mesh network.


Overview of Enhanced Security Features

The Black Lager project now allows you to do the following on top of the Meshtastic infrastructure.

  • Create lightweight public-key certificates and digital signatures with the Ed25519 algorithm.
  • Generate a persona with a name and public/private key pair using the Python application.
  • Send and verify signed text messages with owned and peer personas stored on the client-side.
  • Sign messages with the Ed25519 public-key signature system using SHA-512 hashing and Curve25519 elliptic-curve cryptography.


Design Considerations

The design has to accommodate the hardware storage limitation we have on our ESP32 radio devices. Such devices were created with a design goal of being low power consumption and low execution/storage power. We had to change our project design a few times to work around the hardware limitations. We had to adapt protobuff as the data communication format for our project. Protobuff was used by Meshtastic therefore we had to take it into consideration and convert our data storage to protobuff. The figure below shows our design. To flash a radio device with the Black Lager firmware, please visit this page, Installation.
Description1



Protobuf Persona

We defined Persona and Wallet protocol buffer messages so that it provides the infrastructure needed for Black Lager to support public/private key pairs using the Python application. A Persona represents a public key based identity and can either be an owned Persona which belongs to the user and contains a private key or a peer persona which only contains the public key. A Wallet is a collection of owned Personas and peer Personas.

These protocol buffer messages provide a foundation for Meshtastic security enhancements. More specifically, they store data required for strong device and client identity as laid out in phase 2 of the Phased Proposal for the Meshtastic Security Framework (https://meshtastic.org/docs/overview/encryption#phase-2---strong-device-and-client-identity).

The figure below shows defined fields of the Black Lager Persona and Wallet. The compile instructions for the Protobufs can be found here, Developers.
Description1



Key Generation and Broadcast

Description1
This figure visualizes the design of how the the key generation and broadcast is handled by Black Lager.


Digital Signatures and Verification

Description1
This figure visualizes the design of how the messages are digitally signed and verified by Black Lager.


Messaging Client

A communication module to send messages over the Black Lager network via radio devices. Black Lager uses Meshwatch as the base for our Python client. This is built on top of Meshtastic Python CLI to establish connection via serial (cable) interface. The instructions to run the messaging client can be found here, Installation.


Future Plans

The public key certificates and corresponding Python library implemented provide message authentication and can be extended for further security enhancements. Implementing the Elliptic-curve Diffie-Hellman key agreement protocol would allow two users to compute a shared secret key to use in symmetric encryption of text messages. A possible limitation is US government regulation on cryptography.