2A-Trust is a beginner-friendly extension to the ESP-NOW communication protocol on ESP32 devices. It adds simple lightweight authentication and replay protection using a shared secret and monotonic sequence numbers.
This project prioritizes practical trust guarantees without heavy cryptography, making it suitable for undergraduate work in communication and embedded systems.
Assumptions:
- The wireless channel is open and untrusted.
- An attacker can inject or replay packets.
- Firmware secrets are not extracted by the attacker.
Goal:
The receiver should only accept messages from a trusted sender that contain valid fields.
- Shared Secret – A fixed token included in every packet.
- Sequence Number – A monotonic field to defend against replayed packets.
These mechanisms are easy to explain and implement using Arduino for ESP32.
Each packet consists of:
secret: 16-bit shared tokenseq: 16-bit sequence numberpayload: application data
At the receiver:
- Shared secret is checked first.
- Sequence number is checked next for freshness.
- 2× ESP32-WROOM-32 development boards
- USB cables for programming
- Arduino IDE 1.8.19 or later
- ESP32 Arduino Core v2.0.5
- No external libraries required (ESP-NOW is built-in)
- Open
receiver/receiver.ino - Note the receiver's MAC address printed on board or find via:
WiFi.macAddress()- Open
sender/sender.ino - Update line 10:
uint8_t receiverMAC[] = {0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}; // Your receiver MAC- Set shared secret (must match on both devices):
#define SHARED_SECRET 0xBEEF- Flash receiver first, then sender
- Open Serial Monitor at 115200 baud
- No cryptographically strong authentication.
- Payloads are not encrypted.
- Shared secret is static and visible in firmware.
- Only one sender–receiver relationship is shown.
The receiver logs:
- Number of accepted packets
- Number of rejected packets
- Reason for rejection
These logs can be exported from the Serial Monitor into CSV for basic analysis.
- 16-bit secret = 65,536 possible values
- Vulnerable to brute force in <1 minute with automated scanning
- Not suitable for production, intended for educational demonstration only
- 16-bit counter = 65,536 messages maximum
- Counter overflow requires manual reset
- No persistence across device reboots
- Sequential messages can be replayed in-order after power cycle
- Classroom demonstration of protocol validation concepts
- Low-stakes sensor networks in controlled environments
- Educational exploration of replay attack prevention
2A-Trust/
├── sender/
│ └── sender.ino
|____ License
├── receiver/
│ └── receiver.ino
├── results/
│ └── *.csv └── README.md
By building and evaluating this project, you learn:
- Wireless protocol message validation
- Replay attack defenses
- Embedded engineering trade-offs