USMP: Unified Secure Multi-transport Protocol

USMP is a lightweight, transport-agnostic binary session protocol designed for resource-constrained embedded microcontrollers (ESP32, Arduino) and gateways (Pyt...

Bridging the IoT Security Gap with zero-friction, end-to-end encrypted tunnels.

USMP is a lightweight, transport-agnostic binary session protocol designed for resource-constrained embedded microcontrollers (ESP32, Arduino) and gateways (Python). It provides iron-clad mutual authentication and AES-256-GCM encryption with just three function calls.

// 1. Initialize your choice of transport (TCP or UDP)
usmp_transport_udp_init(&transport, "192.168.1.100", 9000);

// 2. Perform mutual handshake and establish keys
usmp_connect(&ctx, &transport);

// 3. Send securely encrypted payloads
usmp_send(&ctx, data, len);

Why USMP?

Historically, connecting embedded microcontrollers securely meant choosing between insecure raw sockets or heavy, resource-exhausting TLS/DTLS stacks. USMP fills this gap by offering a lightweight alternative that implements strict security guarantees without the footprint of full PKI.

Protocol / StandardLight on RAM/FlashForward SecrecyMutual AuthenticationTransport Agnostic
Raw TCP / UDP🟢 Yes🔴 No🔴 No🔴 No
Full TLS / DTLS🔴 No🟢 Yes🟡 Optional🔴 No
USMP🟢 Yes🟢 Yes🟢 Yes🟢 Yes

Core Security Guarantees

USMP does not support an "insecure mode." Every session is strictly hardened out of the box:

  • Mutual Authentication: Both client (device) and server (gateway) prove their identity using a Pre-Shared Key (PSK) and HMAC-SHA256 proofs before exchanging payload data.
  • Perfect Forward Secrecy: An ephemeral X25519 Diffie-Hellman key exchange is performed for every session. Even if the Pre-Shared Key is compromised in the future, past captured traffic cannot be decrypted.
  • Mandatory Encryption: All session data frames are encrypted using AES-256-GCM, ensuring absolute confidentiality and tamper-proof message integrity.
  • Replay Protection: Strict, monotonic 32-bit sequence numbers and deterministic nonces prevent attackers from capturing and replaying packets.

Supported Transports & Roadmap

USMP is designed to separate the cryptographic session state machine from the underlying transport medium.

  • TCP: Production-ready. Best for reliable Wi-Fi or Ethernet streams.
  • UDP: Production-ready. Optimized for constrained, lossy networks with built-in packet-level acknowledgment and reliability mechanisms.
  • Serial UART (with COBS & Sliding Window): 🟡 Coming soon.
  • BLE (Bluetooth Low Energy): 🟡 Coming soon.

Direct Distribution Registries

USMP is packaged and published directly to official package managers, keeping your builds clean and independent of private source structures:

Available on PyPI for gateways, servers, and backends.

pip install usmp

Ready to dive in? Follow our step-by-step tutorials:

  1. Installation & Setup: Prepare your environment and generate secure Pre-Shared Keys.
  2. Your First TCP Tunnel: Establish a secure session over TCP.
  3. Going Connectionless (UDP): Secure your communications over UDP.
  4. Production Hardening: Learn about credential management, NVS storage, keepalives, and automatic reconnection loops.