Security: 433 RFX vs Mysensors security
-
Hi there,
I want to equip parts of house with door/window and PIR sensors.
I initially tought that I will use cheap 433mhz sensors that are integrated with RFXCOM into openhab (which is also the sink for my mysensors network).
They are around 3-4$ per sensor. I would then only use mysensors for things like temperature monitoring, some actors, etc.However, the obvious problem is security. With those cheap 433mhz sensors it is pretty easy to just listen and tell when my basement door or a certain
window is open or not, if someone really wants to (ignoring the chances right now).Mysensors seems to be more secure here, but I assume that there are limitations regarding encryptions.
How do you see this and how do you do it? Any suggestions appreciated..
-
@chbla - I guess you have read this? https://www.mysensors.org/about/signing
-
Yes I have read it, however, it does not address the problem of actually hiding what's going on.
-
@chbla when combined with encryption, the MySensors signing does a pretty good job of obfuscating what is going on. But since the mere existance of a radio message leaks information, encryption does not solve the problem. Sending fake radio messages at random intervals might be a good way to further obfuscate what is going on, but if an attacker sets up a camera or tracks your phone there will be information leakage again.
-
RS485 is the way
-
@mfalkvidd said in Security: 433 RFX vs Mysensors security:
@chbla when combined with encryption, the MySensors signing does a pretty good job of obfuscating what is going on. But since the mere existance of a radio message leaks information, encryption does not solve the problem. Sending fake radio messages at random intervals might be a good way to further obfuscate what is going on, but if an attacker sets up a camera or tracks your phone there will be information leakage again.
Do you have any links to what people use already in terms of encryption?
In any way it's a valid point to say that the likelihood of someone actually monitoring this is quite low.
However, since those chinese 433mhz devices are used so often, it's a bad feeling.
If only they weren't that cheap
I wonder how others are doing it, or if most people just ignore that problem?
-
@chbla this is what MySensor provides:
https://www.mysensors.org/apidocs/group__SecuritySettingGrpPub.html
-
@chbla said in Security: 433 RFX vs Mysensors security:
@mfalkvidd said in Security: 433 RFX vs Mysensors security:
@chbla when combined with encryption, the MySensors signing does a pretty good job of obfuscating what is going on. But since the mere existance of a radio message leaks information, encryption does not solve the problem. Sending fake radio messages at random intervals might be a good way to further obfuscate what is going on, but if an attacker sets up a camera or tracks your phone there will be information leakage again.
Do you have any links to what people use already in terms of encryption?
In any way it's a valid point to say that the likelihood of someone actually monitoring this is quite low.
However, since those chinese 433mhz devices are used so often, it's a bad feeling.
If only they weren't that cheapI wonder how others are doing it, or if most people just ignore that problem?
With a 433MHz device you just have to use a similar device than the one installed and trigger it while you enter. It will mess the signal and the sensor will never know it didn't reach destination.
With MySensors you can resend regularly to transmit information as soon as radio link is back and you can also send regular messages to confirm the sensor is still active and reachable. If you don't get the expected message you can trigger an alert.
I would do the opposite and use 433MHz with temp sensors and MySensors (with signature + encryption) for any security related sensor.
-
Thanks for the explanation! I will now rather invest into more Mysensor nodes + RFM69 as it's simply more flexible.
@Nca78 the reason I'm also using mysensors on the temp nodes is that it allows me to use custom sensors (for these types mostly BME280/680).
-
@chbla said in Security: 433 RFX vs Mysensors security:
(for these types mostly BME280/680).
Do you make your own board or you buy some breakout boards for BME680 ?
-
@nca78, unfortunately, I can't make my own boards so I have to use breakout boards.
However, it's not really a problem as I want to stay flexible anyway.
-
@chbla and where do you buy them ?
-
@nca78 I'm still deciding what to use. Pro Mini if I don't find anything better.
-
@chbla said in Security: 433 RFX vs Mysensors security:
@nca78 I'm still deciding what to use. Pro Mini if I don't find anything better.
I'm interested in where you buy your BME680 breakout boards, there are not so many around
-
@nca78 said in Security: 433 RFX vs Mysensors security:
@chbla said in Security: 433 RFX vs Mysensors security:
@nca78 I'm still deciding what to use. Pro Mini if I don't find anything better.
I'm interested in where you buy your BME680 breakout boards, there are not so many around
I think I bought them here: http://www.watterott.com/de/BME680-Breakout
I'm located in Austria
