[security] Introducing signing support to MySensors
-
:thumbsup:
-
@Anticimex - thanks for this. I finally got around to enabling signing on everything while I was testing out my new board design. I followed your schematic from your board design when I built mine and I just went through the instructions to configure the crypto chip and everything went smoothly. Thanks for the work and the good instructions!
-
@Anticimex - thanks for this. I finally got around to enabling signing on everything while I was testing out my new board design. I followed your schematic from your board design when I built mine and I just went through the instructions to configure the crypto chip and everything went smoothly. Thanks for the work and the good instructions!
-
@TD22057 that's really nice to hear! Are you using a stable release or the development/beta channel?
@Anticimex
I used the signing sketch on the dev branch - I'm in the process of shifting my stuff over to the dev branch from 1.5 now. -
Ok, cool. As you might have noticed, personalization has changed a bit on development. Also, whitelisting works slightly differently/better.
-
Isn't blacklisting cool too to use ?
Like, if we know the "name" of the sensor lost, we push it to the black list and voila ? This way, we don't have to put a long list a agreed sensors if we have only two nodes outside the house.
... I think.No quote, no forum notification (else, the mail box ring every minutes !). Thanks, and have a very good MySensors day !
-
Isn't blacklisting cool too to use ?
Like, if we know the "name" of the sensor lost, we push it to the black list and voila ? This way, we don't have to put a long list a agreed sensors if we have only two nodes outside the house.
... I think.@Pierre-P because if a node is lost, you no longer control that node. So anyone could reprogram it to have it identify itself in any way possible. We have to assume an attacker has full source code access, so they can rewrite the signing algorithm to use a fake serial as salt for the signature to trick the GW to believe it is a new node. A whitelist mean the attacker has to know the ID/serial of one of the nodes you trust. Which they won't know unless they can get access to that node.
-
@Pierre-P you are welcome. Security is best when it is totally open and the implementation is aware of this. That makes it quite difficult to circumvent, and it also allows to be challenged. That way, with many eyes examining it, it gets stronger and stronger :) I welcome all attempts to crack it. White or black hat style.
-
Hello all! What would require less flash memory? Signing by ATSHA204A Chip or by software?
-
Signing by ATSHA204A require less flash memory, but takes longer to execute (at least on 8MHz AtMega328).
-
@Anticimex assumed that, but this post on the forum got me confused: http://forum.mysensors.org/topic/2005/software-aes-encryption-for-nrf24/19
According to that post, he uses software on the SenseBender with Encryption because, according to him "...encryption and ATSHA204A is to big for the SenseBender... ".
I would like to add Signing and encryption to my nodes, but I don't know if it will fit on my Atmega328 flash!
-
Well, how much space you have depend on your sketch and on the features you enable in the library, so it is impossible to predict how your code will fit. I suggest you just try to enable what you want and compile, and you'll know :)
-
The easiest way to find out is to look at the output in Arduino IDE when you click "Verify".
There are some factors that affect size:
- Size of bootloader
- MySensors version (different versions of the library have different size requirements)
- MySensors features used (software signing, encryption, debug on or off, etc)
- Size of other libraries you use in your sketch
- Size of your sketch
-
Yes, encryption and signing! I'll try to order this and test it out! http://www.ebay.com/itm/5PCS-ATSHA204A-STUCZ-T-IC-CRYPTO-4-5KB-SWI-204A-SHA204A-/191782104901?hash=item2ca71aaf45:g:zEQAAOSwwE5WZk9O
-
And you might also have read mine and @mfalkvidd's stand on encryption, so don't be discouraged if you find that you can't fit both. Just skip the encryption in that case. It adds far less in security than signing does.
-
Yes, if I have to discard one it would be encryption! Thank you for the help @Anticimex and @mfalkvidd
