Sensebender Micro
-
@Anticimex I agree with you, but I find it interesting that sending a message fails exactly 9 times every time the node starts. I have changed different nrf24l01+ modules, put the transceivers close / far - it made absolutely no influence at all. 9 times st=fail and then everything works as expected.
@alexsh1 yes, it seem an odd coincidence. But I see nothing that signing can do about it I am afraid. st=fail means a message was not confirmed to get delivered properly and signing can't handle message drops. For security reasons, I have decided to not support retransmissions of nonces. If it can't be delivered, the entire signing session is considered compromised and have to be restarted with the exchange of a new nonce.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 yes, it seem an odd coincidence. But I see nothing that signing can do about it I am afraid. st=fail means a message was not confirmed to get delivered properly and signing can't handle message drops. For security reasons, I have decided to not support retransmissions of nonces. If it can't be delivered, the entire signing session is considered compromised and have to be restarted with the exchange of a new nonce.
@Anticimex said:
@alexsh1 yes, it seem an odd coincidence.
It is even more interesting that I have zero st=fail after nonce is received .
I can probably change the GW settings and the channel to make sure this is not causing any issues, but 9 st=fail in the beginning every time is a strange coincidence.@ximinez Did you manage to get it sorted? How many st=fail do you have in the beginning?
Anyone else is having similar issues? -
@Anticimex said:
@alexsh1 yes, it seem an odd coincidence.
It is even more interesting that I have zero st=fail after nonce is received .
I can probably change the GW settings and the channel to make sure this is not causing any issues, but 9 st=fail in the beginning every time is a strange coincidence.@ximinez Did you manage to get it sorted? How many st=fail do you have in the beginning?
Anyone else is having similar issues?@alexsh1 Perhaps a long stabilization time for a power supply or clock on the node or gw cause it. You could try to add some delays and see if it is time-after-power-on that is the issue or whatever it might be. It is not signing in any case, because it is the node sending that reports st=fail. That is a rf issue. It always is. The nonce has been generated as it should, and the signing backend trusts the transport layer to handle the transmission of the databuffer, and in this case the transport layer reports back that it could not.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 Perhaps a long stabilization time for a power supply or clock on the node or gw cause it. You could try to add some delays and see if it is time-after-power-on that is the issue or whatever it might be. It is not signing in any case, because it is the node sending that reports st=fail. That is a rf issue. It always is. The nonce has been generated as it should, and the signing backend trusts the transport layer to handle the transmission of the databuffer, and in this case the transport layer reports back that it could not.
-
@Anticimex Just an idea - could it be that nonce is not generated in the beginning and requires some time? I'll do some testing tonight
@alexsh1 No, nonces are being generated:
0;255;3;0;9;SHA256: 86DEAE1DAF50D577A4E2262B33ABF9DEE05DD8FAF84F94F50900000000000000 0;255;3;0;9;Transmittng nonce 0;255;3;0;9;Skipping security for command 3 type 17 0;255;3;0;9;send: 0-0-3-3 s=255,c=3,t=17,pt=6,l=25,sg=0,st=fail:86DEAE1DAF50D577A4E2262B33ABF9DEE05DD8FAF84F94F509and the generated nonce is not transmitted correctly (st=fail) due to some transport issue.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 No, nonces are being generated:
0;255;3;0;9;SHA256: 86DEAE1DAF50D577A4E2262B33ABF9DEE05DD8FAF84F94F50900000000000000 0;255;3;0;9;Transmittng nonce 0;255;3;0;9;Skipping security for command 3 type 17 0;255;3;0;9;send: 0-0-3-3 s=255,c=3,t=17,pt=6,l=25,sg=0,st=fail:86DEAE1DAF50D577A4E2262B33ABF9DEE05DD8FAF84F94F509and the generated nonce is not transmitted correctly (st=fail) due to some transport issue.
@Anticimex said:
@alexsh1 No, nonces are being generated:
Than I am out of guesses - I cannot explain why st=fail comes up.
FYG, I tried it without signing and it works just fine. No st=fail.
There must be something between signing and transportation or transportation after signing? -
@Anticimex said:
@alexsh1 No, nonces are being generated:
Than I am out of guesses - I cannot explain why st=fail comes up.
FYG, I tried it without signing and it works just fine. No st=fail.
There must be something between signing and transportation or transportation after signing?@alexsh1 like I said, signing is not in itself the problem. The problem is that big messages are failing. You can just try by generating big messages yourself and you will get the same problem. I know this by looking on what generates st=fail and it is the transport layer. Signing generates the data to be transmitted, and this data is printed and shown to be correct. Bigger messages require more reliable communications. Shorter messages has a better chance of being transmitted correctly. It is that simple. Many have reported the sake issue and have solved it by improving radio power decoupling, rearranging the sensor placement or improve the power supplies.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 like I said, signing is not in itself the problem. The problem is that big messages are failing. You can just try by generating big messages yourself and you will get the same problem. I know this by looking on what generates st=fail and it is the transport layer. Signing generates the data to be transmitted, and this data is printed and shown to be correct. Bigger messages require more reliable communications. Shorter messages has a better chance of being transmitted correctly. It is that simple. Many have reported the sake issue and have solved it by improving radio power decoupling, rearranging the sensor placement or improve the power supplies.
@Anticimex said:
Many have reported the sake issue and have solved it by improving radio power decoupling, rearranging the sensor placement or improve the power supplies.I tried
-
powering GW/Sensobender from a different source (battery, USB, PSU - 12V in case of GW, 5v in case of sensebender via LDO)
-
swapped a few radios. Most of these are from working nodes with caps soldered. Maybe I should try completely different ones from a different batch? I mixed up three batches with no improvement.
-
Tried to place GW and the sensebender 1m/5m/10m apart
-
GW radio is powered via the AMS1117 3.3v
So far it is the same result. Not sure I can come up with anything obvious unless you can suggest
-
-
@Anticimex said:
Many have reported the sake issue and have solved it by improving radio power decoupling, rearranging the sensor placement or improve the power supplies.I tried
-
powering GW/Sensobender from a different source (battery, USB, PSU - 12V in case of GW, 5v in case of sensebender via LDO)
-
swapped a few radios. Most of these are from working nodes with caps soldered. Maybe I should try completely different ones from a different batch? I mixed up three batches with no improvement.
-
Tried to place GW and the sensebender 1m/5m/10m apart
-
GW radio is powered via the AMS1117 3.3v
So far it is the same result. Not sure I can come up with anything obvious unless you can suggest
@alexsh1 sorry, I have not much else to suggest except experimenting with delays to see if the issue with failed transmissions at node startup can be avoided. I am no specialist on the radio. I'm the security guy and I see no wrong with the behaviour of those parts so I am short of any more useful suggestions I am afraid.
-
-
When did you last update the library (on the gw)? @Yveaux recently added a irq-based de-queuing from the radios FIFO. It could help on improving things.
Otherwise the only advice I have is to skip any amplified radio on gateway (if you have) and tweak powering of radio power on gw.
-
@alexsh1 sorry, I have not much else to suggest except experimenting with delays to see if the issue with failed transmissions at node startup can be avoided. I am no specialist on the radio. I'm the security guy and I see no wrong with the behaviour of those parts so I am short of any more useful suggestions I am afraid.
@Anticimex Well, at least we are fine on the security part :-)
I'll experiment more on the radio part when I have time - why there are only 24h in a day? (rhetorical question) -
@hek said:
When did you last update the library (on the gw)? @Yveaux recently added a irq-based de-queuing from the radios FIFO. It could help on improving things.
Otherwise the only advice I have is to skip any amplified radio on gateway (if you have) and tweak powering of radio power on gw.
@hek
I downloaded the dev on 26/05 so it is very recent.
I have normal radios both ends, but the idea is to have amplified one on the GW as well and change rf24_pa_max. Additionally, I'll try to mix as many radios as I can have. Who knows?To be honest, things were working OKish before as I took it seriously decoupling radios etc. This voodoo dance around radios really irritates me. Life is too short to waist it - I am now thinking seriously switching to RMF69W or probably to RFM95* (Lora)
-
@hek said:
When did you last update the library (on the gw)? @Yveaux recently added a irq-based de-queuing from the radios FIFO. It could help on improving things.
Otherwise the only advice I have is to skip any amplified radio on gateway (if you have) and tweak powering of radio power on gw.
@hek
I downloaded the dev on 26/05 so it is very recent.
I have normal radios both ends, but the idea is to have amplified one on the GW as well and change rf24_pa_max. Additionally, I'll try to mix as many radios as I can have. Who knows?To be honest, things were working OKish before as I took it seriously decoupling radios etc. This voodoo dance around radios really irritates me. Life is too short to waist it - I am now thinking seriously switching to RMF69W or probably to RFM95* (Lora)
@alexsh1 yesh i have bashed my head on rf24 stability myself and have decided to base my network on rfm69:s instead. Too much chatter @2.4ghz. I hope the 69:s have better range and they also have the bonus of AES encryption in hw if you want to obfuscate the communication some. Signing adds netter security, but the paranoid can combine signing with encryption :) (yes rf24 can use AES encryption in software, but that cost memory and some overhead instead)
-
Whatever I did, did not help to solve st=fail
When I disable signing I have got the following (not a signle st=fail):
Starting sensor (RNONA-, 2.0.0-beta) Radio init successful. Sensebender Micro FW 1.5 - Online! send: 3-3-0-0 s=255,c=3,t=11,pt=0,l=17,sg=0,st=ok:Sensebender Micro send: 3-3-0-0 s=255,c=3,t=12,pt=0,l=3,sg=0,st=ok:1.5 send: 3-3-0-0 s=1,c=0,t=6,pt=0,l=0,sg=0,st=ok: send: 3-3-0-0 s=2,c=0,t=7,pt=0,l=0,sg=0,st=ok: send: 3-3-0-0 s=3,c=0,t=13,pt=0,l=0,sg=0,st=ok: isMetric: 1 TempDiff :125.61 HumDiff :150.00 T: 25.61 H: 50 send: 3-3-0-0 s=1,c=1,t=0,pt=7,l=5,sg=0,st=ok:25.6 send: 3-3-0-0 s=2,c=1,t=1,pt=2,l=2,sg=0,st=ok:50 send: 3-3-0-0 s=3,c=1,t=38,pt=7,l=5,sg=0,st=ok:3.09 send: 3-3-0-0 s=255,c=3,t=0,pt=1,l=1,sg=0,st=ok:85I am going to try different channels now with signing
-
Whatever I did, did not help to solve st=fail
When I disable signing I have got the following (not a signle st=fail):
Starting sensor (RNONA-, 2.0.0-beta) Radio init successful. Sensebender Micro FW 1.5 - Online! send: 3-3-0-0 s=255,c=3,t=11,pt=0,l=17,sg=0,st=ok:Sensebender Micro send: 3-3-0-0 s=255,c=3,t=12,pt=0,l=3,sg=0,st=ok:1.5 send: 3-3-0-0 s=1,c=0,t=6,pt=0,l=0,sg=0,st=ok: send: 3-3-0-0 s=2,c=0,t=7,pt=0,l=0,sg=0,st=ok: send: 3-3-0-0 s=3,c=0,t=13,pt=0,l=0,sg=0,st=ok: isMetric: 1 TempDiff :125.61 HumDiff :150.00 T: 25.61 H: 50 send: 3-3-0-0 s=1,c=1,t=0,pt=7,l=5,sg=0,st=ok:25.6 send: 3-3-0-0 s=2,c=1,t=1,pt=2,l=2,sg=0,st=ok:50 send: 3-3-0-0 s=3,c=1,t=38,pt=7,l=5,sg=0,st=ok:3.09 send: 3-3-0-0 s=255,c=3,t=0,pt=1,l=1,sg=0,st=ok:85I am going to try different channels now with signing
@alexsh1 yes, without signing your messages are significantly shorter, and thus have a better chance of getting through. You can try experimenting with amplification as well.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alexsh1 yes, without signing your messages are significantly shorter, and thus have a better chance of getting through. You can try experimenting with amplification as well.
-
@Anticimex just a noob question: do you have an idea of the performance penalty of (software) signing? Any benchmark figures?
@Yveaux no, sorry have not got around to compare them. But software signing is actually quicker due to the single write bit banging for the atsha204a. One way to see the difference is measuring the delay for an ACK to come back from a node that require signed messages. I have no figures, but a node with software signing responds slightly faster.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@Yveaux no, sorry have not got around to compare them. But software signing is actually quicker due to the single write bit banging for the atsha204a. One way to see the difference is measuring the delay for an ACK to come back from a node that require signed messages. I have no figures, but a node with software signing responds slightly faster.
-
@Anticimex But is it significantly slower than without any signing?
@Yveaux yes. But I know that significant improvements can be made in the nonce whitening. It incrementally calculates a hash which is which is far less efficient than calculate the hash of a buffer. So there are room for improvements. I just wish there were more time, and now my arduinos are packed down so I wont be able to test. But volunteers are welcome, I can still code :)
-
@alexsh1 yes, without signing your messages are significantly shorter, and thus have a better chance of getting through. You can try experimenting with amplification as well.
@Anticimex said:
@alexsh1 yes, without signing your messages are significantly shorter, and thus have a better chance of getting through. You can try experimenting with amplification as well.
Do you think a message size has anything to do with st=fail?
