π¬ Sensebender Gateway
-
@alexsh1
woops, yes i made it but forgot the upload. it's now uploaded here https://www.mysensors.org/hardware/sensebender-gateway#design-filesEnjoy :)
@scalz Can somebody edit the descriptive text for this Gateway. Under 'Secure IiT Radio Network' is quoted 'Hope RF RFM69HCW' whereas under 'Setup and use' is correctly quoted RFM69(H)W.
Guess who had ordered the incorrect 'CW' module for this Gateway.... -
@scalz Can somebody edit the descriptive text for this Gateway. Under 'Secure IiT Radio Network' is quoted 'Hope RF RFM69HCW' whereas under 'Setup and use' is correctly quoted RFM69(H)W.
Guess who had ordered the incorrect 'CW' module for this Gateway.... -
Is it really correct that orange, green and red led should light constantly when powered on. On some activity from the sensors the leds blink, but goes to full constant light directly.
An other thing, inclusion button. In sketch this is commented out, should it?
// Digital pin used for inclusion mode button //#define MY_INCLUSION_MODE_BUTTON_PIN 3For me it is like GW is in constant inclusion mode. Gateway seams to work, it shows up in controller, and as soon as a sensor is powered up, it automatically also appears in controller... feels very unsecure. Just give power to a random sensor and it is in my controller.
-
@Magnus-Pernemark
You can reverse the led behaviour by defining:
#define MY_WITH_LEDS_BLINKING_INVERSEPresentation messages is always forwarded to controller. Inclusion mode must be implemented/supported by the controller for it to work.
-
@hek Thanks, I'll try that. The controller is Domoticz. Does Domoticz have a flaw when it comes to inclusion? (I guess it must have, since any random sensor gets included automatically).
@Magnus-Pernemark I am not sure domoticz support inclusion at all.
-
@hek Thanks, I'll try that. The controller is Domoticz. Does Domoticz have a flaw when it comes to inclusion? (I guess it must have, since any random sensor gets included automatically).
-
@Magnus-Pernemark inclusion mode is not for Domoticz but for Vera. For Domoticz if you want to secure your sensors you need to use signing between the sensors and the GW and reject any sensor without signing
@alexsh1 Feels like this could be changed, so inclusion also would work for domoticz. A also have a z-wave module hooked up to domoticz and for the z-wave there is inclusion. Just have to find the right person for it :)
Yes the signing. I have tried. I want everything on the mysensors network to use signing, I have enabled the MY_SIGNING_ATSHA204, all sensors have the same keys in the chip. Is it using the signing if I have done this? I will try and hook up a sensor without the correct keys and see what happens. Just have to solder it first.
-
@alexsh1 Feels like this could be changed, so inclusion also would work for domoticz. A also have a z-wave module hooked up to domoticz and for the z-wave there is inclusion. Just have to find the right person for it :)
Yes the signing. I have tried. I want everything on the mysensors network to use signing, I have enabled the MY_SIGNING_ATSHA204, all sensors have the same keys in the chip. Is it using the signing if I have done this? I will try and hook up a sensor without the correct keys and see what happens. Just have to solder it first.
@Magnus-Pernemark there is quite extensive documentation on how to use signing. I presume you have read it? It's on the homepage (and the forum). You need to enable a signing backend and you need to enable requirement for signatures if your node is to require it (signing does not have to go both ways).
So no, if you have only personalized your atsha devices and enabled the atsha backend, it does not mean signing is enabled unless you on at least one node or gw have enabled MY_SIGNING_REQUEST_SIGNARURES.Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@Magnus-Pernemark there is quite extensive documentation on how to use signing. I presume you have read it? It's on the homepage (and the forum). You need to enable a signing backend and you need to enable requirement for signatures if your node is to require it (signing does not have to go both ways).
So no, if you have only personalized your atsha devices and enabled the atsha backend, it does not mean signing is enabled unless you on at least one node or gw have enabled MY_SIGNING_REQUEST_SIGNARURES.@Anticimex Thanks. Yes I have read it and read it and read it... doesn't mean I understand it or know what to do, unfortunately. At this point I am only using the standard examples, the standard GWserial and standard sensebender micro sketch. Without modifications, except for the MY_SIGNING_ATSHA204.
It is so much to go through. -
@Anticimex Thanks. Yes I have read it and read it and read it... doesn't mean I understand it or know what to do, unfortunately. At this point I am only using the standard examples, the standard GWserial and standard sensebender micro sketch. Without modifications, except for the MY_SIGNING_ATSHA204.
It is so much to go through.@Magnus-Pernemark then you support signing, but you don't use it.
There are several examples in the documentation which in code showes exactly what you need to define for various use cases. -
@alexsh1 Feels like this could be changed, so inclusion also would work for domoticz. A also have a z-wave module hooked up to domoticz and for the z-wave there is inclusion. Just have to find the right person for it :)
Yes the signing. I have tried. I want everything on the mysensors network to use signing, I have enabled the MY_SIGNING_ATSHA204, all sensors have the same keys in the chip. Is it using the signing if I have done this? I will try and hook up a sensor without the correct keys and see what happens. Just have to solder it first.
@Magnus-Pernemark said in π¬ Sensebender Gateway:
@alexsh1 Feels like this could be changed, so inclusion also would work for domoticz. A also have a z-wave module hooked up to domoticz and for the z-wave there is inclusion. Just have to find the right person for it :)
z-wave in Domoticz is based on OpenZWave and z-wave protocol does require inclusion / exclusion. MySensors are natively supported by Domoticz and personally I do not see why inclusion/exclusion should be there. If you want security, please use signing.
-
@Magnus-Pernemark
You can disable domoticz automatic inclusion of new devices on the mysensors network, somewhere in the settings..
@tbowmo Ah, found a setting ""Accept new hardware/sensors" and a button for "allow for 5 minutes" that could be used as a global "include"-button
@alexsh1 well, maybe, maybe not. Don't know if I agree about not having an inclusion. Almost every device you buy you have to "pair" with something. Anyway, for now disable "allow new hardware/sensors" will do.
@Anticimex I will re-read everything and test stuff now when I have a GW and two nodes to play with.
A quick question - Is it possible to have the gateway to allow soft signing for some nodes (those without a ATSHA) and hardware signing for those with and reject everything else?I found this sentence:
It is legal to mix MySigningAtsha204 and MySigningAtsha204Soft backends in a network. They work together.The word backend is in plural, does it mean I need one GW with ATSHA and another with soft signing?
-
@tbowmo Ah, found a setting ""Accept new hardware/sensors" and a button for "allow for 5 minutes" that could be used as a global "include"-button
@alexsh1 well, maybe, maybe not. Don't know if I agree about not having an inclusion. Almost every device you buy you have to "pair" with something. Anyway, for now disable "allow new hardware/sensors" will do.
@Anticimex I will re-read everything and test stuff now when I have a GW and two nodes to play with.
A quick question - Is it possible to have the gateway to allow soft signing for some nodes (those without a ATSHA) and hardware signing for those with and reject everything else?I found this sentence:
It is legal to mix MySigningAtsha204 and MySigningAtsha204Soft backends in a network. They work together.The word backend is in plural, does it mean I need one GW with ATSHA and another with soft signing?
@Magnus-Pernemark it means literally what it says. You can mix nodes. They are fully compatible. You can have a gw with a atsha204a device using atsha backend communicating securely with a node using soft signing. Or have a node with atsha204a device and atsha backend communicate with a gw with soft signing. You could even have a node or gw with atsha204a device configured for soft signing (although that is a waste since you have hw backed support in that case which is more secure since the hmac key is readout protected). The ONLY compatibility requirement between ANY node or gw in a network is that they MUST share the same HMAC key. That's it.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@Magnus-Pernemark it means literally what it says. You can mix nodes. They are fully compatible. You can have a gw with a atsha204a device using atsha backend communicating securely with a node using soft signing. Or have a node with atsha204a device and atsha backend communicate with a gw with soft signing. You could even have a node or gw with atsha204a device configured for soft signing (although that is a waste since you have hw backed support in that case which is more secure since the hmac key is readout protected). The ONLY compatibility requirement between ANY node or gw in a network is that they MUST share the same HMAC key. That's it.
@Anticimex Thanks again. So, really, to have hardware and software at the same time exposes the hardware key in the nodes that have soft signing, since all nodes need same HMAC, regardless of HW or SW.
I enabled MY_SIGNING_ATSHA204 and MY_SIGNING_REQUEST_SIGNATURES in the gateway
What I understand, this should activate signing (https://www.mysensors.org/about/signing and the "How to use this" part)I then took a bender with the same ATSHA keys, but without "MY_SIGNING_ATSHA204". It showed up in MYSController and reported temp. I changed the key in ATSHA to something other then the GW, it still shows up and reports the temp. So, clearly there must be something else to change as well?
I read this in the documentation: "If this [MY_SIGNING_REQUEST_SIGNATURES] is set in a gateway, it will NOT force all nodes to sign messages to it. It will only require signatures from nodes that in turn require signatures."
I intemperate this as, the gateway will require signatures, if the node says so, but it will talk to nodes that don't require signing too.All sketches are the default example sketches, except for the setting of the MY_SIGNING...
Maybe I am over-shooting the target? What I'm after is: my devices are mine alone and they should only report to me. My receiver (GW) should only listen to my devices and ignore the neighbor's devices. The neighbor should not be able to talk to my devices.
-
@Anticimex Thanks again. So, really, to have hardware and software at the same time exposes the hardware key in the nodes that have soft signing, since all nodes need same HMAC, regardless of HW or SW.
I enabled MY_SIGNING_ATSHA204 and MY_SIGNING_REQUEST_SIGNATURES in the gateway
What I understand, this should activate signing (https://www.mysensors.org/about/signing and the "How to use this" part)I then took a bender with the same ATSHA keys, but without "MY_SIGNING_ATSHA204". It showed up in MYSController and reported temp. I changed the key in ATSHA to something other then the GW, it still shows up and reports the temp. So, clearly there must be something else to change as well?
I read this in the documentation: "If this [MY_SIGNING_REQUEST_SIGNATURES] is set in a gateway, it will NOT force all nodes to sign messages to it. It will only require signatures from nodes that in turn require signatures."
I intemperate this as, the gateway will require signatures, if the node says so, but it will talk to nodes that don't require signing too.All sketches are the default example sketches, except for the setting of the MY_SIGNING...
Maybe I am over-shooting the target? What I'm after is: my devices are mine alone and they should only report to me. My receiver (GW) should only listen to my devices and ignore the neighbor's devices. The neighbor should not be able to talk to my devices.
@Magnus-Pernemark if you are on master, yes, then a node has to require signing to make the GW require it. On development (beta) gw will require signatures from everyone if it is set to require signatures (unless a specific flag is set).
Doxygen holds the the current documentation for master and development. -
@Anticimex Thanks again. So, really, to have hardware and software at the same time exposes the hardware key in the nodes that have soft signing, since all nodes need same HMAC, regardless of HW or SW.
I enabled MY_SIGNING_ATSHA204 and MY_SIGNING_REQUEST_SIGNATURES in the gateway
What I understand, this should activate signing (https://www.mysensors.org/about/signing and the "How to use this" part)I then took a bender with the same ATSHA keys, but without "MY_SIGNING_ATSHA204". It showed up in MYSController and reported temp. I changed the key in ATSHA to something other then the GW, it still shows up and reports the temp. So, clearly there must be something else to change as well?
I read this in the documentation: "If this [MY_SIGNING_REQUEST_SIGNATURES] is set in a gateway, it will NOT force all nodes to sign messages to it. It will only require signatures from nodes that in turn require signatures."
I intemperate this as, the gateway will require signatures, if the node says so, but it will talk to nodes that don't require signing too.All sketches are the default example sketches, except for the setting of the MY_SIGNING...
Maybe I am over-shooting the target? What I'm after is: my devices are mine alone and they should only report to me. My receiver (GW) should only listen to my devices and ignore the neighbor's devices. The neighbor should not be able to talk to my devices.
-
@Magnus-Pernemark if you are on master, yes, then a node has to require signing to make the GW require it. On development (beta) gw will require signatures from everyone if it is set to require signatures (unless a specific flag is set).
Doxygen holds the the current documentation for master and development.And yes, if you have nodes "exposed" you should make sure those are using atsha204a backed signing if you are afraid they might get physically abused.
-
@Magnus-Pernemark I would suggest you move the signing discussion into a corresponding thread. Other people may benefit reading what you have gone through π
@alexsh1 @Magnus-Pernemark indeed. There is a long running one here: https://forum.mysensors.org/topic/1021/security-introducing-signing-support-to-mysensors/
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
