Clarifications on MY_SIGNING_WEAK_SECURITY



  • Good morning!! I wanted to ask some information, I'm starting to build some nodes, made up of Arduino Pro Mini 5v and as radio NRF24L01, and I'm starting to insert a bit of security !! Since I have noticed that without the network and very exposed, in fact it is enough another system that is the same close that commands everything in practice.
    So I proceeded, at least to change the default radio channel and introduce the Soft Signature.
    Now I would like to know, the signature I have to introduce by force for all nodes, or I can use it only for those nodes that I consider most sensitive (such as lights, gate) and leave without the nodes, which for example send only temperature values, and then I think of minor importance ?????

    This entering the code: "#define MY_SIGNING_WEAK_SECURITY"

    However, since I read: https://www.mysensors.org/apidocs-beta/group__SigningSettingGrpPub.html#gaf44407e0f498eca7069adf5e59ffe052

    Doing this involves a significant weakening of the protection !!

    So how do you use nodes with Firma and nodes without Signature ??

    I hope I managed to explain my doubts well .... Thanks to those who can help me .....


  • Contest Winner

    @sindrome73 that flag also allows nodes to tell the GW they no longer require signatures, so it is theoretically possible to disable the signing on existing nodes. Hence the warning on weak security. It is primarily intended for testing and bringing up signing in a network gradually before enabling it globally.


  • Mod

    @sindrome73 said in Clarifications on MY_SIGNING_WEAK_SECURITY:

    MY_SIGNING_WEAK_SECURITY

    This will allow clients without signatures to be able to connect to GW and it will lower the security level a bit, but imho if you have signature on the important nodes and also enabled encryption you still have a reasonable security level.


  • Contest Winner

    @gohan read my post above please.


  • Mod

    I did, but I was writing mine and noticed it afterwards


  • Contest Winner

    @gohan ah 🙂 well you are right to some extent but existing encryption is weak and should not be trusted as garant for signing. And encryption is global.


  • Contest Winner

    I'd recommend two gateways if secure and insecure nodes are needed. One network is signed (globally) and the other is not, or "weak".


  • Mod

    sure using the weak security is a way to gradually update all nodes and also using 2 gateways is also a viable solution.



  • I believe that the use of two gateways, and therefore 2 networks, is perhaps the most correct solution !! A secure network with a signature and a slightly leaner network with all the other Sensors .....
    And a right solution !!

    Further information !!
    Using #define MY_SIGNING_REQUEST_SIGNATURES only in the nodes and not in the Gateway, could it be a way to introduce the signature only between some nodes ???
    Without incurring a degradation of security ??
    It's correct?? Or is it a wrong thing ????


  • Contest Winner

    @sindrome73 if the GW isn't requesting signatures at all, security is not really present as the GW is the network hub. If you are prepared to use two gw:s/networks, that is the best solution if you need nodes that don't or can't use signing.



  • I had thought of an alternative because however the signature requires much more memory of the script, and much more substantial communications !! That's why I wanted to somehow use nodes with signature and nodes without signature !!
    But from what I understood, the only node to have a secure network and to have all the nodes with the signature in the network .....

    Thanks anyway for the idea of a double network ......


  • Contest Winner

    @sindrome73 security is a quite relative thing so it is also a matter of how far you are prepared to compromise. Having a gw with weak security still require a deliberate attack. But anyone that knows what protocol you use and has some basic programming skill might be able to mess with you. The do really need to want to mess with you though. It won't happen by accident.


  • Contest Winner

    We will address the communications overhead for security 3.0 but it will not be completely eliminated. Some handshaking will always be needed but there will be a ttl counter so one established token can be reused for a limited time/uses. Keep a look out on github if you want to follow the development for this. There will soon be tickets for the various features planned.
    Users are welcome to provide constructive feedback to these tickets, but the core team reserve the right of deciding 😉


 

Suggested Topics

306
Online

7.6k
Users

8.5k
Topics

91.3k
Posts