Author Topic: LWMESH Security  (Read 4347 times)

0 Members and 1 Guest are viewing this topic.

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
LWMESH Security
« on: January 04, 2019, 07:15:25 am »
hello, i want to implement a security to my LwMesh.. i'm using 1.2.1 version.. how to implement the security feature to the stack?
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #1 on: January 04, 2019, 07:28:45 am »
If you want security that is included with the stack, then just enable NWK_ENABLE_SECURITY option in the configuration file. You also need to set security mode SYS_SECURITY_MODE.

Then your application needs to set the same encryption key on all devices using NWK_SetSecurityKey() function.

This is pretty well described in the documentation. What specific problems do you have?
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #2 on: January 07, 2019, 05:40:25 am »
What specific problems do you have?

How to check the Security feature is activated ? i'm enabled the NWK_ENABLE_SECURITY,SYS_SECURITY_MODE features and NWK_SetSecurityKey().. How  to check the security?
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #3 on: January 07, 2019, 05:42:28 am »
One way would be to look in the sniffer. You should not see plain text data.

Anther indirect way is to set different keys on two nodes and check that they don't communicate.

And remember to request encryption in your data requests.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #4 on: January 07, 2019, 07:10:37 am »

Anther indirect way is to set different keys on two nodes and check that they don't communicate.

i have checked with and still they are communicating... what this mean?
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #5 on: January 07, 2019, 07:15:50 am »
Do you set a security flag in the data request?
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #6 on: January 07, 2019, 09:02:43 am »
Do you set a security flag in the data request?
do you mean #define APP_SECURITY_KEY?
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #7 on: January 07, 2019, 09:05:14 am »
No, I mean NWK_OPT_ENABLE_SECURITY in the "options" field of the NWK_DataReq_t structure you use to send the data.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #8 on: January 07, 2019, 09:06:32 am »
No, I mean NWK_OPT_ENABLE_SECURITY in the "options" field of the NWK_DataReq_t structure you use to send the data.
yes...
  appNwkDataReq.options = NWK_OPT_ACK_REQUEST | NWK_OPT_ENABLE_SECURITY;
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #9 on: January 07, 2019, 09:08:36 am »
I would need to see the project to tell what may be wrong in that case.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #10 on: January 07, 2019, 09:16:00 am »
I would need to see the project to tell what may be wrong in that case.
i'm attaching the configuration file and Wsndemo.c files
WSNDemo_C.c is the coordinator file and WSNDemo_R.c is for router
« Last Edit: January 07, 2019, 09:23:52 am by Peili »
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #11 on: January 07, 2019, 09:20:14 am »
Where and how do you configure APP_SECURITY_KEY?

Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #12 on: January 07, 2019, 09:24:37 am »
Where and how do you configure APP_SECURITY_KEY?


in the config.h file... i commented it to check whether it's working...
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #13 on: January 07, 2019, 09:26:19 am »
So with this code, you set different keys on both sides and you get the data transferred correctly?
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #14 on: January 07, 2019, 09:27:38 am »
So with this code, you set different keys on both sides and you get the data transferred correctly?
yes.... first i set the
#define APP_SECURITY_KEY        "TestSecurityKey0" and then
#define APP_SECURITY_KEY        "Key0"
but they are communicating
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #15 on: January 07, 2019, 09:31:01 am »
The key must be 16 bytes long. Please read the documentation.

Can you explain your test procedure step by step including all the changes, recompilations, device programmings, etc. Since I feel like you are doing something wrong.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #16 on: January 09, 2019, 03:12:20 am »
The key must be 16 bytes long. Please read the documentation.
I have checked with the 16 byte key... now they are not communicating..if i enable #define NWK_ENABLE_SECURITY in Coordinator and doesn't in router, they will communicate.. but enabled in both they are not....
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #17 on: January 09, 2019, 03:16:50 am »
If security is requested in the data request, but is not enabled in the stack configuration, then the flag in the request will be ignored and the data will be sent in plain text. And device that has security enabled can always receive plain text data in addition to the encrypted data, of course.

In the NWK_DataInd_t structure there is a flag that tells whether data was received encrypted or not.

But something else was wrong with your previous test anyway. It does not matter that the key was short, some leftover garbage was used as the remainder of the key. If the keys were different on both devices, they should not have been able to communicate.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #18 on: January 09, 2019, 03:18:37 am »
Can you explain your test procedure step by step including all the changes, recompilations, device programmings, etc. Since I feel like you are doing something wrong.

we have one coordinator and one router.. i have some level sensors which send level to uart and we have to publish it.. i'm checking  there is some special characters in the data , if true it's write to uart....
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #19 on: January 09, 2019, 03:20:28 am »
That is not what I was asking for. I was asking for the testing steps, like this:
1. Take the first board
2. Set this the key to this value
3. Compile application
4. Program the device
5. Take the second board
etc.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #20 on: January 09, 2019, 03:27:45 am »
That is not what I was asking for. I was asking for the testing steps, like this:
1. Take the first board
2. Set this the key to this value
3. Compile application
4. Program the device
5. Take the second board
etc.
first i took one board to configure as coordinator.. enabled #define NWK_ENABLE_SECURITY and set the key as TestSecurityKey0 and #define APP_ADDR as 0x0000..
 and compile the application and program it via atmel studio...
 then change the #define APP_ADDR as 0x1002 and compile the application ..
then program the second board as a router via Atmel studio using AVR dragon....
placed the second board in level sensor and coornator in my PC and open terminal to check the communication
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #21 on: January 09, 2019, 03:29:02 am »
Ok, this is testing with the same key. So they should communicate.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #22 on: January 09, 2019, 04:02:40 am »
Ok, this is testing with the same key. So they should communicate.
no they are not  communicating...i tried with out enabling the #define NWK_ENABLE_SECURITY in the second board it's communicating
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: LWMESH Security
« Reply #23 on: January 09, 2019, 04:16:40 am »
First of all, please capitalize your sentences. I'm not going to put any effort into my posts, if you don't put any effort into yours.

I'm also not going to be pulling formation from you. It is up to you to explain things as specifically as possible.

no they are not  communicating...
Why was not this mentioned in the description of the situation?

I'm completely lost in what you are doing. Start debugging. Put a debugger in a sending node and check that the outgoing frame is encrypted. Then out a debugger in the receiving node and check why incoming frame is getting rejected.
Alex
 

Offline PeiliTopic starter

  • Regular Contributor
  • *
  • Posts: 108
  • Country: in
Re: LWMESH Security
« Reply #24 on: January 09, 2019, 07:02:11 am »

no they are not  communicating...
Why was not this mentioned in the description of the situation?
The key must be 16 bytes long. Please read the documentation.
I have checked with the 16 byte key... now they are not communicating..if i enable #define NWK_ENABLE_SECURITY in Coordinator and doesn't in router, they will communicate.. but enabled in both they are not....



i mentioned it
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf