Electronics > Projects, Designs, and Technical Stuff

How do users connect IOT device to WiFi?

<< < (8/14) > >>

hamdi.tn:

--- Quote from: soldar on August 10, 2019, 01:05:23 pm ---
--- Quote from: Jeroen3 on August 10, 2019, 11:39:28 am --- The length and destination of the packet are not encrypted.
--- End quote ---

That does not answer my question. How is it done?

Suppose the device is sniffing the airwaves and it "sees" several WLANs. Now what? Let us suppose it decides to listen to the strongest one and it "sees" packets, long and short, coming and going, among a bunch of different devices. Now what?

The question is: How can it be done?
 

--- End quote ---

the device doesn't decide to listen to a particular AP based on the signal strength, it scan all available channel in sniffing mode. While i can't explain how it work in details, i can say it's based on the "CC3000 SmartConfig" by Texas Instrument, you may find more details by googling that instead of ESP-Touch

http://depletionregion.blogspot.com/2013/10/cc3000-smart-config-transmitting-ssid.html

Hamdi

soldar:

--- Quote from: hamdi.tn on August 11, 2019, 08:33:37 am --- the device doesn't decide to listen to a particular AP based on the signal strength, it scan all available channel in sniffing mode. While i can't explain how it work in details, i can say it's based on the "CC3000 SmartConfig" by Texas Instrument, you may find more details by googling that instead of ESP-Touch

http://depletionregion.blogspot.com/2013/10/cc3000-smart-config-transmitting-ssid.html

Hamdi
--- End quote ---

I had a look. Well, the information is being transmitted in the packet size. This is a serious vulnerability because any listener can gather the same information and get into the network.

I suppose additional security could be gained by encrypting the information but this is still not enough.

I suppose my remotely-controlled switch might use this system. 

NiHaoMike:

--- Quote from: soldar on August 11, 2019, 11:49:22 am ---I had a look. Well, the information is being transmitted in the packet size. This is a serious vulnerability because any listener can gather the same information and get into the network.

I suppose additional security could be gained by encrypting the information but this is still not enough.

--- End quote ---
Point the smartphone camera at a LED on the device and now you have a way to securely negotiate an encryption key.

djacobow:

--- Quote from: NiHaoMike on August 11, 2019, 02:00:21 pm ---
--- Quote from: soldar on August 11, 2019, 11:49:22 am ---I had a look. Well, the information is being transmitted in the packet size. This is a serious vulnerability because any listener can gather the same information and get into the network.

I suppose additional security could be gained by encrypting the information but this is still not enough.

--- End quote ---
Point the smartphone camera at a LED on the device and now you have a way to securely negotiate an encryption key.

--- End quote ---

This was discussed at the beginning of the thread. If you are going to do this, you don't need the AP mode at all.

It does bring up another problem I have with the AP approach. It is perhaps a simple thing to fill in an ssid and passphrase over a web form, but the complexity goes up if you want to relay a firmware update or a certificate. You can do it, of course, but now you're asking users to find those files, upload them etc. Look how good people are at updating the fw on their home routers, almost all of which work this way.

This issue is important to me because I want to build IOT devices that might be compatible with "the cloud" but are not at all dependent on it to be useful. For example, devices that interact with a small server inside the home. (The server then might relay messages outside the home if the user so wishes.)

Let's say you want these devices to make https transactions with that little home server. Well, they'll need a cert so they can trust the server. You can either preshare such a cert with all the devices and put the same private key on all the servers when you program then at the factory (ugh), or you can require that users get a domain name and real cert for their server (ugh), or you can self sign something on the server when you configure it and then relay the cert to the devices when you provision them.

Personally, I think the last case is most appropriate, but if you want to do it using the AP approach, you're looking at a bunch of manual steps that won't make much sense to Joe User. (An app will help here, though)

Which is to say that Intranet-confined, secure, easily configured IOT is very difficult under prevailing models that don't have some out-of-band way (optical, audio, usb, headphone jack, keypad+screen) for trusted device x to talk to new device y.

soldar:
It seems inevitable that ease of use and security are inversely proportional. If you want ease of use then security will be bad and if you want security then it will be a PITA.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod