1
Projects, Designs, and Technical Stuff / Re: Suggestions for secure authentication solution?
« Last post by mikeselectricstuff on Today at 11:45:40 am »So basically you want a preshared key to make sure only official devices can pair and the during pairing create a new key just for the local security?No, the key generation and sharing happens at the pairing process. prior to that, all hosts and nodes are "blank" and we don't need to care about them being "official"
Quote
How do you want to do the pairing? Button press on both devices?The pairing process happens in a secure environment, so the nodes (and a new host) can initially be 'blank'.
The pairing process would be to connect a node to the host, and press a button on the host. The host would generate and store a random key, transfer it to the node and store it there ( or vice versa - doesn't matter). This key transfer does not need to be protected.
From then on, only that node will provide a correct response to a random challenge from the host, so if the node was disconnected, or swapped with another node, this can be detected.
The requirement for the host to send a command to the node is a secondary requirement, and I think can probably be done by a reverse authentication initiated by the node.
Replay attacks are not an issue as the host will always issue a random challenge to the node.