My project switches devices on and off and is not necessarily logged onto a WiFi. So I thought esp-now is worth a try. For security reasons I need encryption so that no unauthorized sender can switch on/off my device. My understanding is that I need to register the possible receivers using
esp_now_add_peer(MAC1, ESP_NOW_ROLE_COMBO, CHANNEL, key, sizeof(key));
Now the problem is, I can still receive unencrypted messages, e.g. broadcast messages. And there is no way I can find out that they actually were unencrypted! So any attacker can easily forge messages that switch on and off my devices. How do I prevent that?
esp-now: How can I find out if a message is encrypted or not?
-
- Posts: 195
- Joined: Sat Apr 01, 2017 1:21 am
- Contact:
Re: esp-now: How can I find out if a message is encrypted or not?
Postby AgentSmithers » Thu Aug 20, 2020 11:33 am
Depending on what information you have, you can take the senders MAC and run it through a simple algorithm.
For instance, When sending a packet
Data+Auth
If the Auth package matches your algorithm then you can trust it, but only up until someone else finds it out but if you can keep that secret then your fine. When you receive a package from the sender you'll look at the Auth code after the data (or before), crunch the same algorithm which is essentially you key in this example and confirm that that value matches the sender's Mac and call it good. That way if someone sniffs that value they will have to spoof the mac at least or figure out the algorithm by hand(don't count on this unless they have clues), but if you're trying to prevent those two from happening then you're going to be chasing a tail at some point where you just can't do much more without adding other infrastructure in the mix.
For instance, When sending a packet
Data+Auth
If the Auth package matches your algorithm then you can trust it, but only up until someone else finds it out but if you can keep that secret then your fine. When you receive a package from the sender you'll look at the Auth code after the data (or before), crunch the same algorithm which is essentially you key in this example and confirm that that value matches the sender's Mac and call it good. That way if someone sniffs that value they will have to spoof the mac at least or figure out the algorithm by hand(don't count on this unless they have clues), but if you're trying to prevent those two from happening then you're going to be chasing a tail at some point where you just can't do much more without adding other infrastructure in the mix.
Who is online
Users browsing this forum: No registered users and 252 guests
Login
Newbies Start Here
Are you new to ESP8266?
Unsure what to do?
Dunno where to start?
Start right here!
Latest SDK
Documentation
Complete listing of the official ESP8266 related documentation release by ESPRESSIF!
Must read here!
- All times are UTC+08:00
- Top
- Delete all board cookies
About Us
Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications. We are the manufacturer of ESP8266EX.