15

I'm planning to use a simple light switch, that is placed on the wall. The switch gets power from the battery or piezo and sends unique sequences of data (on on- and on off-events) over 433 MHz to the receiver, that is connected to my SmartHome-RaspberryPI.

Since I'm living on the ground floor I have some considerations about the security. Someone could record and replay unique sequences, that the switch sends.

Is it possible to improve the security using hardware or software?

Improve this question
7
  • 2
    You should investigate how this is done with (car) key fobs. security.stackexchange.com/questions/43050/…
    – goldilocks
    Commented Dec 6, 2016 at 18:31
  • @delicateLatticeworkFever But beware that many car keys are insecure.
    – Gilles 'SO- stop being evil'
    Commented Dec 7, 2016 at 0:59
  • I understand security, but not radio. What does your setup mean in terms of bandwidth and computational power? I.e. how many bits can you send in each direction for an on/off event, how many clock cycles can the switch and the light reasonably use, and how much memory and storage does each side have?
    – Gilles 'SO- stop being evil'
    Commented Dec 7, 2016 at 1:01
  • @Gilles I don't doubt it (I think that link says as much). I guess my point was if there is a cutting edge security wise, that's probably the direction to look in. WRT bandwidth I think it is probably hard to get more than 1-2 kbps reliably, which is why security is with them is intriguing -- likely no asymmetric encryption schemes here!
    – goldilocks
    Commented Dec 7, 2016 at 3:49
  • 1
    What exactly is someone going to accomplish by controlling your lights without authorization, other than mildly annoying you and announcing their presence? If they're close enough to receive your transmissions, they can probably watch you come and go.
    – Chris Stratton
    Commented Jun 12, 2017 at 19:05

4 Answers 4

Reset to default
10

Yes, you can significantly improve the security of pretty much any low level protocol using software - but any home-brew solution is always likely to have some flaws.

You need to consider at least 3 attack possibilities.

  1. Denial of service. Maybe there is a fall-back mode of operation you want to use if the radio channel is blocked. You might also be able to filter out unusual behaviour aimed at wearing out the hardware.

  2. Rogue messages. A simple static message is trivially recorded and replayed, but rolling codes and encryption can help to miticate the risk here.

  3. Messages may leak information which you would rather keep secret. Both the presence of the message, and the information content may leak. Padding and dummy messages would mitigate here.

Improve this answer
7

I think something to consider is the following: Can someone send information over the 433 MHz freq to the Raspberry Pi? What information can be sent? Is there a vulnerability in the application that translates messages between the Pi OS and the light switch? Basically, does the 433 MHz receiver give an attacker a foothold into the rest of your network? I can't answer these questions for you without a full blown vulnerability analysis on your set up, but anyone dealing with IoT security needs to be thinking this way rather than "big deal if they can turn on the light". The attacker doesn't want to turn your lights on or off. The attacker wants to pivot to the rest of your network.

Improve this answer
5

If you have control over the device that transmits the signal, you could try sending an additional validation sequence. This sequence can tell the software that receives the data what rules it should use in decrypting the signal. So, the actual data (on/off) could be dynamically encrypted, while the validation can be decrypted using a special key that only the hardware and software know.

This is similar to hash-based authorization.

However, I think it's important to look realistically at IoT devices.

Personally, if someone is going through the trouble of monitoring/filtering the frequency of my light switch, I'd let them have at it.

We encounter breaches like this everywhere we go this day in age. The real question always deals with "How much am I willing to pay for this?". When you accept cookies to a website so you don't have to sign-in anymore, you're accepting the risk of a security breach because you feel you get more out of the risk than you would endure in consequences.

Improve this answer
1
  • Indeed, if they're close enough to pick up a weak 433 MHz remote transmission, they may also be close enough to see light leaking around the curtains, or watch you come and go from the property. Turning someone's lights on and off without authorization is a rather pointless form of attack - it would typical causes nuisance and only in rare situations harm, but it would alert the victim that the attacker is there and has the capability, which is likely to prompt technical or legal remedies... or unplugging the IoT system.
    – Chris Stratton
    Commented Jun 12, 2017 at 19:03
1

Use rolling code, similar to what garage doors use now. Here is an open source example.

Improve this answer
1
  • 2
    There's no need to remove the link in your post, @GusGorman402; hardilib is suggesting that you should expand your answer and include a quote of the most relevant sections for reference. We discourage answers that are just links elsewhere with no other information whatsoever, so if you have any other experience with rolling codes (e.g. why they're appropriate here, how you might choose to implement it), that would help to make this a great answer.
    – Aurora0001
    Commented Dec 23, 2017 at 9:10

Not the answer you're looking for? Browse other questions tagged or ask your own question.