Advanced > Security

Security of comms to server questions

(1/2) > >>

samyoue:
Hi all, I've been asked by a big potential client "what protocol/type of message is sent to the exterior vera server."

I've searched and searched and can only find scraps of info which I'm not sure answer my clients concerns. Somewhere I read that Vera uses SSL encryption but is this from phone/desktop to server or Vera controller to server?

I also read that it uses MMS authentication (of which I could find very little info online) from UI6 upwards but again is this from client to server or controller to server?

On top of the encryption method, is there a particular type of message the Vera is sending to the server? ie PHP data or HTML info (I dont have a clue on this bit)

to clarify I'm a hobbyist programmer with a little DIY experience in JavaScript and Lua and my client asking the questions is an IT Project Manager... The Vera is a small but critical component of this project and my lack of knowledge of the deeper details is stalling the whole thing so please help me ASAP!!!

Thank you very much

Sam

Edit: If it makes a difference it will be a Vera Plus running UI7

RichardTSchaefer:
See:
http://forum.micasaverde.com/index.php/topic,24942.msg174468.html#msg174468

This is used by all mobile apps for remote access since UI6.

There is a simple interface for LAN access to Vera.
To view the interaction between the client and Vera (LAN Access) or the client and Vera remote servers (Remote access)
1) Use Chrome to display the Vera control panel.
2) Right mouse button in the Vera window ... and select Inspect
3) Select the Network tab.
4) Interact with Vera web page, and see the messages/responses to/from Vera/Remote Servers.


samyoue:
OK thanks for the link, so is my understanding of the remote access connection flow correct?

Vera Plus > (no encryption but read only? ie reads requests left at relay server) > MCV Relay server > (using MMS encryption) > MCV Device server > (using MMS encryption) > MCV Authentication Server > (using SHA1 encryption) > External computer accessing Vera

Thanks for your assistance on the matter

Sam

PS I tried the network monitor and found it to be very interesting but the only security info I could see/understand was on the login page it said secured using TLS1.2 encryption but I'm not sure where this goes in my Network diagram...? Is it just alternative wording for SHA1?

kigmatzomat:
TLS 1.2 is an evolution of ssl. It replaces SHA1 with SHA256 everywhere by default except message authentication hashes, although it is possible to specify alternates, like rsa or different Hellman. You'd have to watch the initial negotiation process to see the specific cipher suite in use.

https://en.m.wikipedia.org/wiki/Transport_Layer_Security
https://en.m.wikipedia.org/wiki/Cipher_suite

What gets sent to the server depends on UI version. In general event logs and system backups go to the vera cloud. Ui7 also includes some camera video storage.

If you wanted to sever the vera from the net, you could put it on an isolated network segment with no external access behind a VPN server to allow remote access, but then you lose things like weather-driven apps and notifications.

samyoue:
Ok thats great so the flow should be :

Vera Plus > (no encryption but read only? ie reads requests left at relay server) > MCV Relay server > (using MMS encryption) > MCV Device server > (using MMS encryption) > MCV Authentication Server > (using TLS 1. 2 encryption) > External computer accessing Vera

?

Thanks,

Sam

Navigation

[0] Message Index

[#] Next page

Go to full version