Author Topic: z-wave protocol security  (Read 11942 times)

Offline utz

  • Sr. Member
  • ****
  • Posts: 274
  • Karma: +0/-0
z-wave protocol security
« on: February 15, 2012, 11:50:43 am »
What are the security features of the z-wave protocol?

- Is there a network key generated that nodes use to encrypt/authenticate messages?
- Is there only a network ID to identify/separate specific networks?
- I understand newer z-wave chips understand security (version 4). Which one is vera using? Which one are my devices in the house using? Can we have mixed networks (some devices using encryption/authentication and others not)?

Maybe someone knows or can point me to literature.

As it looks to me at moment messages are not secured. Messages belonging to a network are identified by a simple code transmitted in the message. This is bad in one way as an attacker may just inject false messages into my network. On the other hand that means one could create a transceiver/device from scratch without buying a z-wave development kit.
 


Offline garrettwp

  • Master Member
  • *******
  • Posts: 6371
  • Karma: +227/-128
  • Vera 3, Lite, ISY994
Re: z-wave protocol security
« Reply #1 on: February 15, 2012, 11:53:15 am »
The only devices that I know that uses encryption / security are locks. The locks exchange a key when being paired and only that controller with the proper key can communicate with the lock.

- Garrett

Offline Ap15e

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 1998
  • Karma: +12/-0
Re: z-wave protocol security
« Reply #2 on: February 15, 2012, 12:40:21 pm »
mtf is going to implement such a transceiver device:
http://forum.micasaverde.com/index.php/topic,9231.0.html

Offline utz

  • Sr. Member
  • ****
  • Posts: 274
  • Karma: +0/-0
Re: z-wave protocol security
« Reply #3 on: February 16, 2012, 04:58:04 am »
@Ap15e

that is interesting but as far as I can see it is about injecting messages into the network at the vera end (using the vera hardware). But there is some protocol description. 

I was thinking of building my own z-wave devices. I could get a z-wave development kit for 300$ which gives you I think 15 transceivers. Problem would then be that you need the development environment (keil compilers and stuff) which costs thousands. However, if z-wave does not have security employed (at least what I see is that mixed operation is possible having devices that encrypt and others that do not) one could build a device completely from scratch. For example, it should be possible to build a board with an msp430 processor and a transceiver that uses the same properties as z-wave devices (modulation, speed, ...). I assume that z-wave uses off-the-shelf transceivers and does not employ their own strange modulation scheme. Then you could build all sorts of devices around such board (for example a board with a large number of relays, or a display, or ...). This would require to know the z-wave protocol spec (physical and mac layer) and I think that is not public available. So, one would need to reverse engineer the protocol (which has legal implications; depends on the country). But I think it would be nice to have an "open z-wave board" so one would not have to wait for device manufacturers, one could build hardware for specific cases (like the automated cat flap I want to have).

Going back to security. Is there any documentation on z-wave security and how its implemented? Any description on how vera handles it? Seems the locks do security, is there any description of how? 

Offline Ap15e

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 1998
  • Karma: +12/-0
Re: z-wave protocol security
« Reply #4 on: February 16, 2012, 07:07:42 am »
Quote
I was thinking of building my own z-wave devices.

Sounds like a major reengineering task that may be more expensive than buying the dev kit, the tools, the Z-Wave devices, ...

Some parts are out there:
http://code.google.com/p/open-zwave/
http://forum.micasaverde.com/index.php/topic,8609.msg61612.html#msg61612


Z-Wave security model:
http://rongjun21600.blogspot.com/2008/06/z-wave-security-model.html
http://code.google.com/p/open-zwave/source/browse/branches/2012-01-13_security/cpp/src/command_classes/Security.cpp?spec=svn381&r=381

Offline utz

  • Sr. Member
  • ****
  • Posts: 274
  • Karma: +0/-0
Re: z-wave protocol security
« Reply #5 on: February 16, 2012, 05:20:34 pm »
Quote
I was thinking of building my own z-wave devices.
Sounds like a major reengineering task that may be more expensive than buying the dev kit, the tools, the Z-Wave devices, ...

Looking at it the development environment is in the order of 5k$ (mainly the compiler). A bit too much for an evening project at home (not too much for commercial work). So, I think I will take some cheap transceivers (TI cc1110 or so) and see if I manage to receive some packets on the z-wave network. Maybe its possible. The open-zwave seems useful to build the logic on top of a working transceiver. 

Thanks for all the pointers.

Offline Ap15e

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 1998
  • Karma: +12/-0
Re: z-wave protocol security
« Reply #6 on: February 16, 2012, 06:52:27 pm »

Offline utz

  • Sr. Member
  • ****
  • Posts: 274
  • Karma: +0/-0
Re: z-wave protocol security
« Reply #7 on: February 16, 2012, 07:50:40 pm »
You could team up with ajlennon: http://forum.micasaverde.com/index.php/topic,8609.msg61667.html#msg61667

I did already. I mailed him about the stuff and he gave me some good hints.

Offline RichardTSchaefer

  • Master Member
  • *******
  • Posts: 10091
  • Karma: +764/-142
Re: z-wave protocol security
« Reply #8 on: February 16, 2012, 10:49:17 pm »
I actually did some C# classes to talk to ZWave ... then I wanted to talk to the locks. I could not find ANY info on the protocol for locks. And I think the folks with the development kits have a non disclosure on the documentation. They are not allowed to share the info with us. None of the open source projects at the time I looked ... over a year ago ... had made any progress on the security protocol. That's why I went with Vera ... the only open platform that I could use to talk to my locks.
It's actually a pretty significant task to support the whole software protocol sitting on top of the USB ZWave interfaces/controllers. I much rather program at higher abstraction levels.

 

Offline guessed

  • Master Member
  • *******
  • Posts: 5300
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought
Re: z-wave protocol security
« Reply #9 on: February 16, 2012, 10:52:53 pm »
I think the folks with the development kits have a non disclosure on the documentation. They are not allowed to share the info with us.
That's correct... I think even having the devKit requires the muzzle also.

Offline utz

  • Sr. Member
  • ****
  • Posts: 274
  • Karma: +0/-0
Re: z-wave protocol security
« Reply #10 on: February 17, 2012, 02:57:02 am »
It's actually a pretty significant task to support the whole software protocol sitting on top of the USB ZWave interfaces/controllers. I much rather program at higher abstraction levels.

I think the z-wave network supports different types of nodes. Some can be leaf nodes that wake up occasionally to send a message (sensor reading) and go back to sleep. These nodes do not have to route traffic. These nodes should be fairly simple only handling a few types of messages (leaving the enrollment process out). Maybe a report message and an ack message? It should be possible to code these messages with reasonable effort. However, first I have to find a radio that fits and then find out how tey encode messages (preamble, packet formats, ...)

 

Offline Da_JoJo

  • Hero Member
  • *****
  • Posts: 1380
  • Karma: +16/-78
  • If something aint work, we can allways try n make
Re: z-wave protocol security
« Reply #11 on: March 11, 2012, 11:06:52 pm »
for the automated cat flap you could use a rfid tag reader http://www.2myhome.info/index.php/products/security/tag-reader
it can even be used to give a message when the cat is in the litterbox lol
Vera lite (1.5.622), 2x an-158/2, dead usb pl2302 rs-232, 2x greenwave 6 port, 4x Fibaro FGD211 v1.6, FGBS001, few FGS - 221, etc. AuthomationHD 3 for android :-)
Dutch & German translator http://wiki.micasaverde.com/index.php/Special:AllPages http://support.micasaverde.com http://domotica-shop.nl