Secure 4-channel Wireless Switch for Smart Home With Lots of Features

by Northstrix in Circuits > Microcontrollers

2587 Views, 27 Favorites, 0 Comments

Secure 4-channel Wireless Switch for Smart Home With Lots of Features

IMG_20210628_170252.jpg

In this tutorial, you'll learn how to build a secure 4-channel wireless switch for the smart home. The security of this device based on four pillars:
1) Attacker doesn't know the MAC address of the receiver;
2) Attacker doesn't know the keys;
3) Each IV is encrypted with its own key;
4) Attacker doesn't know the IVs.

Now, let me explain what it means:
1) There's no way to send any instructions to the device if an attacker doesn't know where to send it;
2) Even if an attacker will discover the MAC address, an attacker will still need three keys and three IVs.
3) Even if one key gets compromised, an attacker will still have to guess the other two.
4) Even if an attacker will obtain the MAC address of the receiver and all three keys. An attacker will still need to guess all three IVs. There are 10 to the power of 24 (1,000,000,000,000,000,000,000,000) possible combinations, and let's be honest, this, is a big number.

Features:

  • Encrypted communication channel
  • Invulnerability to the replay attacks
  • Counter of the unsuccessful attempts to interact with the device
  • Each IV encrypted with its own key
  • Using SPIFFS to store the IVs
  • Possibility to enormously expand the number of channels by connecting up to 253 Arduinos
  • Easy-to-use

Supplies

  • ESP8266 x2
  • Arduino Nano/Uno/Compatible board x1
  • 4-relay module x1
  • TM1637 display x1
  • 4.7K resistors x4
  • Buttons x4
  • 5V power supplies x2
  • Bunch of wires

Install the Drivers and Configure Arduino IDE *optional

If you've never flashed ESP8266 before you'll need to configure Arduino IDE and install drivers to upload the firmware to the boards, you can find drivers here:

CH340 driver: https://sparks.gogo.co.nz/ch340.html

CP210x driver: https://www.silabs.com/developers/usb-to-uart-brid...

In case you don't have Arduino IDE, you can download it here:

https://www.arduino.cc/en/software/

Configuring IDE isn't a part of this tutorial, you can read about it here:

https://randomnerdtutorials.com/how-to-install-esp...

Get the MAC Address of the Receiver Board

F8XALF5KPSCAKGQ.png

To get the MAC address of the board upload this code to the board.

#include <ESP8266WiFi.h>

void setup(){

Serial.begin(115200);

Serial.println();

Serial.print("ESP Board MAC Address:  ");

Serial.println(WiFi.macAddress());

}

void loop(){

}

Then open the serial monitor, and reboot the board.

If done correctly, you should see the MAC address in the console.

The MAC address of this board is 40:F5:20:33:9A:F5

Download the Firmware

You can download the firmware here: https://github.com/Northstrix/Secure_4-channel_Wir...

Download the Libraries

Unpack the Libraries

Untitled.png

The process of unpacking libraries BESIDES GyverBUS is typical. Just unpack the content of the archive into the folder: ...\Arduino\libraries.

GyverBus library has to be extracted into two folders with sketches.

You can learn more about the GyverBUS library here: [It's in Russian language] https://alexgyver.ru/gyverbus/

Generate the IVs

IV.png

The purpose of the Initialization Vector is to prevent the replay attack.
I've decided to use three IVs to make it even harder to implement the replay attack.
There are lots of methods to generate a random number. I've decided to throw 20-sided dice to do this. Every time I was getting a number with two digits, I was writing down the last digit.

By the way, involving your pets in the IV generation process can add more randomness.

Eventually, I've generated these three 8-digit numbers:
48391741
51206333
60692408

Note that every time you're pressing the button, each IV increases by one.
The maximum value of IV is 99999999.
If you've generated something more than 99000000, I would advise you to either change the first digit or generate the new IV.

Upload IVs to Both ESPs

IVS.png

Open the sketch in the folder Secure_4-channel_Wireless_Switch-main\IVs.
Find Strings fiv, siv, tiv, and replace the values there with your 8-digit IVs. Then upload this sketch to both ESPs. After you've uploaded the sketch open the Serial Monitor, you should see your IVs there.

Generate the Keys

1.png

You can throw dice or use "dice throwing software" or hash the picture. I've decided to hash the photo because this is the quickest method.

To make it easier, copy this array three times and replace Fs with your values.

Note that the key is in hexadecimal format.

  byte key[] = { 
                  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
                  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
                  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
                };

I've used this photo as an input: https://images.pexels.com/photos/8538496/pexels-ph..

Hashed it here: https://md5file.com/calculator

And obtained this output:

1c1152b89a61eb609e55059de57e38e98a2bf76ad98c5c5658f451c53364c76f8c4d0792faf54339cdc54453150aea21402e58d8109985992740292405e01d99

Modify the Receiver's Firmware

rc.png

Open the sketch in the folder
\Secure_4-channel_Wireless_Switch-main\Secure_4-channel_Wireless_Switch_Receiver.
Replace the three keys in this sketch with the ones you've generated.

Modify the Transmitter's Firmware

tr.png

Open the sketch in the folder \Secure_4-channel_Wireless_Switch-main\Secure_4-channel_Wireless_Switch_Transmitter. Replace the receiver's MAC address with the one you've obtained from the step 2, and then replace the three keys in this sketch with the ones you've generated in the same order you did in the previous step.

Make Sure That the Keys in Both Sketches Are Matching

keys.png

I know you might think it's unnecessary, but please don't neglect this step.

Make sure that the keys in both sketches are matching. Otherwise, the device will not work.

Build the Transmitter

IMG_20210628_163141_hdr.jpg

I've included both schematic and circuit diagrams to make it easier for you.

Important note: Don't flash the transmitter before you've assembled the circuit. Otherwise, the transmitter will transmit a bunch of packets to nowhere, causing the IVs to increase to more than 49 without a receiver storing these IVs.

The receiver will only accept the IVs which are more than the stored ones, but no more than the stored IVs + 50.

Schematic Diagram for Transmitter

transmitter.png

Circuit Diagram for Transmitter

Circuit_diagram.png

Flash the Transmitter Board

After you've built the circuit, upload the firmware from the folder
\Secure_4-channel_Wireless_Switch-main\Secure_4-channel_Wireless_Switch_Transmitter
into the transmitter board.

Flash the Receiver Board

Upload the firmware from the folder
/Secure_4-channel_Wireless_Switch-main\Secure_4-channel_Wireless_Switch_Receiver
into the receiver board.

Flash the Adruino

Upload the firmware from the folder
/Secure_4-channel_Wireless_Switch-main\Secure_4-channel_Wireless_Switch_Arduino
into the Arduino.

Build the Receiving Part of the Device

IMG_20210628_170321.jpg

Since the schematic depiction of a 4-relay module doesn't exist, I've only added a circuit diagram.

Circuit Diagram for the Receiving Part

Circuit_diagram_of_the_receiving_part.png

Test the Device in Normal Conditions

ezgif-2-0556c57d17da.gif

Build the Trash Sender *optional

ezgif-2-c84c55f9ede3.gif

Let's suppose that the attacker somehow discovered the MAC address of the device.
Every time there's an unsuccessful attempt to attack the device, the number in the display will increment.

You don't need to connect anything to the trash sender aside from the power supply.

Test the Device Under Attack *optional

ezgif-2-fd79f9ebf6f5.gif

Final Thoughts

IMG_20210628_163112.jpg
IMG_20210628_170335.jpg
IMG_20210628_171259.jpg
IMG_20210628_163051.jpg
IMG_20210628_170252.jpg

I did my best to make this device as secure as possible. At least it's invulnerable to the brute force attack and protected from the replay attack. There might be ways to crack this device using more sophisticated techniques than brute force, but most of those techniques are only available to world-class hackers or government agencies.
So, I wouldn't be worrying about the light in the room suddenly turning on in the middle of the night.

Thank you for reading this tutorial.