Sunday, February 8, 2015

ZigBee File Transfers and Advanced Fun Using Andrena

Introduction

ZigBees are small, low cost, low powered wireless modules often seen in home automation applications. With their relatively low power consumption, and purported 1 mile range (line of sight using the PRO modules), their possible uses are only limited by your imagination. Configuration is simple, and as long as two modules are configured with the same channel, PAN ID, and encryption key (if in use), the modules will immediately sync up. Communication is generally serial, and you can easily setup a terminal attached to a ZigBee device and login remotely or send simple streams of data.

Requirements

I needed some advanced features for a project that I have been working on.

  • Central Communication Handler (One to many)
  • Asynchronously deal with various agent modules
  • Additional layer of encryption
  • Support for multiple stream types
    • File Transfers
    • Announcements
    • Targeted Commands

This led me to developing my own protocol from scratch. The protocol, while not completely implemented already supports a Diffie Hellman key exchange between agents and the handler providing forward secrecy. File transfers currently work, and I will be adding features as I have time and require them.

The protocol

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------------------------------------------------------+
|      Type     |   Stream Id   |      Flags    |     Length    |
+---------------------------------------------------------------+
|                             Seq Num                           |
+---------------------------------------------------------------+
|                               Tag                             |
+---------------------------------------------------------------+
|                             Payload...                        |
+---------------------------------------------------------------+

The tag is a four byte HMAC for the packet. Negotiations are HMACed with a pre shared key setup in the access control list between handler and agents. This helps mitigate the man in the middle threat. Yes, I know that a four byte HMAC and 4 byte unique counter is very small, and this was by design. The limitation of 98 bytes (plus 2 byte destination header) was the main consideration for this choice. The counter isn't as big of an issue, as you can always renegotiate a key once the possible list of IVs has been exhausted. This will be added in later releases.

Andrena

The source is available on Github

Disclaimer

This is still very much in the experimental phase. I have seen some people asking about file transfers with ZigBees, so I decided to publish the work that I have completed so far. If you see any outstanding issues with the crypto or code, please express your anger in the form of a pull request. Stay tuned on github for additional updates.

Posted by at 2 comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)