[OpenTRV-dev] Thinking aloud: preventing replay attacks

Sun Dec 7 21:32:47 GMT 2014


Even with pre-shared keys and full encryption, unless I keep time in close sync between a leaf and the hub node, I cannot think of any easy way of avoiding replay attacks on purely one-way traffic from leaf to hub.

(Keeping time sync isn’t easy to do well.)

I’m thinking of some of this in the case where we don’t have an easy/cheap/fast return data path for leaf and hub to synchronise, at least not often, and the leaf is a small MCU without much memory or oomph; the hub may be faster/bigger but not necessarily…

Tell me I’m wrong please!




I imagine that at pairing / key exchange that I could set a largish (eg 64-bit) counter at both ends to the same value (or just 0) and send its value or a hash of it with nonce in each encrypted frame, and the hub with lots of memory could remember all previous values used to reject any replays and/or reject any received counter value less than the starting value and allow only a smallish window for new values to allow some frame loss.  In fact maybe the hub only needs the counter which it advances to the received value when it gets a decent frame.

More information about the OpenTRV-dev mailing list