[OpenTRV-dev] Thinking aloud: preventing replay attacks
Bruno Girin
EMAIL ADDRESS HIDDEN
Mon Dec 8 21:09:19 GMT 2014
On 8 December 2014 at 00:43, Damon Hart-Davis <EMAIL ADDRESS HIDDEN> wrote:
> >
> >
> > Thought…
> >
> > I imagine that at pairing / key exchange that I could set a largish (eg
> 64-bit) counter at both ends to the same value (or just 0) and send its
> value or a hash of it with nonce in each encrypted frame, and the hub with
> lots of memory could remember all previous values used to reject any
> replays and/or reject any received counter value less than the starting
> value and allow only a smallish window for new values to allow some frame
> loss. In fact maybe the hub only needs the counter which it advances to
> the received value when it gets a decent frame.
>
> I think that I just badly reinvented something like the IPSec sliding
> window mechanism, which is potentially fine…
>
> http://www.ipsec-howto.org/x202.html
>
Good. That proves that you were thinking along the right lines and the fact
that you checked before implementing saved time. Besides, adapting a
mechanism that is used by IP will lead to consistency and make it a lot
easier for people to accept it. IPSec over RF?
Bruno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opentrv.org.uk/pipermail/opentrv-dev/attachments/20141208/77fc0b40/attachment.html>
More information about the OpenTRV-dev
mailing list