Security ABC
When designing security for Bluetooth mesh, we have been paying a lot of attention not to overlook any potential attach surface,. This was - I'd say - close to 80% of the overall effort when architecting the specification - to have the security right. Designed for success. When you're not successful, nobody cares. When you are, you are also a target.
We've gone to the extend of covering it all - device onboarding, authentication, layers, roles, device blacklisting ad protection against variety of really sophisticated attacks. But there have been a couple of very simple fundamental rules. Among them, the #1 rune has been:
No fixed passwords.
Which is still not the case today with so many systems and devices that ship setup with "admin/admin" or a pairing code of "0000". Which people don't know how to change or which simply cannot be changed.
Or simply people are not aware they should be changing anything.
Regulators and law makers start now slowly taking care about this very basic problem. After all, a fixed password is always known (it will always leak, no matter what). And people (statistically) very rarely are aware they should be doing anything about it.
Laws like the California SB-327 or UL-2900 (required by the DLC) take care of this very basic problem.
The good news is that Bluetooth mesh avoided the problem in the first place. There are no any fixed passwords in mesh. Nor there are any passwords set by a manufacturer at all. Nor there are passwords generated by humans either (humans are terrible at inventing passwords). The whole system is designed in a way that maximum possible entropy is used all the time. Yet it is still very easy to use. One of very few (if not the only one) where strong security meets the ultimate ease of use.
Yes, security can be simple. It is "just" a matter of the design. Which is the hard part... but absolutely worth taking the effort.
Comments
Post a Comment