3

We are trying to design a solution where we have several Smart devices and we can control every smart device from multiple phones. We will generate a Self-signed SSL Server Certificate and embed that in all the smart devices. And we will include the SSL Client certificate in all the phones. Now in order to connect a phone to the smart device the phone needs to obtain an ID (which can be obtained by scanning a QR code on the Smart device - this is just to ensure that the phone is in the vicinity of the smart device).

Smart Device:

  • Embeds a Self signed Server certificate. Reason: No dependency on the internet connectivity
  • Maintains a WiFi hotspot (Internet connectivity is not guaranteed always)
  • Maintains a list of connected phones (each phone identified by the unique QR Code ID that is scanned by the phone)

Phone App:

  • Implements Certificate pinning and hard codes the Client certificate
  • Connects to the Wifi hotspot
  • Establishes an SSL connection with the Smart device.
  • In order to register for the first time it scans a QR code and for subsequent connections it sends the QR Code ID to provide its identity.

Can you please review the above architecture and identify any flaws with this?
Because we are installing the same server certificate in all the smart devices and the same client certificate in all the phones is there a way to hack the Smart device in some way?
If there is an SSL connection established between a smart device and a phone, can another device (which is on the same network with the same certificate) be able to hijack the packets sent between the Smart device and the first phone?
Once a secure link is established we send the QR Code ID in plain text format through the SSL socket. Do we need to encrypt this again or is the SSL link secure enough?

AndroidDev
  • 143
  • 1
  • 5
  • Is there any possibility that the Smart Device could be owned, controlled, purchased or physically accessed by an attacker? Is the self-signed certificate different for each smart device? – crovers Nov 16 '16 at 17:00
  • Smart device is very expensive and the certificate is stored in an encrypted partition so its hard to break. But its the same certificate that is embedded in each smart device. – AndroidDev Nov 17 '16 at 07:13
  • 2
    Is purchasing the Smart Device less expensive than the total amount you could gain by compromising all such devices? I strongly discourage common certificates between devices – crovers Nov 17 '16 at 14:02
  • If anybody competent can find the private key, it's not secure. – Tom Nov 17 '16 at 14:03

1 Answers1

1

If you have control over both the client and the server, you can use self-signed certificates securely. The best way to do this is to create a private self-signed root CA, and use that to sign the certificates of the various devices. In the client, verify that the server's certificate has been signed by the private root CA. Also, use a different certificate for each device. You wouldn't want to give someone access to all devices if he hacks one device.

This setup will provide transport level security, so you can safely send a QR code.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102