1

I am planning to build a local area network that will have one Master device and multiple Slave devices. The communication should be able to handle only ON/OFF functionality of the devices (devices should turn off/on in the "same" time). NRF24L01 does not provide encryption so it would not require much effort trying to resend these commands when captured.

To protect against malicious resending of packets, my idea is to first share some private key with both devices when flashing and after that send command + new private key to the slaves. Is this solution secure against re-sent packets or how is this done in a professional way?

Block diagram of communication

schroeder
  • 123,438
  • 55
  • 284
  • 319
g_1_k
  • 113
  • 3

1 Answers1

0

If slave doesn't have to acknowledge that message was received, use UDP protocol and send message to broadcast. About using encryption. I would choose asymmetric encryption (RSA). Master will have a database of public keys of slaves and only recipient (selected slave) could decrypt message while any other slave in network will ignore it. For controlling multiple devices at the same time, you will simply share another private key with several slaves.

About re-sending malicious packets (AKA replay attack). Widely used solution it to add at the begining of communication nonce (random or pseudo random number) and increment it with every command that master send. Therefore you could check if massage was replayed or not.

Šimon Podlesný
  • 16