Security

rbottoms · September 11, 2014, 5:43pm

I’m just getting up to speed on your hardware. I think it might be valuable to add a category specifically about network security. Perhaps seed the discussion with some posts about:

how EI secures its connection?
reprogramming by someone else (a lockout feature perhaps?)
how I would go about making the case adding this device to a WiFi network won’t compromise its security?

hugo · September 12, 2014, 1:30pm

We’re working on a whitepaper which will cover the security architecture which we’ll publish on the website, but here’s the short summary:

connection from imp is outbound, and uses TLS (AES-128)
we use certificates to ensure that we’re talking to the right server (no MITM)
VM code is transferred over this secured link
impOS upgrades are fetched in the plain (HTTP) but are encrypted and signed with AES-GCM
the data between the SoC and WiFi chip is encrypted (ie encryption happens within the SoC not the wifi chip)
we have a good quality hardware RNG within the SoC which we use for our random seeding
the SoC is locked down, JTAG disabled, and readback protection enabled so you can’t dump the code even if you disassemble the module (you can erase the device totally, but then you have to write your own OS so it’s actually just a devboard then, not an imp)
the imp itself has no open ports
squirrel code cannot make local connections, it can only talk via the secured link
commercial blinkup uses a nonce for every provisioning, so is not susceptible to replay attacks

If the site owner is very paranoid, then putting imps on an SSID with a locked down VLAN is a totally valid approach.

ctmorrisonhvacsp · September 12, 2014, 1:40pm

This is a great topic for commercial applications. We find ourselves in medical facilities, law offices, utilities, etc. where (along with many other industries) security is very important and the network folks don’t want to be bothered.

peter · September 13, 2014, 7:58am

In the interests of strictest accuracy, the imp actually has two open ports: udp/68 (DHCP) and udp/53 (DNS). But no others.

Peter

mlseim · September 13, 2014, 11:16am

This is just my personal opinion … as I am not an employee of Imp …

As great as the Imp is, and so much fun to use, I would still not use if for anything that depends on safety, life support, danger to life or equipment, or critical building controls. You’re relying on a cloud server “out there” in which you have no physical control. A home heating system is fine if you have a local backup control that can take-over control any over/under temperatures, or loss of the Imp.

As of yet, I have not experienced anything amiss, other than my own doing. Anything can go wrong with any electronic control (not just the Imp), but the added “man behind the curtain” does introduce another point of failure.

hugo · September 13, 2014, 6:05pm

Indeed, the imp terms of service forbid its use for anything safety-critical. Even wifi itself is not deterministic so is ruled out for some demanding wireless communication applications…