enabling ZWave-SECURITY

Discussion about Z-Uno product. Visit http://z-uno.z-wave.me for more details.
Post Reply
A.Harrenberg
Posts: 201
Joined: 05 Sep 2016 22:27

enabling ZWave-SECURITY

Post by A.Harrenberg »

Hi,

i just enabled SECURITY with the "Simple-Dimmer" example to test the secure inclusion. I realized that there is only a global swith available to enable/disable SECURITY without a possibility to choose what classes should be non-secure / secure.

In the current situation (almost) all classes are advertised as secure AND non-secure at the same time, which does not really make sense to me.

Is there a chance for a feature request to select the security state with an additional parameter for each command class with the ZUNO_SETUP_CHANNELS?

I would like to have the possibility to advertise a class as non-secure, secure or both (even if that does not make any sense to me...).

Best regards,
Andreas.
fhem.de - ZWave development support
User avatar
PoltoS
Posts: 7565
Joined: 26 Jan 2011 19:36

Re: enabling ZWave-SECURITY

Post by PoltoS »

We believe this brings to much complexity to Z-Uno. Currently Z-Uno will turn all (almost - except for some technical) CCs to Secure mode and serve everything securelly only. So you are sure the device is 100% secure.

After enabling security and re-inclusion Z-Uno should not answer unsecurelly nor act on unsecure commands anymore.
A.Harrenberg
Posts: 201
Joined: 05 Sep 2016 22:27

Re: enabling ZWave-SECURITY

Post by A.Harrenberg »

Hi PoltoS,

by enabling SECURITY for all classes there is no possibility to communicate with other nodes that do not support SECURITY, and there a lot of such devices. This would mean that I have to communicate "through" the automation system by reacting on the secured msg, then sending out the non-secured msg to a target node.

This will significantly increase the network traffic, due the NONCES beeing send back and forth and the need to send out the non-secured command.

I assume that I have a deeper knowledge of the ZWave system than the average Z-Uno user, therefore I do not think that it will bring to much complexity, but I can see your point.

Is there a way of getting a "hidden expert setting" to configure the security state for each of the classes that expert users can use and normal user will not see or ignore?

Please re-consider such a setting, this is not an urgent request, so take your time.

Thank you,
Andreas.
fhem.de - ZWave development support
User avatar
PoltoS
Posts: 7565
Joined: 26 Jan 2011 19:36

Re: enabling ZWave-SECURITY

Post by PoltoS »

You are probably to knowledgeable ;)

Unfortunately I don't think we will have time to do that you request. We would like to make basic functions first. Such deep tunning assumes you have SDK and you can do own Z-Wave product based on it. Also soon we will run into new S2 Z-Wave Security, which aim is to solve expensive Nonce problem.

Also to be mentioned, Z-Uno is smart enough to detect if target device supports Security or not and will try first secure command and if fails will memorize that no secure communications possible and will fall back to unsecure. Means you can mix secure anf unsecure nodes in one association group.
A.Harrenberg
Posts: 201
Joined: 05 Sep 2016 22:27

Re: enabling ZWave-SECURITY

Post by A.Harrenberg »

Hi PoltoS,
PoltoS wrote: Unfortunately I don't think we will have time to do that you request. We would like to make basic functions first.
I understand that basic functions should go first and fully agrree to that, that is why I stated that this is not an urgent request. I am not planning to use this very soon...
PoltoS wrote: Such deep tunning assumes you have SDK and you can do own Z-Wave product based on it. Also soon we will run into new S2 Z-Wave Security, which aim is to solve expensive Nonce problem.
Unfortunately I am not an official developer and I don't have an SDK :?
For my development I was using only the command class descriptions, which are now officially released by Sigma and a lot of "reverse" engineering...

S2 will be an interesting thing, I only looked very briefly at the specification and it seems to be quite complex. By implementing the security command class into ZWave I doubled the size of the module, I expect at least the same thing for S2... But if I understood the documentation correctly, this is for the moment only a proposal and not yet officially.
PoltoS wrote: Also to be mentioned, Z-Uno is smart enough to detect if target device supports Security or not and will try first secure command and if fails will memorize that no secure communications possible and will fall back to unsecure. Means you can mix secure anf unsecure nodes in one association group.
Ok, that is an interessting point (that should be documented), so I can setup non-secure receivers.

Thank you,
Andreas.
fhem.de - ZWave development support
A.Harrenberg
Posts: 201
Joined: 05 Sep 2016 22:27

Re: enabling ZWave-SECURITY

Post by A.Harrenberg »

Hello,
A.Harrenberg wrote:
PoltoS wrote: Also to be mentioned, Z-Uno is smart enough to detect if target device supports Security or not and will try first secure command and if fails will memorize that no secure communications possible and will fall back to unsecure. Means you can mix secure anf unsecure nodes in one association group.
Ok, that is an interessting point (that should be documented), so I can setup non-secure receivers.
just tested this and it works like PoltoS described ,-)
Created a secured switching device with the Z-Uno and associated that with a non-secure wall plug. Communication is now non-secure between these device.

Best regards,
Andreas.
fhem.de - ZWave development support
User avatar
PoltoS
Posts: 7565
Joined: 26 Jan 2011 19:36

Re: enabling ZWave-SECURITY

Post by PoltoS »

Z-Uno is smarter than most of Z-Wave devices ;)
Post Reply