Forum Menu




 


Log in Problems?
New User? Sign Up!
AVR Freaks Forum Index
FAQ FAQ  •  Search Search  •  Register Register  •  Log in to check your private messages Log in to check your private messages
Log in Log in  •  Maximize Maximize  •  RSS-feeds RSS

BitCloud Profile Suite and Security
 
AVR Freaks Forum Index » AVR (8-bit) Technical Forums » AVR Wireless forum
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
tsecoita
PostPosted: Jun 13, 2012 - 05:54 PM
Wannabe


Joined: May 22, 2012
Posts: 61
Hi,

I am working with BitCloud Profile Suite and Home Automation.

I am trying the sample code for STK600 board.

My network is formed by a trust center, an occupancy sensor and a dimmable switch.

For HA, is it mandatory to work with standard security with links?

If the response is yes, do the routers and the end devices need to know the Trust Center extended address?

If one end device wants to make a binding with a router, do both devices need to konw the link keys of each other?

Does the trust center to know all the link keys of the nodes in the network?

Thanks in advance,
 
 View user's profile Send private message  
Reply with quote Back to top
alexru
PostPosted: Jun 14, 2012 - 11:58 PM
Raving lunatic


Joined: Apr 15, 2009
Posts: 4861
Location: San Jose, CA
tsecoita wrote:
For HA, is it mandatory to work with standard security with links?
Yes, it is.

tsecoita wrote:
If the response is yes, do the routers and the end devices need to know the Trust Center extended address?
Yes, they are. There is Distributed Trust Center mode, where device thinks of a parent as trust center and any parent can act as one, but this mode is not available in the public release.

tsecoita wrote:
If one end device wants to make a binding with a router, do both devices need to konw the link keys of each other?
They need to obtain one common link key.

tsecoita wrote:
Does the trust center to know all the link keys of the nodes in the network?
Only of devices it is in direct communication with. Given the way HA devices are usually configured, TC will have to know the link keys with all devices in the network.
 
 View user's profile Send private message Send e-mail Visit poster's website 
Reply with quote Back to top
tsecoita
PostPosted: Jun 25, 2012 - 01:42 PM
Wannabe


Joined: May 22, 2012
Posts: 61
tsecoita wrote:
For HA, is it mandatory to work with standard security with links?
Yes, it is.

tsecoita wrote:
If the response is yes, do the routers and the end devices need to know the Trust Center extended address?

alexru wrote:
Yes, they are. There is Distributed Trust Center mode, where device thinks of a parent as trust center and any parent can act as one, but this mode is not available in the public release.


So, if a end device does not know the trust center extended address then it can not join to the network, can it? Several manufacturers sell comercial home automation compliant end devices. How do these end devices manage to join to a created network?

tsecoita wrote:
If one end device wants to make a binding with a router, do both devices need to konw the link keys of each other?

alexru wrote:
They need to obtain one common link key.

How do they do that? I only manage this situation with fixed link keys.

tsecoita wrote:
Does the trust center to know all the link keys of the nodes in the network?


alexru wrote:
Only of devices it is in direct communication with. Given the way HA devices are usually configured, TC will have to know the link keys with all devices in the network.


So, if I use indirect coomunication (binding) the trust center does not need to know the link keys of the nodes, does not it?

Thank you very much for your help.
Best regards,
 
 View user's profile Send private message  
Reply with quote Back to top
tsecoita
PostPosted: Jun 26, 2012 - 05:16 PM
Wannabe


Joined: May 22, 2012
Posts: 61
Hello again,

My security network parameters are:

Code:
#define CS_ZDO_SECURITY_STATUS 1
#define APP_USE_UNIVERSAL_EXTENDED_ADDRESS 1


so, I am working with standard security with link keys.

In appConst.h is defined:

Code:
#if (APP_USE_UNIVERSAL_EXTENDED_ADDRESS == 1) && !defined(APP_DEVICE_TYPE_TRUST_CENTER)
  #define TC_EXT_ADDRESS         0xFFFFFFFFFFFFFFFALL
#else
  #define TC_EXT_ADDRESS         APP_TRUST_CENTER_EXT_ADDRESS
#endif //__UNIVERSAL_TC_EXT_ADDR__


So for dimmable light for example is used the APS_SM_UNIVERSAL_TRUST_CENTER_EXT_ADDRESS for the trust center extended address.

Moreover, the UNIVERSAL_LINK_KEY is used as link key between trust center and dimmable light:

Code:
// Link Key Descriptor between Trust Center and Dimmable Light
#if (APP_USE_UNIVERSAL_EXTENDED_ADDRESS == 1)
static ZCL_LinkKeyDesc_t lightKeyDesc = {CCPU_TO_LE64(TC_EXT_ADDRESS)  /*addr*/,
                                         UNIVERSAL_LINK_KEY /*key*/};
#else
static ZCL_LinkKeyDesc_t lightKeyDesc = {CCPU_TO_LE64(TC_EXT_ADDRESS)  /*addr*/,
                                         DIMMABLE_LIGHT_LINK_KEY /*key*/};
#endif


With this configuration, the dimmable light can not join to the network created by the trust center.

I think the problem is in the condition:

Code:
#if (APP_USE_UNIVERSAL_EXTENDED_ADDRESS == 1) && !defined(APP_DEVICE_TYPE_TRUST_CENTER)
  #define TC_EXT_ADDRESS         0xFFFFFFFFFFFFFFFALL
#else
  #define TC_EXT_ADDRESS         APP_TRUST_CENTER_EXT_ADDRESS
#endif //__UNIVERSAL_TC_EXT_ADDR__


because when the device is trust center, the address asigned to the trust center is different from APS_SM_UNIVERSAL_TRUST_CENTER_EXT_ADDRESS.

If I change this condition to:

Code:
#if (APP_USE_UNIVERSAL_EXTENDED_ADDRESS == 1) && !defined(APP_DEVICE_TYPE_TRUST_CENTER)
  #define TC_EXT_ADDRESS         0xFFFFFFFFFFFFFFFALL
#else
  #define TC_EXT_ADDRESS         0xFFFFFFFFFFFFFFFALL
#endif //__UNIVERSAL_TC_EXT_ADDR__


then the dimmable light joins to the network.

I don´t know if this is the correct way to configure the security parameters to allow any Home Automation compliant end device to join to our network.

Any suggestions?

Thank you very much for the help.
 
 View user's profile Send private message  
Reply with quote Back to top
alexru
PostPosted: Jun 29, 2012 - 06:05 PM
Raving lunatic


Joined: Apr 15, 2009
Posts: 4861
Location: San Jose, CA
tsecoita wrote:
So, if a end device does not know the trust center extended address then it can not join to the network, can it?
They can if they use distributed trust center, which basically mean that every router in the network is a trust center.

tsecoita wrote:
How do they do that? I only manage this situation with fixed link keys.
There is a way to request key from a trust center via APS_RequestKeyReq().

tsecoita wrote:
So, if I use indirect coomunication (binding) the trust center does not need to know the link keys of the nodes, does not it?
Binding is a direct communication, stack just goes over the binding table and send unicast frames one by one.
 
 View user's profile Send private message Send e-mail Visit poster's website 
Reply with quote Back to top
alexru
PostPosted: Jun 29, 2012 - 06:13 PM
Raving lunatic


Joined: Apr 15, 2009
Posts: 4861
Location: San Jose, CA
On trust center address should be a valid IEEE address, other devices might have either real TC address or just use universal address.

But all those universal addresses are more or less incompatible hacks.

_________________
The opinions and views expressed by me on this forum are my own and do not represent my employer or anyone else that I’m affiliated with.
 
 View user's profile Send private message Send e-mail Visit poster's website 
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT + 1 Hour
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 
 AVR Freaks Forum Index » AVR (8-bit) Technical Forums »  AVR Wireless forum
Powered by PNphpBB2 © 2003-2006 The PNphpBB Group
Credits