https://devzone.nordicsemi.com/f/nordic-q-a/44086/question-about-auto-commissioning-and-securityHello ! I got bad time figuring out how we can prevent a Malicious device to corrupt our thread Network and only allow our device to connect to this mesh network. I am working on a project where we have 10 Full Thread Device (FTD) scattered acrossen-USTelligent Community 13Thu, 14 Mar 2019 11:52:18 GMThttps://devzone.nordicsemi.com/thread/176158?ContentTypeID=1Thu, 14 Mar 2019 11:52:18 GMT137ad170-7792-4731-bb38-c0d22fbe4515:821f4a84-a92b-4671-8dcc-5260b33ae4b0Edvin<p>Hello Max,</p> <p>Our Thread and Zigbee team has been very busy lately, and I have not received a reply for my internal ticket yet. I will ping the internal ticket, and keep you updated. Thank you for popping by.&nbsp;</p> <p></p> <p>BR,</p> <p>Edvin</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/176133?ContentTypeID=1Thu, 14 Mar 2019 10:26:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:28e66caf-e499-4ce6-a7e0-24553d6f8ef2Max<p>Hello Edvin,</p> <p>I will conduct&nbsp;more tests on the network connection next week, once my code is&nbsp;working properly again.</p> <p>(I heavily refactored the whole project to work with GCC, vscode, and integrate tests Unity/Ceedling).</p> <p>I will start by assigning a hardcoded Master key and see for the&nbsp;<span>PSKc secret&nbsp;(as per Thread UM)</span></p> <p>BR,</p> <p>Max</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/175045?ContentTypeID=1Fri, 08 Mar 2019 14:11:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8ede9290-f4ec-4201-b843-bd6e34a6a5e7Edvin<p>Hello Max,</p> <p>I just wanted you to know that your ticket is not forgotten, but I am still waiting for help from our Thread team.</p> <p></p> <p>Let me know if you for some reason have additional information.</p> <p></p> <p>BR,<br />Edvin</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/173392?ContentTypeID=1Thu, 28 Feb 2019 08:26:51 GMT137ad170-7792-4731-bb38-c0d22fbe4515:cbfcd7f8-d204-4629-a970-19082f5cfa18Max<p>Hello Edvin,</p> <p><strong>You got my question right, we&nbsp;would like our nodes to to connect to each other and form a private network.</strong></p> <p>Thus restricting other devices to connect.</p> <p>I&nbsp;would like (for now) these nodes to&nbsp;have hardcoded credentials of the network and join/create automatically.</p> <p>Our <strong>customer wants the minimum interaction</strong> with the system. basically, we&nbsp;power up the nrf52 devices&nbsp;and they should connect automatically. This is the case right now, but we now need to secure the system/network by changing the credentials.</p> <p>Later on, we will use DFU update over the air to update the credentials or add user interaction via a push button or so.</p> <p>if I understand correctly, the masterkey and the PSKc secret are hardcoded within the openThread library that Nordic compiled.</p> <p>Would changing&nbsp;the MasterKey on all devices allow us for setting-up a private network ?</p> <p>Do we need to use set the PSKc secret since we are using auto-commissioning ?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/173384?ContentTypeID=1Thu, 28 Feb 2019 08:07:26 GMT137ad170-7792-4731-bb38-c0d22fbe4515:02c7c331-0be2-42ee-9b6b-81a44cf428aeEdvin<p>Hello Max,</p> <p>Sorry for the late reply.&nbsp;</p> <p>I am trying to understand what you need.&nbsp;</p> <p>So you want to pre-program the devices so that when you turn them on, they will automatically connect to each other and form a network? Or do you want all devices to be able to join any network?</p> <p></p> <p>I would have to double check with our Thread team, but I believe that the Masterkey is hardcoded, and if not changed, it is set to 0x00112233445566778899aabbccddeeff.</p> <p>It can be overwritten by setting the master key which is located in dataset.h.</p> <p></p> <p>But can you describe how you want the nodes to behave? Should all the nodes be hard coded this specific network, or do you want to commission the nodes, so that you (or a customer) at any time can&nbsp;get&nbsp;a new node, and commission it to any existing network?</p> <p></p> <p>Best regards,</p> <p>Edvin</p><div style="clear:both;"></div>