State Not Answered
Replies 4 replies
Subscribers 67 subscribers
Views 1032 views
Users 0 members are here

Attachments (0)

Nordic Case Info

Case ID: 234213

Options

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to get a secure thread network ?

Giang over 5 years ago

Hi all,

I am working with Thread SDK v3.1.

When I run mqttsn-client-public and subcribe to make MQTT-SN network use UDP. But it doesn't have DLTS.

In the topic : https://devzone.nordicsemi.com/f/nordic-q-a/41054/mqttsn-with-dtls , they said, this example is using AES128 and Thread embedded encryption, I tried to find the part using AES128 but I did't see it.

Data was sent by otUdpSend function, so it doesn't have AES128 secure, I think it only use Thread embedded encryption.

Please show me how to use AES128 in the example ?

Parents

0 Jørgen Holmefjord over 5 years ago

Hi,

All communication inside the Thread network is encrypted using 128-bit AES encryption, as specified in IEEE 802.15.4 MAC layer specification. It should not be necessary to add additional AES encryption on the data inside the thread network. It is possible to establish end-to-end DTLS communication, but as described by Lukasz in the thread you linked, this will require significant changes in both the gateway and the example. Since communication inside Thread network is encrypted, and communication from the gateway in border router to cloud is using TLS, there should be no need to add DTLS in addition.

Best regards,
Jørgen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Jørgen Holmefjord over 5 years ago

Hi,

All communication inside the Thread network is encrypted using 128-bit AES encryption, as specified in IEEE 802.15.4 MAC layer specification. It should not be necessary to add additional AES encryption on the data inside the thread network. It is possible to establish end-to-end DTLS communication, but as described by Lukasz in the thread you linked, this will require significant changes in both the gateway and the example. Since communication inside Thread network is encrypted, and communication from the gateway in border router to cloud is using TLS, there should be no need to add DTLS in addition.

Best regards,
Jørgen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Giang over 5 years ago in reply to Jørgen Holmefjord

Hi, thank for answer.

I have a question.

When I try send message coap, it can send as mesh network.

But when I send search gateway msg, connect msg from publish (subscribe) Node to NCP. Seem it can't send as mesh network. I have to put Node in the coverage area of NCP then it can discovery and connect to Gateway. If I put NCP --> Node 1 --> Node 2 in a straight line. Node 1 can connect to mqtt gateway, but node 2 can't . But I can ping from Node 2 to Node 1 and NCP.

If I connect Node1 and Node 2 to MQTT gateway and put NCP --> Node 1 --> Node 2 in a straight line. I can send data from Node 1 and Node 2 to NCP as mesh network.

I check message type of discovery and connect message. I saw it same with coap message. They are all used otUdpSend.

So Why is there such a difference?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Jørgen Holmefjord over 5 years ago in reply to Giang

This is a different question than the topic of this thread. Please post it in a new thread to make topics/answers more searchable for other users of the forum.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Giang over 5 years ago in reply to Jørgen Holmefjord

Yep, I did. Please check and give me a quick answer. Thank very much !!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Related