How to get a secure thread network ?

Hi,

All communication inside the Thread network is encrypted using 128-bit AES encryption, as specified in IEEE 802.15.4 MAC layer specification. It should not be necessary to add additional AES encryption on the data inside the thread network. It is possible to establish end-to-end DTLS communication, but as described by Lukasz in the thread you linked, this will require significant changes in both the gateway and the example. Since communication inside Thread network is encrypted, and communication from the gateway in border router to cloud is using TLS, there should be no need to add DTLS in addition.

Best regards,
Jørgen

Hi, thank for answer.

I have a question.

When I try send message coap, it can send as mesh network.

But when I send search gateway msg, connect msg from publish (subscribe) Node to NCP. Seem it can't send as mesh network. I have to put Node in the coverage area of ​​NCP then it can discovery and connect to Gateway. If I put NCP --> Node 1 --> Node 2 in a straight line. Node 1 can connect to mqtt gateway, but node 2 can't . But I can ping from Node 2 to Node 1 and NCP. 

If I connect Node1 and Node 2 to MQTT gateway and put NCP --> Node 1 --> Node 2 in a straight line. I can send data from Node 1 and Node 2 to NCP as mesh network. 

I check message type of discovery and connect message. I saw it same with coap message. They are all used otUdpSend.

So Why is there such a difference?

This is a different question than the topic of this thread. Please post it in a new thread to make topics/answers more searchable for other users of the forum.

This is a different question than the topic of this thread. Please post it in a new thread to make topics/answers more searchable for other users of the forum.

Yep, I did. Please check and give me a quick answer. Thank very much !!