Secure Wireless

I am thinking about a wireless automobile security system that would consist of a few arduino's
wirelessly connected to let's say an rPI that's connected by bluetooth to an android phone.

  1. Would there be a preferred transmission method between the arduino's and rPI. RF?, Bluetooth?

  2. Practically, what security measures can be taken (encryption etc.) and where should I focus
    my studies to achieve them ?

  3. How secure would such a system be in regards to the wireless?

This video describes the security measures on the upcoming Samsung Artik.

  1. would there be any real advantage to waiting for this?

Bluetooth can easily be encrypted enabled: PDF

… assuming modules support this feature.

Ray

I have managed to dig up a little about this on the web.
Unfortunately most of it is outdated and apparently abandoned.

AES-AVR Crypto-Lib

DavyLandman AESLib-Based on AVR-Crypto-Lib

Our Own MarkT's AES lib for arduino from 2012

Hashes, Nonces, and Replay Attacks on the Arduino

This is looking to be a difficult area to deal with.
I have downloaded MarkT s library but haven't had a chance to dig into it yet.

May i recommend something else? Use a GSM shield on arduino. you will have best security> encripted commands via sms, phone number can be seen as security: it can receive command only from the number you input, and you must know the number that is in arduino :slight_smile: and it's way cheaper :smiley:

Hutkikz:
I am thinking about a wireless automobile security system that would consist of a few arduino's
wirelessly connected to let's say an rPI that's connected by bluetooth to an android phone.

  1. Would there be a preferred transmission method between the arduino's and rPI. RF?, Bluetooth?

I would have though the principal security requirement is between the phone and the the RPi.

The most secure way to connect the Arduino to the RPi is to use cables rather than wireless. You may also find that wireless is not very reliable in an automobile because of all the metal and interference from the car's electrical system.

Why would there be a need for more than one Arduino?

Have you seen this RemoteXY Thread for bluetooth comms between an Android phone and an Arduino?

...R

@cezar92

I had thought of that for the rpi to phone connection for more features but didn’t realize that it had these kind of security measures. paying for a service doesn’t seem cheap but may be worthwhile i will look into it.

@Robin2

I have read that thread and there is no mention of security.

The reason’s for multiple arduino’s connected wirelessly are:

reduced wiring

easier installation

reduced impact to the originality of the car. << the important one

The cars I work on are old and rather valuable. and the owners would love to have more
modern conveniences but don’t want to hurt the originality and hence the value of these cars.

I agree a hardwired connection would be best and I may have to go that route. since I am having little luck finding a workable security solution.

.

Hutkikz:
I have read that thread and there is no mention of security.

I recommended it mostly for its simplicity. But the Bluetooth pairing system provides a simple level of security.

What risks are you trying to secure the system against?

I think you need to provide a lot more details about the overall project, especially what are the roles of the phone, the RPi and the different Arduinos.

...R

paying for a service doesn't seem cheap

Yeah, that depends on the country. Here, in Romania, i could get a free SIM valid for 2 months on witch i can receive SMS and calls. Only if you want to confirm your actions u'll need to recharge the SIM card.
Best of luck!

I am mostly exploring possibilities at the moment.
Securing against vehicle theft is most important.

The arduino's will be used as sensor and control nodes. I.e. Door locks etc.

The rPI will coordinate between the arduino's and the phone. Handle video (surveillance and back up camera) and convenience features such as music etc.

The phone will act as a remote and also as the display unit since mounting a display in the cars is a big no go.

I am still a newb but I realize that this a huge project that will take me years to realize.
But I am up for educating myself and it is enjoyable so I will see where it leads.

.

Hutkikz:
Securing against vehicle theft is most important.

I don't see how secure communications between an RPi and Arduinos has much to do with that.

Presumably you want a combination of an immobilzer and something to broadcast "Help - thieves are trying to take me"

Of course you want a communication system that Thieves can't easily break into - but do you really worry that the car Thieves will be computer security experts also?

If I was building a security system I think I would have it completely independent of other functions so it could be as simple and reliable as possible. Perhaps a big chain and a padlock or two.

...R

You make some valid points and it is looking as though I should abandon my idea of wireless nodes unless the artik mentioned in my first post is actually a viable solution. I will have to wait and see.

if the arduino’s are controlling access points their security is certainly relevant. At six figures + these cars do attract the attention of more sophisticated criminals.

It has also been brought to my attention that liability issues is another good reason to use a separate commercially available security system. But again if I am controlling access points then security is still
necessary.

All in all it appears security on the arduino is a dead end no one wants to talk about. and most development on that front was abandoned a few years ago. I will play with MarkT’s AES library and see if I can get anywhere with that.

Still looking and learning so if anyone has more to add I would love to hear it.

Hutkikz:
if the arduino's are controlling access points their security is certainly relevant. At six figures + these cars do attract the attention of more sophisticated criminals.

I still don't have a clear picture in my mind of what you are trying to do.

I can imagine, for example, an Arduino controlling a door lock (an access point) but I find it hard to see how a thief could compromise that control by accessing the comms between that Arduino and an RPi more easily than he could just break the lock. Or just drag the entire car onto a transporter.

It seems to me that a careful risk analysis is required so that resources are focused where they are most useful. Maybe it is the garage that needs the security, not the car.

The liability question is a huge issue. Can you afford to offer a guarantee to pay the value of the car if your system fails to prevent it from being stolen or seriously damaged in an attempt ?

Personally I doubt if commercial security systems are worth the money. The systems that can use GPS and GSM to report the location of a stolen car may be useful - until the thieves discover where the device is hidden and destroy it. And I presume if you simply push the car into a steel shipping container the radio transmissions will be cut off - so they don't even need to find it in a hurry.

...R

You are probably right. I am likely overthinking this.
I just don't want some kid with a repeater to come along and pop the doors open.

I wanted some level of security and I never would of guessed it was this difficult.

Have to agree about the commercial systems, most that I have installed were not worth the box they came in.

I keep circling back to the artik. it's the only thing I've seen that addresses this issue. but who knows when it will be available

You know, you can just send MarkT a PM about his library. And the DavyLandman lib seems to work on Arduino (one of the issues).

MarkT doesn't accept PM's according to his sig.

I plan to try out both of those.

Have you used one?

I have used neither, I was just looking at the docs.