ESP8266 Community Forum

- Fri Jul 10, 2015 8:50 am #22924 Looking for thoughts on Wifi on-boarding techniques?

I've managed to get the module to work as in option 1, but I'm not too happy with it from a security POV.
********************************************************
Option 1
********************************************************
1- On power up, ESP retrieves previously stored Wifi information (SSID and password) and attempts to connect every 1/2 second until successful (up to a maximum of 20 attempts).

2 -ESP module checks if there has been a successful connection to a Wifi network
2.1 - If a Wifi connection is made, then skip the following and goto step 3
2.2 - If no Wifi connection then goto 2.2.1
2.2.1 - Convert ESP module into AP mode and broadcast a set SSID e.g. "ESP_REQ".
2.2.2 - User signs into wifi network "ESP_REQ"
2.2.3 - User uses a tablet (or laptop etc) to navigate to IP 192.168.4.1.
2.2.4 - ESP module sees a HTML request and displays a web page back, which allows data entry
2.2.4 - User uses the tablet to enter the intended SSID and password into the webpage and presses enter
2.2.5 - The ESP module takes the data and tries to connect to the Wifi network using data entered in the previous step.
2.2.6 - The ESP module checks again for a successful connection.
2.2.6.1 - If a connection has been made, then store the ssid info and reset the device (e.g. restart back at step 1 above).
2.2.6.2 - If no connection can be made. then goto step 2.1.4

3 -ESP module is now connected as a client and sends data through Wifi network


********************************************************
Option 2
********************************************************
1- On power up, the ESP module checks if a GPIO button is held low.
2.1 - If GPIO button is HIGH
2.1.1 The ESP module continuously tries to connect using stored Wifi information (SSID and password) every 1/2 second until successful (with no maximum), once a connection has been made, goto step 3.
2.2 -If GPIO button is LOW
2.2.1 The ESP module is converted into AP mode and broadcasts a set SSID e.g. "ESP_REQ".
2.2.2 - User signs into wifi network "ESP_REQ"
2.2.3 - User uses a tablet (or laptop etc) to navigate to IP 192.168.4.1.
2.2.4 - ESP module sees a HTML request and displays a web page back, which allows data entry
2.2.4 - User uses the tablet to enter the intended SSID and password into the webpage and presses enter
2.2.5 - The ESP module takes the data and tries to connect to the Wifi network using data entered in the previous step.
2.2.6 - The ESP module checks again for a successful connection.
2.2.6.1 - If a connection has been made, then store the ssid info and reset the device (e.g. restart back at step 1 above).
2.2.6.2 - If no connection can be made. then goto step 2.1.4

3 -ESP module is now connected as a client and sends data through Wifi network
*********************************************************

Both options allow for on-boarding, but it could be argued that option 1 is potentially open to remote maliciousness . This is because the decision to convert to an AP is time based on their being "no connection" , whilst option 2 is based on an explicit local action (making GPIO button LOW)

Any thoughts?

- Fri Jul 10, 2015 4:24 pm #22954 The button is definitely safer, though perhaps not as user friendly. It is a tradeoff.

With option 1 it would be trivial for an attacker for jam or spoof Wifi on power up in order the get the device to go into AP mode. But it all comes down to how this is used. If this is a temperature sensor in your house, no big deal. If it opens your door, bigger deal. If it controls your bank account even bigger deal, etc.

- Fri Jul 10, 2015 5:15 pm #22958

Looking for thoughts on Wifi on-boarding techniques?

You've nicely summed up the required process for onboarding.

The most obvious thing is that the method of inputting wifi connection info to theESP can be alot more secure: a custom phone app or web page, requirement for a special additional password or key which establishes that you have the right to configure the ESP, maybe use a website (while connected to the 'net) to generate the key once the user is authorized, then the key is used when connecting to the ESP AP...

There are other possibilities, but then I'd have to bill you

At this point, ESP firmware can't be locked from reverse engineering, so any secrets or serious security should be elsewhere in the system.

- Fri Jul 10, 2015 5:19 pm #22959 Secret keys over unencrypted HTTP are not that useful.Attacker only has to listen once. You would need to have synchronized clocks (add a RTC) and then hash a pre-shared secret with the time or similar in order to do this half-way securely.