Store Wi-Fi password securely
-
What are your recommendations for storing the Wi-Fi password securely? I'd rather not store it plaintext on the SPI flash if I can help it. Is there a Python method for writing to the NVS? Some other method?
-
I like that idea.
-
@BetterAuto Hmmm. The issue with the Ring sounds like they didn't think about security at all (very sloppy). The solution you're describing is essentially in the category of "making it a little more difficult" to hack. While it's technically not really more secure, I understand your objective. For now, access to NVS isn't exposed through pycom firmware, so if you really wanted to go this route, you'd need to add a separate external memory (EEPROM or FRAM, probably I2C). No big deal, but of course it adds cost. However, I think you can achieve the same thing by encrypting the password on flash with a hard-coded key in the code. Given that, it would still require someone to "work on it" to get the clear-text password. Just a thought.
-
My device is expected to typically be installed in back yards. I had read of a Ring doorbell hack where someone who approaches the device from the front doorsteps, hits the button on the back, and the house Wi-Fi password is obtainable in the clear via a phone web browser.
So I wanted to avoid the most straightforward hack of approaching the device and plugging in, grabbing the password. I consider this a rare possibility but nonetheless something I'd like to account for if it's possible. If it's not possible I'll forget about it.
If I could use the on-board NVS that would step up the difficulty; a new firmware would have to be created then flashed to the SPI flash and booted to be able to read what's on the NVS. I plan to disable the UART so it's not possible to just read the contents with a command. You'd have to steal the device, take it home, work on it, and obtain the password.
Do I strictly need this feature before I can sell my product? No. I just opened this thread to ask if there's a function I'm not aware of. Without it I should still be OK. Just thought I'd ask.
-
@BetterAuto As I see it, the architecture of the ESP32 does not allow any truly-secure solution. It doesn't matter how or where you store the password (even using the most secure hardware-based crypto chip), because the architecture of the WiFi subsystem still needs the password to be written to it in plain-text form--that will be your weak link. Please someone correct me if I'm wrong.
So the question you have to ask is "who are you trying to keep the password a secret from"? If someone steals or even has access to the physical device, all bets are off. So short of that, the "owner" of the device probably already knows the password, so there's not much value in keeping it a secret from them.
If the issue is "perceived insecurity" of a password stored on a flash card in plain text, the other suggestions of encrypting it with a key that's compiled into the code is probably a good one (not really secure, but like locks on doors, it keeps the honest people out).
-
@BetterAuto
Yes, it can. But as we talk it depend of security level.
This one is not so high but also not so low as we can think.
-
That makes me think of cats and dogs living together. I'm sure that frozen code can be reverse-compiled.
-
@Innocenzo
Yes, with frozen modules it is ok for many purposes.
It is not so bad - but it is not good ;-)
-
@livius the AES key must be saved as variable in a .py script and make this script "frozen". Of course it is a "very"bad solution.
-
So is it possible? Writing to the NVS.
-
@livius That would be sufficient security for me. To read the NVS the attacker would have to flash a malicious binary to the flash and boot it. I'm not doing high security stuff.
-
@BetterAuto
This depend of security level target.
Because if it is readable - then what it protect?
It protect something - for lazy hackers level 1 but not upper level ;-)
-
If we can write to the NVS this may be a solution. Is that possible? I found this but don't know how to use it. Looks like a C library for the development framework and not something we can use on the chip itself.
https://github.com/pycom/pycom-esp-idf/tree/master/components/nvs_flash
-
@Innocenzo
this does not protect anything - you must then store AES key clearly to decrypt ;-)@BetterAuto
exactly ;-) this not solve problem
-
@Innocenzo said in Store Wi-Fi password securely:
There is a way to do that. You can encrypt the password with AES and the store it in a file. Obviously this file can be deleted and you lost your saved password.
The key would be stored on the flash as well.
-
@livius maybe we need an encrypted external chip to store values. But then the key for that would have to be stored in flash... ahhh...
-
There is a way to do that. You can encrypt the password with AES and the store it in a file. Obviously this file can be deleted and you lost your saved password.
-
@BetterAuto
if you look at https://forum.pycom.io/topic/433/features-wish-list
there is position about encryption of scripts - which i suppose is not avaiable yet.
I wait for this feature - without it nothing will be released by me :-(
