Authentication and Login to eHouse LAN smart home controllers via TCPIP
EHouse Building Automation System provides connectivity and remote control rooms Ethernet , WiFi , Internet . Reception status of the drivers can be obtained via UDP broadcast ( without server connection) or via a connection to the server over TCP/IP.
Sending control commands is possible only via TCP/IP which gives much more credibility connections and increases security, authorization . Connection to smart home controllers eHouse via TCP/IP requires authentication (logging) to ensure security in the system, taking into account Lan , WIFI , Internet , Interanet connection.
Smart House eHouse consists of Ethernet eHouse version ( CommManager , LevelManager , EthernetRoomManager ) which can be directly connected via an Ethernet (LAN) network using TCP/IP.
Connectivity relations are structured through Berkeley sockets using TCP/IP .
Each Ethernet driver version eHouse automation system has several TCP/IP servers to enable the establishment and maintenance of a number of independent connections with applications and control panels.
There are several ways for eHouse system authentication via TCP/IP
- Authentication method with dynamic code chalange – response
- Dynamic password authentication with a simple XOR encryption function
- Dynamic Authentication with open password
- No Authorization
The level of security (authentication) must be selected in the configuration of each controller.
Selecting a security level implies the activation of earlier more secure methods .
Authentication to the system by chalange – response
This method involves receiving a unique code (dynamically changed) from the server when initiating a call by client applications.
Then the Client application must calculate the answer with the same algorithm as server (Ethernet controller or server software).
This algorithm is unique for each installation with the ability to change the encryption key.
The algorithm also depends on many parameters such as phone SMS gateway , timestamp , code ” Vendor / Reseller ” .
The client application must, within a couple of seconds give the correct answer, otherwise the connection is automatically dropped.
The server receives data from the client compares the difference of time – virtually impossible to send the same message again.
This protects eHouse smart home system against sabotage, other hackers, network retransmissions, rejecting all unauthorized connections from outside dedicated applications for eHouse system control .
The algorithm is then prevented from Ethernet sniffers , packet analyzers , spyware applications , viruses , trojans .
This encryption algorithm is dedicated only native applications eHouse system .
May be made available (by unique vendor key) on the basis of license agreements , directly to third parties developing software for automation eHouse.
It is the safest algorithm of communication with the LAN , WIFI , Internet , etc. .
Dynamic password authentication with a simple XOR encryption function
The algorithm is analogous to the previous one but the password is hashed ( encrypted ) in the client application simple XOR function with unique data received from server.
The client application encrypts the password constant dynamic code received from the server character by character . To the server are sent both questions and answers in order to check the time stamp.
This algorithm is relatively secure LAN , WIFI , Intranet .
This algorithm does not exclude chalange – response algorithm, which still can be used .
It is therefore safe to connect to the outside (the Internet) with a native application panels eHouse system by this method of authentication .
Dynamic Authentication with open password
The algorithm analogous to the preceding , however, the password is delivered directly to the uncoded way. The client software is repeated time stamp and then sends the password in clear text The timestamp is checked to ignore “packages of spirits” on the internet by preventing repeat the same package by hackers or as a result of irregularities link , retransmissions , etc. .
Due to the transmission of the password in clear text is a method not recommended for communications outside the closed and protected LANs .
The inclusion of this method also allows the use of previous methods.
No authentication is a method that allows to connect to the drivers by sending any string to the controller (lenth 13) .
This method is not recommended for normal operation of the system and only for development, testing software at the beginning in order to facilitate a fast start and easier for developers to the test eHouse environment.
The inclusion of this method also allows the use of all previous methods.
Using the last three methods in the applications, you can easily connect to controllers on both the LAN , WIFI , Intranet , Internet , however, because of the simple encryption algorithm is recommended to restrict communications to the secure LAN and WiFi . You can create your own programming algorithms, programming interfaces, web services running on the LAN and provides services outside providing its own security mechanisms like SSL , certificates , VPN , etc. .
Home Automation eHouse