Comment by Animats

Comment by Animats 3 hours ago

4 replies

View on Hacker News

It's not encryption that's needed. It's authentication. How do you decide who's allowed to join your mesh if it runs on WiFi discovery?

hannesfur 2 hours ago

Like others suggested a basic step would be to use a certificate based approach where a company (or basically any deployment) gives out certificates for robots allowed to join and you only communicate with them.

Reply View 3 replies
  • Animats 2 hours ago

    But how do you distribute the certificates? It's cold-starting peer to peer distributed systems that's hard.

    Reply View 2 replies
    • hannesfur 2 hours ago

      When you setup the robots you could load them with the PKI and then load each other robot joining with a signed certificate. Not ideal, I admit.

      Another way would be to somehow prove that you belong.

      Reply View 1 reply
      • Animats an hour ago

        This is a general problem with all federated systems.

        It's annoying that we don't have a decent solution to this even for home automation. You ought to be able to take a "house ID key", probably a Yubikey, and present it to all your devices to tell them "you're mine now". Then they can talk to each other.

        There are military cryptosystems which have such hardware. There's a handheld device called the Simple Key Loader.[1] That's what's used to load secure voice keys into radios, encrypted GPS keys into GPS units, identify-friend-foe codes into aircraft, and such. It's 15 years old, runs Windows CE, has a screen with a pen, and is far too big. The Tactical Key Loader is smaller and simpler.[2] 7 buttons and a small screen. About the same size as a Flipper Zero, but ruggedized and expensive.

        [1] https://info.publicintelligence.net/SKLInstructionGuide.pdf

        [2] https://www.l3harris.com/all-capabilities/kik-11-tactical-ke...

        Reply View 0 replies