How Should WiFi Passwords be securely stored on micropython device?

General discussions and questions abound development of code with MicroPython that is not hardware specific.
Target audience: MicroPython Users.
spektro
Posts: 2
Joined: Fri Jan 17, 2020 7:38 pm

Re: How Should WiFi Passwords be securely stored on micropython device?

Post by spektro » Fri Jan 31, 2020 11:44 pm

How about this scenario:
ESP starts in AP mode. Let's call it #1
Another one ESP (#2) acts as credentials server.
#2 connects to #1 as soon as it discovers #1 is online in AP mode and sends it encrypted credentials.
#1 decrypts them with key stored in it's flash and connects to main WiFi.

Pros:
No flash chip contains valid credentials.
Credentials' server (#2) can be physically guarded.
Only one additional ESP per whole network (if whole area can be covered).
#1<>#2 communication can also be encrypted.
Decrypted credentials exist only in RAM.
Cons:
One additional ESP is needed. (Not necessarily, but one device in network must act as the credentials' server. It can be some other device doing some different stuff too.)
Credentials can be decrypted if somebody snatches ROM contains of both devices or ram contains of remote IoT station.

kevinkk525
Posts: 969
Joined: Sat Feb 03, 2018 7:02 pm

Re: How Should WiFi Passwords be securely stored on micropython device?

Post by kevinkk525 » Sat Feb 01, 2020 6:24 am

If someone has access to #2 then it won't really matter if the key is stored on the device or retrieved and stored in RAM. He could still get it, the effort just gets bigger.
Kevin Köck
Micropython Smarthome Firmware (with Home-Assistant integration): https://github.com/kevinkk525/pysmartnode

xenotek
Posts: 1
Joined: Mon Apr 20, 2020 9:38 pm

Re: How Should WiFi Passwords be securely stored on micropython device?

Post by xenotek » Mon Apr 20, 2020 9:43 pm

Noob here with micropython. Not at all pro in encryption.

How about saving the data in an encrypted sqlite db? Will this be secure enough?

User avatar
tve
Posts: 216
Joined: Wed Jan 01, 2020 10:12 pm
Location: Santa Barbara, CA
Contact:

Re: How Should WiFi Passwords be securely stored on micropython device?

Post by tve » Mon Apr 20, 2020 11:52 pm

The first question you need to ask is what the threat model is. I.e. what type of scenario are you trying to guard against?
Is the attacker in physical possession of the device or attacking it remotely?
If in physical possession, are you trying to protect the device content or the rest of your network?

Practically speaking I believe there are 3 reasonable stages:
- you put the pwd in plaintext on the device, if someone gets a hold of it and knows how to use it they have access to your wifi, you accept that risk
- you put the wifi pwd on the device and you consider your wifi insecure, WPA is just to keep the chaff out, you end-to-end encrypt between your device and your servers (HTTPS, MQTTS, WSS, etc), if someone hacks your device the access controls on your servers keep the damage under control and you revoke the access token or whatnot that your device uses
- you read-up on all the firmware encryption and locking that Espressif or other vendor provide and go down that (painful) path to make an (almost) totally hacker proof device

Sadly there's not a whole lot between steps 2 and 3 that isn't a lot more work for rather little gain. At least as far as I know.

tino84
Posts: 1
Joined: Fri Apr 09, 2021 1:45 pm

Re: How Should WiFi Passwords be securely stored on micropython device?

Post by tino84 » Fri Apr 09, 2021 1:46 pm

Just found this guide for the credentials in RAM solution:
https://randomnerdtutorials.com/micropy ... 2-esp8266/


Post Reply