• Resolved

How does TI CC3000 wifi smart config work on wpa2 encrypted home network ?

Hi ,

I asked this question in stackoverflow and they suggested me to ask the same here for more details.

Link to the question http://electronics.stackexchange.com/q/61704/1705

Summary :

Since the smart config does not disconnect my smartphone network connection to my home router (which is using wpa2-personal ).

How does the cc3000 chip decrypt the raw packet to extract the information ?

  •  Hi,

    Unfortunately, the configuration algorithm is under patent thus can't be exposed.

    Yael

  • In reply to Yael Oz:

    A defining feature of a patent is public disclosure.

  • In reply to Yael Oz:

    What's the patent number? Could you offer a link?

  • In reply to blues andrews:

    Hi All,

    Actually, I'm not sure if Smartconfig is under patent, but the algorithm is proprietary. This is also for security purposes :)

     

    Thanks,

    Aaron

      ***  Please click the Verify Answer button on a post if it answers your question.   ***
                                                                                                                                             

  • In reply to made4engineering:

    The comments from TI employees in this post seem rather odd.

    First Yael Oz claims "the configuration algorithm is under patent thus can't be exposed".

    To which Duncan McKee points out the obvious, i.e. that a "defining feature of a patent is public disclosure."

    Then a second TI employee claims "the algorithm is proprietary. This is also for security purposes :)"

    I hope this isn't true - the security bit - as I think TI is smart enough to know no one really takes security through obscurity seriously:

    http://en.wikipedia.org/wiki/Security_through_obscurity

    I don't think this is true and TI actually do provide a lot of information about what's going on during CC3000 setup:

    Reading through this one gets the disturbing impression that without AES enabled your wifi password will be visible during the setup process to anyone who cares to listen out for the relevant probe requests.

    This is not so if one uses AES but this rather reduces the whole convenience factor behind the CC3000.

    If using AES it seems one somehow has to ship a unique AES key with each device shipped, e.g. printed on a sticker on the side of the device.

    This key will need to be long-ish and will need to be typed in, in addition to the actually SSID and password of the wifi network that the user is interested in getting their device connected to.

    Using the same key for every models of a given product would of course defeat the point. E.g. if all models of product X used the same key, then I could just buy one of these products, determine the key and then use it to decode the wifi probes sent out during the setup process when someone installed product X anywhere. One could keep the AES key "secret" - hard coded in both the device and the related smartphone app, but this kind of security through obscurity usually doesn't work very well (the key always somehow eventually leaks).

  • In reply to George Hawkins:

    Hi,

    The smart config operation is indeed described in the wik pages listed above, but the algorithm of how the CC3000 decrypts the information of what the application transmits can't be shared.

    The application transmits multicast packets with "encrypted" information, which later is "decrypted" by the CC3000 to detect all required information.

    Regards,

    Tomer

  • In reply to Tomer Kariv53:

    small correction, the packets transmitted are not multicast packets.

  • In reply to Tomer Kariv53:

    Tomer Kariv says "but the algorithm of how the CC3000 decrypts the information of what the application transmits can't be shared."

    Sorry but the http://processors.wiki.ti.com/index.php/CC3000_Smart_Config page I referred to above clearly states that you can choose between no encryption or use AES-128 encryption.

    The AES encryption algorithm is not a non-shareable TI secret, rather it is a well understood algorithm developed by the U.S. National Institute of Standards and Technology.

    For clear details of how AES encrypts and decrypts data see:

    http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

    The security of AES is a property of the mathematics involved and not of keeping its implementation secret.

    What has to be kept secret is the key - but it is up to device developers using the CC3000 to choose the key, it is not part of the CC3000 implementation.

    See the example screenshot here that shows the field where you enter the AES key if you're using AES encryption:

    http://processors.wiki.ti.com/index.php/CC3000_Smart_Config#Examples_using_IOS.5CAndroid.5CPC_devices

    Regards,

    /George

  • In reply to George Hawkins:

    George,

    You misunderstood my intention. The AES encryption is definitely not TI's patent, but is unrelated to how the smartconfig decrypts the data.

    The AES encryption, which can be enabled and used in the smartconfig algorithm only gives additional encryption, but even without using it, the question is how a simple link device can connect to a certain AP without knowing the required SSID and password. The answer to that is the algorithm developed by TI, and which can not be shared. 

    I hope this clarifies it better now.

    Regards,

    Tomer

  • In reply to Tomer Kariv53:

    Actually it's more interesting than all that.

    The question is not about the AES bit.

    The question is how the iphone / andriod / java app gets information to the CC3000 even though the CC3000 has not connected to the given network. 

    That is, the Iphone (say) is connected via security (WPA2 etc) to the router.  Fine.  The CC3000 is NOT connected to the same router (that's the problem we need to solve).

    Somehow, the CC3000 gets information transferred from the iPhone app. The information can be AES encrypted or not, but either way, the magic is getting it over the wifi connection, for which the CC3000 cannot access at the start of the process.

    Now, WPS does the same sort of thing - it transfers information from the router (normally) to a device without anyone having to know what the actual WPA2 security settings are (although there is normally a "pin").

    The Smart Config iPhone side needs to know the IP address of the router, so the router must be involved somehow.