Node locking

Collaboration diagram for Node locking:

Detailed Description

These options control node lock related configurations.

This feature locks a node that suspect itself for being under some form of attack.

This is achieved by having a counter stored in EEPROM which decrements when suspicious activity is detected.

If the counter reaches 0, the node will not work anymore and will transmit a I_LOCKED message to the gateway/controller with 30 minute intervals. Payload is a string with a reason for the locking.

The string is abbreviated to accommodate a signature. The following abbreviations exist at the moment:

• LDB (Locked During Boot)
• TMNR (Too Many Nonce Requests)
• TMFV (Too Many Failed Verifications)

Typically, the counter only decrements when suspicious activity happens in a row. It is reset if legit traffic is present.

Examples of malicious activity are:

• Repeatedly incorrectly checksummed OTA firmware
• Repeated requests for signing nonces without properly signed messages arriving
• Repeatedly failed signature verifications

If counter reaches zero, node locks down and EEPROM has to be erased/reset to reactivate node. Node can also be unlocked by grounding a pin.

See also

MY_NODE_UNLOCK_PIN

The size of the counter can be adjusted using MY_NODE_LOCK_COUNTER_MAX.

Macros
#define	MY_NODE_LOCK_FEATURE
	Enable this to activate intrusion prevention mechanisms on the node.
#define	MY_NODE_UNLOCK_PIN   (14)
	By grounding this pin during reset of a locked node, the node will unlock. More...
#define	MY_NODE_LOCK_COUNTER_MAX   (5)
	Maximum accepted occurrences of suspected malicious activity in a node. More...

Macro Definition Documentation

MY_NODE_LOCK_COUNTER_MAX

#define MY_NODE_LOCK_COUNTER_MAX   (5)

Maximum accepted occurrences of suspected malicious activity in a node.

Counter decrements on reoccurring incidents but resets if legitimate behaviour is identified.

Definition at line 1998 of file MyConfig.h.

MY_NODE_UNLOCK_PIN

#define MY_NODE_UNLOCK_PIN   (14)

By grounding this pin during reset of a locked node, the node will unlock.

If using a secure bootloader, grounding the pin is the only option to reactivate the node. If using stock Android bootloader or a DualOptiBoot it is also possible to download a sketch using serial protocol to erase EEPROM to unlock the node.

Definition at line 1988 of file MyConfig.h.