Secure use of remote control ?
-
wrote on 2 Jun 2025, 08:00 last edited by
Hi Raspberry Pi Community,
I would like to use radio remote's control to trigger an events on my Raspberry pi.
I guess I'll go with 433Mhz as I believe they are the most common available ?
So I will need a 433Mhz RX/TX Module to connect on the GPIO, so far I get it...
But how properly secure the communication between those remotes and the RPI to avoid any anyone to sniff the transmitting and replay it. In other words spoof it.
Wubba Lubba dub-dub...
-
Hi Raspberry Pi Community,
I would like to use radio remote's control to trigger an events on my Raspberry pi.
I guess I'll go with 433Mhz as I believe they are the most common available ?
So I will need a 433Mhz RX/TX Module to connect on the GPIO, so far I get it...
But how properly secure the communication between those remotes and the RPI to avoid any anyone to sniff the transmitting and replay it. In other words spoof it.
Wubba Lubba dub-dub...
wrote on 2 Jun 2025, 08:22 last edited byRolling codes may protect you from a replay attack, but if the attacker is more sophisticated and has worked out the algorithm, then they can send the commands and effectively lock you out.
Is Bluetooth no good? Lots of protection baked in already.
-
Hi Raspberry Pi Community,
I would like to use radio remote's control to trigger an events on my Raspberry pi.
I guess I'll go with 433Mhz as I believe they are the most common available ?
So I will need a 433Mhz RX/TX Module to connect on the GPIO, so far I get it...
But how properly secure the communication between those remotes and the RPI to avoid any anyone to sniff the transmitting and replay it. In other words spoof it.
Wubba Lubba dub-dub...
wrote on 2 Jun 2025, 09:07 last edited byDoes it have to be radio? Maybe infrared would be enough? You could use a TSOP 2438 as a receiver and any old IR remote.
-
Hi Raspberry Pi Community,
I would like to use radio remote's control to trigger an events on my Raspberry pi.
I guess I'll go with 433Mhz as I believe they are the most common available ?
So I will need a 433Mhz RX/TX Module to connect on the GPIO, so far I get it...
But how properly secure the communication between those remotes and the RPI to avoid any anyone to sniff the transmitting and replay it. In other words spoof it.
Wubba Lubba dub-dub...
wrote on 2 Jun 2025, 09:13 last edited byMight be a good use for PGP. The signal can be snooped and spoofed, but the messages should be end-to-end encrypted.
-
Hi Raspberry Pi Community,
I would like to use radio remote's control to trigger an events on my Raspberry pi.
I guess I'll go with 433Mhz as I believe they are the most common available ?
So I will need a 433Mhz RX/TX Module to connect on the GPIO, so far I get it...
But how properly secure the communication between those remotes and the RPI to avoid any anyone to sniff the transmitting and replay it. In other words spoof it.
Wubba Lubba dub-dub...
wrote on 2 Jun 2025, 10:07 last edited by hendrik@palaver.p3x.de 6 Feb 2025, 07:14You'd use one of the rolling code mechanisms like in a keyless entry system, garage door opener or a car key fob. Maybe symmetric or asymmetric cryptography instead or on top. Depends on the exact use-case. But you'd have to build the remote yourself, I don't think that's in the readily available consumer products.
If you want it less complicated, have a look at Bluetooth or ESP-NOW. Wifi and Bluetooth and other protocols have encryption handled for you.
-
Might be a good use for PGP. The signal can be snooped and spoofed, but the messages should be end-to-end encrypted.
wrote on 2 Jun 2025, 10:38 last edited byOnly problem with just using just pgp is that the signal would be vulnerable to a replay attack. I feel like a rolling code that's encrypted using PGP might be the way so that the replay attack part is gotten rid of.
All that's to say, there's probably some technical paper that details the best way to set up a system like this.
-
Only problem with just using just pgp is that the signal would be vulnerable to a replay attack. I feel like a rolling code that's encrypted using PGP might be the way so that the replay attack part is gotten rid of.
All that's to say, there's probably some technical paper that details the best way to set up a system like this.
wrote on 2 Jun 2025, 14:12 last edited byCould it only accept serialized messages? Once it’s received a message, never accept the same exact message again.
-
Could it only accept serialized messages? Once it’s received a message, never accept the same exact message again.
wrote on 2 Jun 2025, 17:04 last edited byWell then you'd have to keep track of all messages recieved. An easier option might just be to sign the current system time, make sure the clocks are synchronized, and accept a +/- 1 second wiggle
-
Well then you'd have to keep track of all messages recieved. An easier option might just be to sign the current system time, make sure the clocks are synchronized, and accept a +/- 1 second wiggle
wrote on 2 Jun 2025, 17:36 last edited byWouldn’t it just need to know which is the highest message number it has seen? And then don’t accept that one or any lower ever again?
If the count is within the encrypted message, no one can spoof anything higher.
-
Wouldn’t it just need to know which is the highest message number it has seen? And then don’t accept that one or any lower ever again?
If the count is within the encrypted message, no one can spoof anything higher.
wrote on 2 Jun 2025, 22:34 last edited byOh fair good point
-
Rolling codes may protect you from a replay attack, but if the attacker is more sophisticated and has worked out the algorithm, then they can send the commands and effectively lock you out.
Is Bluetooth no good? Lots of protection baked in already.
wrote on 3 Jun 2025, 09:29 last edited byIs Bluetooth no good? Lots of protection baked in already.
Well, if you have a 2 way communication capability anyway, it's not particularly difficult to implement a key exchange, followed by data transmission using a temporary key, similar to HTTPS
-
Rolling codes may protect you from a replay attack, but if the attacker is more sophisticated and has worked out the algorithm, then they can send the commands and effectively lock you out.
Is Bluetooth no good? Lots of protection baked in already.
wrote 26 days ago last edited byI'm open to all solutions
But it there some ready Bluetooth remote pilot existing ? -
Wouldn’t it just need to know which is the highest message number it has seen? And then don’t accept that one or any lower ever again?
If the count is within the encrypted message, no one can spoof anything higher.
wrote 26 days ago last edited byI don't think this work's if you have multiple remote pilot tough...
-
You'd use one of the rolling code mechanisms like in a keyless entry system, garage door opener or a car key fob. Maybe symmetric or asymmetric cryptography instead or on top. Depends on the exact use-case. But you'd have to build the remote yourself, I don't think that's in the readily available consumer products.
If you want it less complicated, have a look at Bluetooth or ESP-NOW. Wifi and Bluetooth and other protocols have encryption handled for you.
wrote 26 days ago last edited byThanks hendrik
But you’d have to build the remote yourself
maybe in the future, but I don't have the time for it now...
\have a look at Bluetooth or ESP-NOW. Wifi and Bluetooth and other protocols have encryption handled for you.
So it their Bluetooth or WiFi remote pilot existing for that ?
-
I'm open to all solutions
But it there some ready Bluetooth remote pilot existing ?wrote 26 days ago last edited byNot really read up on it yet, but can you do serial over Bluetooth? Quick Google gave me this: https://raspberry-projects.com/pi/pi-operating-systems/raspbian/bluetooth/serial-over-bluetooth
There may even be an android app that could help.
Suppose it depends on the scope of your project.Funnily enough I may have to do something with this tech myself later in the year.
-
I don't think this work's if you have multiple remote pilot tough...
wrote 26 days ago last edited byEach remote could have an ID number it sends.