Authentication and logging into the building automation controllers via TCP/IP | DIY – Smart Home, Home Automation, Building Management System

EHouse Building Automation System provides connectivity and Remote control of rooms over Ethernet , WiFi , Internet.

Reception status of the controllers can be obtained via broadcast UDP (without permanent connection) or by connecting to the server over TCP/IP.

Sending control commands to controllers is possible only after the TCP/IP which has a much higher connection reliability and enhances its security.

Connection to eHouse smart home controllers via TCP/IP requires authentication (logging ) to ensure the safety of the system including Lan , WIFI , Internet , Interanet.

Home Automation eHouse consists of Ethernet controllers (CommManager , LevelManager , EthernetRoomManager, etc.), which can be directly connected via an Ethernet network using TCP/IP.

Connectivity is established on the basis of Berkeley sockets using TCP/IP.

Each Ethernet controller of eHouse automation system has several TCP/IP servers to enable the establishment and maintenance of connections with several independent applications and control panels.

There are several ways to authorize eHouse system over TCP/IP:

Authentication method of dynamic code challenge – response
Dynamic authentication with password encryption function, with a simple XOR
open password authentication
No Authorization

The level of security (authentication) must be selected in the configuration of each controller.

Selecting a security level implies the activation of a more secure means of previous.

Authentication system using challenge – response

The method involves receiving a unique code (queries) from the server when the connection initiation by client applications.

Then the client application must calculate the answer to the algorithm according to Server (or controller TCP/IP server software).

The algorithm is unique for each installation of the system changes with the encryption key.

The algorithm also depends on many parameters such as SMS gateway telephone number, time-stamp , ” Vendor/Reseller ” code.

The client application must, within a couple of seconds give the correct answer, otherwise the connection is dropped.

The server receives the data from the client, compares the time and the difference , virtually impossible send the same message again.

It also protects , system against sabotage or other activities of hackers , rejecting all unauthorized connections from foreign systems and limit the system control from eHouse dedicated applications.

The algorithm is thus protected from the Ethernet sniffers , packet analyzers , Spyware applications , viruses , Trojans.

This encryption algorithm is the only dedicated native applications eHouse system.

It can be made available on the basis of license agreements , directly to third parties developing software for automation eHouse, and selling eHouse Controllers under their own branch.

It is the safest algorithm in communication with the LAN , WIFI , Internet, etc..

Dynamic authentication function with password encryption hashed by a simple XOR

The algorithm is similar to the previous but the password is encrypted by the client application with simple XOR function character by character.

The client application encrypts constant password with dynamic code received from the server character by character.

Answer is sent to the server as both the request and response in order to check the time stamp.

This algorithm is relatively safe in LAN , WIFI , Intranet.

This algorithm does not exclude more secure autentication algorithm for communications, which still can be used.

Thus it is possible to securely connect to the outside (the Internet) with a native eHouse panel application system authentication method.

Open password Authentication

Algorithm similar to the previous but the password is put in unencrypted way . The client software is repeated time stamp and then sends the password in clear text.

The time stamp is checked to ignore “spirit packages” on the internet by preventing repeat the same package by hackers or by failure links , retransmissions, etc. .

Due to the transmission of passwords in clear text is a method not recommended for communications outside the closed and secured LAN.

When enabled, this method also allows the use of previous methods (more secure).

No Authorization

No authentication is a method that allows you to connect to any of the controllers by sending a string to the controller (13).

This method is not recommended for normal operation, and only for testing at the beginning of development, in order to facilitate a quick start and make it easier for developers to test eHouse environment .

When enabled, this method also allows the use of all previous methods.

The use of the last three methods makes it easy for controllers to connect to both the LAN , WIFI , Intranet , Internet, however, because of a simple encryption algorithm is recommended to limit the connectivity to the secure LAN and WiFi.

You can create your own programming algorithms , programming interfaces , Web Service running on the LAN and provides services outside of providing its own security mechanisms like SSL , certificates , VPN , etc . for increasing connection security.
Home Automation eHouse