Central point for collecting pages discussing the design of OpenRemote security architecture and analyzing it for potential weaknesses.
Note that OpenRemote architecture consists of several independent components. These can be analyzed individually but ultimately the entire architecture and all component interactions need to be taken into account.
OpenRemote Controller
The security considerations for the initial versions of controller are restricted to authenticating with Online Manager and encrypting the communication between controller and online manager.
Both authentication and encryption are achieved via public-private key pair. On initial registration of the controller with online manager, the controller generates the PPK pair and sends its public key to online manager. Subsequent operations can be authenticated using this key pair.
Controller V0.1
In the initial design the public key of the controller is associated with its serial number in the online manager. The thinking behind this was that OpenRemote hardware was prebuilt and sold and therefore a unique serial number could be controlled and distributed with the physical box. However, as the project ideas solidified further, a do-it-yourself hardware model became available which invalidates this design assumption on a guaranteed unique controller serial number.
The benefit of this approach was that it reduced the required user interaction on installing the hardware. Typing an account key to register the controller was not necessary.
Controller V0.2
This version of controller software changes the assumptions from the previous version. On account creation, a user receives an account number from online manager. This account number must be entered to controller at installation for registration and association of the public key to the correct account. This change enables do-it-yourself hardware model where no unique account identifying information is guaranteed. The cost is additional step for the user who needs to enter account identifier at registration.
Measures Against Account Hijacking
TODO
