Z-Wave encryption types

Off-Topic
1

Not sure it’s described anywhere (feel free to point me to the documentation) but I was wondering what each encryption type on https://tools.developer.homey.app/tools/zwave means, so it you are like me, here you go :

  • Secure (Authenticated): This indicates that the device uses basic Z-Wave security (sometimes referred to as S0). It provides encryption for network-wide communication but was susceptible to certain hacking techniques.
  1. Basic Encryption: This is the original form of Z-Wave security (S0). It encrypts all network-wide communication, preventing eavesdropping on the basic commands sent to Z-Wave devices.*
  2. Vulnerability:* This method was found to be susceptible to hacking techniques like “man-in-the-middle” attacks in certain situations.
  • Secure (Access): This is similar to “Secure (Authenticated)” (S0) but offers some additional security features aimed at preventing unauthorized control of specific devices (like door locks).
  1. Targeted Protection: This is a slightly enhanced version of S0 security focusing specifically on commands that can be used to control access-sensitive devices, such as door locks and some sensors.
  2. Partial Encryption: It doesn’t encrypt every single command like Secure (Authenticated) S0, rather it focuses on the most critical commands to provide some additional protection.
  3. Still Considered Weak: Similar to Secure (Authenticated) S0, this variation is also considered less secure than the newer S2 standard.

  • Secure (⨯): This flag typically means there’s no encryption in place for communication with that device. Data is transmitted in plain text and could be intercepted.

  • Secure (S2 (Authenticated)): This is the newer and significantly more robust Z-Wave S2 security framework. It uses strong encryption (AES-128) and improved authentication methods to mitigate previous vulnerabilities.

Compatibility / communication

  • Basic Communication: Z-Wave devices with different security levels (S0, S2, no security) can still communicate at a basic level. They can exchange status updates, simple commands, and general network information.

  • Secure Commands: Here’s where the difference lies:

    • S0 to S0: Devices using either Secure (Authenticated) S0 or Secure (Access) S0 can exchange secure commands between them.
    • S2 to S0: S2 devices can send unencrypted commands to S0 devices, but not vice versa. S0 devices cannot initiate secure communication with S2 devices.
    • No security to S0/S2 Devices without encryption can send commands to both S0 and S2 devices, but the communication will be unencrypted.

Impact of Security Types on mesh routing

  • S2 Strength: Devices using S2 security provide the most reliable routing. They have robust communication and error-checking, ensuring messages are delivered successfully even with multiple hops.
  • S0 Considerations: While devices with S0 security can function as repeaters, communication may be slightly less reliable. Potential vulnerabilities in S0 could lead to occasional message failures.
  • Unencrypted Devices: Devices without encryption can also act as repeaters. However, this introduces a security risk, as unencrypted data can be intercepted when being relayed across the mesh.
1 Like
2

Now, if someone would be able to explain to me, why some of my FGR-223, supporting S2, are added as Secure (S2 (Authenticated)), while some others are added as Secure (Authenticated) ?

I also recall I saw some decryption errors during Homey start (in the homey log), any thoughts on this ?

Would be best to have all S2, based on the information above. How to achieve that on HP23 ?

3

Secure (S2 (Authenticated)) and Secure (Authenticated) are exactly the same, but included on a different Homey version.
Athom removed the S2 marking in 1 of the firmware updates, for whatever reason, but both are still S2 only.
But isn’t updated for already included devices.

S0 has no authentication (DSK codes), as that support was only added with S2.

There are only 4 different security levels:

  • Sx:
    • Unsecure = oldest
    • Secure (x) = What it is now
    • x = mistakes were made, was only short lived);
  • S0:
    • Secure = old
    • Secure (S0) = new (not sure if it still is, all S0 are included unsecure, have not seen any apps that enabled the secure inclusion)
  • S2 (Authenticated):
    • Secure (S2 Authenticated) = old
    • Secure (Authenticated) = new
  • S2 (Unauthenticated):
    • Secure (S2 Unauthenticated) = old
    • Secure (Unauthenticated) = new

They are all susceptible to the man in the middle attack, but Secure (S0) (just 128 AES encryption) and S2 security (128 AES encryption with additional Elliptic Curve Diffie-Hellman key exchange) are encrypted, if you know the used key, you can determine what the message is, S0 encryption key is relatively easy to figure out with the current calculation power devices have nowadays.
S2 is a lot harder as the encryption is a lot stronger and the used decryption key constantly changing, and the authenticated one (using the DSK key) is practically impossible as the DSK key is only used/shared during pairing, but used in the Elliptic Curve Diffie-Hellman key exchange.

2 Likes
4

Thank you. Well, I migrated from HP19 year ago…will probably re-add S2 after checking the logs, there were some encapsulations errors right after start but don’t recall exactly, if it was realated to same nodes. Strange is that I was not adding all non-S2 devices on HP23 yet still see the difference for whatever reason.

5

Fantastic overview, thank you ! :+1: