S2 plugin updated to the latest, release notes updated.
Announcement
Collapse
No announcement yet.
Z-Wave Plugin with Security S2 Support (Beta)
Collapse
X
-
Guest
-
I can update the x86 version. Right now Silicon Labs (formally sigma), is forcing hubs to use the ZIP interface for controllers. This interface only runs on Linux. So software on Windows will need a new interface and it will be expensive. Also, it means a total re-write of our Z-Wave plugin, something we don't want to do (and don't need to do). The solution we have now cannot be certified (even though it works). So we are on hold as they may be changing this requirement. That is where we are at. Obviously they think that Z-Wave should only be support by small low powered hubs that run Linux and they don't want to support other OS's.
Comment
-
Originally posted by rjh View PostI can update the x86 version. Right now Silicon Labs (formally sigma), is forcing hubs to use the ZIP interface for controllers. This interface only runs on Linux. So software on Windows will need a new interface and it will be expensive. Also, it means a total re-write of our Z-Wave plugin, something we don't want to do (and don't need to do). The solution we have now cannot be certified (even though it works). So we are on hold as they may be changing this requirement. That is where we are at. Obviously they think that Z-Wave should only be support by small low powered hubs that run Linux and they don't want to support other OS's.
- Likes 1
Comment
-
Guest
Originally posted by rjh View PostI can update the x86 version. Right now Silicon Labs (formally sigma), is forcing hubs to use the ZIP interface for controllers. This interface only runs on Linux. So software on Windows will need a new interface and it will be expensive. Also, it means a total re-write of our Z-Wave plugin, something we don't want to do (and don't need to do). The solution we have now cannot be certified (even though it works). So we are on hold as they may be changing this requirement. That is where we are at. Obviously they think that Z-Wave should only be support by small low powered hubs that run Linux and they don't want to support other OS's.
what is the reason for this?
Comment
-
The reason is security, they created the code that does the encryption and want to limit where it ends up. But they did do a DLL that works on Windows, so maybe they just don't want to maintain the different versions. I think they feel that small low powered hubs is where the market is. So we would need to create a new Z-Net like device that Windows users would need to use. Its more work for us with no benefit over what currently exists.
I updated the X86 version, its in the updater now.
Originally posted by MattL0 View Post
Don’t they know the market? I’m sure they do...
what is the reason for this?
Comment
-
Originally posted by rjh View PostI can update the x86 version. Right now Silicon Labs (formally sigma), is forcing hubs to use the ZIP interface for controllers. This interface only runs on Linux. So software on Windows will need a new interface and it will be expensive. Also, it means a total re-write of our Z-Wave plugin, something we don't want to do (and don't need to do). The solution we have now cannot be certified (even though it works). So we are on hold as they may be changing this requirement. That is where we are at. Obviously they think that Z-Wave should only be support by small low powered hubs that run Linux and they don't want to support other OS's.
- Likes 1
Comment
-
Currently I am using the standard (S0) Z-Wave plugin. So far I have only had lights and sensors in my system, but I now want to include my Z-Wave capable smart locks (which do support S2). I can either include them with S0 (continue with existing plugin), or else switch to the S2 beta plugin. I have the Zooz S2 Z-Wave USB interface.
Keeping in mind the following:
- I am not concerned at all about anybody "snooping" my devices during the inclusion process (which I understand was the key issue with S0?)
- I am fine with my previously included lights and sensors to be in S0 mode, it would just be locks and future devices I would want to get on S2 security.
Questions:
1) Once the inclusion phase is completed, is S0 secure enough for locks, or could some two bit burgler unlock my doors using come easy common S0 exploit that would not work if I was on S2 ? (If the only real risk is during inclusion, I could just stick with S0)
2) If I upgrade to the S2 plugin, what happens to all of my already included devices (and all the events I they are in, etc, etc) ? Will they continue to work (in S0 mode)?
3) If I want to upgrade existing S0 devices to S2 (all my devices support S2), do I need to exclude and then reinclude, and redo all my associated events, custom strings, etc, etc - or is there a more seamless way to "upgrade" the security?
4) I understand Ztool does not support S2. If I am on the S2 plugin, can I still use Ztool to include S0 devices (where I don't care if they are S2 or S0) ?
5) How/Where do I add S2 devices (in S2 mode), if not with Z-Tool?
6) Are there are other benefits to S2 (such as speed/performance), other than the more secure including process, that would make it worthwhile to upgrade to S2?
Thanks!
/-Tim
Comment
-
My understanding of S2 is that S0 devices that aren't locks are entirely unencrypted, so the risk is any time any signal is sent to/from the device, not just during inclusion. The authenticated S2 mode is what protects device inclusion; adding an S2 node in unauthenticated mode is susceptible to inclusion-time sniffing, but assuming that's secure then the device is secure going forward.
But locks are always encrypted in S0, as far as I'm aware. I don't know enough about your other questions to answer them authoritatively.
Comment
-
Originally posted by rjh View PostThe reason is security, they created the code that does the encryption and want to limit where it ends up. But they did do a DLL that works on Windows, so maybe they just don't want to maintain the different versions. I think they feel that small low powered hubs is where the market is. So we would need to create a new Z-Net like device that Windows users would need to use. Its more work for us with no benefit over what currently exists.
I updated the X86 version, its in the updater now.
Comment
-
No, looks like ZIP is required. For us to support this it means a pretty much total re-write of the Z-Wave plugin, which will take months. And the result is something that no one is asking for. We can keep what we have now in sync with the standard Z-Wave plugin so those who want to use S2 can use it. But it will probably will never be a "certified" Z-Wave product. But you never know, there is always a chance they may relax the requirement for ZIP.
After HS4 is released, we may revisit this.
Originally posted by The Barnacle View Post
Any updates from Sigma? Or are they being stubborn and standing firm on the ZIP protocol?
Comment
-
Originally posted by rjh View PostNo, looks like ZIP is required. For us to support this it means a pretty much total re-write of the Z-Wave plugin, which will take months. And the result is something that no one is asking for. We can keep what we have now in sync with the standard Z-Wave plugin so those who want to use S2 can use it. But it will probably will never be a "certified" Z-Wave product. But you never know, there is always a chance they may relax the requirement for ZIP.
After HS4 is released, we may revisit this.
I'm going to try this S2 plugin to see if I get any better results with Siren6 and start trying t get as much as possible to either wired (via HS3 Arduino/Pi plugins) or Z-Wave S2.
Also something I CAN do in LINUX but NOT windoze.... HA ACTIVE/BACKUP clustering! I am working on install scripts and things to setup using a Pi3/4b as a backup cluster node with pacemaker/Linux HA when the interface is a Z-Net with the Primary node being a Fedora Core VM. Also lets not forget the possibility of a container based HSx install on a multi-system platform. Face facts.... win is more or less dead. Server side it's been dead for YEARS, just waiting for desktop side to finally fall over.
Honestly this win/lin issue really should be a moot point by now as windows is becoming nothing more than a poor clone of Linux with a overburdened inefficient interface. "Desktops" these days are rapidly moving to either Linux, Chrome OS, or Mac. A Raspberry Pi makes a FANTASTIC desktop and the 4b with 4GB RAM even more. Good luck running win on that! And NO I don't have SW issues as WINE has come a REALLY long way and what still is left not running on Linux (less and less each month) runs VERY well on WINE (YES INCLUDING O365/2016 as well as TONS of games, cad tools, etc). Been running ONLY Linux desktops since 2005 and have NEVER been hacked or EVER had to "reinstalll". Never had a single issue with HW drivers or magor version upgrades either since Fedora Core 6. FC6 to FC18 ran on a 2004 HP laptop with Pentium 4 200Mhz CPU and 2G RAM (which ran Starcraft 1 just fine) until I bought Starcraft II and "had" to get a Dell M6700 with FC18 that now runs FC30.
- Likes 2
Comment
Comment