Meshtastic Capabilities

Hello every one,
I am new here.

I have been reading about Meshtastic and watching videos on it as much as I can. I mostly understand the concept, but their are a few things I still don’t under stand. I have not purchased any hardware yet.

I want to set up private messaging network, and use several solar t beam relay nodes to extend the range.

Question 1. How are relay nodes configured? Are they configured the same way you configure the board that you keep with your phone? Can they also be configured with android app? Do they use Bluetooth also? Every use case I looked up on youtube only demonstrated a t beam connected to each phone for simple two way communication between the phones, the videos didn’t explain how to set up multiple relay nodes in between the two phones.

Question 2. If someone hostile to the network captures a relay node hidden in a tree or somewhere, will they be able to view the network’s messages on the tbeam’s soldered screen? Will they be able to compromise the network in any other way if they capture a relay node?

Any other info you have on relay nodes and setup would be appreciated.

Thanks.

The router setting manages sleep since it assumes you won’t be using wifi or BLE, otherwise they act like any other node.

If someone hostile to the network captures a node, can they intercept messages?

Yes of course they can they are on the network

This seems like kind of a deal killer to me. If I build a solar relay node and hide it in a tree, I have no way to know if anyone is physically there monitoring the messages it is relaying to other people on the network. Kind of kills the point of “end to end encryption”.

And your argument, that simply because something is on a network, its data is accessible to anyone who physically accesses it doesn’t make sense. If I build an encrypted server, and someone breaks into the building, that doesn’t necessarily mean any data was compromised. So, I especially don’t understand the " of course" in your statement, as I have previously stated I am brand new to this, know very little about this technology, and haven’t purchased any mesh hardware of my own yet.

Once somebody physically has one of your devices your network has been compromised.

if you don’t need to decode the payloads on the node you can change the PSK (keeping all other channel settings), but physical access should be considered total access.

Roger that, thanks.
Do you have any ideas for a work around? I would ideally like to put together a network that spans several miles, but it would require putting relay nodes on public land that anyone could have access to.

You can add another layer of encryption by using any app that encrypts and decrypts text. You can then share this key with other users of your network.

1 Like

Do you know of an open souce app based on GNUpg that can run on andoid, or something similar?

@AndreK @garth @kokroo Thinking out loud, this is an interesting use case.

If Meshtastic were used for just the physical layer of which clients (like phones) use to transfer data, it would be possible for the clients to manage encryption outside of encryption provided by the transport.

It may end up being double encryption, but that’s not bad.

This would also mean that the devices can’t decode the payload and that’s ok.

This would need a dedicated port so the messages port isn’t cluttered, but that would be the only change required on the device.

If something like this, may be better using public/private key cryptography instead of pre shared key cryptography.

Now that I think of it, this is exactly like how our IP transport layer works.

MMMmmm…

1 Like

This is what ATAK does without us doing anything right?

I view many of these security suggestions as theater, this thread and others like it are full of false security assumptions (encryption means end to end encryption, dev boards can be secured once someone has physical access)

This is the security that is actually in place now

There is a whole section that is several years old on possible future areas of work (if there is enough interest). There have been some additional suggestions / issues created in what I consider the theater category but nobody has ever dug in and done any of the actual work. I would suggest this is a pretty strong indication that there is not a lot of real interest in this, especially with ATAK being available.

What does a relay node need to change from a message payload before repeating it, beside the hop count ?

From what I understand so far, a relay needs to listen to a LoRa channel for incoming packets, then filter Meshtastic messages, and repeat them decreasing the hop count. In this case, it should be possible repeat messages whose payload can not be decoded, isn’t it ?

BTW, for those interested, here are some thoughts about more clear separation between LoRa channels and Meshtastic channels : Encryption / Secondary Channels - #9 by Eagle

Cheers

1 Like

How is asking about keeping about keeping physical access to a node encrypted, theatre? Seems like a legit concern.

1 Like

Lol, yes. You are essentially talking about off grid decentralized internet.

Encrypting a string of text with a pre shared key is probably the fastest work around, assuming I can find a good open source app. Just copy and paste between encryption app and Meshtastic app.

I guess I could get a terminal shell and run gpg command line on the phone for encrypting and decrypting strings, but that would definitely hurt ease of use.

1 Like

@Edward you might find Reticulum Network Stack | unsigned.io interesting.

I’m hopeful Meshtastic might one day use it, but the C port needs to be completed first

2 Likes

Okay found a great app for this.
Open key chain. It is open source and uses gpg encryption standards.

For predetermined passwords

1 Install and open app

2 Go to side menu. Hit encrypt/decrypt

3 Hit encrypt text

4 Change settings to “use password”

5 Enter password and the string of text to encrypt, and hit button to copy encrypted text to clipboard

To decrypt

1 copy encrypted text and open openkeychain

2 go to side menu, hit encrypt/decrypt

3 select read from clipboard. Enter in password

The app also supports signing with public and private keys etc. Their is also an app called pgp clipper that should integrate this more seamlessly with the clipboard, but I haven’t figured out how to use it yet.

It seems that running this setup on a secure hardened, degoogled, android, like GrapheneOS, should makes this Meshtastic use case pretty freaking end to end secure, without any “theatre”.

If I get physical access to your android phone or windows laptop with boot loader security, I still have a decent chance of being able to compromise your device. Pretending that a captured dev board with zero boot protections can be secured once somebody has physical access is theater.

The Android phone won’t be the device on a solar panel hidden in the woods. And hardened android with a secure boot loader, and enhanced verified boot is pretty good anyway. GrapheneOS uses an enhanced version of the modern filesystem-based disk encryption implementation in the Android Open Source Project. The officially supported devices have substantial hardware-based support for enhancing the security of the encryption implementation. GrapheneOS has full support for the hardware-based encryption features just as it does with other hardware-based security features.

The data partition stores all of the persistent state for the operating system. Full disk encryption is implemented via filesystem-based encryption with metadata encryption. All data, file names and other metadata is always stored encrypted. This is often referred to as file-based encryption but it makes more sense to call it filesystem-based encryption. It’s implemented by the Linux kernel as part of the ext4 / f2fs implementation rather than running a block-based encryption layer. The advantage of filesystem-based encryption is the ability to use fine-grained keys rather than a single global key that’s always in memory once the device is booted.

Disk encryption keys are randomly generated with a high quality CSPRNG and stored encrypted with a key encryption key. Key encryption keys are derived at runtime and are never stored anywhere.

File data is encrypted with AES-256-XTS and file names with AES-256-CTS. A unique key is derived using HKDF-SHA512 for each regular file, directory and symbolic link from the per-profile encryption keys, or the global encryption key for non-sensitive data stored outside of profiles. The directory key is used to encrypt the file names. GrapheneOS increases the file name padding from 16 bytes to 32 bytes. AES-256-XTS with the global encryption key is also used to encrypt filesystem metadata as a whole beyond the finer-grained file name encryption.

The OS derives a password token from the profile’s lock method credential using scrypt. This is used as the main input for key derivation.

The OS stores a high entropy random value as the Weaver token on the secure element (Titan M on Pixels) and uses it as another input for key derivation. The Weaver token is stored alongside a Weaver key derived by the OS from the password token. In order to retrieve the Weaver token, the secure element requires the correct Weaver key. A secure internal timer is used to implement hardware-based delays for each attempt at key derivation. It quickly ramps up to 1 day delays before the next attempt. Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots. The secure element also provides insider attack resistance preventing firmware updates before authenticating with the owner profile.

Standard delays for encryption key derivation enforced by the secure element:

  • 0 to 4 failed attempts: no delay
  • 5 failed attempts: 30 second delay
  • 6 to 9 failed attempts: no delay
  • 10 to 29 failed attempts: 30 second delay
  • 30 to 139 failed attempts: 30 × 2⌊(n - 30) ÷ 10⌋ where n is the number of failed attempts. This means the delay doubles after every 10 attempts. There’s a 30 second delay after 30 failed attempts, 60s after 40, 120s after 50, 240s after 60, 480s after 70, 960s after 80, 1920s after 90, 3840s after 100, 7680s after 110, 15360s after 120 and 30720s after 130
  • 140 or more failed attempts: 86400 second delay (1 day)

Invalid input outside the minimum or maximum length limits of the UI won’t trigger an attempt at authentication or key derivation.

The password token, Weaver token and other values like the OS verified boot key are used by the TEE as inputs to a hardware-bound key derivation algorithm provided by the SoC. The general concept is having the SoC perform hardware accelerated key derivation using an algorithm like AES or HMAC keyed with a hard-wired hardware key inaccessible to software or firmware. This is meant to prevent offloading a brute force attack onto more powerful hardware without an expensive process of extracting the hardware key from the SoC.

But, the point is if someone captures the relay node when messages are encrypted with gpg the only thing they will see is:

-----BEGIN PGP MESSAGE-----

jA0ECQMCybZb1DYq079g0kMB/Brl/vkjVWQj84NhBkDHwrPT8jP7aryXS2Jn0oQk
K+u3L1OcC6lXcOMpAliW+bAQmq/gTKuwPt8zefzB9MEKiUHz
=vtLv
-----END PGP MESSAGE-----

The node will be the hardware hidden in the woods, not the android.

@Edward It’s not theater. I agree with you, this should work by default.

This app seems to be one that makes it easy to encrypt/decrypt: https://play.google.com/store/apps/details?id=com.deeppradhan.encrypt_decrypt&hl=en&gl=US

@garth A device physically captured may be breached with some effort, but I don’t think anyone reasonably expects safety at the time of physical capture of the phone.

@mc-hamster It needs to be implemented somewhat similarly to encryption. A layer of user-supplied encryption over the payload. The nodes themselves won’t be able to decode the message and display it.

2 Likes