Powerline Adapter Security

BRRABill

With all the non-security on most IOT things, I was wondering about the security (AKA encryption) of Powerline Adapters.

Every IOT product says they have encryption and are secure. But of course most IOT stuff is not.

How reasonable would it be to trust the security of the Powerline adapter?

Dashrender

There wouldn't be any more security in a powerline adapter than there would be on an ethernet cable. I suppose in ways it's worse than wireless or at least the same as unencrypted (open) wifi.

BRRABill

@Dashrender said

There wouldn't be any more security in a powerline adapter than there would be on an ethernet cable. I suppose in ways it's worse than wireless or at least the same as unencrypted (open) wifi.

The traffic between points is encrypted.

BRRABill

Dang, here's some info:
http://www.cise.ufl.edu/~nemo/papers/ISPLC2007_AV_Security.pdf

One of the things I never even thought of was that the system could be compromised if an attacker came into your house and paired their own Powerline adapter with your encryption key.

But that would mean they would have to be in your house and also have access to your other adapters. And still that would only give them access to the network itself.

scottalanmiller

@Dashrender said in Powerline Adapter Security:

There wouldn't be any more security in a powerline adapter than there would be on an ethernet cable. I suppose in ways it's worse than wireless or at least the same as unencrypted (open) wifi.

Tons more, actually. You can easily tap an Ethernet, you can't tap modern powerline as there is a VPN automatically engaged.

BRRABill

@scottalanmiller said

Tons more, actually. You can easily tap an Ethernet, you can't tap modern powerline as there is a VPN automatically engaged.

But do we trust that?

Like I said, most IOT stuff says "encrypted, blah, blah, blah" but either isn't, or is easily hacked other ways.

That paper seem to point that Powerline is pretty inherently secure.

scottalanmiller

@BRRABill said in Powerline Adapter Security:

@scottalanmiller said

Tons more, actually. You can easily tap an Ethernet, you can't tap modern powerline as there is a VPN automatically engaged.

But do we trust that?

Like I said, most IOT stuff says "encrypted, blah, blah, blah" but either isn't, or is easily hacked other ways.

What does random IoT gear have to do with this? It's straight VPN. If you don't trust VPNs, there is nothing to trust, right? We are talking IPSec here. If you feel that the protocol on which we depend doesn't work, then any concerns about security are pointless making powerline just as good as anything else.

scottalanmiller

@BRRABill said in Powerline Adapter Security:

That paper seem to point that Powerline is pretty inherently secure.

I assume by totally ignoring what makes it the most secure?

BRRABill

@scottalanmiller said

What does random IoT gear have to do with this? It's straight VPN. If you don't trust VPNs, there is nothing to trust, right? We are talking IPSec here. If you feel that the protocol on which we depend doesn't work, then any concerns about security are pointless making powerline just as good as anything else.

How is the encryption they implement between the two adapters a VPN?

scottalanmiller

@BRRABill said in Powerline Adapter Security:

@scottalanmiller said

What does random IoT gear have to do with this? It's straight VPN. If you don't trust VPNs, there is nothing to trust, right? We are talking IPSec here. If you feel that the protocol on which we depend doesn't work, then any concerns about security are pointless making powerline just as good as anything else.

How is the encryption they implement between the two adapters a VPN?

What do you mean? It's an IPSec VPN just like any other. I'm unclear what aspect would be in question.

scottalanmiller

You can, of course, run an IPSec VPN on every node over wired Ethernet too which would be nominally more secure than PowerLine, but no one does that and it's not all built in for you.

scottalanmiller

@BRRABill said in Powerline Adapter Security:

How is the encryption they implement between the two adapters a VPN?

I just realized... maybe the confusion is that you don't know that adapter to adapter encryption is just a way of saying "VPN"?

BRRABill

@scottalanmiller said

I just realized... maybe the confusion is that you don't know that adapter to adapter encryption is just a way of saying "VPN"?

Yes, I thought VPN was a specific mode/role, not all point-to-point encryption.

Nic

@BRRABill said in Powerline Adapter Security:

Dang, here's some info:
http://www.cise.ufl.edu/~nemo/papers/ISPLC2007_AV_Security.pdf

One of the things I never even thought of was that the system could be compromised if an attacker came into your house and paired their own Powerline adapter with your encryption key.

But that would mean they would have to be in your house and also have access to your other adapters. And still that would only give them access to the network itself.

Physical access trumps everything anyway.

JaredBusch

@Nic said in Powerline Adapter Security:

@BRRABill said in Powerline Adapter Security:

Dang, here's some info:
http://www.cise.ufl.edu/~nemo/papers/ISPLC2007_AV_Security.pdf

One of the things I never even thought of was that the system could be compromised if an attacker came into your house and paired their own Powerline adapter with your encryption key.

But that would mean they would have to be in your house and also have access to your other adapters. And still that would only give them access to the network itself.

Physical access trumps everything anyway.

Pretty much always.

scottalanmiller

@Nic said in Powerline Adapter Security:

@BRRABill said in Powerline Adapter Security:

Dang, here's some info:
http://www.cise.ufl.edu/~nemo/papers/ISPLC2007_AV_Security.pdf

One of the things I never even thought of was that the system could be compromised if an attacker came into your house and paired their own Powerline adapter with your encryption key.

But that would mean they would have to be in your house and also have access to your other adapters. And still that would only give them access to the network itself.

Physical access trumps everything anyway.

Yeah, of course that could be done. But if they were in your house and you had Ethernet, they'd just plug in and that would be far easier.

Alex Sage

The question is....

• How do we know that the signal stops at the meter?
• Could the people next door be connecting too?
• What about the power company?

I use and trust powerline networking. Great for a apartment, where you don't want to run cable, etc.

wirestyle22

@aaronstuder said in Powerline Adapter Security:

The question is....

• How do we know that the signal stops at the meter?
• Could the people next door be connecting too?
• What about the power company?

I use and trust powerline networking. Great for a apartment, where you don't want to run cable, etc.

I just run the cabling anyway. I have a full network rack in my living room above my TV.

travisdh1

@aaronstuder said in Powerline Adapter Security:

The question is....

• How do we know that the signal stops at the meter?

It doesn't. The signal goes all the way to the transformer (weather it's a useful signal or not.)

• Could the people next door be connecting too?

Possibly.

• What about the power company?

Almost definitely.

I use and trust powerline networking. Great for a apartment, where you don't want to run cable, etc.

I'd trust it as well, so long as the encryption is turned on.

wirestyle22

@travisdh1 @aaronstuder What about speed though? I always thought it was super gimped and should only be used in situations where wireless can't be used but you can't run cabling at all.