an example implementation of an Security Watcher Class which tries to predict DOS and Delay Attacks. More...

#include <eoWatcher.h>

Inheritance diagram for eoWatcher:

Collaboration diagram for eoWatcher:

Public Member Functions
	eoWatcher (uint32_t denialWarnCount, uint32_t denialTickBetween)

EO_SEC_WATCH_RESULT	AddDevice (uint32_t const DeviceID, uint32_t const maxPerdiodTime, uint32_t const minPeriodTime, uint32_t const maxRLCDiff, uint32_t const maxWrongCmac, bool resetPeriod)
	Adds a Device to watch. More...

EO_SEC_WATCH_RESULT	UpdateDevice (uint32_t const DeviceID, uint32_t const maxPerdiodTime, uint32_t const minPeriodTime, uint32_t const maxRLCDiff, uint32_t const maxWrongCmac, bool resetPeriod)
	Update device Information. More...

void	RemoveDevice (uint32_t const DeviceID)
	Remove a device. More...

uint32_t	CheckSecurity (eoDevice const *const device, eoTelegram const &tel)
	checks the Security of a Device after Receiving a telegram. More...

EO_SEC_WATCH_RESULT	Reset (uint32_t const DeviceID)
	Reset security parameters. More...

bool	CheckDeadDevices (std::vector< uint32_t > &deadDevicesVector)
	Check for dead Devices. More...

void	SetDenialWarnCount (uint32_t const warnCount)

uint32_t	GetDenialWarnCount () const

void	SetDenialTickBetween (uint32_t const tickCount)

uint32_t	GetDenialTickBetween () const

uint8_t	Serialize (eoArchive &arch)

Additional Inherited Members
Public Attributes inherited from eoIWatcher
uint8_t	type
	Type of the eoIWatcher, this is used for the serialization.

Detailed Description

an example implementation of an Security Watcher Class which tries to predict DOS and Delay Attacks.

This class allows to add Devices to watch for Security problems. The following scenarios are supported:

Denial of Service, to many telegrams are sent in a certain time period
Delay attack, for a periodically sending device the telegrams are arriving to late.
We got to many telegrams with a wrong cmac
The difference of the Last Rolling Code counter and the current Rolling Code counter is to high (User definied, the security api already allows a maximal difference of 64! )

This class implements a security Watcher for the scenario AN513: Robust EnOcean networks

Examples:: WatcherMain.cpp.

Constructor & Destructor Documentation

◆ eoWatcher()

eoWatcher::eoWatcher	(	uint32_t	denialWarnCount,
		uint32_t	denialTickBetween
	)

Constructor of the eoWatcher Helper class.

Parameters

denialWarnCount	How many telegrams are allowed to arrive maximal with a the definied tickCount between before a DOS is created. If = 0 the function is deactivated.
denialTickBetween	If the tick count between 2 telegrams is smaller then this count, the denialCounter gets increased. If = 0 the function is deactivated.

Member Function Documentation

◆ AddDevice()

EO_SEC_WATCH_RESULT eoWatcher::AddDevice	(	uint32_t const	DeviceID,
		uint32_t const	maxPerdiodTime,
		uint32_t const	minPeriodTime,
		uint32_t const	maxRLCDiff,
		uint32_t const	maxWrongCmac,
		bool	resetPeriod
	)

Adds a Device to watch.

Adds an unique device to the watcher. For periodic device a min and max Period Time should be defined. For all secure device the maximal amount of telegrams with wrong CMAC can be definied. The user can also define the maximal difference between the last and current RLC

If the device is not secure it will be added but no security features will be probably supported. If the device already exist nothing happens. If the device does not exist in the Device manager it will not be added.

Parameters

DeviceID	the id of the device to watch
maxPerdiodTime	max Time(in ms) between 2 telegrams,=0 no max time
minPeriodTime	min Time(in ms) between 2 telegrams;=0 no min time
maxRLCDiff	max rlc difference allowed (64 is the enocen link one!)
maxWrongCmac	maximal number of telegrams with wrong cmac
resetPeriod	If true, after a Telegram has been received the period will be reset. If false the period is always extended for a valid Telegram.

Returns: WATCH_NOT_SECURE_DEVICE or WATCH_OK or WATCH_DEVICE_ALREADY_EXIST or WATCH_DEVICE_NA

Examples:: WatcherMain.cpp.

◆ CheckDeadDevices()

bool eoWatcher::CheckDeadDevices ( std::vector< uint32_t > & deadDevicesVector )

Check for dead Devices.

This functions goes through the added Device List which are configured to send periodically messages. If a device did not send a telegram for longer then maxPeriodTime the devices gets added into the deadDeviceVector-

Parameters

deadDevicesVector A vector containing the dead devices. The vector gets cleared before adding devices!

Returns: a vector containing the ids of devices which stopped sending

Examples:: WatcherMain.cpp.

◆ CheckSecurity()

uint32_t eoWatcher::CheckSecurity	(	eoDevice const *const	device,
		eoTelegram const &	tel
	)

virtual

checks the Security of a Device after Receiving a telegram.

This function has to be called always after receiving a telegram!

Parameters

device	pointer to Device to Check
tel	last received telegram

Returns

Reimplemented from eoIWatcher.

◆ GetDenialTickBetween()

uint32_t eoWatcher::GetDenialTickBetween ( ) const

inline

Sets the time between two telegram when they are not assumed as DDOS attack telegrams

Returns: denialTickBetween

Here is the call graph for this function:

◆ GetDenialWarnCount()

uint32_t eoWatcher::GetDenialWarnCount ( ) const

inline

Gets the number of telegram which have to arrive faster then the denialtickbetween to generate a Assumed DOS Warning.

Returns: denial warn count

◆ RemoveDevice()

void eoWatcher::RemoveDevice ( uint32_t const DeviceID )

Remove a device.

Removes a device from the watch list. If the device does not exist nothing happens.

Parameters

DeviceID

◆ Reset()

EO_SEC_WATCH_RESULT eoWatcher::Reset ( uint32_t const DeviceID )

Reset security parameters.

Resets security check parameter (RLC count and CMAC wrong try count)

Parameters

DeviceID device id

Returns: WATCH_OK or WATCH_DEVICE_NA

◆ Serialize()

uint8_t eoWatcher::Serialize ( eoArchive & arch )

virtual

Serialization Function which will be called by the eoStorageManager This function will be called by the eoArchive(inside of the eoStorageManager) and allows the class to be Serialized.

Parameters

&arch Archive where to Load or to Store.

Reimplemented from eoIWatcher.

Here is the caller graph for this function:

◆ SetDenialTickBetween()

void eoWatcher::SetDenialTickBetween ( uint32_t const tickCount )

inline

Sets the time between two telegram when they are not assumed as DDOS attack telegrams

Parameters

tickCount

◆ SetDenialWarnCount()

void eoWatcher::SetDenialWarnCount ( uint32_t const warnCount )

inline

Sets the number of telegram which have to arrive faster then the denialtickbetween to generate a Assumed DOS Warning.

Parameters

warnCount

◆ UpdateDevice()

EO_SEC_WATCH_RESULT eoWatcher::UpdateDevice	(	uint32_t const	DeviceID,
		uint32_t const	maxPerdiodTime,
		uint32_t const	minPeriodTime,
		uint32_t const	maxRLCDiff,
		uint32_t const	maxWrongCmac,
		bool	resetPeriod
	)

Update device Information.

This functions updates the security Information of one Device. If the device does not exist, no new Device will be added.

Parameters

DeviceID	the id of the device to update
maxPerdiodTime	max Time(in ms) between 2 telegrams,=0 no max time
minPeriodTime	min Time(in ms) between 2 telegrams;=0 no min time
maxRLCDiff	max rlc difference allowed (64 is the enocen link one!)
maxWrongCmac	maximal number of telegrams with wrong cmac
resetPeriod	If true, after a Telegram has been received the period will be reset. If false the period is always extended for a valid Telegram.

Returns: WATCH_OK or WATCH_DEVICE_NA

Public Member Functions

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ eoWatcher()

Member Function Documentation

◆ AddDevice()

◆ CheckDeadDevices()

◆ CheckSecurity()

◆ GetDenialTickBetween()

◆ GetDenialWarnCount()

◆ RemoveDevice()

◆ Reset()

◆ Serialize()

◆ SetDenialTickBetween()

◆ SetDenialWarnCount()

◆ UpdateDevice()