More WireGuard

Gordon Haverland
 

There are a few HOWTOs kicking around on WireGuard, and since this
protocol is only 2 years old, they are all fairly recent. I ran across
a partial security analysis on WireGuard from MIT (one of the
professors involved is Rivest, but it is a student paper from this last
spring).

Many of the HOWTOs talk about "all traffic" from the clients being
encrypted. I don't think that is what I would like to see.

On a farm, there will be some links that are wired and some that are
wireless. Some of the data will be public and some will be private.
Some of the data should be transmitted with little delay, some could be
delayed significantly.

Even for a small farm, I think you want to have multiple weather sensor
locations. Weather data should be transmitted in cleartext, and at
some point should travel across a wireless link so that anyone in the
neighbourhood can see the weather packet. Data such as animal ID and
weight, or soil moisture at some location are private data and should
be encrypted.

Each site that can collect any kind of data, should have local
storage. Two kinds of storage should be set aside, data that needs to
be sent "soon" should go in one area, and it should be handled as a
FIFO. Data that isn't under significant time pressure, should go in
the other area. All data should get a serial number and a time stamp.
There should be a "random" string component of the data packet, so that
each packet of data can be made to be (about) the same size. Data that
doesn't need to be sent "soon", gets sent in some random order. It is
possible that some of the data needs to be sent soon, and some can wait.

We could have "intrusion detection" sensors. Perhaps we are looking
for where deer enter/leave our property, so nominally a game camera.
The soon data is the ID of the sensor (which locates the intusion) and
the timestamp. The picture of the intruder is not quite so urgent.
But, it may be that some of the intrusion sensors are associated with
driveways and gates, and those sensor locations do need to send some
kind of picture data quickly, so that the identification can be made
sooner.

--

Gord

Join elug@groups.io to automatically receive all group messages.