ZigBee attack vectors (ie. sniffing out exchange network keys)

Posting an interaction found on our Slack workspace that elaborates on the security methodology of Catentis.

August 30th, 2017

Chris [9:36 AM]
Hello Andre
Amazing venture. I am sure you have answered this question of security before. How do your protocols differ from ZigBee attack vectors (ie. sniffing out exchange network keys) in an open IOT.

Andre De Castro [9:42 AM]
We are a Webservice API and support MQTT and WebSockets. All communication between device to endpoint is done via synchronous cryptography (HMAC 256). This means the endpoint on the gateway receives a signed payload (message) and runs the same payload through the cryptographic key it holds. If the signature matches the signature it received then it accepts the payload. Note key never travels.

Sniffing is not possible as the attacker would only see encrypted information and the private key is required to decrypt.