The existing system works using Galaxy RS485 peripherals like a "Max Reader". This works, but is there a better way.
Well, WiFi, maybe...
This is a tricky matter to consider. We know WiFi is not as "contained" as wires, meaning more vulnerable to attack and disruption, to say the least.
So, let's consider some pros and cons.
- Generally very reliable as wires usually are - that said, it has limitations - notably number of devices on the bus (both in terms of physical aspects of RS485, and polling time constraints).
- Hard to access if in the walls, inside the building, but things like Max Readers expose the bus externally (albeit at cost of tripping tamper).
- With any access (e.g. Max Reader) very easy to disrupt (albeit with tripping tamper).
- Very insecure - I have done a proof of concept with access to the bus that can inject messages to open doors, etc, without the slightest hint of a tamper alert from the Galaxy panel.
- Needs wiring back to the panel.
- Vulnerable to snooping if you get physical access to bus
- Hard to do redundancy
- Vulnerable to RF level attacks (albeit tripping tamper)
- Vulnerable to protocol level disruption (if you get in to WiFi) such as WiFi disconnects or IP flooding or TSP RST flooding.
- Secure if using TLS. Cannot be snooped or faked.
- No need to wire back to the panel
- Easy to add a lot of devices (subject to access points that allow lots of associations)
- Harder to do battery backup, but possible - need 12V access points - can be done.
- Possible to do multiple AP fallback and redundancy
So I am making my SolarSystem GitHub project handle WiFi connected devices as an option.
- ESP8266 code for modules
- PCB layouts for modules
- 3D printed cases for modules
- TLS MQTT over WiFi with certificate pinning and checking
- SolarSystem code allows mix and match of RS485 and WiFi connected modules
Not finished yet, but most of the device code in place. I even have a way to use a Galaxy keypad on WiFi!
The door control logic is a relay board with NFC reader, and I am working on proper AES secured cards. The 125kHz proxy cards are stupidly easy to copy!