S2 Encryption

Lonestar10 · October 24, 2019, 3:31pm

Is there a timeline for when Vera will have a controller that can handle S2 Encryption? I’m seeing more Zwave devices that run on S2. If there were such a controller in the future, would it be backward compatible with non-S2 devices?

rafale77 · October 24, 2019, 5:03pm

Not sure about the timeline. My understanding was that it would be in the firmware on the new linux platform. As far as backward compatibility, they are all actually fairly transparent.
An S2 device will support S0 inclusions. An S2 compatible controller will continue to support S0 devices.
The difference between the two types of security is mostly on the ownership of the key. For S0 the key is in the host and is relatively simple. This means that the host controller needs to be involved in the inclusion process to exchange the security key. For S2, the key is in the zwave chip and is a little more complex and secure.

kigmatzomat · October 25, 2019, 3:44am

I also thought s0 used a single key for all s0 devices, but s2 devi e each get a unique key. Which means if your s0 key is compromised, all s0 communications are visible and man in the middle attacks become possible for all s0 devices, while only the one s2 device whose key was stolen would be vulnerable to sniffing and mitm attacks.

andryist · October 25, 2019, 8:34am

Hello.
Yes. Atom and New Linux firmware will support S2 devices. Also, the user will be able to add S0 and non-secure devices.
If a device supports S2 command class, it usually supports S0 and non-secure connection.
In this case, the user will be able to select the preferred mode during pairing.
But some highly secure devices (usually door locks) support S2 only. If the user connects it in S0 or in non-secure mode: the device will not provide information about the supported command classes, and the controller would not be able to control this device.

Domoworking · December 30, 2019, 8:26am

@andryist this thread is a bit old. Is there any news?
I have a VeraPlus with Firmware 1.7.4453 and I have some devices included in secure way (I can see some ‘S’ under NodeInfo) but as far as I have understood there is no way to force secure inclusion.

andryist · January 24, 2020, 2:33pm

Hello @Domoworking,
new Linux firmware 1.0.13 for VeraEdge supports S2 devices. It’s on Alfa testing now.
And latest Atom firmware supports S2.

Native Vera firmware doesn’t support S2 command class and I cannot answer when it would be.

Sorry for late answer.

Nobby1704 · September 30, 2020, 11:45am

How did you do this integration?

Lonestar10 · September 30, 2020, 2:35pm

As I understand, S2 is not available in any Vera product sold today. However, new controllers by Ezlo are just around the corner that supposedly will incorporate S2 security. Stay tuned.

quarky42 · May 21, 2022, 7:36pm

So a year and a half later… Does VeraSecure support S2 or not? I thought I had read that it was just a firmware upgrade.

VeraSecure is supposed to support ZWave Plus, but I gather the S2 is something newer than that? It’s hard to find info on this one way or the other.