That sounds pretty neat. Something you may want to add is a whitelist of allowed devices to the AP. That way, they’d also have to spoof your MAC (not impossible, but makes it harder). Other than that, it sounds like you are definitely doing the right thing in your defense in depth approach. 

On Mon, Dec 18, 2023 at 10:25 PM Mark Phillips via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
I am working on a project and need some security advice. 

The project is a wireless model rocket launcher. It consists of a Raspberry Pi 2 W (Debian Buster) connected to a daughter board with circuitry to control the current to ignite the igniter, a TP-Link Wifi AP, and a cell phone. There is a web site (apache and flask) running on the Pi that allows the user to control the circuits on the daughter board to launch the rocket. 

The typical location for launching the rockets is in a large field far from any buildings or trees. Typically, there is no Internet connectivity even on cell phones, but there are quite a few people attending the launch. There are also times when this launcher will be used in a more urban environment (like a high school), and I want to make the system "unattractive" to the high school students who think it would be cool to hack the launcher during a launch. 

I want to set up some sort of secure connection between the cell phone and the web site running on the Pi. My main concern is an attacker connecting to the web site and igniting the rocket while the user is connecting the wires to the igniter. Model rocket motors generate an exhaust gas with a temperature of ~3,000 F. Also, the igniter needs 2-4 A dc for 300 - 500 msec to ignite the rocket motor.

I thought about SSL, but I would have to use a self signed certificate (assuming no Internet), and I have read that it is not that secure. I am using a long password to access the AP, a password protected login to the web site, and another password as a launch key to enable the igniter circuit and launch the rocket. 

I am not a network security guru, so I am not really sure what my options are. Do you have any other suggestions on how I can make this system more secure? 

Thanks!

Mark
---------------------------------------------------
PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss