• DepthAI

  • OAK-1-POE Security Encryption

Hello,

Can you please advise if OAK-1-POE device / Depthai API uses encryption when a host is connecting to the device.

Is it possible to communicate with the device using TLS?

Is it possible to install TLS/SSL certificate on the device?

In the MQTT demo (https://github.com/luxonis/depthai-experiments/tree/master/gen2-poe-mqtt) is it possible that the device connect through TLS e.g. mqtt_client.tls_set(certificate) mqtt_client.tls_insecure_set(True)

Please advise on where I can find any existing documentation or demos regarding the above questions?

Thanks in advance

    Hi owl,
    Encryption is currently not possible on depthAI devices. Support could be added for rvc3/4.
    I think the tls_set() should be possible since it isn't a part of the device firmware. It should work the same as with any other MQTT script.

    Hope this helps,
    Jaka

    • owl replied to this.

        Thank you jakaskerl for your reply.

        Can you advise on how the certificate can be uploaded to the device file system in order to reference it in the MQTT script.

            Hi owl
            The Oak-1-poe has a uSD card slot, so you could probably upload the certificate there. Keep in mind the SD functionality is not mainlined and might be buggy/not work ATM. You have to use the sdcard-support branch which we don't provide support for.
            With a little luck, I think you should be able to use the cert for MQTT.

            Hope this helps,
            Jaka

              5 days later

              Hi Jaka,

              Thank you for your reply and for suggesting the SD branch, I have tried it but no luck as you mentioned, the branch is behind the main branch. However, I noticed that the only difference included in the sdcard_support branch is the example file (script_jpeg_to_sdcard.py). Can you confirm if that is the case? Meaning that there is no other specific python/pip packages or other library that the branch uses to mount the sdcard?

              Do you know if SD Card functionality and support on OAK-1-POE will be added in the near future?

              Thanks in advance,

              Omar

              • erik replied to this.

                owl example file and firmware, which is the main part. Regarding the mainlining sd-card support - it depends on the opportunity. If you (or anyone else) could commit to purchasing eg. hundreds of OAK cameras, or would be willing to pay the NRE cost, we would be able to get it merged in the near future. If that is of interest, please send an email to support@luxonis.com, and we can discuss further. Thoughts?
                Thanks, Erik

                  a month later

                  Hi @erik

                  Thank you for your reply. The plan is to scale eventually and buy more devices.

                  Since encryption is currently not possible on depthAI devices, I was looking at OAK-D CM4 PoE. Do you think, it can utilized it to accomplish the requirement mentioned above in my original post where we have it as a host (with any required ssl certification installed on it)? Does this device has its own sd card slot that can be used by end user or its dedicated for the system?

                  Just to confirm we should have full control on libraries that can be installed on the CM4 OS system? is there any limitation we need to consider?

                  Since this device (OAK-D CM4 PoE) is not exactly similar to other OAK PoE devices, can you highlight how the device network discovery works on this device. Can the device be discoverable on if it is on a different LAN?

                  Thank you in advance for your support.

                  • erik replied to this.

                    Hi owl ,
                    Yes, you have full ssh access to the RPi, so from security perspective it would be the same as connecting a RPi to the network - it's fairly secure if you have decent ssh password (or use certs), and don't enable some other stuff (like vnc).