Env Open

SHDC Protocol

Smart Home Device Communications Protocol

Version 1.0 Stable Released: July 2025
Download Spec Implementation

A secure communication system for low-power sensors and security hubs. SHDC supports encrypted unicast messages, broadcasts, and key management in closed, trusted networks with maximum compatibility for embedded devices.

Transport Layer

  • Protocol: UDP (primary), TCP (fallback)
  • Port: 56700 (official SHDC port)
  • Packet Size: Max 512 bytes
  • Network: IPv4/IPv6 supported

Security

  • Encryption: AES-256-GCM
  • Signatures: Ed25519
  • Key Management: Automated rotation
  • Authentication: Identity-based

Device Roles

  • Sensor: Embedded nodes sending data
  • Hub: Control node handling routing
  • Discovery: Automatic network discovery
  • Topology: Star network architecture

Key Features

🔒

End-to-End Security

All communications are encrypted with AES-256-GCM and signed with Ed25519 for authenticity and integrity.

Low Power Optimized

Designed for battery-powered sensors with minimal packet overhead and efficient protocol design.

🔍

Auto Discovery

Sensors automatically discover hubs on the network using secure broadcast discovery protocol.

🔄

Key Rotation

Automatic key rotation for session and broadcast keys ensures long-term security.

📡

Broadcast Support

Efficient encrypted broadcast commands from hub to all sensors in the network.

🛡️

Replay Protection

Timestamp-based replay protection with nonce validation prevents message replay attacks.

Protocol Architecture

Packet Structure

Header 12 bytes
Encrypted Payload Variable
Ed25519 Signature 64 bytes

Message Types

0x00 HUB_DISCOVERY_REQ
0x01 EVENT_REPORT
0x02 JOIN_REQUEST
0x03 JOIN_RESPONSE
0x04 BROADCAST_COMMAND
0x05 KEY_ROTATION
0x06 HUB_DISCOVERY_RESP

Implementation Example

Motion Detection Event

// Motion sensor reporting to hub
Header:
├─ Type: 0x01 (EVENT_REPORT)
├─ Sensor ID: 0xAABBCCDD
├─ Timestamp: 1721476800
└─ Nonce: 0xC7F1A2

Encrypted Payload (AES-256-GCM):
├─ Event Type: 0x01 (Motion Detected)
├─ Data Length: 0x04
├─ Sensor Data: Temperature (22.5°C)
└─ Battery Level: 85%

Signature: Ed25519(Header + Encrypted Payload)
Total Size: ~96 bytes

Hub Discovery Process

// Sensor broadcasts discovery request
Destination: 255.255.255.255:56700 (UDP Broadcast)

Header:
├─ Type: 0x00 (HUB_DISCOVERY_REQ)
├─ Sensor ID: 0x00000000 (unassigned)
├─ Timestamp: 1721476800
└─ Nonce: 0x1A2B3C

Payload:
├─ Public Key: [32 bytes Ed25519 public key]
└─ Device Info: "MotionSensor-v1.2"

// Hub responds with discovery response
Response: Unicast to sensor IP:port
├─ Hub Identity: 0x12345678
├─ Network Key ID: 0xABCD
└─ Configuration: Join instructions

Device Join Handshake

// Step 1: Sensor sends join request
JOIN_REQUEST (0x02):
├─ Device Capabilities
├─ Requested Sensor ID
└─ Authentication Challenge

// Step 2: Hub validates and responds
JOIN_RESPONSE (0x03):
├─ Assigned Sensor ID: 0xAABBCCDD
├─ Session Key: [32 bytes AES key]
├─ Broadcast Key: [32 bytes for group messages]
├─ Key Rotation Schedule
└─ Network Configuration

// Device is now authenticated and ready

Security Considerations

Cryptographic Algorithms

  • AES-256-GCM: Authenticated encryption for payloads
  • Ed25519: Digital signatures for message authenticity
  • X25519: Key agreement for session establishment
  • HKDF: Key derivation for session keys

Key Management

  • Device Keys: Ed25519 keypair per device
  • Session Keys: Rotated every 24 hours
  • Broadcast Keys: Rotated every 15 minutes
  • Key Storage: Secure flash or TPM recommended

Attack Mitigation

  • Replay Attacks: Timestamp + nonce validation
  • MITM Attacks: Ed25519 signature verification
  • Eavesdropping: End-to-end AES-256-GCM encryption
  • Key Compromise: Regular key rotation

Resources & Downloads

📄 Specification Document

Complete protocol specification with detailed message formats and security considerations.

Download Markdown