ESP32 Security Deep Dive: Token Auth, Session ID & MAC Binding in Action | OceanRemote

Watch the ESP32 boot up and connect securely to OceanRemote. This video shows the actual security layers in action – directly from the Arduino IDE serial monitor.

## 🔐 What You're Seeing in Real Time

**1. Persistent Device ID (EEPROM)**
[EEPROM] Loaded Device ID: ESP32_FB3F18000000_06588BDE
Each device has a unique, persistent ID stored in EEPROM. Survives reboots and power loss.

**2. Secure Token Loading**
[EEPROM] Loaded token (length: 51)
[BOOT] Found saved token (length: 51)
The permanent token is stored with checksum validation. Corrupted tokens are rejected.

**3. Session Management**
[BOOT] Found saved session: b69f85fd
[UPDATE] Using session: b69f85fd
Short-lived session IDs (128-bit entropy). Auto-refreshed before expiry. No session reuse.

**4. Full URL Inspection (No Secrets Exposed)**
https://www.oceanremote.net/api/device/state/?session=b69f85fd&device_id=ESP32_FB3F18000000_06588BDE&s=0&t=224&h=66...
Notice: No token in URL. Only session ID and device ID. The permanent token is never exposed.

**5. Real Sensor Data**
[SENSOR] DHT22 - Temp: 22.4°C, Hum: 66.9%
Temperature (×10 = 224) and humidity sent securely.

**6. Offline-Ready**
Device stores last known relay state. Internet drops don't stop operation.

## 🔒 The 4 Security Layers Demonstrated

| Layer | What You See | Why It Matters |
|-------|--------------|----------------|
| 1. Account Auth | Not visible (login required first) | Your account protects all devices |
| 2. Token (2²⁵⁶) | Token length 51 chars | 1.15×10⁷⁷ possibilities |
| 3. Session (2¹²⁸) | Session ID: b69f85fd | Rotates automatically, never reused |
| 4. MAC Binding | Device ID from MAC | Token only works on this specific ESP32 |

## 📊 Security by the Numbers

- Token space: 2²⁵⁶ (more than atoms in universe)
- Session entropy: 2¹²⁸ (340 undecillion combinations)
- MAC binding: 2⁴⁸ (281 trillion unique hardware bindings)
- Combined breach probability: 1 in 2.3×10¹⁰⁵ (statistically impossible)

## 🛡️ What You DON'T See (Also Protected)

- HTTPS encryption (all traffic)
- HSTS preload
- Rate limiting (20/min anonymous)
- Auto-ban after 20 failures
- Honeypot traps for scanners
- Offline backup (last command stored)

## 🔧 Hardware Used

- ESP32 Development Board
- DHT22 Temperature/Humidity Sensor
- OceanRemote Platform

## 🚀 Try It Yourself

Very low coding required. Generate firmware in seconds.

👉 https://www.oceanremote.net

## 📚 Related Resources

- Security Deep Dive (Tutorial 31): /tutorials/tutorial-31.html
- ESP32 Setup Guide: /tutorials/tutorial-12.html
- DHT22 Sensor Guide: /tutorials/tutorial-16.html

#ESP32 #IoTSecurity #TokenAuth #SessionManagement #MACBinding #OceanRemote #ESP32Security #ArduinoIDE

Видео ESP32 Security Deep Dive: Token Auth, Session ID & MAC Binding in Action | OceanRemote канала OceanRemote