Smart Home Security

Abstract

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Smart home technology (SHT) uses the Internet of
Things (IOT)JP1  to
provide a comfortable, secure and energy efficient place to live.  The technology is driven by the need to save
energy and is supported by governments offering incentives.  The uptake of smart home technology has not progressed
as well as expected by government bodies trying to meet their energy reduction
targets. Three smart devices were examined to explore security and efficacy
issues.

 

Introduction.

IOT has enabled the progress of the smart home (Lin 2012).  Heating, lighting and security can be
controlled remotely using a network of wireless communication which directs
sensors, monitors, devices and appliances.  They can be operated remotely either by
smartphone, computer or laptop using the internet (Gram-Hanssen & Darby
2017).  This allows the user to access
their home from anywhere at any time. The Smart Home is vulnerable to malicious
attack whilst online (Jose et al 2016).  The
Wireless Sensor Network (WSN) is an important part of smart home technology
(Pirbhulal et al 2017), but can pose a serious security threat (Padmavathi
& Shanmugapriya 2009).  Governments,
keen to meet their energy reduction commitments, are introducing smart home
policies to incentivise householders to embrace the technology.  Although SHT costs less than it did, Kenny
(2017) believes this is at the expense of ensuring security.   SHT
uptake is not as popular as government bodies would like because people are
concerned about their privacy and security being breached (Wilson et al 2017). This
work explores the security and efficacy of smart devices for heating, lighting
and security in order to understand why uptake is not as expected.

Review and
Analysis

To enable the user to interact with a smart home system, web
interfaces or mobile applications are required. 
Schwarz (2016) reports that web interfaces are the biggest security
threat to IOT, with insecure mobile interfaces coming in seventh place. Insufficient
authentication/authorisation came in second. These threats allow Cross Site Scripting
and Cross Site Forgery to emerge.  Whilst
these threats are not limited to IOT, they can have a massive impact on the
life of a smart home owner.  Therefore,
it is important to carry out regular security audits so existing threats can be
identified (Schwarz 2016). 

PROTOCOLS

Wi-Fi JP2 
is essential to a smart home, it allows access to the IOT (Schwarz 2016).   Wi-Fi
security has 3 main protocols, WEP, WPA and WPA2.  There are flaws in WEP which make it vulnerable
to security breaches.  Particularly, the
encrypted packet with the IV sent in plain text.  Although WPA and WPA2 security is stronger
than WEP it can still be breached (Poddar & Choudhary 2014).   Whilst
Wi-Fi connects many devices in smart homes, it does present the risk of
security and privacy breaches.  It is
possible for an attacker to eavesdrop from the wireless transmission of the
sensors or maliciously take over devices. 
Smart camera footage has been stolen and streamed on the web (Bugeja et
al 2016).  To avoid stored data being
stolen, Cloud users should ensure that their supplier uses a sophisticated
method of client authentication than simple username and password such as multi
factor authentication (Rountree et al 2013).

Zigbee is the
most popular wireless personal area network (WPAN) protocol for smart homes
(Betters & Hall 2017).  It is capable
of monitoring sensors and allows ZigBee compatible applications and devices to
work with one another no matter who the manufacturer is.  Zigbee uses mesh networking so can send data
further and is more stable (Betters & Hall 2017).  Zigbee hubs can gather the energy usage of
each power outlet and send it to the home server which in turn is able to
display a reading for the day’s energy usage for each appliance, allowing the
consumer to make decisions regarding conserving energy (Patil & Rane 2014).
Zigbee operates on low power and bandwidth and has 4 protocol layers. It assumes
open trust.  The application and network
layers are defined by Zigbee standard. The Mac-layer and physical layer are
based on the 802.15.4 personal area network standard (Schwarz 2016).  Data encryption is via 128-bit AES algorithm symmetric
key (Fan 2017).     Shin
et al (2007) were concerned about the packet error rate (PER) of Zigbee when it
is in proximity to wireless local area networks and/or Bluetooth.  Their research showed that WLAN data packets
do collide with Zigbee data packets and both Bluetooth data packets and
Bluetooth ACK packets can collide with WLAN at the same time.  This can be avoided by ensuring the distances
between WLAN, Bluetooth and Zigbee are large enough for them to co-exist.  An approximation of distances required are given
in their study.

 

 Bluetooth provides wireless connection between devices.  It was updated in 2016. New features include
mesh networking, increased speed and extended range.  This update has made Bluetooth more suitable
for IOT use and may become more integral for smart homes of the future (Curry
2016).  Bluetooth low energy is a low
power wireless technology using single hop communication which can connect many
new devices to the IOT Collatau & Pau 2015.    Although Bluetooth is unable to meet the
range of wi-fi, it uses less power.  Security is via E0 stream cipher which is a
symmetric encryption scheme and shared secret with 16-bit cyclic redundancy
check (Behrendt 2017).  Behrendt (2017)
states  ”A challenge-response
authentication is performed using a key which consists of 128 bits. A challenge
packet is sent from a challenging device to the claimant device, which adds the
key to the packet and returns it. The challenger also adds the secret key locally
and compares the received packet to the local calculation. The identity of the claimant
is verified to the challenger if both participants utilised the same key”.

 

SMART DEVICES

Smart Thermostats could be a way forward for more efficient control
of energy consumed in homes (Bustamante et al 2017).  They use Wi-Fi and WSN to control the level of
heating and some can be operated remotely via smartphone, tablet etc (Egan 2017).  Some models can discover your proximity to
home using GPS from a smart phone and then either switch the heating system on
or off without the owner having to instruct it (Bustamante et al 2017).  All manufacturers claim to save energy and the
consumer money but in laboratory controlled conditions.  Using 4 unnamed brands of smart thermostats, Bustamante
et al (2017) found that they didn’t all perform efficiently. 

Smart Lighting can
be controlled autonomously through feedback from WSN, user data, user control
and Cloud services. It can reduce energy consumption and provide functional
lighting preferred by the user (Chew et al 2017).  Instructions via smartphone or other mobile
device can be given remotely and can be as simple to install as using smart
bulbs along with a smartphone app and a hub connected to the user’s router
(Black 2017).  Smart bulbs require a hub
which is connected to Wi-Fi to enable connection with a smartphone or similar
as they tend to use Zigbee or Z wave which are not compatible with computing
devices (Pullen 2015).   Tang et al (2017) raised concerns about
security and privacy issues when the smart system is connected to the IOT.
Smart lighting is controlled by Wi-Fi and as such are subject to Wi-Fi security
protocols.  Hackers have been able to
access smart homes, so occupants lose all privacy. Hackers have also cause
complete blackout of the home (Tang et al 2017).  Tang et al (2017) proposed a smart lighting
system using Smartphones as the user interface. 
The main controller is a Raspberry Pi which is the interface between the
lighting and the Smartphone.  Using
public key infrastructure as security between the smartphone and the main
controller, they claim it is more secure. They say that it harvests daylight
more efficiently than present commercial smart lighting systems.  The full architecture is shown below.

Architecture of
Smartphone lighting system proposed in the research conducted by Tang et al
(2017)

Source: Tang et al 2017

Security Cameras

In a smart home environment, security surveillance cameras
take advantage of technology developed primarily for energy conservation.  Smart home cameras involve the use of Wi-Fi and
footage is available remotely, so they offer the smart home owner the
opportunity to see what is happening in their home whilst they are away
(Jacobssen et al 2015).  Some use Cloud
storage so that recordings are saved automatically at another source and are
available whether the camera is broken or stolen so evidence of any crime is
still accessible (Martin 2017). 

WSN

The smart devices discussed above use WSN to operate.  These networks consist of small, wireless
sensor nodes which collect information from the sensors and transmit it to the
transit network. WSn’s lack of resources makes security provision difficult and
they are prone to attack due to their transmitting capabilities.  They are susceptible to many types of attacks.
The attacks are listed in detail by the following authors (Kaur & Goyl
2016).  WSN’s have two types of security
goals – Primary, consisting of the standard goals of Confidentiality,
Integrity, Authentication and Availability. 
The secondary security goals are in relation to the ad hoc way WSN’s can
work.  These goals consist of Data
Freshness, Self-Organisation, Time Synchronization and Secure Localisation (Padmavathi & Shanmugapriya 2009).  Security is needed at network and node
level.  Rani and Kumar (2017) discuss
various methods of securing both levels in their survey .  They concluded that whilst a high level of security
is necessary, it will impact on storage and energy resources which will need to
be improved. This was also a concern of Chan & Perrig (2003) who thought
that an improvement in network hardware, software or supporting technology was
required to make them more secure. 

Evaluation and
Recommendations

Wi-Fi

Whilst WPA and WPA2 security protocols can be breached, in
real life it is extremely difficult and not as common as expected.  AES Algorithm protocols are more resistant to
attack but costly to implement due to the use of Counter Mode Protocol as
encryption (Mekhaznia & Zidani 2015). 
Smart home devices requiring Wi-Fi to operate in the IOT such as smart
lighting, smart thermostats and smart surveillance cameras should be using WPA2.  It is mandatory that any device requiring Wi-Fi
should be compatible with WPA2.  There
are two types of encryption suitable for WPA2. 
The most recent is Advanced Encryption Standard (AES).  When using new smart devices, AES should be
used. The older and less secure encryption type is Temporal Key Integrity
Protocol (TKIP).  This is for older
devices and would not be considered for a smart home which supports newer
technology.   Whilst WPA2 with AES is the
safest method it is still vulnerable to brute force attacks.  However, this can be overcome by using strong
passwords (Hoffman 2017). Therefore, this would be the recommendation for Smart
home Wi-Fi requirements.   There is a
need to limit access to a smart home over the internet to a trusted number of
people and electronic devices. Jose et al (2016) suggest that a user and device
could be successfully identified by a multi-level authentication system using
fingerprint recognition and a username and password.  Upon successful verification a one-time
password is issued to allow authentication. They were concerned about the
reliability of fingerprint recognition and intend to carry out further research
in this area.

Simpson et al (2017) stated in their research that a
security manager located in the smart home’s gateway router which is aware of
all the home’s IOT devices and usage patterns could spot unexpected network
activity whilst intercepting communication to and from the devices.  They feel that more research would make this
suggestion a viable layer of added security for future smart homes.

Zigbee

It is possible to infiltrate Zigbee by way of a black hole
attack which involves malicious nodes sending false routing information. These
nodes can either drop packets or break the shortest path to destination
(Kulkarni et al 2015). A colluding attack involves multiple consecutive
malicious nodes that can be missed by the watchdog protocol. Kulkarni et al
(2015) propose a routing protocol that they say protects against malicious
nodes.  It does this by using end to end
authentication with a source node helped by a shared key. It also uses hop by
hop authentication unicasting from the destination node to the source
node.  The final step is whole route
authentication which floods the route request and authentication node by common
key.  This new technique offers a more
secure routing technique (Kulkarni et al). 
This proposed security protocol for Zigbee has not been taken up yet so
cannot be considered as a solution.  Zigbee continues to be widely used so threat
of security breaches in Smart Homes through Zigbee does not appear to outweigh
its advantages.

Smart Devices

The ability of smart thermostats and smart lighting to save
energy is not as good as it is reported to be. 
Bustamante et al (2017) discovered that smart thermostats have
difficulty in predicting temperature so switch on too early.  Whilst Tang et al (2017) reported that smart
lighting could not recognise daylight efficiently so wasted energy.  They also spoke of security breaches and
proposed a solution that they believe is more secure but needs more research
before it is viable. Security cameras primarily use Wi-FiJP3 
and are subject to Wi-Fi security protocols. 
They can be hacked and their information stolen and shared.  A smart monitoring system has been developed
by Jain et al (2017).  It uses blowfish
algorithm encryption on the stored video to make a more secure transfer to
storage over the network. Their future work will try to improve security
further by adding RC6 algorithm to blowfish. 
RC6 is fast and more difficult to attack (Jain et al 2017)

Whilst researchers continue searching for more reliable and
efficient methods of security, Wilson et al (2017) believe that it would be
useful for policymakers to issue guidelines on security and privacy to help
increase consumer awareness and confidence. Smart devices need to increase
their efficacy and become more secure to attract more cautious consumers. Governments
wishing to reach their energy reduction targets could help themselves by
offering funding for research.  It seems
from the research that WSN’s are extremely vulnerable to attack and in need of
development so that resources can be increased so they can be both effective
and secure.

 JP1Expand
the acronym when used for the first time in the text

 JP2Wi-Fi

 JP3Wi-Fi

Author