Smart Home Network Security

As the use of smart systems in the home has become more widespread, their security weaknesses have been exposed.

Limited Consideration has been given to security

The main reason for this is that much of the earlier work on smart systems for the home was devoted to the technicalities of the protocols, especially ZigBee and Z-Wave, and to the design of different types of device.  Limited consideration was given to security, reliability, availability, or even to ease of installation and fault diagnosis, in these earlier systems.  

The much greater capability of the latest generation of controller / hub processors enables significant improvements to be made in these areas.

Centralise the control

One of the changes that has been made is to move away from local binding / association of the ZigBee / Z-Wave devices, such as between a door sensor or motion sensor and a light bulb or smart plug.  Instead, each device now binds / associates with the controller / hub.  The main benefit of the ZigBee and Z-Wave meshes, which is their ability to be extended by relaying frames, is retained.

This gives the controller / hub full control over all of the communications between the other devices, and over the security, availability, fault diagnosis, etc. of the entire system.  This approach is consistent with that found in any conventional control system with centralised processing.

Centralising the control of the system security within the controller / hub enables a single Trust Centre to be used for the security of the entire system, including:

  • Configuring and authenticating relays / routers and end devices that join the network.
  • Generating network keys to be used for encrypted communication across the network.
  • Limiting the lifetime of network keys.
  • Establishing a unique Trust Centre link key for each device when they join the network.
  • Employs unique sets of AES-128 encryption keys.
  • Maintaining the overall security of the network.
These apply to all ZigBee and Z-Wave devices.

Fully secured

Apart from when the user joins a device to the network, which is directly under the manual control of the user, any other data exchanged between the controller / hub and the other devices is fully secured.

There are two other connections with the controller / hub:

  • A WiFi connection with a local mobile device.
  • A WiFi connection or a LAN connection with the internet. 
These connections both employ HTTPS, which is the secure version of the Hypertext Transfer Protocol (HTTP), as being advocated by Google and others for all browser / website connections.

The WiFi connection to a local mobile device enables the hub to run an App, through which they can manage and control the network operation.

The internet connection enables the user to manage and control the network operation remotely, using the same mobile App as that used for local control.  The internet connection also allows data to be exchanged between the controller / hub and other remote systems, such as Amazon's Alexa.

The controller / hub includes additional programs to validate any data being received from the internet, before it is used within the system.