Rida Khatoun - Cybersecurity in Smart Homes: Architectures, Solutions and Technologies

SCIENCES

Networks and Communications, Field Director Guy Pujolle

Network Security, Subject Head Rida Khatoun

Coordinated by

Rida Khatoun

First published 2022 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

ISTE Ltd
27-37 St Georges Road
London SW19 4EU
UK

www.iste.co.uk

John Wiley Sons, Inc
111 River Street
Hoboken, NJ 07030
USA

www.wiley.com

ISTE Ltd 2022

The rights of Rida Khatoun to be identified as the author of this work have been asserted by him in accordance with the Copyright, Designs and Patents Act 1988.

Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s), contributor(s) or editor(s) and do not necessarily reflect the views of ISTE Group.

Library of Congress Control Number: 2022931518

British Library Cataloguing-in-Publication Data

A CIP record for this book is available from the British Library

ISBN 978-1-78945-086-6

ERC code:

PE6 Computer Science and Informatics

PE6_2 Computer systems, parallel/distributed systems, sensor networks, embedded systems, cyber-physical systems

PE7 Systems and Communication Engineering

PE7_8 Networks (communication networks, sensor networks, networks of robots, etc.)

Corinna SCHMITT

Research Institute CODE, Universitt der Bundeswehr Mnchen, Neubiberg, Germany

MNM-Team, Ludwig Maximilians Universitt Mnchen, Munich, Germany

Today, many different devices are connected and form small networks that are an integral part of the Internet of Things (IoT) (Rose et al. 2015; ITU 2016). Such networks are typically designed for individual solutions to serve a particular purpose. In the private sector, the most common application of such networks are seen in smart home scenarios. Constrained devices (Bormann et al. 2020) are used to monitor environmental data in order to trigger actions depending on analysis results. Well-known examples are closing/opening windows and shades or activating/deactivating lights and fans. In literature such scenarios are counted to the IoT subarea of cyber-physical systems (CPS) and due to a close impact to the residents of homes a secure environments is essential.

SecureWSNs (Schmitt 2020) are a powerful framework supporting different hardware and operating systems in the data collection process. Furthermore, they provide many services to residents in order for them to monitor environmental data (e.g. temperature, brightness, and humidity) within their home. To control network access, a fine-grained access management solution is integrated alongside resource-specific security protocols for required communication of components. Until now the system only supports monitoring of environmental data and lacks integration and controlling of actors establishing a comfortable zone to live at home fulfilling the concept of a CPS (Pahl 2014). As involved components usually work wirelessly, it is necessary to have full control of the network itself. Therefore, a secure solution to integrate actors (e.g. fans or lights) communicating over different standards (e.g. Bluetooth or ZigBee (Schmitt 2019)) into the deployed network is necessary. Furthermore, only authorized users should have the opportunity to configure the devices accordingly.

This chapter summarizes the current situation, concerns and requests of smart home users, which are categorized and discussed to establish the design requirements for a SecureWSN establishing a prototyped CPS. Consequently, a SecureWSN is presented in detail with special focus on: (a) secure integration of two actors using different communication standards; and (b) handling the configuration of them while respecting privacy concerns (Porambage et al. 2016) of residents. In order to allow only network owners to integrate actors into the system, and configure them, a credentials check is performed on the gateway component CoMaDa. If this check is passed successfully, the network owner is able to integrate the actors into the CPS. Furthermore, configuration details can be specified. Here, thresholds can be set when an actor (e.g. fan or lamp) should be activated or deactivated. Such thresholds can be modified during runtime in order to react to requirements (i.e. still too warm) immediately and flexible. In order to check if the actor works appropriately, two graphical user interfaces are available. The evaluation provided in this chapter is a proof of operation. Overall, it has to be kept in mind that home automation solutions might introduce risks and threats to an existing system, but this is overcome here by: (i) integration of several security checks for verification of ownership; and (ii) providing the user with a detailed and step-wise introduction for setting the system up. Besides these, the home owner receives (iii) physical security for the home by putting lights on when not at home or automatically cooling down the interior if it is too hot or vice versa, as well as monitoring the total smart environment.

Smart homes have been gaining increasing attention and have become more widespread by promising to deliver more cost-effective, energy efficient heating, enhanced security solutions, or autonomic adoption to personal preferences. Another driver is the ability to control the lights, media center and many other appliances without a switch but a smart voice assistant instead. Devices that enable these features are becoming more and more affordable, new product categories are yet to be developed and whole new product ranges to be explored. One such example is the Ring Always Home Cam, an indoor drone, released by Amazon in September 2020 (Bnte 2020). This device monitors home security by patrolling the property room by room, notifying absent residents about potential security threats.

Home automation (HA) can be seen as being part of a smart home, allowing it to perform actions autonomously to fulfill specified goals such as keeping the temperature at a certain level, closing the windows when it rains, or dropping the shades when the sun shines. However, most of the commercially available product solutions leverage several drawbacks such as the requirement to use the vendor-provided cloud for controlling and automating devices or the incompatibility of different manufacturer appliances or protocols. The enforced cloud-connection, in particular, may deter those who are privacy conscious given the nature of the data collected and how it is used by the vendors is not known (Bernheim Brush et al. 2011; Dague 2017).

In order to enable monitoring and collection of environmental data, multiple sensors (also known as nodes) are combined to form a wireless sensor network (WSN). These WSNs are mostly built of constrained devices, meaning those with limited processing, storage and power resources. A SecureWSN (Schmitt 2020) is a framework consisting of three components: (1) The WSN component, which collects environmental data; (2) the CoMaDa, which provides the backend infrastructure of the framework and a web-based framework for mobile access. It makes it possible to create and maintain a WSN in a secure manner, enabling data gathering of multiple nodes within a network, featuring secure data transmission and additionally providing rich functionality for aggregating, monitoring, and visualizing the sensors data. WebMaDa follows the idea of a cloud-based approach but, due to its configuration in the WSN network, the owner has complete control of their network and settings without any involvement from the WebMaDa administrator, including the right to be forgotten if requested. Thus, WebMaDa is more secure than a classic cloud service provider. Additionally, if a user does not want to use or integrate a cloud connection, and does not rely on the remote service offered by WebMaDa, the system is also fully functional without the WebMaDa integration. Different node hardware running various supported operating systems (OSs) can be used to feed the system with environmental data, including temperature, humidity, noise or brightness measurements (Schmitt