Wireless Protocol in the Smart Home
While the application of IoT in smart technologies becomes more and more proliferated, the pandemonium of its protocols becomes increasingly confusing. More seriously, severe security deficiencies of these protocols become evident, as timeto-market is a key factor, which satisfaction comes at the price of a less thorough security design and testing. This applies especially to the smart home domain, where the consumer driven market demands quick and cheap solutions. This paper presents an overview of IoT application domains and discusses the most important wireless IoT protocols for smart home, which are KNX-RF, EnOcean, Zigbee, Z-Wave and Thread. Finally, it describes the security features of said protocols and compares them with each other, giving advice on whose protocols are more suitable for a secure smart home.
I. INTRODUCTION
A. Motivation
Although wireless sensor connections offer several ways to increase our productivity in many fields such as smart home, smart production or smart transportation, it also introduces some risks to be aware of. The usage of a wireless physical communication, which allows attackers easier interception of communications, together with the Internet of Things (IoT) [1] [2] or Web of Things (WoT) [3] also leads to unprecedented opportunities for attackers to reveal confidential information and to manipulate data. It is crucial to find efficient and effective methods to counteract such attacks. Otherwise, all the benefits of the IoT will be forfeit.
In order to address these challenges, first, a deep security analysis of the existing technologies is needed to help discover the root causes as well as find analysis techniques that allow verifying the security of the system. Moreover, other aspects also have to be considered to reach a secure environment.
In some cases, there are no resources to implement the needed secure methods, for example, on sensor nodes with limited resources that operate in adverse environments in which very efficient methods have to be provided. On the other hand, security is not only a hardware method. For this reason, software attacks, for example attacks against memory consumption, have to be always in scope to avoid them.
An analysis about the security on the IoT would be huge and it can not be done just in one publication. Because of this fact, our research is focused on a security analysis of the main wireless protocols in the smart home domain. This publication has three main parts. The next section gives an overview of the different domains that can be found in the Internet of Things. Section III describes the way in which the sensors can be connected as well as a brief presentation of the selected wireless protocols. The subsequent Section IV provides a security analysis of each protocol and Section V, eventually, shows the conclusion and outlook of our research.
B. Related Work
Security and privacy are not simple tasks and include several different issues to carry out in an IoT domain, the article in [4] gives us an overview of the most common challenges in this field. On the other hand, Granjal et al. [5] present an exhaustive analysis of the security and privacy of each layer of the OSI model according to the existing protocols and their implication in the general IoT domain. Focusing on the smart home domain topic, an extended analysis of the security is detailed in [6]. It contains an in-depth report of the main aspects of this area, such as the most common threats and good practices as well as a brief protocol analysis and security implications of using of cloud platform on smart homes. One step beyond is given from [7], in which the authors not only describe the main security and privacy threads, but introduce an algorithm to secure each situation. Finally, they test them in a real-environment with successful results. Although, it seems that these issues only concern researchers, the conclusions of the research [8] present that one of the main problems customers find to implement smart home solutions is security followed by inflexibility, costs, and poor manageability, which indicates that it is also an important point for customers. Unfortunately, sometimes the theoretical research is not enough and a practical research is needed. For example, [9] introduces a study about the Google Nest1 and the Nike+ Fuelband2, in which both hardware and software are analyzed.
Another interesting approach is given in [10], in which the security and privacy are tested in different IoT demos, such as a small light system. It describes detailed analysis and depicts the possible risks for each scenario. Moreover, a new kind of devices to take into account are the low energy devices in which a security system has to be applied but is constrained by an extremely low power usage as the article [11] describes. [12] shows why a smart home scenario cannot be considered as an isolated system by proving it can be exploited by using an external mobile application.
Along with this related work, we have seen numerous security and privacy threads and also some possible solutions, but not an extended security comparison of the available protocols that can be used in the smart home domain, which is the main focus of this paper.
II. IOT APPLICATION DOMAINS
Figure 1 displays an overview of the (smart) IoT application domains considered in this paper, including the communication protocols used in each respective area.
Fig. 1. Venn diagram of IoT application domains and included protocols
A. Smart Home
The smart home market is getting more and more dynamic and, according a Smart Home Customer Survey of Deloitte [13], in 2018 one million households could already be smart in Germany. According to that study, the main interests in Smart Home are closely linked to more comfort and safety, followed by savings on heating and electricity costs. The main barriers for customers are on the one hand the costs and on the other the concerns regarding data protection and data security. One important recommendation for the market players is to address security and privacy adequately and make it transparent to the customer. Within this paper we give an overview of the most common wireless protocols used in the Smart Home domain and an analysis of the defined security measures.
B. Smart Production
Recent reports [14] [15], describe key issues for the next generation of smart production analytic services. Relevant applications are: digital performance management (including a data-driven mindset and integration across previously isolated functions); predictive maintenance (including integration of diverse data sets and using, e.g., advanced self-learning algorithms); yield, energy, and throughput optimization (including integration of process control with other data); next-level automation (including improvements in sensor technology and demand planning); and digital quality management (including the use of new sensing technologies and semi-automated quality control). In Smart Production, wireless sensor networks will play a key role for increasing the flexibility of a data driven production lifecycle. Furthermore, for such a connected environment, it is clear that we should deal with cyber security issues described in this paper.
C. Smart Transportation
Smart transportation is becoming one of the biggest domains of the IoT. The implementation of the Controller Area Network (CAN) [16], that is commonly used in the automation control together with new protocols and communication technologies such as the 5G [17] or IoT-Narrow Band (IoT-NB) [18], opens new possibilities to exchange information. These new technologies are able to give smart transportation the necessary packet delay and data transmission rate. Moreover, new hardware implementations, specifically designed to make the right decision as fast as possible, provide a new key tool for the future of the autonomous vehicles. In this future they will have to be able to not only communicate with other cars or services, but process all information of the environment in real time to make the right choice. In consequence, the protection of all sensible information, as well as communications, has to be a mandatory point to ensure the safety and privacy of users.
D. Smart Energy
In the energy domain, several standards are available for different areas ranging from generation, transmission, distribution and distributed energy resources to the customers, which may be also producers themselves, making them so-called prosumers. A good overview of these standards is available at the International Electrotechnical Commission Website3. Regarding communication networks, the whole range beginning from home area networks, located at the customer, over the field area networks at the distribution level and wide area networks at transmission level are represented. That means wireless standards like 2G/3G/4G, WiMAX, WLAN, WirelessHART, ISA100.11a, ZigBee, Z-Wave, 6LoWPAN, LoraWan, Sigfox, as well as wired standards such as Ethernet, profibus, profinet, modbus or PLC are used for connectivity. Frequently, smart energy gateways are used to consolidate communications, having their own security requirements [19].
