The internet of things (IoT) promises to make our lives more efficient. Walk into a room and the lights go on, or even better, the room anticipates when you will be there based on past patterns and has the lights on already. Heat or cool the sections of a house or office you’re in, when you’re in them, while keeping other areas at more economic temperatures. Automated access to front doors, back doors and garages will allow you to unlock your front door for friends and relatives when you’re not there, simply through your mobile device. Smart appliances will let you know when you need to buy more food or could even order the food for you based on your eating habits, so you never run out of milk. Ovens that set themselves to the correct temperature and timer based upon what you are about to cook, simply by scanning it. This is the promise of the smart home, some of which is already becoming reality.
Of course, all these devices need to talk to each other and a smart home hub in order to do all these things. This communication opens the door for hackers to take control of your devices or gain access to your other networks through your IoT network. That’s why security has become a priority for many IoT providers.
Hackers have a whole toolbox of approaches they can use to access a smart home’s network. They can use spoofing, which uses a device pretending to be another device in the smart home’s network to gain access. Hackers can use tampering, which manipulates IoT devices to send incorrect data to the smart hub, resulting in undesired consequences like alarms constantly going off or needlessly toggling lights. Denial of service attacks can be achieved, in conjunction with spoofing or tampering, to lock up a smart hub and stop it from functioning. These tools and many others can make the smart home vulnerable.
The consortiums that design the smart home’s network protocols are aware of these potential issues and have taken steps to protect home networks. Earlier this year the Z-Wave Alliance added a security requirement to its interoperability certification that requires manufacturers to implement the new Security 2 (S2) framework. This move was years in the making and has set the standard for a secure internet of things (IoT). S2 is expected to provide high security for all Z-Wave devices and to ensure there are no vulnerabilities in a Z-Wave network.
S2 Z-Wave devices are on par with previous Z-Wave devices in terms of battery performance, latency and cost while improving security. Z-Wave devices in the S2 framework are uniquely authenticated to the network using QR codes (two-dimensional barcodes) or pin-codes. In addition, AES128 encryption is used for another level of communication security. Secure communication between devices is achieved through Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol which makes it impossible to decipher the network key. Cloud communication is secured through a Transport Layer Security (TLS) 1.1 tunnel. The result is a framework resistant to common hacking techniques such as man in the middle and brute force hacks.
Chip manufacturers are taking their own steps to secure IoT devices. Intel’s new technology, Intel Secure Device Onboard (SDO), enables owners to power on devices and the devices themselves will automatically set up initial connectivity, authenticate the device and register it with whatever IoT network platform is being used. This should avoid security issues through misconfiguration, shipping of default credentials or software-only security measures. The process of authenticating is done anonymously since Intel SDO is built upon Intel Enhanced Privacy ID (Intel EPID). Not only does Intel SDO improve security, it greatly reduces IoT set up time, making the onboarding of thousands of smart devices as simple as turning them on.
There is a lot of movement now towards industrial IoT. Factories with smart lighting, heating and machinery are more efficient and thus more cost effective. The result is the IoT is getting more secure and easier to install and use. There will undoubtedly be a lot more innovation in IoT security over the next decade as more and more factories, offices and homes get smart--and more than likely a few hacks that some will point to as the end of IoT. It seems likely though that in reality the IoT is here to stay, and what once seemed like science fiction will soon be the secure technology we can’t live without.