Key-based security for home automation

Authenticating and securing IoT devices for the smart home requires complex algorithms to do the job without compromising the user’s data. We take a look at how to enable efficient security using symmetric and asymmetric encryption algorithms.

The concept of a Smart Home aims to pull together the rising number of smart devices to control anything from TV to lights in a cohesive manner. The majority of smart devices use radio communication in unlicensed bands, so that they are easy to deploy and are ready for further expansion.

Security and the smart home

An important element of establishing secure IoT communications is device identification and authentication using public key-based protocols. However, authenticating and securing IoT devices requires intensive cryptographic work that takes a lot of processing power.

While this work may be trivial to execute on a powerful machine, care must be taken when using compact devices such as temperature sensors. In these circumstances, using public key-based protocols for encryption demands too much power to be feasible.

Read more: Mesh networks in the smart home

How to secure a smart home

As the Internet communications infrastructure develops to include sensors, suitable mechanisms are needed to secure data communications. Security threats are becoming a major issue with respect to data transmission, so it is important to consider all security threats and attacks whether data modification, impersonation, and eavesdropping, when designing a solution.

In a smart home environment, devices are generally grouped into two categories: constrained – such as fire or motion sensors - and unconstrained – such as those that perform complex operations and send data to the cloud. Due to this heterogeneous nature of smart home devices, security must be approached with a different mindset.

Securely connecting devices

From a security perspective, connected solutions can be split into two: device-to-device and device-to-cloud.

Connecting two physical devices together wirelessly can be made safe by using out-of-band pairing solutions such as PIN codes or displaying information on a screen that must match on both devices.

There are other options aside from out-of-band. For example, Wi-Fi Protected Setup (WPS) tries to make connections between a router and wireless devices faster and easier, typically using a button. However, all these options run the risk of hijacking during the connection setup.

Most smart home systems work on a hub-and-spoke model where one central hub is connected to the Internet to access cloud services. In such cases, an out-of-band solution – for example PIN/QR codes or even NFC - should be considered to guarantee a high level of security.

Apple HomeKit uses out of band to set up the device-to-device connection. Not only does it improve the user experience during commissioning, it's also easier to create a nice interface for ongoing usage and monitoring.

Asymmetric and symmetric algorithms

The integration of security mechanisms within wireless sensor networks can provide efficient security using symmetric and asymmetric encryption algorithms.

With symmetrical security chips, both the chip and the microcontroller code know the secret key. It’s a technology that has been around for many years, but it’s one that must be well understood as there are inherent risks when adding more and more devices.. The problem with symmetrical encryption is the need to share the key between all units that should be able to communicate together. If the key is discovered then all units that use the key are compromised.

Asymmetrical security helps to solve this problem by introducing a pair of public-private keys. The public key can be exchanged freely with anyone who might need it, but the difference is that a secret private key is also required to decrypt a message.

While asymmetrical encryption algorithms may seem like the best choice, many implementations that require high security combine the two due to the high processing load. For example, SSL digital certificates that power the secure web use asymmetrical algorithms to exchange the secret key that enables symmetrical algorithms.

Read more: Multi-factor authentication for IoT

Intrusion in the cloud

Many IoT systems make use of the cloud for data analysis, storage, and management. Because of this, cloud providers are partially responsible for the security of applications and devices.

A cloud infrastructure operated by the service provider uses extensive virtualization techniques, which enables more flexible resource utilization and is able to serve much more users at that same time. Cloud infrastructure runs through standard Internet protocols, which may encourage potential attackers.

While part of the responsibility lies with the cloud provider, device manufacturers are responsible to the end user. This means you shouldn’t assume anything when it comes to the security of cloud services. Know what to look for, and make sure your cloud provider can be trusted.