Security of smart devices

There are two main considerations when designing a smart device: interoperability and security

 

WHAT IS THE INTEROPERABILITY OF SMART DEVICES?

Interoperability is the ability of a product or system to work with other existing or future products or systems without restriction of access or implementation. A distinction must be made between ‘interoperability’ and ‘compatibility’. In short, compatibility is a vertical notion that allows a tool to work in a given environment; whereas interoperability is a transversal notion that allows objects developed by different manufacturers to communicate with each other. Generally speaking, interoperability concerns products from different manufacturers that use the same protocol (Z-wave, Enocean, Zigbee, etc.). The standards applicable to the protocol in question must be published so that each manufacturer can develop its own product. Certification tests verify that the protocol defined in the standard has been correctly followed so that the device can function in an ecosystem with other devices using the same protocol.

There are many ways to combine ecosystems that do not use the same radio protocol (e.g., Thread and Zigbee), but interoperability is neither inherent nor total, and requires an interface between the two ecosystems. This is the case for the NODON Micro Smart Plug which can be controlled by a NODON Soft Remote (same manufacturer) or by a JEEDOM or EEDOMUS home automation system (different manufacturer).

 

With radio, we distinguish between three types of connection:

 

• ‘Same family’ proprietary radio (see Somfy): the components only talk to each other, which is a security advantage because they have their own communication systems and are therefore less vulnerable.
• ‘Transport layer’ standard protocol: a connection is established between two devices, but the protocol used does not define the nature of the information exchanged (e.g., Thread, Bluetooth, TCP). It is necessary to add a protocol on top (proprietary or not), in this case, to render the data exchanged intelligible (e.g., a smartphone application that makes it possible to use the data exchanged with the device).
• Standard end-to-end interoperable protocol or ‘living protocols with standardized application layer’: the connection and data are standardized. This requires certification to guarantee the use of profiles corresponding to the standard. The disadvantage lies in the fact that one has to limit oneself to what has been defined (by the standard).

 

HOW CAN WE ENSURE INTEROPERABILITY?

There are a number of constraints, such as pre-market certification. In the case of Z-wave, Enocean or Zigbee, everything is checked, both hardware and software, with particular care being taken to ensure that the data is correctly formatted. Lastly, the IFTTT consists of installing an additional interface to make inherently incompatible protocols compatible!

 

MULTIPLE LEVELS OF CERTIFICATION:

Certification: this involves checking that the device conforms to the standard from which the chosen protocol is derived. We check in particular:

 

• Hardware: the performance of the radio component (modulation, power, sensitivity, etc.).
• Firmware: the correct software implementation of the protocol defined by the standard. In some cases, the certification process can be simplified. For example, when the final integrator uses a module that has already undergone an initial certification. In this case, certification will entail verifying only certain critical hardware points (respect of the Reference Design in terms of routing, correct implementation of the radio antenna, etc.) and/or the correct use of the firmware supplied with the module. The market launch is then faster, simpler, and less expensive.

 

THE CHALLENGE OF SECURING SMART DEVICES

The complement to interoperability is security because standardizing communication gives open access to communication processes. The security of the smart device therefore lies in its implementation, or in ensuring that the data sent is not understood by others. It is often necessary to enlist the help of your supplier to secure the data on the platform. Three aspects must be considered: data protection, the identity of the originator and finally the validity of the information.

 

1. The pairing phase: pairing is the first validated connection between two devices that will then allow these two devices to talk together in an exclusive way. Let’s take the example of a door-opening sensor and a smartphone. The phone scans a QR code on the sensor that contains the sensor’s unique identifier. The objects must therefore be close to each other so that they can start communicating with one another. Once this pairing phase is complete, the sensor will only communicate with the smartphone with which it has been paired. Barring unauthorized entry into the person’s home, it is reasonable to conclude that pairing is an effective initial security measure.
2. Authentication and encryption: before establishing a connection, some protocols allow you to authenticate your interlocutor. This involves exchanging a certificate and verifying the conformity of this certificate. If the certificate is verified as valid, then the connection can be established. The second step is encryption based on known algorithms of two types: symmetric and asymmetric. Symmetric: has the same unique encryption key in both devices. Asymmetric: one public key (encryption) and one private key (decryption), also stored in the devices as needed.
3. Verifying the integrity of the message: am I receiving the data correctly? We use a hash function or checksum, which is a mathematical function that calculates a short fingerprint of a large file. By comparing the checksum, we check the integrity of the message.

 

HOW DOES IT WORK IN PRACTICE?

 

• At the software level: a software library embedded in the device’s processor will implement the different levels of security required. The security key is located in the device’s memory and it is possible to extract it if one has the tools and sufficient knowledge, although for the average person this is unlikely.
• Using a dedicated component: this solution essentially uses the same principles and algorithms as in the previous solution, but this time the security (authentication and/or encryption) is no longer embedded in the device’s processor but in a dedicated component. The latter being highly sophisticated, it is much harder to access it and extract the security key.
• The special case of LiFi: security is partly ensured by the system’s reach. On the web everyone is connected, making it easy to intercept messages, and the same goes for radio, where you just have to be in the general vicinity. Whereas with Lifi, a physical layer is provided by light waves and the communication area is strictly defined, so you have to be nearby to benefit from it.

To conclude, security is a major challenge now, and will be even more so in the future, given the number of security breaches discovered recently, including among very large manufacturers. However, security is only as good as the way in which it is implemented. It is therefore vital to be well advised right from the design phase of a project. Hence the importance of working with an industrial group like Altyor, which has a wealth of experience in this field! Understanding the many constraints is a prerequisite to making the right choices from the outset, thus guaranteeing the necessary level of security without adding to the development or product costs.