How to protect the smart home: Solution from the ITMO University team
The market for smart home systems is not developing as rapidly as it seemed a few years ago - in Russia, it is quite rare to meet completely automated homes. In addition to the complexity of implementation and high cost, such systems have another drawback - smart home can be quite easily hacked.
Today we will talk about the degree of protection of such systems and how you can make them safer with the help of developments created at ITMO University.
Amir Zmora / Flickr / CC
')
Often, developers do not pay enough attention to the safety of the products they create. For example, there is a case when an information security researcher was able to find a link to the interface for managing a smart home system directly in Google. The page was not password protected, so he was able to manage all the smart systems, and also learned the address of the house and the phone number of its owner.
Without problems, you can hack a smart home and being on the spot. As a rule, when creating such systems - especially for residential premises - an additional level of new devices is simply “added” to the existing infrastructure. New gadgets communicate with each other using protocols for wireless interaction. And often, system developers choose protocols that do not involve encryption, so anyone who connects to the premises network can intercept the data.
In general, the smart home system circuit consists of two main data streams in which control signals are transmitted:
/ Formal model of the "Smart Home" system. Illustration from the article “Authentication of automation devices in the“ smart home ”system of the authors of the project“ Safe smart home ”
The first stream is between the user and the control system — it transmits commands from the person to the computer. An interface is used for this: terminal, mobile device, web application, etc. The main data flow is the second, between the control system and automation devices.
Automation devices, control system and information flow between them are one of the most vulnerable elements in the “smart home”. Most often in modern systems, the communication between their elements goes through open channels without ensuring the confidentiality and integrity of data. As a result, attackers can listen to the information flows of the system without any particular problems, gain access to its specific elements and in some cases, seize complete control over the premises.
The participants of the project “Safe smart home” seek to answer this question - it is being developed by the team of the Department of Secure Information Technologies of the ITMO University. Experts are developing a software and hardware complex of a smart home, which will be deprived of the main disadvantages of current systems.
To secure the system, it is necessary first of all to increase the security of all the weak links described above. For example, choose a secure way to transfer data. The project team conducted an analysis of the communication protocols used in such systems - based on the results of this work, it turned out that from the point of view of basic characteristics, the best choice for such systems is Zig-Bee technology. This protocol allows you to maximize the confidentiality, integrity and availability of data.
In addition, the system must respond correctly to possible attacks. An attacker can not only intercept data, but also try to physically interfere with the operation of system devices, for example, disable them. In this case, other devices should notice an anomaly in the form of an inaccessible first gadget.
/ Scheme of the impact on the device system "Smart Home". Illustration from the article “Detection of anomalies in systems of automation of objects of protection” by the authors of the project “Safe smart home”
Any attack attempt affects the characteristics of the smart home system - it means they need to be analyzed. If two devices monitor network activity and perform interaction analysis, then an attacker cannot hide an attack like MITM or replay.
To solve this problem, the participants of the Safe Smart Home project have developed a hybrid neural network, combining two models of artificial neural networks: a self-organizing network with competition (Kohonen layer) and a multilayer perceptron.
After training, an artificial neural network is able, on the basis of incoming data, to make decisions on whether the current state of the network node belongs to the anomalous or usual one with an accuracy of 91.47%. More information about working on the neural network used in the project can be found here .
To implement authentication on the side of the final gadget, an Arduino Uno based solution with an enc28j60 Ethernet controller is used. This microcontroller supports a large number of external devices, so it can be a universal link for organizing interaction with various automation elements. More system architecture is described in this article .
The team of the Department of Secure Information Technologies at ITMO University has been developing the Safe Smart Home project since 2015. During this time, the architecture of the software and hardware module was developed, the necessary software was written, and secure data transfer protocols were selected. The final result can seriously reduce the applicability of the main attacks on smart home systems:
/ Results of testing the main types of network attacks before and after embedding a protection device. Illustration from the article “Authentication of automation devices in the“ smart home ”system of the authors of the project“ Safe smart home ”
The flexibility of the created secure smart network allows you to combine almost any device in it and safely transfer data. Therefore, in the future, its use is possible not only in residential buildings, but also in industrial ones.
Additional materials on the topic:
Today we will talk about the degree of protection of such systems and how you can make them safer with the help of developments created at ITMO University.
Amir Zmora / Flickr / CC
')
What is wrong with smart home
Often, developers do not pay enough attention to the safety of the products they create. For example, there is a case when an information security researcher was able to find a link to the interface for managing a smart home system directly in Google. The page was not password protected, so he was able to manage all the smart systems, and also learned the address of the house and the phone number of its owner.
Without problems, you can hack a smart home and being on the spot. As a rule, when creating such systems - especially for residential premises - an additional level of new devices is simply “added” to the existing infrastructure. New gadgets communicate with each other using protocols for wireless interaction. And often, system developers choose protocols that do not involve encryption, so anyone who connects to the premises network can intercept the data.
Where is the weak link of the system
In general, the smart home system circuit consists of two main data streams in which control signals are transmitted:
/ Formal model of the "Smart Home" system. Illustration from the article “Authentication of automation devices in the“ smart home ”system of the authors of the project“ Safe smart home ”
The first stream is between the user and the control system — it transmits commands from the person to the computer. An interface is used for this: terminal, mobile device, web application, etc. The main data flow is the second, between the control system and automation devices.
Automation devices, control system and information flow between them are one of the most vulnerable elements in the “smart home”. Most often in modern systems, the communication between their elements goes through open channels without ensuring the confidentiality and integrity of data. As a result, attackers can listen to the information flows of the system without any particular problems, gain access to its specific elements and in some cases, seize complete control over the premises.
How to make smart home safer: ITMO University project
The participants of the project “Safe smart home” seek to answer this question - it is being developed by the team of the Department of Secure Information Technologies of the ITMO University. Experts are developing a software and hardware complex of a smart home, which will be deprived of the main disadvantages of current systems.
To secure the system, it is necessary first of all to increase the security of all the weak links described above. For example, choose a secure way to transfer data. The project team conducted an analysis of the communication protocols used in such systems - based on the results of this work, it turned out that from the point of view of basic characteristics, the best choice for such systems is Zig-Bee technology. This protocol allows you to maximize the confidentiality, integrity and availability of data.
In addition, the system must respond correctly to possible attacks. An attacker can not only intercept data, but also try to physically interfere with the operation of system devices, for example, disable them. In this case, other devices should notice an anomaly in the form of an inaccessible first gadget.
/ Scheme of the impact on the device system "Smart Home". Illustration from the article “Detection of anomalies in systems of automation of objects of protection” by the authors of the project “Safe smart home”
Any attack attempt affects the characteristics of the smart home system - it means they need to be analyzed. If two devices monitor network activity and perform interaction analysis, then an attacker cannot hide an attack like MITM or replay.
To solve this problem, the participants of the Safe Smart Home project have developed a hybrid neural network, combining two models of artificial neural networks: a self-organizing network with competition (Kohonen layer) and a multilayer perceptron.
After training, an artificial neural network is able, on the basis of incoming data, to make decisions on whether the current state of the network node belongs to the anomalous or usual one with an accuracy of 91.47%. More information about working on the neural network used in the project can be found here .
To implement authentication on the side of the final gadget, an Arduino Uno based solution with an enc28j60 Ethernet controller is used. This microcontroller supports a large number of external devices, so it can be a universal link for organizing interaction with various automation elements. More system architecture is described in this article .
Conclusion
The team of the Department of Secure Information Technologies at ITMO University has been developing the Safe Smart Home project since 2015. During this time, the architecture of the software and hardware module was developed, the necessary software was written, and secure data transfer protocols were selected. The final result can seriously reduce the applicability of the main attacks on smart home systems:
/ Results of testing the main types of network attacks before and after embedding a protection device. Illustration from the article “Authentication of automation devices in the“ smart home ”system of the authors of the project“ Safe smart home ”
The flexibility of the created secure smart network allows you to combine almost any device in it and safely transfer data. Therefore, in the future, its use is possible not only in residential buildings, but also in industrial ones.
Additional materials on the topic:
Source: https://habr.com/ru/post/317454/
All Articles