By taking advantage of proven security mechanisms and protocols, engineers can significantly enhance the security of connected devices in the home.
As devices in the home connect to the Internet, they expose our homes to hackers. With Parks Associates predicting more than 50 million connected homes by 2020, it's time for developers to make protecting customer data a top priority. The engineering team at the Thread Group prioritized security in developing the Thread protocol. It identified best practices for ensuring the home is fully secured including:
- Network-wide keys
- Key agreements
- Authentication & authorisation
- Application layer protection
Taking a closer look at each of these in turn, the use of symmetric key cryptography based on a network-wide key ensures comprehensive protection through integrity protection and payload encryption applied to each message.
To prevent man-in-the-middle attacks, integrity protection works by appending a small amount of data called an integrity check tag to each message. The tag can then be verified to prove that the message originated from where it said it did, and that it was not tampered with in transit.
In addition, payload encryption scrambles the contents of the potentially private or sensitive payload to ensure it cannot be read by an attacker. AES-CCM provides both of these features, and should be used on all packets at the network layer to provide a strong base level of protection.
Any time a new device is added to the network, it must be securely granted the network-wide key in order to process messages as described above.
A Password Authenticated Key Exchange (PAKE) makes use of a relatively low-strength secret (i.e. a password) in conjunction with high-strength asymmetric cryptography to generate a high-strength shared secret. When a new device is granted the network-wide key, the high-strength shared secret is used to encrypt the message containing the key.
Authentication is another important step in the setup process, achieved when a user inputs a new device's password into an authenticating device, typically a smartphone. The password can be printed on the new device itself as part of a QR code, which can be easily scanned by the smartphone.
The PAKE will only be successful if the password put into the smartphone matches the new device's password, which assures the user that the device they just commissioned is the same device that they scanned on their smartphone. The new device is authorised to join the home network by virtue of being given the network-wide key.
Using a sequence counter to periodically change the key used to secure messages ensures that, even in the unlikely event that an attacker obtains the key, only a limited window of messages can be processed. It isn't necessary to change the network-wide key often, but there must be a means to update it. As a best practice, it is recommended that the key be updated any time a device is sold or disposed of.
Building a secure networking layer provides an important foundation for building secure connected devices, but it's also vital that the application layer provides additional security. Using common security building blocks, for example, the CoAP transfer protocol and DTLS security, allows for efficient implementation of secure application layer code.
When it comes to security, it's not necessary for device makers to re-invent the wheel. Instead, they can build on well-established standardised protocols, such as the TLS protocol, which is used to secure Internet transactions today and the J-PAKE protocol which is currently being standardised and has a security proof undertaken by respected cryptographers.
About the authors
Bill Curtis is on the Thread Group's board of directors and is the lead strategist for the Internet of Things at ARM. Robert Cragie is a senior principal engineer at ARM, and also works with the Thread Group.