Creating resilient Home automation systems that successfully withstand attacks
Benefits and disadvantages of Home automation systems (HAS)
The Internet of Things (IoT) and its application in Home automation systems (HAS) are expected to offer a plethora of novel services that adapt dynamically to a given context, automate decisions and provide better situation awareness. They should facilitate reducing energy consumption as well as increasing comfort and security. IoT-based HAS will be a widespread and important future field of digitalization directly influencing the most personal elements of people’s lives. In order to fulfil these tasks, such systems have to be deeply engrained in our everyday lives and are therefore an attractive goal for attacks. Attackers could use them to spy on potential targets, to stalk inhabitants or facilitate burglaries, identity theft or blackmail.
The ARES project investigates how to create resilient Home automation systems and prevent attacks from succeeding. To achieve this, sensor data based on meta-information that shows characteristic changes during attacks on the sensor value is leveraged. Such meta-information is e.g. jitters of the supply voltage or the circuit core temperature.
A methodology using meta-information as input for security measures is developed. Sensor data is protected by imposing this meta-information directly on the analogue sensor circuit, diminishing or even closing the gap between data acquisition and digital protection. Furthermore, a holistic security analysis and intrusion detection by merging meta-information is conducted. This includes an evidence-based consumer survey to identify the most common cyber risks and security needs for IoT devices in Austria’s households. Additional outputs are an experimental evaluation and a technology assessment of meta-information based security as well as guidelines for future secure design and use of such systems.
In contrast to classical IT security and industrial applications of IoT, HAS systems are characterized by unplanned installation, drop & forget usage and extremely resource-limited devices due to the high cost pressure. In particular, untrained users having little know-how in installing and operating the system. To achieve the above goals and outputs the project pursues a multidisciplinary approach, combining sensor-(network)-knowhow, IT security expertise and expertise in social sciences. Through this combination of research fields the designed security measures have higher technical attack resilience and are useable and accepted by users.