Rune Sonnich Torbensen

Trusted Domain: A security platform for home automation

In the digital age of home automation and with the proliferation of mobile Internet access, the intelligent home and its devices should be accessible at any time from anywhere. There are many challenges such as security, privacy, ease of configuration, incompatible legacy devices, a wealth of wireless standards, limited resources of embedded systems, etc. Taking these challenges into account, we present a Trusted Domain home automation platform, which dynamically and securely connects heterogeneous networks of Short-Range Wireless devices via simple non-expert user interactions, and allows remote access via IP-based devices such as smartphones. The Trusted Domain platform fits existing legacy technologies by managing their interoperability and access controls, and it seeks to avoid the security issues of relying on third-party servers outside the home. It is a distributed system that enables secure end-to-end communication with home automation devices, and it supports device revocations as well as a structure of intersecting sets of nodes for scalability. Devices in the Trusted Domain are registered in a list that is distributed using a robust epidemic protocol optimized for constrained resources and network load sharing. The resource-intensive encryption operations are reduced to a minimum by sending short signed update queries and only synchronizing when necessary. An experiment on an embedded implementation examines timing, footprint, and behavioral properties of the protocol. The protocol has been formally verified by the UPPAAL model-checking tool.

The HomePort System

Residential gateways for home automation alre prerequisites to obtain optimal exploitation of energy resources, and they also have the potential to provide a unified operation of various home devices and appliances. Although a number of protocol standards have been proposed, the number of commercially available systems is still very limited. One reason for this is the diversity of device manufacturing standards; another is the lack of efficient and expressive middleware for defining control algorithms and usage scenarios. In this paper we present the architectural design of a distributed middleware system for residential gateways including a simple composition language. Also, we present the initial experiences obtained from a prototype implementation of the system.

OHAS: Open home automation system

This paper describes a vision of an open home automation system consisting of products from many diverse vendors. Plurality is important to ensure innovation through a mix of competition and cooperation between market actors. Supporting such a system, this paper proposes an open framework for integrating new products with existing home automation equipment consisting of two parts: An upgradeable heterogeneous network infrastructure and a method for describing embedded devices. The infrastructure consists of a scalable distributed gateway architecture that provides data communication between different types of network. Using generic communication modules, that encapsulate communication technology, the infrastructure and legacy products can be upgraded to take advantage of the latest data-communication technologies. To enable services and allow semi-automatic system configuration, devices entering the framework must provide a device descriptor written in a device description language comprising a syntactic interface description part and a semantic description part. Using natural language components vendors can now describe new innovative features that are not yet supported in any standard. A concept prototype using a number of different wireless technologies has successfully shown that is it possible to control devices with no prior application protocol knowledge using components from natural language as common language for translation.

My Home is My Bazaar - A Taxonomy and Classification of Current Wireless Home Network Protocols

Recent advances in wireless communication have produced a multitude of related protocols, leading to a growing market of products for home automation systems within energy management, elder care, etc. These systems are different from wired ones in terms of architectures and qualities, which leads to considerable challenges for developers and integrators in understanding and choosing between the available wireless technologies. To further increase technology adoption and improve business risk assessments, it is necessary to determine the important properties of the technologies in order to compare them. First, we review the technical details of a number of established wireless technologies currently sold in the market. Second, a taxonomy is constructed based on the ISO 9126 quality framework. A number of evaluation criteria are determined such as maturity, replace ability, openness, resource efficiency, cost, security, etc. Third, a classification based on the taxonomy and the collected data is presented. In the final discussion, we identify a number of key aspects that could be important technology criteria for future development of home automation protocols.

User-Friendly Establishment of Trust in Distributed Home Automation Networks

Current wireless technologies use a variety of methods to locally exchange and verify credentials between devices to establish trusted relationships. Scenarios in home automation networks also require this capability over the Internet, but the necessary involvement of non-expert users to setup these relationships can lead to misconfiguration or breaches of security. We outline a security system for Home Automation called Trusted Domain that can establish and maintain cryptographically secure relationships between devices connected via IP-based networks and the Internet. Trust establishment is presented in a simple and meaningful way that allows non-expert users to make the correct security decisions when enrolling new devices. We propose a social remote mutual authentication method called the PictogramDB Hash designed to easily and accurately verify certificate hash values by visualizing them with sequences of pre-defined pictograms. This method is designed to scale from smartphones and tablets down to low-resource embedded systems. The presented approach is supported by an extensive literature study, and the ease of use and feasibility of the method has been investigated via user study and implementation.

User-friendly establishment of trust in distributed home automation networks

Current wireless technologies use a variety of methods to locally exchange and verify credentials between devices to establish trusted relationships. Scenarios in home automation networks also require this capability over the Internet, but the necessary involvement of non-expert users to setup these relationships can lead to misconfiguration or breaches of security. We outline a security system for Home Automation called Trusted Domain that can establish and maintain cryptographically secure relationships between devices connected via IP-based networks and the Internet. Trust establishment is presented in a simple and meaningful way that allows non-expert users to make the correct security decisions when enrolling new devices. We propose a social remote mutual authentication method called the PictogramDB Hash designed to easily and accurately verify certificate hash values by visualizing them with sequences of predefined pictograms. This method is designed to scale from smart-phones and tablets down to low-resource embedded systems. The presented approach is supported by an extensive literature study, and the ease of use and feasibility of the method has been indicated through a preliminary user study and implementation.

Layer-component-based communication stack framework for wireless residential control systems

This paper describes methods to lower the entry barrier for creating products that interoperate in the emerging heterogeneous residential control network domain. For designing reconfigurable, layer-component-based communication stacks, a flexible framework is proposed that supports several types of nodes such as bridges, controllers, sensor/actuators - as well as secure communication between them. A special messaging system facilitates inter-component communication, and a Virtual Port Service protocol enables resource addressing. The end-devices in the heterogeneous network are made accessible on a common IP infrastructure, regardless of individual wireless technology. Legacy home automation devices are also supported. A prototype has been implemented on multiple resource-constrained hardware platforms, to demonstrate that the solution is both feasible for low-cost devices and portable. It has been shown how the framework facilitates fast prototyping and makes developing secure wireless control systems less complex.

Secure Wireless Embedded Systems Via Component-based Design

This paper introduces the method secure-by-design as a way of constructing wireless embedded systems using component-based modeling frameworks. This facilitates design of secure applications through verified, reusable software. Following this method we propose a security framework with a secure communication component for distributed wireless embedded devices. The components communicate using the Secure Embedded Exchange Protocol (SEEP), which has been designed for flexible trust establishment so that small, resource-constrained, wireless embedded systems are able to communicate short command messages, with full support for confidentiality, authentication, and integrity using keypairs. The approach has been demonstrated in a multiplatform home automation prototype that can remotely unlock a door using a PDA over the Internet.