issue of smart home automation system

Security and privacy issue of smart home automation system

Table of Contents

Abstract ii

Acknowledgements iii

Statement of Originality iv

Table of Contents v

List of Figures ix

List of Tables x

Chapter 1 Introduction 1

Chapter 2 Background 3

2.1 What is the Internet of Thing 3

2.2 What is an Intelligent Home Automation System 3

2.2.1 System Components 4

2.3 Main Concerns 8

2.3.1 What is Disclosure 8

2.3.2 Security Issue in Smart Home 8

2.3.3 Privacy Issue in Smart Home 9

Chapter 3 Review of Related Works 10

3.1 An Analysis of Risk in Smart Home Technology from Jacobsson & Davidsson (2015) 10

3.1.1 Introduction 10

3.1.2 The Private/Public Home Scenario: 11

3.1.3 Related Works 12

3.1.4 Smart home automation system-SHAS architecture 15

3.1.5 Proposed Security Risk Analysis Methodology 16

3.1.6 ISRA Results 17

3.1.7 Mitigation Solutions 24

3.1.8 Conclusion 26

3.1.9 Future Work 26

3.2 Controlling Security and Privacy Problem at The Network Level from Sivaraman et al. (2015) 26

3.2.1 Threats for IoT in the Smart Home 27

3.2.2 Network Level Solution 28

3.2.3 Prototype and Evaluation 29

3.2.4 Previous Researches 31

3.3 Multi-level Authentication System for a IoT Home Security Analysis and Execution from Peter & Raju K (2016) 32

3.3.1 Survey of Related Works 32

3.3.2 Suggested System 33

3.3.3 Security and Performance Analysis 36

3.4 Privacy Preserving Data Analytics for Smart Homes from Chakravorty, Wlodarczyk, & Rong (2013) 37

3.4.1 Data Issues in Terms of Security and Privacy 37

3.4.2 The Suggested Solution 39

3.4.3 Conclusion 42

3.5 A Security Analysis Approach of Wireless Sensor Networks for IOT Connected Home Systems from Zhang (2016) 42

3.5.1 Introduction 42

3.5.2 Wireless Sensor Networks’ Security and Smart Home Networks’ Specificities 43

3.5.3 An Attack Graph Prototype System Using Logic-Programming Engine for Smart Home Systems 44

3.5.4 An Experiment on A Simulated IoT Home System 47

3.5.5 Conclusion 48

3.6 Towards a Privacy and Security’s Model for Smart Homes 49

3.6.1 Related Works 49

3.6.2 A Risk Analysis Applied on a Smart Home 51

3.6.3 Towards a Model for Privacy and Security 52

3.6.4 Discussion 54

3.7 Design of Database and Secure Communication Protocols for Internet-Of-Things-Based Smart Home System from Adino et al. (2017) 54

3.7.1 The General System 54

3.7.2 Outdoor Communication Protocol 56

3.7.3 Communication Security 57

3.7.4 Proposed data queue structure and data package 58

3.7.5 The Database Designs 60

3.7.6 Design Test 62

Chapter 4 Comparison of the Approaches 64

4.1 Advantages and Disadvantages of all Approaches 64

4.1.1 A Risk Analysis Approach from Jacobsson & Davidsson (2015) 65

4.1.2 Security at the Network Level Approach from Sivaraman et al. (2015) 66

4.1.3 Multi-level Authentication System Approach from Peter & Raju K (2016) 67

4.1.4 Secure Data Gathering Framework Approach from Chakravorty, Wlodarczyk, & Rong (2013) 68

4.1.5 Attack Graph Prototype Approach from Zhang (2016) 69

4.1.6 Database and Secure Communication Protocols Approach from Adino et al. (2017) 70

4.2 Comparison Criteria 70

4.2.1 Ease of Setup 71

4.2.2 Ease of Application 71

4.2.3 Ease of Administration 71

4.2.4 Responsiveness 72

4.2.5 Security Performance 72

4.2.6 Cost 72

4.2.7 Maintenance 72

4.2.8 Access Right 73

4.2.9 Support 73

4.2.10 Compatibility 73

4.2.11 Resource Consumption 74

4.3 Comparison of Six Approaches 74

4.3.1 A risk analysis approach from Jacobsson & Davidsson (2015) 74

4.3.2 Security at the Network Level Approach from Sivaraman et al. (2015) 76

4.3.3 Multi-level Authentication System Approach from Peter & Raju K (2016) 78

4.3.4 Secure Data Gathering Framework Approach from Chakravorty, Wlodarczyk, & Rong (2013) 80

4.3.5 Attack Graph Prototype Approach from Zhang (2016) 82

4.3.6 Database and Secure Communication Protocols Approach from Adino et al. (2017) 84

4.4 Summary of the Comparison 86

Chapter 5 Scenarios and Recommendations 88

5.1 Home (The Tech Family) 88

5.1.1 Description 89

5.1.2 Security and Privacy Issues 89

5.1.3 Solution 90

5.2 University (The National University) 90

5.2.1 Description 90

5.2.2 Security and Privacy Issues 91

5.2.3 Solution 91

5.3 Hospital (The National Hospital) 92

5.3.1 Description 92

5.3.2 Security and Privacy Issues 92

5.3.3 Solution 93

5.4 Generic Guidelines 93

Chapter 6 Conclusion 94

References 96

List of Figures

Figure ‎2‑1: Smart home integration services. (Kadam, et al., 2015) 4

Figure ‎3‑1: SHAS architecture (Jacobsson, 2016) 16

Figure ‎3‑2: High level architecture (Sivaraman, et al., 2015). 28

Figure ‎3‑3: SMP prototype design (Sivaraman, et al., 2015). 29

Figure ‎3‑4: Web interface. (Sivaraman, et al., 2015) 30

Figure ‎3‑5: Proposed architecture (Peter & Gopal, 2016). 34

Figure ‎3‑6: Single authentication scheme phases (Peter & Gopal, 2016). 35

Figure ‎3‑7: Dataset processed at data receiver (Chakravorty, et al., 2013). 40

Figure ‎3‑8: Result provider activities (Chakravorty, et al., 2013). 41

Figure ‎3‑9: Attack graph prototype system framework (Zhang M., 2016). 44

Figure ‎3‑10: Definition 2 (Zhang M., 2016). 46

Figure ‎3‑11: Attack graph generation algorithm (Zhang M., 2016). 47

Figure ‎3‑12: Simulated smart home system (Zhang M., 2016). 48

Figure ‎3‑13: The general system (Adiono, et al., 2017). 55

Figure ‎3‑14: Log in and user interface (Adiono, et al., 2017). 55

Figure ‎3‑15: Basic scheme (Adiono, et al., 2017). 56

Figure ‎3‑16: RPC scheme (Adiono, et al., 2017). 57

Figure ‎3‑17: Topic scheme (Adiono, et al., 2017). 57

Figure ‎3‑18: Mixed encryption method (Adiono, et al., 2017). 58

Figure ‎3‑19: Queue structure (Adiono, et al., 2017). 58

Figure ‎3‑20: Data package form (Adiono, et al., 2017). 59

Figure ‎3‑21: Message headers (Adiono, et al., 2017). 60

Figure ‎3‑22: General data (Adiono, et al., 2017). 61

Figure ‎3‑23: Content of home (Adiono, et al., 2017). 62

List of Tables

Table 2‑1: Resource specification for connected devices (Lee, 2014). 6

Table 3‑1: ISRA result (Jacobsson, 2016). 17

Table 3‑2:Risk classification (Jacobsson, 2016) 17

Table 3‑3: Identified software related threats (Jacobsson, 2016). 19

Table 3‑4: Identified hardware related risk (Jacobsson, 2016). 21

Table 3‑5: Information related risks (Jacobsson, 2016). 22

Table 3‑6: Communication related risks (Jacobsson, 2016). 23

Table 3‑7: Human behavior related risks (Jacobsson, 2016). 24

Table 3‑8: System testing result (Adiono, et al., 2017). 63

Table 4‑1: Comparison summary. 87

1. 
   Introduction

Life seems easier and more convenient with the help of smart home appliances. It has benefited our life in different ways: lighting system is set up to turn on or off based on specific motion of house inhabitants such as clapping the hands to turn on and clapping the second time to turn it off. Deploying the new technology such as temperature sensors into air conditioning will help to save money and energy of the owners because this sensor will automatically turn off when there is no one in the room[ CITATION Kad151 l 1033 ].

Application of this technology is almost seen in the kitchen: the Internet refrigerator enables its users to download a recipe and display on the front door of the fridge, or microwave is set to turn on at the specific time when the owners are still not at home[ CITATION Kad151 l 1033 ]. Those mentioned examples demonstrate that the application of this smart home technology not only promote the convenience but also efficiency and the potential development of it is still promising. However, every development has its disadvantages and need to be taken into account for further researches.

This thesis will discuss security and privacy challenges within the connected home system and suggest some possible countermeasures to handle these issues. The structure of this thesis is compiled into 4 chapters. Chapter 1 is the general introduction about the topic, chapter 2 will give some definitions related to a smart home environment, for instance what smart home is, what the security in a smart home system and what Internet of thing (IoT) is. However, this thesis will mainly focus on chapter 3 which summarizes 6 articles from various profession journals about the security and privacy related topics of IoT connected homes. After that, chapter 4 gives the conclusion about what I have learnt from those papers, the suggestion for future researches as well as my plan for thesis part 2.

2. 
   Background

This chapter delivers basic concepts about the smart home technology ecosystem such as what the internet of thing is, what a smart home system is, and fundamental problems including security and privacy breach. Those concepts will give the fundamental understanding about the whole system before going into discussion about their related works for security and privacy issues.

1. What is the Internet of Thing

The Internet of thing is a broad term to define any device connected to the Internet and has ability to communicate with other connected devices, with human or applications. For example, the smart fridge can remind its owner that some of the food are out of stock and need to be refilled[CITATION Nic15 l 1033 ].

1. What is an Intelligent Home Automation System

Basically, smart is defined as an interactive technology. Therefore, if a home is called as a smart home, it needs to apply IoT technology to control appliances remotely and wisely and aim to the automatic operations of some boring activities without user’s intervention[ CITATION Kad151 l 1033 ].

Further, the home controller acting as the central device monitors and controls different home devices and appliances at the click of a single button on a home controller[ CITATION Kad151 l 1033 ]. Following figure demonstrates what the general design of smart home system is. Various home services comprising lighting control, climate sensors, water and gas control and home theater integrate with each other or with home’s inhabitants via a home controller.

Figure ‎2‑1: Smart home integration services.[ CITATION Kad151 l 1033 ]

1. System Components

A traditional smart home system includes multiple electronic appliances and devices which have an access with the Internet in order to allow home owners control remotely. Various devices run on different operating systems. Moreover, gateways and connected devices communicate with each other using different communication protocols[ CITATION Lee141 l 1033 ].

1. The Application of a Smart Home Technology

The primary purpose of designing a smart home system is to ease human’s life and enhance the quality of life. Therefore, the home components within this system needs to provide the comfort, safety, convenience in an affordable way for the inhabitants. The broad application of this new technology in the real life is a strong proof of their benefits. There are plethora examples of application of smart home technologies in practice as follows[ CITATION Kad151 l 1033 ]:

Security: using security system to send notification videos to inhabitants.

Energy management: incorporating energy management into operation of connected devices.

Heater and air conditioner management: using temperature sensors and heating and cooling timer to control energy and turn off if no one is in the house

Lighting: based on the habitant’s sensor to open the long curtain in the morning time and open lights in the night time.

Appliance control: embedding device to control different household’s appliances such as refrigerator, oven, microwave and washing machine instead of independent system. For example, embedded device inside washing machines can share its laundry setting data with drying machines.

Entertainment: based on inhabitants’ preferences, smart home system will share resource among different entertainment devices including smart TV, DVD and multiple media players[ CITATION Lee141 l 1033 ].

Assisting system: assisting elderly and disable people to live safely in their house by using sensor to detect unexpected events such as the elderly falling.

To conclude, the development of smart home is still at the early stage, so it has a huge potential to thrive in the near future.

1. Connected devices

Any device capable of intelligent computation can become an element of a smart home environment. Below is the list of all available devices in the market categorized by its application[ CITATION Lee141 l 1033 ]:

Lighting: light bulbs, lamps.

Appliance control: washing machine, cooker, refrigerator.

Safety system: water leak, gas leak detector, door-lock.

Entertainment: smart TVs set, wireless speakers, toy robots.

Assisted living: wrist bands

Heating, ventilation and air-conditioning (HVAC): thermostats

Security: surveillance cameras.

Network devices: residential gateway, router, network storage devices.

1. Operating systems

Most of operating systems that support for IoT devices have to be lightweight due to the constraints in terms of small size, low energy, computation and storage capability of systems embedded in connected devices. Following is the current operating systems:

Contiki [CITATION Dun l 1033 ]: is written in C language and used to support low cost and low energy micro-controllers.

Tiny OS[ CITATION Lev05 l 1033 ]: using nesC programming language to support wireless sensor network applications.

RIOT OS [CITATION Bac12 l 1033 ]: ensures the minimized memory usage and allows to customize and configure to meet application’s requirements.

Table 2‑1: Resource specification for connected devices[ CITATION Lee141 l 1033 ].

1. Communication protocols

Communication protocols used to connect all devices within the smart home environment are categorized into five layers of OSI model.

1. Physical and Data Link Layers:

IEEE 802.15.1 Standard: provides the wireless Medium Access Control (MAC) and Physical Layer (PHY) specifications for Wireless Personal Area Networks (WPANs) aiming to transfer highspeed data and multimedia for home entertainment application within 10 meters. This standard uses frequency hopping spread spectrum (FHSS) to avoid interference and maximize data rate of 1Mbps[ CITATION Lee141 l 1033 ].

IEEE 802.15.4 Standard: provides MAC and PHY protocols for low-rate WPANs, supporting sensors and embedded devices with constrained traffic, low energy and limited memory and processing capabilities. The standard maximizes data rate of 250 Kbps. The ZigBee high level communication protocol suite is operated underneath IEEE 802.15.4 standard[ CITATION Lee141 l 1033 ].

IEEE 802.11 Standard: specifies MAC and PHY specifications for high-rate communications in Wireless Local Area Networks (WLANs) over ranges from 20 to 250 meters[ CITATION Lee141 l 1033 ].

2. Network and Transport Layers:

Network layer protocols: such as IPv6 over Low power Wireless Personal

Area Networks (6loWPAN), Routing Protocol for Low power and Lossy Networks (RPL), and Multicast Protocol for Low power and Lossy Networks (MPL)[ CITATION Lee141 l 1033 ].

Transport layer: although UDP protocol is not reliable, it is used for resource-constrained appliances to save energy by turning to sleep mode after transferring data. It depends on the target application, there are different requirement of reliability. If the applications are based on packet, it is advised to use TCP. In contrast, if the applications are based on event, UDP is more preferable[ CITATION Lee141 l 1033 ].

3. Application Layer:

eXtensible Messaging and Presence Protocol (XMPP) [12]: operates a message-oriented middleware based on XML[ CITATION Lee141 l 1033 ].

Constrained Application Protocol (CoAP): supports resource-constrained electronic devices that are remotely controlled through Internet-based networks. CoAP simplifies the communication with HTTP, while also

supports multicast, has low overhead, and implements simply[ CITATION Lee141 l 1033 ].

MQ Telemetry Transport (MQTT): introduces an extremely lightweight publish/subscribe messaging transport. It operates on connection-oriented

transport layer protocols or on non-TCP/IP networks via its MQTT-S variant[ CITATION Lee141 l 1033 ].

1. Main Concerns
   1. What is Disclosure

Disclosure is the term that describes when someone discloses their own information to someone else. The purpose of this is to trade someone’s personal information in exchange for a certain benefit[ CITATION Nor07 l 1033 ]. Example of this disclosure behavior is when healthcare center receives healthcare information sent from a smart home system of their patients in case of emergency. This disclosure behavior is the main concern of a smart home system and seems a main cause of privacy and security breach since there is the unclear and conflict about which disclosure level is assigned and agreed to external providers by the inhabitants.

1. Security Issue in Smart Home

There are six fundamental purposes when it comes to security. They are as follows:

• Confidentiality: ensure that data is read by only authorized people.
• Integrity: ensure that data is not adjusted or modified by unauthorized users.
• Availability: ensure the authority can have access to data at any time.
• Authenticity: validate the users who are trying to communicate with other users or get data.
• Authorization: define the access right of each user.
• Non-repudiation: have a proof to ensure that the authorized individual does an action such as sending emails.

Therefore, security risk of smart home system occurs when someone who does not have access right or is unauthorized individual attempt to compromise the system and breach one or more above security goals[ CITATION Kom14 l 1033 ].

1. Privacy Issue in Smart Home

Massive amount of data can be generated during the connection within the smart home environment. The information may range from user’s daily activities, behaviours to more personal data such as health status[CITATION And16 l 1033 ]. When the smart home system has become prevalent, the privacy issue has also been raised. Privacy issue happens when attacker or hacker attempts to get access into specific smart home and then sell information for financial purpose, or to prove their capacity within hacking community or other purposes.

3. 
   Review of Related Works

Living in the digital era make people depend on technology, which means people are switching from using traditional controlling devices to wireless network-based appliances in their house for different purposes such as controlling temperature, controlling light system, fire alarm system and other home appliances. However, there is the question that whether this new technology will be smart enough to facilitate human’s lives or it will bring more problems to our busy lives. This chapter will review some related papers discussing about the most primary issue within a connected home system which is security and privacy protection.

1. An Analysis of Risk in Smart Home Technology from Jacobsson & Davidsson (2015)
   1.  Introduction

The paper evaluated system risks using Information Security Risk Analysis (ISRA) method which has been presented in the development of a smart home industry. The paper pointed out security and privacy threats in an automatic controlled home environment. After that this paper also gave some related researches, the overview of SHAS architecture, the ISRA method and its outcomes. Finally, it discussed general risks and some recommendations for future researches[ CITATION Jac16 l 1033 ].

1.  The Private/Public Home Scenario:

With the development of technology in smart home automation system, the interaction between users and all appliances is controlled by smartphones, computers or any mobile devices. This new development has just brought about the risk of concept drift which means the private home with physical control on every single device will become public home due to the system vulnerabilities. Another concern is discussed in this paper is that the integration new devices or software into original SHAS architecture will be a new challenge for the connected home industry. To understand more about the scenario, this paper used the example of setting up a safety surveillance camera to do digital traces. This camera is connected with other devices within a smart home environment.

1. From Energy Efficiency Matter to Safety Surveillance Cameras

Energy efficiency support is the primary aim of any smart home technology. Nonetheless, this system is exploited to serve beyond its original intention which may increase the risk of security and privacy. Take safety surveillance camera as an example, this appliance is supposed to detect the abnormal activities from daily events in faraway areas. Obviously, this surveillance camera can help to save energy since it can monitor whether the lights turn on or off, and whether the homeowners close the door or not. Nevertheless, this appliance is being utilized for different purpose such as controlling the sleep of children or seeing detailed images of inhabitants of that house. This extension of using smart home automation system has raised the new demand of much stricter security policy, especially in terms of features that allow users access from faraway locations sharing their private states[ CITATION Jac16 l 1033 ].

1.  Discovering Digital Traces

Users of smart home system now use their smartphones equipped with user-oriented applications to control electrical devices to reduce energy consumption based on detailed power measurements. When users access to smart home system through this app, it will leave the information that we called digital traces which will be used to create personal profiles by burglars. Burglars can use these routine activities to know when the homeowners are at home and what time they will not be at home. Besides, digital traces are also considered as mapping scheme which will map users and their habits to monitor time and different duration of using household devices such as TVs, dishwasher and e.g. This mapping scheme includes not only digital habits but also can apply in physical world, which turns out the sensitive information. This information will become a threat if they are read by burglars[ CITATION Jac16 l 1033 ].

There is always the conflict between users and suppliers of smart home system. While the former just want to reveal small piece of information, the latter wishes to collect as much as possible to record as the proof document for their future reference. Therefore, in order to encourage homeowners to adopt this new automation technology, it is crucial for the system suppliers to be transparent about how personal data can be collected, processed and analyzed[ CITATION Jac16 l 1033 ].

1. Expanding the Internet Of Things Technology in Smart Homes

It has become a new trend in a smart home system when power control is used as a tool to prevent thefts by automatically turning on the light and opening TV when the owners are not at home. Although this energy control involves a number of different devices and will lead to the rise of energy usage, it helps to enhance the privacy[ CITATION Jac16 l 1033 ].

Moreover, integrating different devices under an energy control may cause the new risk of cyber-crime. Therefore, the level of autonomy of system should be defined. In conclusion, the main focus of the development of smart home technology is that how security is designed to prevent attacks[ CITATION Jac16 l 1033 ].

1. Related Works
   1.  Risk Analysis-Based Approaches

Denning et al. make a survey of the security and privacy using three elements: the likelihood of carrying on an attack, the attractiveness of the automation technology, and the destruction caused by performing an attack. After that they give a basic structure for defining risks linked to a specific device in the house. Besides, this approach also evaluates existing smart home, not new smart home automation system [ CITATION Den13 l 1033 ].

Djemme et al. (2011) proposed the risk assessment model containing those categories: legal risk, technical risk, policy risk, and general risk. This framework puts an emphasis on how important the effective risk management methods are in cloud computing service environment [ CITATION Dje11 l 1033 ].

1. Security-based approaches

Babar et al. (2011) analyzed the demand of embedded security in smart home devices to prevent, detect and isolate the security breaches according to review of attacks into the network within IoT environment. Following this analysis, they considered some other software and hardware elements, for instance computing time, how much energy is spent, and memory required for connected devices before defining actual security demand [CITATION Bab11 l 1033 ]. They highlighted the significance of properly executing security regulations.

Ning et al. (2013) introduced a system architecture that enables security at system layer, network layer, and application layer for a IoT technology. They aimed to achieve three main goals of security standards: confidentiality, integrity, and availability, so they put more efforts in doing research into strong encryption algorithms, and data control. They particularly underlined the significance of technologies that can enhance security such as authentication and authorization over networks on the different online entities of the connected house [ CITATION Nin13 l 1033 ].

Gan et al.[CITATION Gan11 n t l 1033 ] have an emphasis on how to apply technology and how to enhance the security solutions in IoT environments. They conclude that authentication and cryptography methodology play important roles in mitigating the serious risks derived from malicious software attacks and distinct hacking techniques.

 Lee et al. [CITATION Lee141 n l 1033 ] and Van Kranenburg et al.[CITATION Van11 n t l 1033 ]  concluded that although there is an array of available methods to implement the security tasks in smart home environment, few of them are considered secure. It is because most of smart home devices possess constrained resources, which means those devices has limited processing and storage capabilities.

Van Kranenburg et al.[CITATION Van11 n t l 1033 ]  supported their review by pointing out that there were some researches about cryptography on those smart home devices and the nature of constrained-resources makes smart home devices become vulnerable to attacks since this characteristic does not allow to carry on the security methods.

Das et al. [CITATION Dasch n t l 1033 ] has just constructed a home automation and security system (HASec) which is run on iOS application of mobile devices. Those applications will be controlled by a cloud server through scripts. HASec is a potential system in terms of providing the functions which will help to strengthen the security of a smart home.

After analyzing how vulnerable smart home devices is to security attacks, Notra et al.[CITATION Noter n t l 1033 ] propose a solution to these risks based on limiting the access at the network layer or setting access control policies.

1. Privacy-based approaches

There were a large number of discussions about privacy challenges with reference to connected devices in smart home environment; however, none of these discussions focus on how severe those privacy and security problems are.

The legal framework is proposed by Weber [CITATION Web11 n t l 1033 ]. This framework is considered as the stable and reliable framework for businesses and users to depend on. With the purpose of increasing the accountability, Weber dissected privacy issues based on technical components such as how to encrypt the user data, how to authenticate and manage ID of users. He also analyzed how to get the acceptation from user and what is the limitation of collection and utilization.

1. Approaches according industry

There are a number of examples of hacking and intruding smart home system. Although there are also a lot of available techniques to deal with those attacks, the nature of constrained resource is the main cause of implementing those security methods.

Barnards–Wills et al.  [CITATION Bar14 n t l 1033 ] indicated that automated home devices suppliers and technology developers are likely to be threat agents unintentionally if they did not design, maintain or install devices probably. He suggested that users should consider and do risk analysis of those cases before configuring any smart home devices.

Currently, the market for a smart home technology has become dynamic, more and more security suppliers come to this market. However, good practices and policy measures are still neglected in this market. The report by Barnards-Wills et al.[CITATION Bar14 n t l 1033 ] about standards with regards to smart home environment should be considered by manufacturers when they develop technology.

1. Smart home automation system-SHAS architecture

The below figure is the overview of how SHAS architecture works. All smart home devices will be run independently and connected through a mesh network called Zigbee, this network will connect to the cloud server through a central node known as a home gateway. This gateway operates on a minimalistic Linux distribution and utilizing XMPP protocol when connecting to the Internet. Mobile applications will interact with house sensors indirectly via API platform[ CITATION Jac16 l 1033 ].

A bundle of different connected devices is used in the design of SHAS platform within a smart home environment. Currently, those devices are supplied by various manufacturers. However, in order to ensure the effective capacity of the platform, some fundamental components should be taken into account, such as in-house gateway. The study about how to configure the security, for example firewall for cloud server or authentication is also important for users before they decide to set up a smart home architecture[ CITATION Jac16 l 1033 ].

Figure ‎3‑2: SHAS architecture[ CITATION Jac16 l 1033 ]

1. Proposed Security Risk Analysis Methodology

To identify the security risk exposure in SHAS architecture, this paper uses ISRA approach which discusses confidentiality, integrity, and availability characteristics of system security.

1. Practical Approach

ISRA was carried out in a small group of 9 participants who are experts in security, domain and developing SHAS architecture. Everyone was asked to identify the threats and vulnerabilities of SHAS components with regards to hardware, software, information, communication, and human perspectives. Then they ranked the probability of occurrence and their impact from 1(unlikely) to 5 (disastrous). Mean risk value is the result of multiplying the mean probability and the mean impact values.

1. ISRA Results

Table 3.1 demonstrates the result of ISRA risk analysis session with min risk value 3.5 and max risk value 15.44. There were 32 risks identified after this session.

Table 3‑2: ISRA result[ CITATION Jac16 l 1033 ].

Table 3-2 summarizes the impact levels from low, medium to high of 32 risks in 5 threat categories and 6 subsystem parts of SHAS architecture[ CITATION Jac16 l 1033 ].

Table 3‑3:Risk classification[ CITATION Jac16 l 1033 ]

1. Identified Risks

The report also showed the detailed results of risks from the ISRA risk analysis methodology on SHAS architecture based on five groups: software, hardware, information, communication and human-related threats. In software related risks, insufficient accountability of the in-house gateway is the highest likely risk and inadequate authentication in the API is deemed to be the most dreadful outcome.

Table 3‑4: Identified software related threats[ CITATION Jac16 l 1033 ].

In hardware related risks, unauthorized modification of physical sensors is the risk that has the highest likeliness of occurrence and unauthorized tempering of physical sensors has the most dreadful impact[ CITATION Jac16 l 1033 ].

Table 3‑5: Identified hardware related risk[ CITATION Jac16 l 1033 ].

In information category, insufficient access-control and authentication of in-house gateway has the highest likeliness of occurrence and the most dreadful outcome, which means it accounts for the highest risk value[ CITATION Jac16 l 1033 ].

Table 3‑6: Information related risks[ CITATION Jac16 l 1033 ].

With regard to communication category, risks related to manipulating, duplicating, surveilling, and deleting sensors and the cloud server deemed to have the highest probability of occurrence and the most serious influence[ CITATION Jac16 l 1033 ].

Table 3‑7: Communication related risks[ CITATION Jac16 l 1033 ].

The risks involving human actions are not related to any subsystem parts. The table result shows that poor password selection is the most probable risk. Moreover, unauthorized resending of secret information between system or cloud suppliers and attacks using hacking method from different attackers are the most dreadful outcomes. Therefore, poor password selection is the highest risk value[ CITATION Jac16 l 1033 ].

Table 3‑8: Human behavior related risks[ CITATION Jac16 l 1033 ].

1. Mitigation Solutions

The paper suggested some solutions based on each SHAS category. In hardware- related risks, security engineers should design the more appropriate physical protection such as certified locks on doors or guards to respond to raised alarms.

To patch the vulnerabilities in mobile app of SHAS, the paper suggested that software developers and security engineers should consult the CVE (Common Vulnerability and Exposure) databases to broaden their knowledge and then contribute useful mitigation techniques. Moreover, some clear solutions such as coding and testing techniques, or cryptographic certificates and trusted third parties should be considered.

To mitigate the software risk related to gateway, we should utilize the authentication mechanisms such as traditional passwords or multi-factor authentication. To handle software-based risks targeting inadequate accountability and logging settings, we need to have the collaboration amongst related smart home partners to set up the configuration of logging and registry activities.

Currently, no access control mechanism is set up in SHAS. Therefore, the high need is for access control settings and temporary access for guest applications to mitigate the information related risk.

Within communication risk category, risks which are ranked highest are insufficient authentication algorithms and confidentiality solutions within the multiple connected sensors and the cloud server. To mitigate this risk, we should deploy the encrypted communication protocol to encrypt information before sending it such as Virtual Private Networks[ CITATION Jac16 l 1033 ].

Password policies and verification tools should be enforced to handle the risks derived from human behaviors.

After doing security analysis, human actors are deemed to be the most severe risks and needed to focus more when it comes to enhance the security system within SHAS architecture.

1. Conclusion

Typically, risk analyses are carried on after setting up the IoT connected devices. Therefore, the ISRA aims to analyze risks and point out the importance of putting security in design stage to mitigate and prevent some threats. The fundamental components of the new design have just been identified to tackle some issues such as how to manage private information, or how to design security policies to control risk and how to create methods to evaluate the risk exposures. However, it is an undeniable fact that before developing the new design or architecture, software developers and security engineers should gain thorough knowledge about the system via information analysis and classification[ CITATION Jac16 l 1033 ].

1. Future Work

Future researches should put an emphasis on the enhancement of integration and automation features for risk analysis tools. The process of analyzing risk and vulnerabilities in smart home system will help users and related stakeholders to make more informative decisions, especially when they have to choose protective techniques. We also should invest more in researching a more usable and quantitative risk analysis methodology[ CITATION Jac16 l 1033 ].

1. Controlling Security and Privacy Problem at The Network Level from Sivaraman et al. (2015)

This paper did some research about security and privacy threats on some of existing IoT devices. After that it mentioned how to set up the system to enhance privacy and security. It also demonstrated how to implement prototype before discussing some prior related works.

1. Threats for IoT in the Smart Home

Nowadays smart home devices are more and more prevalent in the technology market. This paper will discuss about some of those devices before giving any suggestion for their security problems.

Customers of The Philips Hue Connected bulb control lighting system remotely; however, data and information are transferred between users through their apps and the bridge without encryption, which is vulnerable for eavesdroppers. Moreover, although this device has a list of users for access control purpose, attackers can get access into these lists easily.

Users who utilize the Belkin WeMo motion sensor and switch kit to control the power socket for any electrical home appliance will face severe intrusion from attackers. Attackers will study SOAP commands by carrying an SSDP discovery to get IP addresses of those devices and the port[ CITATION Siv15 l 1033 ]. After that those attackers will gain the remote access to all household appliances that connected to WeMo sensors.

The Nest smoke-alarm raises concern about the privacy of users. In term of security, these alarms ensure the security projection from eavesdroppers due to the use of encryption when data is exchanged.

Users observe their children at home through using mobile app communicating with the Withings Smart Baby Monitor. Attackers will use the ARP poisoning to exchange legitimate IP address to their own IP addresses, then gain access into camera.

Information exchanged from a weighting scale called the Withings Smart Body Analyzer is unencrypted. Further, packets sent through Bluetooth also transfer information that can be used for recreating MD5 digest. Attackers will use this digest for authentication with server to gain access to personal information of users.

1. Network Level Solution

This paper proposed the risk detection and mitigation techniques at the network level because of those reasons:

Network-level security can be carried out across the large range of IoT devices and upgraded from cloud. The security part can be done by a third- party company who has more experience in the security field. Another layer of protection will be added into network-level security and maybe into device-level security.

This paper introduced the new architecture with the presence of extra entity known as the “Security Management Provider” or SMP at network layer. This new entity may add access control rules to protect a particular IoT device. Figure below shows the interaction between SMP and ISP network through APIs, and the communication between SMP and home users via GUIs. SMP acts on the behalf of the consumer to control configuration over ISP network.

Figure ‎3‑3: High level architecture[CITATION Siv15 l 1033 ].

SMP role: acting as interfaces to home users. Currently, multiple stakeholders compete each other to attach SMP role in their products.

ISP/Home-router-vendor role: SMP architecture encourages home router and ISP vendor to focus on their competitive advantage such as supporting APIs that connect to SMP.

Consumer role: SMP role meets the need of smart home’s customers about security. User habits and behaviors will be stored on cloud and not be affected if the users switch to another ISP provider.

1. Prototype and Evaluation
   1. Prototype

A new system which comprises two underlying parts ISP network and SMP was set up and ready for implementation. ISP encompasses the access switch (OVS) enhancements and controller (FloodLight) modules, while SMP operates the security orchestrator (Ruby on Rails) and web-GUI (Javascript/ HTML)[ CITATION Siv15 l 1033 ].

Figure ‎3‑4: SMP prototype design[ CITATION Siv15 l 1033 ].

Access switch operates Open vSwitch 1.9.0 (OVS) which designs a virtual bridge for each home to set flow rules. Each household is connected with one port on access switch.

ISP Network controller used the standard Floodlight (v0.9) OpenFlow APIs for running the ISP network, and implemented the RESTful APIs using Java modules[ CITATION Siv15 l 1033 ]. Consequently, new flow table rule is added for a specific OVS bridge. New module is also added to FloodLight to run access control

SMP Security Orchestrator: SMP manages security based on a security Orchestrator which keeps the state and the logic required. This orchestrator communicates with ISP via RESTful APIs and with subscribers via RESTful APIs using MySQL database.

Web-based portal: is the place for subscribers to choose their services, and is operated in Javascript and HTML. As demonstrated in a figure 3-4, in IoTProtect tab, the subscriber can set security/privacy of any of their connected devices to the SMP; the SMP protects that device by inserting suitable access control regulations through the network API[ CITATION Siv15 l 1033 ].

Figure ‎3‑5: Web interface.[ CITATION Siv15 l 1033 ]

1. Evaluation

The Philips Hue light-bulb and the Nest smoke-alarm are used as examples for application of SMP services. Firstly, the light-bulb associates with the Internet via a WiFi bridge, bulb settings are adjusted using Android/iOS apps. The subscriber chooses to protect this device by sending command or message on an application of user’s phone to the SMP. Suitable access control rules are inserted when The SMP invokes the network API. Now only known users are permitted to access the bulb[ CITATION Siv15 l 1033 ].

The same method was tested on the Nest smoke-alarm installed in our prototype. This Nest device provides real-time alerts to the user app using cloud-based servers. Traffic coming from and to this device was encrypted in addition with authentication. Now, researchers sent a request to the SMP to protect privacy of users deploying this device. Then the SMP invokes network APIs to enable device to send only 250KB of data every day. Yet the notifications are still sent to user’s app when the device detects smoke.

To conclude, above examples mentioned security as an additional service which manages network operations for connected devices. After the experiment, researcher concluded that better security and privacy protection measurement are provided than traditional device suppliers[ CITATION Siv15 l 1033 ].

1. Previous Researches

Doing research about security and privacy of smart home is still at the initial stage. Most of researchers have concentrated on identifying potential risks and vulnerabilities of IoT system and how to adjust current security methodology. A majority of those research supports the idea that we should embed security technique into connected devices.

This paper did not focus on embedding security part into design of connected devices, but instead it will suggest the new option that we should consider move the security technique into the network layer with the aid of SDN mechanism. These efforts seem gaining popularity in upcoming years.

1. Multi-level Authentication System for a IoT Home Security Analysis and Execution from Peter & Raju K (2016)

Resource constraints are the main concern when it comes to design a powerful and secured system for intelligent connected home. Although the development of encryption methodology is undeniable, the authentication system is vulnerable to multiple attacks. Therefore, the secured authentication mechanism is in demand as described in the requirement of application of IoT technology. In this paper, the author highlighted different levels of authentication technologies for intelligent home environment.

1. Survey of Related Works

An invulnerable authentication mechanism used for an automated home network was introduced by Makrakis and Vaidya [CITATION Vai11 n t l 1033 ],which utilizes ECC and self-certified public key technique to authenticate and establish key. The user will get involved in different stages of this mechanism. Every device needs to have an absolute certificate by registering to the certificate authority in the pre-deployment step. When home appliances are deploying to compute a key pair and certificates, the initialization starts. The authors claimed the efficiency of their authentication mechanism. However, it is shown in the evaluation that this Elliptic curve cryptography-based mechanism raises the time of authentication and does not mention how it can protect from security attacks.

Y. Li [CITATION LiY13 n t l 1033 ] introduced the two phases key establishment protocol to authenticate devices and the server. Firstly, each device and the server register with Certificate Agent to get key pair, then the key exchange protocol will be established. Devices and server will authenticate to establish a session key in the beginning of stage two. Memory constraints to store public keys are the problem when evaluating this protocol.

Pardeep Kumar and Mangal Sain [CITATION Kum16 n t l 1033 ] have established assured session key methodology. The authors have also proved that this methodology using a secret key algorithm between the gateway and the connected appliances results in performance efficiency. This secure session key methodology referred to as a Single-Level Authentication is the first step to contribute to the development of Group authentication[ CITATION Mah14 l 1033 ].

1. Suggested System

The major challenge is highlighted in the distribution of shared key. In order to secure smart home system, the authentication scheme should be designed in such a way that does not depend on the existing authentication mechanism. By doing so, the new system can satisfy the fundamental security goals: C-I-A (confidentiality, Integrity, Accessibility)[CITATION Pet16 l 1033 ].

The following figure demonstrates the architecture of the suggested system which includes three main parts: home authentication server, the gateway and the targeted IoT appliances[CITATION Pet16 l 1033 ].

Figure ‎3‑6: Proposed architecture[CITATION Pet16 l 1033 ].

1. Multi-level Authentication Solution

A single level(SLA) authentication and a group authentication(GA) form our proposed architecture which is multi-level authentication. In a single level authentication (SLA) method, there are three main stages which are shown in the below figure: the registration, the authentication and session key establishment stage. In this method, authentication messages between smart devices and gateway are secured by using hashing technology and symmetric cryptography[CITATION Pet16 l 1033 ].

To be specific, in the registration phase, the home authentication server assigns some key credits which are used in next phase-authentication for both smart devices and home gateway[CITATION Pet16 l 1033 ].

The authentication and session key establishment stages include those steps[CITATION Pet16 l 1033 ]:

• Home gateway calculates an AUTH based on its provided credits and message a request to a smart device which wants to associate with.
• Then after checking the delay time to avert the relay attacks, the device will compute and check AUTH* with AUTH, if these values are not equal, authentication is not successful. If they are equal, the device will send the respond message with identity of Thing (idT) to the gateway using symmetric encryption algorithm.
• Home gateway checks delay, decrypts message and verifies idT* and idT. After that the gateway sends notification message and encrypts it to the device.
• When receiving notification, the device checks delay, decrypt message and establish a session key. From then on, gateway and the desired device associate securely using this session key

Figure ‎3‑7: Single authentication scheme phases[CITATION Pet16 l 1033 ].

Group authentication solution was originated from the idea that how to reduce the overhead of authenticating more than one device in the smart home. Basically, all devices which want to connect or will connect with the home gateway will form the JoinGroup. Before going into the authentication step, all devices are assigned their partial keys by the home authentication server deploying the Paillier Threshold Key Cryptography. This group authentication process works as following[CITATION Pet16 l 1033 ]:

• Firstly, a device messages the group authority a JoinGroup request to allow joining the group authentication.
• JoinGroup sends a response message to all devices along with hashing number. This response message is enciphered deploying the group’s public key.
• Each smart device partially decrypts its response message and sends it to all member of JoinGroup using its partial key.
• After collecting all decrypted messages, each device will combine those messages to read Response message of JoinGroup and compare hashing number as well. If they match, a group authentication succeeds.

1. Security and Performance Analysis
   1. Security Analysis

-Confidentiality and integrity: because both SLA and GA use hashing and encryption technology, they fulfill confidentiality and integrity goals of the security[ CITATION Pet16 l 1033 ].

-Mutual authentication: the connected device and the gateway achieve mutual authentication because during the authentication phase of SLA, both a smart device and the gateway have to exchange messages to authenticate themselves with each other[ CITATION Pet16 l 1033 ].

-Resist replay attack: SLA and GA help to resist replay attack since messages exchanged are attached timestamps and based on random digits[ CITATION Pet16 l 1033 ].

-Privacy preservation: the information is not provided unless the legitimate user is authenticated[ CITATION Pet16 l 1033 ].

1. Performance Analysis

After receiving some primary credits from the authentication server, the device stops interacting with the server. Therefore, the computation cost of SLA and GA schemes is cheaper the other schemes[ CITATION Pet16 l 1033 ].

Most of the time a smart device communicates and connects to the gateway, so using these authentication schemes can save the energy of the device[ CITATION Pet16 l 1033 ].

1. Privacy Preserving Data Analytics for Smart Homes from Chakravorty, Wlodarczyk, & Rong (2013)

When a new design of a smart home is released, it is likely that the different data processing is applied. There is a concern about how to collect private and sensitive data from a smart home in order to be used in the assistive services which provide the healthcare services for a growing number of elderly citizens. And at the same time, this method has to maintain and secure the privacy for smart home users. In this article, the authors tried to propose a new scheme of analyzing data which is easily adapted with a new design of a smart home system[CITATION Cha13 l 1033 ]. This article is presented in three main parts: what is the issue, how to solve it and the conclusion.

1. Data Issues in Terms of Security and Privacy

This paper derived the data in four main areas who owns the data, how to transfer them, how to store and process them and how to access those data. Based on those areas, the authors proposed the scheme to protect security and privacy when we need to analyze data of smart home system.

A. Data ownership

The ownership of data is an issue due to the fact that data are created by smart home residents, however healthcare service provider may own the sensor device and network provider could own the network devices, they are entitled to own some kind of data. Moreover, the residents have a right to know what type of data are used and collected, and the ability of stopping collecting data as well as destructing stored information[CITATION Cha13 l 1033 ].

B. Data transfer

Data transferred through networks to different places are raising another issue of ensuring the confidentiality and integrity of those data. At the moment, there are two commonly used techniques to ensure confidentiality and integrity of data which are cryptography and VPN[CITATION Cha13 l 1033 ].

C. Data storage and processing

Personal and sensitive data stored outside residents’ home results in the new threat of security. There are few approaches introduced to handle this issue such as swapping identifiable data with randomized placeholders or making noise. Nonetheless, these methods are quite challenging since they require a trade-off between the amount of sensitive data and how much information will be lost[CITATION Cha13 l 1033 ].

D. Data access

Authentication and authorization should be added to smart home system to ensure the security. Moreover, the system also needs to assign the access rights to different stakeholders and users. The role base access control is now adopted to assign the access right since it is simple and flexible in managing the high to low level of privilege[CITATION Cha13 l 1033 ].

1. The Suggested Solution

The proposed framework which represents how to collect secure data from smart homes comprises three main components with two storage units. These three main components are data collector, data receiver and result provider.

• Data collector:

Data collector is set up at each intelligent home unit to collect sensor data before forwarding to a receiver at a frequent span of time. It takes responsibility of gathering sensor data, setting up regular intervals, destination to which data are sent, the protocol to establish a connection and format of data[CITATION Cha13 l 1033 ]. The authors suggest that SSH which is a transfer protocol should be used with further evaluation of performance in terms of security and speed.

• Data receiver

After receiving inputs from data collectors, data receiver separates data in different attributes based on a current schema definition file such as rules, observations and how they link to public sources. This separation process uses its mathematical function to perform the tasks. The outputs of this function which are sensitive and de-sensitized data are kept separately.

Figure ‎3‑8: Dataset processed at data receiver[CITATION Cha13 l 1033 ].

The figure 3-7 is an example of how data receiver processes a set of data. Firstly, it sets attributes into value 1 and 0 based on its current schema definition. If attributes are set to 1, that means they are identifiers, otherwise they are non-identifiers. After that, all identifier attributes are connected to a pass key which is assigned by a master configuration file before hashing them using SHA techniques. All attributes are then encrypted and stored in two separate units: Identifier dictionary and de-Identified dataset. Identifier dictionary contains all hashed identifier attributes with their actual values while de-identified dataset includes hashed identifier attributes and actual values of non-identifier attributes[CITATION Cha13 l 1033 ]. The purpose of this process is to separate sensitive data from non-sensitive data for further processing in the future.

• Result provider

Result provider has four groups of activities as shown in the below figure: access control, identifier retriever, transformer and result processor. Access controller is responsible for authenticating users and their level of privacy to shared data sources. Identifier retriever takes responsibility for querying decrypted attributes with both hashed and actual identifier values from personal dictionary storage. To filter those attributes, it uses the authorized personal identifier list. Those decrypted values are now ready for performing generalization/suppression algorithms. Transformer activity performs the task of protecting the privacy level of shared data which is recognized by the concept of k-anonymity. To begin this activity, a k-anonymized dataset is created by generalizing values in identifiable columns based on the privacy level and dataset from data retriever. Therefore, the output of this activity is the hashed and k-anonymized values. There are some algorithms to perform k-anonymization, but few are practical. Hence, the properly practical approach needs to be evaluated[CITATION Cha13 l 1033 ]. The final activity in this result provider component is a result processer. Firstly, data processing job analyses only hashed identifiers in de-identified sensor data storage based on the authorized and requested values in k-anonymized list. Then hashed identifiers in de-identified sensor data storage are swapped with their respective k-anonymized values.

Figure ‎3‑9: Result provider activities[CITATION Cha13 l 3081 ].

1. Conclusion

This paper presented one solution how to preserve the privacy of shared data. Firstly, using cryptography to replace collected sensor data with hashed data before retaining them into a de-identified storage. Authors also proposed k-anonymization algorithms according to privacy level. Finally, k-anonymized values are replaced or swapped with hashed values in de-identified storage. However, this framework needs to be practically implemented, authorized policies and privacy level need to be specified and k-anonymization algorithms should be evaluated to verify whether it can apply to this approach or framework[CITATION Cha13 l 1033 ].

1. A Security Analysis Approach of Wireless Sensor Networks for IOT Connected Home Systems from Zhang (2016)
   1. Introduction

The main objective of home automation system is to make our lives easier since every device in the house will be controlled automatically or monitored by users from distance. To do so, according to Kim et al. (2008), home network, intelligent control and home automation are three necessary components. These components take responsibilities for connecting sensor and actuators, working as gateway to connect to the internet and providing services and information for human users regardless of time and place respectively.

Currently, ZigBee network used to establish wireless sensor network is widely established in smart home setting since it is cheap, easy to install and consumes less power. This network has drawbacks of security about preserving private and sensitive information and authenticating users. This paper introduced the protecting tool named attack graph which will show all vulnerabilities of network and the ways that an attacker may approach to compromise the network. The author also tested proposed system based this attack graph tool and gained positive results for security consideration[ CITATION Zha16 l 1033 ].

1. Wireless Sensor Networks’ Security and Smart Home Networks’ Specificities

Data created from wireless sensor network (WSN) will be transferred to different places and interact to different devices within the network, then connect and be sent to outside destination for storage or analysis purpose. Therefore, there is the high need of an updated security mechanism for this sensor network. However, the security threat is derived from using smart phone to remote control intelligent devices without any strong encryption algorithm. In this paper, authors list some critical security related threats as follows:

Confidentiality: prevents unauthorized users or eavesdroppers from accessing or intercepting important data created and transmitted by WSN.

Integrity: is security service that ensures all data transmitted and received are not modified by unauthorized individuals. Without integrity, intruder can send malicious command to damage partially or fully home automation system.

Authenticity: ensures that users who are communicating in a system are legitimate. Without taking authentication into consideration, intruders can seek for vital information and reuse it in the future such as burglar alarm turning off.

Authorization: is based on access control list and controlled by authentication. Authentication give users some rights to access some service within the system or manipulate certain intelligent device. Without authentication, intruders can access as a guest and authenticate as the owner of the system and damage critical data.

Freshness: is security requirement to ensure the data created are recent and updated. The aim of freshness is to avoid replaying attacks. Typically, timestamp is used to measure the freshness of data.

Availability: guarantees that network users can access the network and use services such as entertainment systems, control, utility or safety at any time.

Denial of service attack (DoS) seems to be the prevalent threat to wireless network in general and home automation system to be specific due to the limited resource of smart devices. This threat attempts to prevent those devices from performing probably and results in economic harms or even endangers the life of a home’s resident[ CITATION Zha16 l 1033 ].

1. An Attack Graph Prototype System Using Logic-Programming Engine for Smart Home Systems

Figure ‎3‑10: Attack graph prototype system framework[ CITATION Zha16 l 1033 ].

Figure 3-9 demonstrates how attack graph works, it models how software weakness interacts with an automated home system and configurations of network. Prolog is used as a language for modeling and reasoning[ CITATION Zha16 l 1033 ].

The principal policy makes a list of data accesses according to principals. The atomic attack rules are Prolog clauses that show the effect and interaction of any component of a network to security matter. Attack graph analysis database results from the combination of network configuration, network topology and information about vulnerabilities. These things combine and create logical reasoning rules which model what an intruder can get from home automation network when he or she performs an attack[ CITATION Zha16 l 1033 ].

A. The inputs to the system

• Vulnerability reports is the vulnerabilities or defects of a home automation system. Typically, an intruder will attack home’s device via these vulnerabilities and then execute malicious codes.
• Device configuration is changed into Prolog language. This configuration information can be obtained from an open vulnerability assessment language scanner which is embedded into home’s device to scan for vulnerabilities.
• Home network topology acts as access control list
• Principal binding glues a symbol to user accounts.
• Atomic attack rules outline methodologies and action made by an attacker in each phase
• Principal policy will tell us that which principal has a right to access what kind of data.

Attack graph uses XSB environment assisting execution of Prolog programs in form of tabling to avoid re-calculation of previous facts.

B. Attack graph generation algorithm

(Np, Nc, Ne, E, A, G) is a formal definition of a logical attack graph. E is edges in the graph which can go from Ne to Np or from Np to Nc or Ne, A is a linking between a node and its attributes, and G is the goal of an intruder. There are three nodes in this attack graph: Np, Ne, Nc. Ne is represented as exploit step nodes which show how to exploit in steps and are the outcome of using atomic attack rules on a fact, Np is privilege node which is come from AND-nodes and Nc stands for configuration nodes which indicate configuration condition or a fact of the network[ CITATION Zha16 l 1033 ].

Figure ‎3‑11: Definition 2[ CITATION Zha16 l 1033 ].

Definition 2 will indicate how to build a logical attack graph. In this simulation trace, TraceStep is a privilege node, Fact is a parent of the node, Conjunct is children. The algorithm is demonstrated in the below figure[ CITATION Zha16 l 1033 ].

Figure ‎3‑12: Attack graph generation algorithm[ CITATION Zha16 l 1033 ].

1. An Experiment on A Simulated IoT Home System

An experiment is performed on a proposed attack graph model which depicted in figure 3-12.

Figure ‎3‑13: Simulated smart home system[ CITATION Zha16 l 1033 ].

In this simulated environment, an attacker intrudes the system via a home server which uses port 80 for controlling and monitoring the whole system via HTTP access. The intruder gains access to the system by pretending as the legitimate user, then compromise the system by exploiting its vulnerabilities. There are two ways of compromising communication sensor in this tested environment. First way is executing arbitrary code as user apache in home server’s vulnerabilities. Second method is executing arbitrary code as user root by accessing remote procedure call protocol via port 100005 and exploring further vulnerability. If an attacker can monitor communication sensor, eventually he or she can control the whole access data of that smart home system[ CITATION Zha16 l 1033 ].

1. Conclusion

This article discussed and analyzed security and privacy issues in Wireless Sensor Network scenario. Authors also suggested an attack graph to understand the route that an attacker may take to gain access to the system. This what-if scenario purported to predict the possible risks and brought out some viable prevention and defense for the home automation technology. The future works should be focused on applying this attack graph on different smart home systems[ CITATION Zha16 l 1033 ].

1. Towards a Privacy and Security’s Model for Smart Homes

This article is arranged in four parts. First of all, authors discussed a related research which observes updated privacy and security approaches of a smart home system. Secondly, they set up a case study which conducting to analyze risks of a smart home system. Based on consequences of a case study and observation process, authors will suggest future works and improvement in researching in security and privacy issues. Finally, they also propose a model of security and privacy for an automated home system[ CITATION Jac15 l 1033 ].

1. Related Works
   1. Security and Privacy Risk Analysis Contributions

Denning et al. [ CITATION Den13 l 1033 ] gave a method to explain why security matters. This framework includes three primary elements: the likelihood of executing an attack, how attractive the system to be compromised and how severe it is if the system is attacked. Although this framework contributes to the understanding of risks related to a specific connected device, it does not include technical nuances.

Roman et al.[CITATION RRo11 l 1033 ] did not suggest any solution to discover the risks of a smart home system, they just mentioned that to manage threats of the system, we need to analyze and manage data, identity and user privacy information.

Djemme et al.[ CITATION Dje11 l 1033 ] contributes an effective risk management framework which includes four types: legal, technical, policy and general. However, it does not mention to risks based on a user aspect.

Kirkham et al. [ CITATION Kir13 l 1033 ] introduced a risk-based model where a smart home system shares information to outside stakeholders. This framework also calculates three kinds of risks: the legal, the appliance failure and the resource security. However, this risk model lacks of an access to sensitive and quality data of system users.

1. Security and privacy design contributions

Babar et al. [CITATION Bab11 l 1033 ] pointed out tneed of built-in security model for IoT environment in order to detect, prevent and isolate security breaches. This framework also considers some technical nuances such as energy consumption, CPU memory of connected devices and computational time. However, their work is limited to analyze only hardware and software elements, not human perspective

Gan et al. [ CITATION Gan11 l 1033 ] highlighted solutions that can enhance security for network points of entry. They think that in order to mitigate threats facing to a smart home technology, a strong authentication method and an encryption algorithm are particularly vital.

Van Kranenburg et al.[ CITATION Van11 l 1033 ] identified that configuration of connected devices within IoT environment is the main issue preventing the enhancement of security. The authors explained it is difficult to implement a security countermeasure on a particular connected device due to the fact that a device is limited resources such as memory and CPU capacity.

Notra et al. [ CITATION Noter l 1033 ] carried on an experiment to observe how easily connected devices in an automated home are compromised and pointed out the high demand of design an access control mechanism.

Kozlov et al. [ CITATION Koz12 l 1033 ] mentioned privacy and security problems at various levels of a connected home architecture. They identified a need for privacy control mechanism and a method to dissect risk level based on energy perspectives of security.

1. Main observations

Based on above related works, the authors summarized some points as follows[ CITATION Jac15 l 1033 ]:

• There is a need for a method that can take quality data into account and evaluate risks in connected home environment to meet the requirement of the desired smart home without security and privacy issues.
• Integrating security into the design phase of a smart home is essential to mitigate the vulnerability of connected devices.
• The authors also thought that in the future we need to focus on specify more risks that can lead to privacy breaches since data produced from the automated home is sensitive and personal[ CITATION Jac16 l 1033 ].

1. A Risk Analysis Applied on a Smart Home

A case study was implemented to imitate how to use a security risk analysis methodology to evaluate potential attacks into an information system.

1. Approach

There was a case study where security-related experts were invited to do a risk analysis in a form of an open questionnaire. This survey results in the possibility of an attack, the severe level of an attack to the automated home. The components of the smart home system such as sensors, gateways, server were reorganized into different five subcategories which are similar to information system.

1. Results

A case study identified 32 threats, 9 of those were considered as low risks, 4 as high risks, and the rest were moderate. High risk derived from human factor or software components, which means that the main reason of risk was related to those subcategories, such as API and mobile application used to access to the system. Inadequate access control configuration was ranked as the highest risk when it comes to process data. In network communication environment, poor authentication and confidentiality setting caused main risks. Manipulating, duplicating, surveilling, and deleting information when exchanging data between smart home components lead to severe threats. A poor password selection had the highest probability of occurrence. Moreover, redistributing secret information among cloud providers without authorization and hacking attempts from malicious actors caused the most severe outcome[ CITATION Jac15 l 1033 ].

1. Main observations

Follows are some main consequences from the case study that need more attention:

• Software and the human end-user were the most severe risks.
• Mechanism to enhance software security is extremely vital.
• Mechanism for users to enhance privacy is needed.
• To enhance security and privacy, all new mechanisms should be added from design stage of the smart home, not included as an alternative solution when the system starts to operate.

1. Towards a Model for Privacy and Security

After reviewing threats of a smart home system using a risk analysis methodology and all main observation, the authors proposed the model of the smart home system that was integrated in the design phase of the system. This model is estimated to support user actors such as developers, providers and users for the smart home ecosystem with the desired security mechanism[ CITATION Jac15 l 1033 ].

1. Generic Description of the Smart Home

This model obviously comprised all components as normal smart home design such as user actor, devices, and services. It also was set up a scheme to categorize data which were generated, stored and processed within the smart home ecosystem. The purpose of this scheme is to decide the sensitive level of data. Moreover, this scheme also considered the integration of different data called metadata[ CITATION Jac15 l 1033 ].

1. Risk Analysis Methods

Qualitative, quantitative and hybrid methodologies were used to collect data for the risk analysis process. This analysis accessed original quality data and evaluated social behaviors of user actors. All parts of the smart home system were mentioned in the case study of the risk analysis method; however, software components and human actors were highlighted in the results of this risk analysis[ CITATION Jac15 l 1033 ].

1. Security Design Principles and Technologies

The principles for designing a smart home security system is defined based on three fundamental requirements of information security which are confidentiality, integrity and availability. The new design will give the instruction to protect the automated home from threats discovered in the risk analysis. Moreover, the new design will not neglect the effective security improving technologies to preserve private information which are generated by users, then transferred to the cloud server before going to user’s mobile application. In addition to protection of user data, other factors such as limited CPU power on connected devices, various types of devices, user configuration should be considered[ CITATION Jac15 l 1033 ].

1. Privacy-Awareness Support Methods

A new design developed a method to aware and manage private information. This model applies a method to reduce a sensitive level of un-personalized information and its interaction to the digital system it connects to. Adjustable anonymity and link-ability are some examples of methods used to mitigate sensitivity of data in transit. Therefore, this new design is concluded that it meets human users’ demands or interests, but it also provides privacy preservation[ CITATION Jac15 l 1033 ].

1. Discussion

Human users and technology are integral parts of the smart home system. The main purpose of the new model is to ensure that users have the thorough understanding of the entire system, how to use it and how sensitive data are, while it also aims to support the home management. Integrating security and privacy technology in the design stage gives connected entities the privileged right to make decision autonomously. And this decision-making process needs to ensure the security of information. Finally, the new design also focuses on enhancing the energy efficiency and physical security matters[ CITATION Jac15 l 1033 ].

1. Design of Database and Secure Communication Protocols for Internet-Of-Things-Based Smart Home System from Adino et al. (2017)

This paper discusses a specific communication protocol for smart home system, how to design security for their communication and how to set up their database. The paper contains six parts. The first part describes general design of the system. The second until fifth section are respectively selecting communication protocol, designing network security, sketching data queue and designing database. The final section will talk about system testing [ CITATION Adi17 l 3081 ].

1. The General System

There are two main subsystems: indoor subsystem which includes hardware and the host and outdoor subsystem which is outside the house and consists of users, servers and home representative. The general system is shown in the figure 3-13.

Figure ‎3‑14: The general system [ CITATION Adi17 l 3081 ].

Indoor subsystem selects ZigBee protocol for its communication because of its low energy consumption and transmission distance. To use this system, the owner needs to establish an account of an application running on Android and signs in their account [ CITATION Adi17 l 3081 ]. The process is described as in the figure below.

Figure ‎3‑15: Log in and user interface[ CITATION Adi17 l 3081 ].

1. Outdoor Communication Protocol
   1. Communication Protocol Selection

The communication protocol is used in this system is called AMQP (Advanced Message Queueing Protocol). All messages sent to receiver need to enter the queue. The receiver will process each message in the queue one by one. The execution of this protocol allows asynchronous and synchronous communication

[ CITATION Adi17 l 3081 ].

So how the AMQP works. Basically, there are two entities: publisher and consumer. The consumer is bound to a specific data queue. There are three ways to design the communication schemes.

The first way is called basic scheme, the publisher communicates only one way to a consumer. Therefore, publishers need to know the name of consumer’s queue.

Figure ‎3‑16: Basic scheme [ CITATION Adi17 l 3081 ].

The second way is the RPC (Remote Procedure Call) scheme. In AMQP, the request will contain reply_to property which guides server where to send data and correlation_id which helps clients to compare request messages and reply messages [ CITATION Adi17 l 3081 ]. This communication scheme is presented in below figure.

Figure ‎3‑17: RPC scheme [ CITATION Adi17 l 3081 ].

Third scheme is used for broadcasting messages. Consumers need to choose a particular topic interested in. all consumer scheme will be bound to a topic exchange. When users send a message with topic A, the consumer who registered for this topic will receive the message. Below is the image of using this scheme.

Figure ‎3‑18: Topic scheme [ CITATION Adi17 l 3081 ].

1. Communication Security

All communication will become secured if messages are encrypted. There are two types of encryption symmetric encryption which use only one shred key and asymmetric encryption which use two different keys. Currently, the most widely used encryption algorithm is RSA. However, it has some disadvantages such as the limiting data that is encrypted and the complexity of computation. Therefore, this paper suggests to combine RSA and AES which has low complexity and high security level [ CITATION Adi17 l 3081 ].

Figure ‎3‑19: Mixed encryption method [ CITATION Adi17 l 3081 ].

1. Proposed data queue structure and data package
   1. Data Queue Structure

Every component in the outdoor system needs to belong to at least one queue as below figure.

Figure ‎3‑20: Queue structure [ CITATION Adi17 l 3081 ].

Phone ID is unique 16 characters of every phone and used as the name of the queue. The server and host will send data via this queue. Moreover, this queue is also connected to topic exchange, which facilitates users to receive broadcasting messages.

Home ID is the unique 6 characters. Each host is then tied to two queues to the server. AES queue is used for encrypting message suing AES and RSA queue is used for encrypting message using RSA.

1. Data Package Standard

To make the data to be comprehensive, there is a standard for all the packet data as describe on the below figure. The header contains two characters which stands for the category of message. Type will give information of operation and payload is the core message [ CITATION Adi17 l 3081 ].

Figure ‎3‑21: Data package form [ CITATION Adi17 l 3081 ].

Some samples of header are presented as below:

Figure ‎3‑22: Message headers[ CITATION Adi17 l 3081 ].

1. The Database Designs
   1. Data Categorization

There are two types of storage for this system. Universal data will store users and hardware data on central server. Whereas, real time data from devices are stored on the host to make it easier for updating. In addition to this, it helps to avoid heavy traffic from and to server.

Because the real time data can be risky due to the electrical damage or errors from citizens in the house, device data will be store only every 24 hours.

1. Environment for Database Management

MySQL is selected as database management environment due to its ease of use. There are many forums and sites for users to discuss about problems of using this environment, which may help the process of database management.

1. Database Design

General data is data of user stored at server side. It contains three tables: users which have emails, passwords and users’ general data, aeskeylist table which have a list of AES keys for each unique phone and homekeylist table which have list of AES keys of each home [ CITATION Adi17 l 3081 ].

Figure ‎3‑23: General data [ CITATION Adi17 l 3081 ].

The host stores user database by creating HomeXXXXXX and X stands for Home ID.

The database has six tables: info, devices, rooms, scenarios, dataMMYYYY and notifications, as shown in following figure.

Figure ‎3‑24: Content of home [ CITATION Adi17 l 3081 ].

Info is general information of the house such as home latitude coordinates and home longitude coordinates.

Devices contains general device data such as name, address, type and status.

Rooms contains the name of each room in the house.

Scenarios have set of scenarios such as name, time schedule, and privilege scenario.

DataMMYYYY demonstrates home device usage data in MM month and YYYY year such as devices addresses or the last time is active.

Notifications have a list of notifications history such as notification senders, contents, and when received the notifications.

1. Design Test

To experiment AMQP, this smart home system uses RabbitMQ which is supported by Python language because of its ese of use and availability of full library. To test the entire system, all executions are run on the application, programs on the server and the host. Table presented the result of the testing

Table 3‑9: System testing result [ CITATION Adi17 l 3081 ].

The successful result means the communication protocol run well with encryption algorithm and database design.

4. 
   Comparison of the Approaches

Six different techniques out of seven papers to enhance the smart home security and privacy have been discussed during chapter 3. Therefore, in this chapter, it will continue to illustrate the advantages and disadvantages of those six methodologies and also give some advices and suggestions for users in their decision-making process. Section 4.1 will list all strengths and weaknesses of those techniques. Section 4.2 will mention benchmarks of choosing and applying each approach. Comparing across six techniques will be carried on in Section 4.3. The final section will summarize the comparison of these various techniques.

1. Advantages and Disadvantages of all Approaches

This part will demonstrate the potential positives and negatives of each technique that has been discussed earlier in chapter 3.

1. A Risk Analysis Approach from Jacobsson & Davidsson (2015)
2. Advantages

• This method focused on three fundamental purposes of system security which are confidentiality, integrity, and availability.
• The analysis is involved by the security related experts such as engineers, domain experts, and system developers.
• Questionnaire survey is open to collect and analyze threats, vulnerabilities and their likeliness to the smart home.
• Risk levels are applied to make the information system-based approach easier.
• The threats of system components are clearly grouped in five categories from hardware, software, information, communication to human aspects, which help us to track the threats and find the solution for each vulnerability.
• The questionnaire was set up to collect original quality data. This method of gathering data is both be qualitative (a scenario-based study), quantitative (various software-based products).

2. Disadvantages

• Small group of experts carried on the survey which resulted in a small number of identified risks.
• Although this information system-based method covers all parts of smart home, it does not mention the physical environment such as people coming and going to and from the house, malicious use of benevolent services.
• Some technical nuances have not taken into account such as limitations in CPU power on the connected entities, diversity of computing devices, different kinds of data, home configuration properties.
• The central concentration of the model has been indicated to raise awareness of significant risks and suggest methods to evaluate risk exposure, security design principles to manage and control cyber threats. It does not suggest any powerful security model on smart home system.

1. Security at the Network Level Approach from Sivaraman et al. (2015)
2. Advantages:

• Network-level security can be executed across all IoT devices, instead of security level that is designed for a specific device.
• It is easy to upgrade because it is executed on the cloud and is upgraded continuously.
• This level of security can be provided by experts in this field, instead of device providers who may not be skillful to carry on the security part.
• Security at network level can be treated as an extra layer of protection for the network with the security at device-level.
• This framework enables users to switch ISP provider without affecting their data because it is stored on cloud.
• Heterogeneity in devices in smart home system makes network-level security more suitable for IoT.

2. Disadvantages:

• This approach has been evaluated with a small number of IoT devices.
• Data stored at cloud can be accessed by a cloud provider.
• The cost of additional network security layer depends on the separate network provider and may be higher compared to only device security level.

1. Multi-level Authentication System Approach from Peter & Raju K (2016)
2. Advantages

• This multi-level authentication scheme focuses on the countermeasure of various dominant cyber-attacks such as eavesdropping denial of service attacks. Therefore, it does not reply on the pre-existing shared keys.
• Data confidentiality and integrity are two main purposes of this scheme. All the messages transferred within a smart home system should be protected from attackers and should not be altered.
• It is unable for illegal authors to infer the ongoing sessions from the previous messages.
• Home authentication server enable all smart devices and home gateway to verify each other.
• Private data of each smart device will not be shared with other things within the environment.
• This protocol can resist replay attack as the authentication of messages transferred is time stamped and based on random numbers.
• Server and the things do not interact much in the architecture, so the communication cost is very low.

2. Disadvantages

• Peter & Raju K (2016) proposed two schemes in this framework: single level authentication (SLA) and group authentication. However, due to the overhead of setting up a secure single level authentication with all devices in the household network, SLA scheme is not practical in such context.
• There is no information related to execute or apply this protocol in the real- world scenario. So, this scheme is still based on theories.

1. Secure Data Gathering Framework Approach from Chakravorty, Wlodarczyk, & Rong (2013)
2. Advantages

• The secure data collection framework is straightforward and uncomplicated. It only contains two main storage units and three modules which are data collector, data receiver and result provider.
• Data collector uses SSH for establishing cryptographic authentication, encryption, and integrity protection for transferred data. This SSH protocol is very easy to install, utilize, configure and control.
• Data receiver isolates and stores datasets into two separate storage units, one is for sensitive data and the other for normal or de-sensitized data.
• All data are hashed using SHA function before encrypting and putting them into storage.
• The result provider module controls end users access to processed date. It not only authorizes the end users and but also make sure that privacy of shared data is maintained.

2. Disadvantages

• There is no practical experiment of the framework in the real-world scenarios.
• The role-based access control (RBAC) policies for authorizing and classifying privacy levels would be identified and formally validated.
• Different practical k-anonymization algorithms would be measured to guarantee their applicability to approach.
• The performance, data utility, uncertainty level and endurance to various data processing approaches should also be gauged.
• SSH’s weakness is the speed if bulk data is transferred over wide area networks.

1. Attack Graph Prototype Approach from Zhang (2016)
2. Advantages

• The attack graph analysis framework aims to predict security risk of smart home system and how to prevent and defense.
• Based on the framework, defenders can assess the effect of altering principal policies and attack rules or diagnose the impact of adding a new device into a network.
• Atomic attack rules are a unique feature of this framework which illustrates general attack methodologies of intruders and determine malicious options in each phase.

2. Disadvantages

• A vulnerability information depends on vulnerability database collected by the National Institute of Standards and Technology. This database may not cover all types of threats from attackers or not.
• Attack graph prototype system has not been tested the compatibility with a diverse smart home environment.
• The raw attack graph needs to be rendered so that we could interpret easier.

1. Database and Secure Communication Protocols Approach from Adino et al. (2017)
2. Advantages

• Protect the communication between users and servers or hosts by using the most secured encryption algorithm RSA.
• Indoor subsystem selects ZigBee protocol for its communication because of its low energy consumption and transmission distance.
• The mixed algorithm uses AES which has a low complexity and high security level.
• Standard data package helps communication easier to understand amongst different devices and entities.
• The database in MySQL can also be controlled properly and synchronize with other processes or features.

2. Disadvantages

• Data stored on the host may be attacked by unauthorized users.
• The system was only experimented on the Android application with Python language.
• Application app used by owners to control the system from remote areas may be vulnerable to the attackers.

1. Comparison Criteria

To compare all six modules in terms of privacy and security of Smart Home system, this chapter firstly lists all the vital criteria with detailed explanation and then discuss all standards in each approach. The result may be used by users and network design when they want to choose an approach that meets all of their requirements.

1. Ease of Setup

This criterion evaluates how easy to set up the possible approach in a smart home system in order to improve the security concern. If the methodology is easy to install in the smart home environment, that approach will be highly valued by the prospective users and ranked as easy to setup. Whereas, if it takes a long time to install or the user needs extra support from the security provider during the process of installation, that approach is denoted as difficult. Otherwise, it is represented as normal.

1. Ease of Application

This standard demonstrates how easy the security methods are to be comprehensive and then be implemented by the stakeholders including end users, network designers and other cyber-security experts. Basically, it is said that many security frameworks are not popular due to the high level of complexity to users. Therefore, in order to make it more favorable on the market, security experts need to take the explanation of how the system works into account. Three values which are used to measure the level of application of any security methodology are easy, medium and complex. It is denoted as easy if the solution is easy to comprehend and implement by stakeholders. It is represented as complex if few stakeholders understand it and are not willing to implement. Otherwise, the methodology is ranked as medium.

1. Ease of Administration

It will evaluate how easy for potential users to administrate a particular methodology when it is operating. The administration function should be easy for users to take care of the whole system. On contrast, if users cannot manage the operation of the methodology, users will be reluctant to apply that methodology. This criterion has three values: easy, normal and difficult.

1. Responsiveness

Responsiveness time is a critical criterion which refers to how long it takes a system to finish a specific task. There are three possible values which are slow, medium and fast. A value is determined as slow if the system costs a lot of time to process and perform a task after applying the new technique of security. A value is identified as medium if moderate time is required by the system. Fast value is indicated to the methodology in which the new system performs well and in a short time.

1. Security Performance

The security standard means how effective the potential approach can help to protect the system from attacks. If it is ranked as strong, it means this methodology can detect and block many types of attacks. Weak means that this approach only solves a limited area of attacks. The other situations will be ranked into medium value.

1. Cost

Cost is the expense of resources including human resource, software and hardware needed to apply an approach. This is one of many perspectives that need to take into account when users want to look for an effective and reliable security solution for their smart home system. It is understood that there is a positive proportion between merits of any security approach and its cost. Customers usually consider their budget before choosing any methodology. There are three values to evaluate this standard: cheap, affordable and expensive.

1. Maintenance

Maintenance is the after-sales support used by security providers to attract end users. If it is high, it means that security vendors support a plenty of services related to maintenance such as debugging and updating. If it is low, the provider does not provide any maintenance services. Medium means vendors will maintain and debug the application regularly.

1. Access Right

Access right will decide what the level of authority of the end users is when they require for a set of data. If the new security application can provide the high level of privacy and security but limit the access of users, the value of such application is medium. An example is that users are not allowed to edit their data. In contrast, high value means that the application permits users to freely control and manage their data and system. Low means that only administrators can adjust and update the data.

1. Support

The number of different support services that the security providers supply to the end user will determine the popularity of specific application. If it offers support through email and chatroom, it is denoted as low. Medium means it will include all types of supports from low value as well as phone call, 24/7 email correspondence and remote-control support. High value means that it not only includes all kinds of supports from the medium level, but it also has direct support by sending experts to fix the system if needed.

1. Compatibility

This standard shows that how the security approach is compatible with devices in the smart home environment. We can evaluate any security application by observing the result of experimenting a specific approach into the real device. If the approach is experimented in a large number of smart home devices, the value will be high. If the approach is implemented and compatible with a few devices and in specific conditions, the value will be low. Otherwise, the value will drop to medium.

1. Resource Consumption

Resource consumption will be considered when any application is installed into the smart home system. If the new security application consumes a huge amount of energy for its processing and computation, then it is ranked as high. Resource consumption standard will drop to medium when it costs acceptable amount of energy. Low means that the new system does not cost much energy.

1. Comparison of Six Approaches

After discussing about all criteria needed for comparison process, this part will utilize those criteria to deeply understand the different between six approaches.

1. A risk analysis approach from Jacobsson & Davidsson (2015)
2. Ease of Setup

The installation process is quite difficult. Actually, only experts are capable of installing it. Therefore, this methodology suggested by Jacobsson and Davidsson (2015) is indicated as difficult to setup.

2. Ease of Application

This method does not require any specific security background or programming knowledge. So, it is ranked as easy to apply it into real scenarios.

3. Ease of Administration

Jacobsson and Davidsson (2015) have proved that users can easily administrate the whole system when it is operating, which makes users to experience the benefit of a new methodology.

4. Responsiveness

The responsiveness time of this techniques is a disadvantage because it takes a long time for the system to response for a request. Therefore, the value for this method is slow.

5. Security Performance

This methodology can tackle many types of attacks since it is design by security experts. Hence, it is ranked as strong for security issue.

6. Cost

This technology is considered as an expensive security solution since this technology costs nearly $70,000 for the smart home system suppliers.

7. Maintenance

Maintenance category is ranked high for this methodology because the security vendors provide a high level of after-sales services such as debugging and update.

8. Access Right

Because the users have a limited access to data, access right criterion for this methodology is ranked as medium.

9. Support

Actually, there are various available supports from security vendors such as email, 24/4 phone call, remote-control support and even on-premise technicians. Hence, this technology is ranked as high.

10. Compatibility

High value is distributed to this technology since it is compatible for a huge number of smart home devices from light, TV, gateway routers.

11. Resource Consumption

Because the new design of system is complicated which consumes a lot of energy, so it is ranked as high resource consumption.

1. Security at the Network Level Approach from Sivaraman et al. (2015)
2. Ease of Setup

The installation process of this methodology needs the support from the expert due to the complexity characteristic of the system. Therefore, this technology is ranked as difficult.

2. Ease of Application

Users should have a little knowledge of network layer. In addition to this, users do not need to observe the system frequently, it can run by itself. Therefore, this technology is ranked as medium.

3. Ease of Administration

Administrator needs to get involved into the control process, which requires the knowledge of how the system works. Hence, this technology is considered as difficult.

4. Responsiveness

Responsiveness time is fast because there is only an extra entity SMP between users and ISP network.

5. Security Performance

As being mentioned above, this technology will add the extra security level to the smart home system, which helps to prevent many types of attacks. So, it is ranked as medium.

6. Cost

Due to the additional level of security at network level, the cost of possessing this technology is not cheap. It costs less than $30,000 for installing this system. Therefore, it is indicated as affordable.

7. Maintenance

Because there is a fierce competition in the SMP market. All SMP security vendors offer a great deal of maintenance. Therefore, users of this technology will enjoy all kinds of maintenance from fixing bugs to updating the system frequently. Consequently, the maintenance criterion is high for this approach.

8. Access Right

Access right for users will be limited based on the access list provided by SMP. Therefore, the value for access right criterion is medium.

9. Support

Due to the competition on the network-level security market, all vendors want to attract their customers by providing a high level of support including emails, phone call and sending experts to customers’ place to fix the problem if needed.

10. Compatibility

Because this method of security does not require any specifications from the devices, it is set up at network level, this technology is suitable for every smart home devices. Hence, compatibility value is high.

11. Resource Consumption

This level of security consumes more energy than the only device-level security due to the new entity SMP, but it is still in an acceptable level. Therefore, the value for resource consumption criterion is low.

1. Multi-level Authentication System Approach from Peter & Raju K (2016)
2. Ease of Setup

To set up this technique, security providers need to complete the whole process due to the complexity of the whole system. It is not easy to understand how the system works for non-savvy users. Hence, this approach is considered as difficult to set up.

2. Ease of Application

The authentication process is quite easy to understand and this authenticating process will be run automatically. Therefore, the value for its application criterion is easy.

3. Ease of Administration

The authentication algorithm runs automatically and users just need to know basic knowledge about authentication is enough to run the system. Because of this, this multi-level authentication approach is ranked as easy to administer.

4. Responsiveness

The performance of this authentication is proven to be faster than other security approaches because all devices stop interacting with their authentication server after having its primacy credits [ CITATION Pet16 l 1033 ]. However, it still takes moderate for this authentication process. So, this new security technique is medium in responding time.

5. Security Performance

This technique focuses on accessibility, confidentiality and integrity. In addition to this, the approach has proved that it can resist relay attack due to the use of timestamps and random digits and preserve the privacy with the help of authentication process (Peter & Gopal, 2016). Other types of attacks have not been proved to be solved by using this authentication approach. So, this approach is given a medium value for its security persormance criterion.

6. Cost

The multi-level authentication approach charges a reasonable cost as its architecture is not too complicated. We need the authentication server as a main core for this technique which will perform authenticating, encrypting and decrypting message. It costs about less than $10,000. So, the value for this technique is cheap.

7. Maintenance

The maintenance for this authentication approach is high because the security vendors as well as the authentication server providers offer various kinds of maintenance and updating for its clients.

8. Access Right

Access right is medium because different users need to verify itself in order to access into different levels of data.

9. Support

Due to the fierce market of authentication server market, all vendors provide different types of supports but not on-premise technicians. Therefore, it is ranked as medium for this category.

10. Compatibility

This authentication approach is considered to be compatible for different devices since all smart home things are connected to a separate authentication server. The compatibility is ranked as high.

11. Resource Consumption

These authentication schemes can save energy of the smart home devices because all devices only interact with the gateway rather than with a huge number of various things in the smart home system[ CITATION Pet16 l 1033 ]. So, this scheme is given a low value for its energy consumption.

1. Secure Data Gathering Framework Approach from Chakravorty, Wlodarczyk, & Rong (2013)
2. Ease of Setup

It is not difficult to set up smart home system with Privacy data preserving framework since there are three main components in this framework: data collector, data receiver and result provider. This scheme has a normal value for ease to setup category.

2. Ease of Application

The instruction of using this scheme is straightforward, users can easily run the whole system on a daily basic. Therefore, the value for this category is easy.

3. Ease of Administration

Actually, administrators find it easy to monitor and observe the smart home system with privacy data preserving scheme. So, this scheme is ranked as easy to administer.

4. Responsiveness

The responding time is medium because data goes through different components before it becomes secure to share. For instance, at the data receiver the framework uses cryptography to replace collected sensor data with hashed data before retaining them into a de-identified storage.

5. Security Performance

Result provider is a critical component in this framework because it is responsible for authenticating users, querying decrypted attributes and performing k-anonymization. However, authorized policies and privacy level need to be clearly identified to protect data. Therefore, a value for this criterion is medium.

6. Cost

This scheme is not too expensive since it costs less than $30,000 to set up this new security system. Hence, the criterion for this scheme is ranked as affordable.

7. Maintenance

The users need to pay more if they want to update the system. Therefore, the maintenance of privacy data framework is medium.

8. Access Right

Access right for shared data is strictly controlled by access controller. Different users have different level of access to data. Therefore, access right criterion is low for this technology.

9. Support

There is no support coming from the security vendors for this scheme. Therefore, the value is low for this criterion.

10. Compatibility

Compatibility is high for this scheme since it only processes data of all devices in a smart home system.

11. Resource Consumption

This scheme goes through different levels from collecting data to authenticating users and hashing data. It consumes an acceptable amount of energy. Therefore, a value for it is medium.

1. Attack Graph Prototype Approach from Zhang (2016)
2. Ease of Setup

To install attack graph system, it requires involvement of security experts. The process takes a long time to finish. Therefore, it is considered as difficult to set up.

2. Ease of Application

It is not difficult but it is also not too easy to use this system. Users need to have some certain knowledge about network topology or home user configuration. Hence, the value is medium.

3. Ease of Administration

When the system is operating, users need to provide the correct inputs. Not every task is run automatically. Therefore, users have more administration tasks to perform, which makes this technique become medium to administer.

4. Responsiveness

The responding time of this prototype system is quite short because all inputs will be processed at the same time. Therefore, the value is fast for this attack graph system.

5. Security Performance

Because this system uses vulnerability reports as an input for its prototype. Therefore, it covers various types of attacks, which gives it a strong value.

6. Cost

The fee to install this prototype is quite expensive. It charges more than $60,000 to possess this security system.

7. Maintenance

Maintenance options are not attractive for users when they choose this prototype. So, it is considered as low.

8. Access Right

Only administrators are able to update and adjust data. Therefore, the value for this criterion is low.

9. Support

24/7 email correspondence, remote control and even on-premise support are available for clients of this technique. Therefore, it is ranked as high for this support criterion.

10. Compatibility

This prototype has just been proven for a small number of smart home devices. Therefore, the value for it is medium.

11. Resource Consumption

Attack graph prototype consumes an acceptable amount of energy to process all inputs. Therefore, it is ranked as medium.

1. Database and Secure Communication Protocols Approach from Adino et al. (2017)
2. Ease of Setup

To install Advanced Message Queueing Protocol, it requires involvement of network experts, although the process takes a moderate period of time to finish. Therefore, it is considered as normal to set up.

2. Ease of Application

It is not difficult but it is also not too easy to use this system. Users need to have some certain knowledge about encryption and decryption and queuing protocol. Hence, the value is medium.

3. Ease of Administration

When the system is operating, every task is run automatically. Therefore, users have less administration tasks to perform, which makes this technique become easy to administer.

4. Responsiveness

The responding time of this prototype system is quite long because all inputs will be processed using RSA which is time consuming due to its complexity and limited data that can be encrypted. Therefore, the value is slow for Advanced Message Queueing Protocol.

5. Security Performance

The messages exchanged with the system are secured; however, attackers can still find the way to get access to the system by hacking and stealing password via user log in on their smart home. Therefore, the value given for this criterion is medium.

6. Cost

The fee to install this prototype is considered as cheap. It charges about $7,900 to install this security system.

7. Maintenance

Maintenance options are attractive for users when they choose this prototype. So, it is considered as high.

8. Access Right

Everyone can update information if they are authorized. Therefore, the value for this criterion is high.

9. Support

24/7 email correspondence, remote control and even on-premise support are available for clients of this technique. Therefore, it is ranked as high for this support criterion.

10. Compatibility

This prototype has just been proven for a huge number of smart home devices by using QR code scanning to update new devices. Therefore, the value for it is high.

11. Resource Consumption

Attack graph prototype consumes an acceptable amount of energy to process all inputs and encrypt as well as decrypt messages. Therefore, it is ranked as medium.

1. Summary of the Comparison

The table 4-1 summarizes the comparison of 6 approaches based on 11 criteria. By viewing those information, users can choose their security approach suitable for their objectives and budget.

Table 4‑10: Comparison summary.

Criterion	Risk Analysis Approach	Security at Network Level Approach	Multi-level Authentication Approach	Secure Data Gathering Approach	Attack Graph Prototype Approach	Database & Secure Communication Approach
Ease of Setup	Difficult	Difficult	Difficult	Normal	Difficult	Normal
Ease of Application	Easy	Medium	Easy	Easy	Medium	Medium
Ease of Administration	Easy	Difficult	Easy	Easy	Medium	Easy
Responsiveness	Slow	Fast	Medium	Medium	Fast	Slow
Security Performance	Strong	Medium	Medium	Medium	Strong	Medium
Cost	Expensive	Affordable	Cheap	Affordable	Expensive	Cheap
Maintenance	High	High	High	Medium	Low	High
Access Right	Medium	Medium	Medium	Low	Low	High
Support	High	High	Medium	Low	High	High
Compatibility	High	High	High	High	Medium	High
Resource Consumption	High	Low	Low	Medium	Medium	Medium

2. 
   Scenarios and Recommendations

After comparing different security approaches in the smart home system based on critical criteria, this chapter will use one of those approaches to solve a problem in the real world. There are many security problems in our daily life with various types of attacks from hijack to eavesdropping which will result in distinct outcomes. In this thesis, three particular scenarios will be discussed and solved based on our six approaches. Those three situations including security at home (The Tech Family), at university (The National University) and at hospital (The National Hospital) which will be in section 5.1, 5.2 and 5.3 respectively. The final section 5.4 will be a guideline for all situations.

1. Home (The Tech Family)

This scenario will demonstrate how The Tech Family experiences smart home technologies. The first section 5.1.1 is the background of their scenario. The second section 5.1.2 talks about the security and privacy issues of this family. The final section 5.1.3 will give suggestion which solution this family should apply for their home environment.

1. Description

The Tech family lives in a small house with 4 bedrooms and 2 bathrooms. They love technologies and have used smart home devices in their house from 2 years ago. There are 4 people in the family including Mr., Mrs. Tech and two kids. In the morning, they take kids to kinder garden and they go to work. Every Tuesdays, cleaning company will come to their house and do cleaning from 9 AM- 11 AM. Mr. Tech’s father will pick up their children and drop their home at 3:00 PM. It means that in weekdays, from 8:00 AM to 3:30 PM, there will be no one at home. Consequently, Mrs. Tech wants to set up smart home devices in their house to protect some valuable properties and control the house when they are away. Smart devices used in their family are smart surveillance cameras which monitor Tech’s home from burglars, smart garage doors which aid Tech family opens garage doors when they are heading home after a long day at work. They also installed smart light system which helps to save energy and reduces the electricity bills and smoke alarm detector for a safety reason.

1. Security and Privacy Issues

Recently, thieves-hacker waited until Tech family is away from home and attacked their house to steal all valuable things such as smart TV, laptop, watches and jewelry. A hacker knew when the Tech family is not at home or where they hide their valuable assets by intercepting the unencrypted signal that surveillance camera and garage door send to the control system. Basically, he or she uses the radio signals to spoof the signal and turn off the entire system. At the same time, he also learns the password and gain the access to the house through garage. Those actions happened within a few hours which left severe consequences for the Tech family and made their life miserable. The Tech family did not only lose expensive properties but also affected their feeling of safety. Mr. Tech reported their issues to the nearest police service, but he thinks he needs to deploy a more secured smart home system.

1. Solution

Based on the scenario of the Tech family, there are some approaches which are suitable for their system. They are Multi-level Authentication System Approach from Peter & Raju K (2016) and Advanced Message Queueing Protocol by Adiono et al. (2017). Both of them are cheap and have the high level of compatibility with connected devices. Those criteria are necessary for smart home environment since Tech family has a limited budget for their network and they have a demand to set up new appliances in the future. Between those approaches, Advanced Message Queueing Protocol by Adiono et al. (2017) consumes more energy, which will upset the family since it increases the electricity bill. Therefore, Multi-level Authentication System Approach from Peter & Raju K (2016) seems to be the best solution for the Tech family.

1. University (The National University)

This scenario will discuss how the National university experiences smart home technologies. The first section 5.2.1 is the background of the scenario. The second section 5.2.2 talks about the security incident. The final section 5.2.3 will give suggestion which security solution is suitable for this hospital.

1. Description

The national university is one of the most prestigious universities of the country. It is renowned for its high quality of teaching and researching in various discipline. The admission requirement is every high, which accepts only A students. That is why it is known as one of the hardest universities to get into. However, most of graduates from this university get well-paid jobs which are related to what they have studied. Because of this, current students need to devote their time to pass all the subjects and scarify their sleeping time or their spare time with their friends in order to do well in exams.

This university has upgraded the whole campus by adopting smart devices in order to enhance students’ life. Smart devices are embraced in the university including smoke alarm, thermostats, smart lighting system and surveillance cameras.

1. Security and Privacy Issues

It was an honor for Tommy Chan to be selected as an international student in the National university. His parents were very proud of him. They are expected that after graduation, he will come back his country and devote his talent to develop the country. Tommy is currently studying cyber security and these days, he is addicted with online games and failed to look after his studying. The final exam is coming within a week, due to the feeling of failing exams, he tried to find the way to fix his problem. Finally, he decided to intrude into the connected system of the university on the exam day. Firstly, he invaded into the router in which all connected devices are compromised. After that, he made a fraudulent smoke alarm to make everyone to get out of the building. At the same time, he also turned off the surveillance cameras in order to steal exam questions from the teacher table. This incident has negatively affected the reputation of this prestigious university, which urges them to find the better security approach for their system.

1. Solution

After reviewing the National university’s scenario, the best solution for them are Security at the Network Level Approach from Sivaraman et al. (2015) and Secure Data Gathering Framework from Chakravorty, Wlodarczyk, & Rong (2013). Although both of these protocols are quite costly, the university is able to afford it since their reputation is at risk. Both approaches provide the strong value for security performance which means that it can detect and protect a connected system from a plethora of attacks. However, Security at the Network Level Approach from Sivaraman et al. (2015) is preferred because it responds fast to the request of users or owners.

1. Hospital (The National Hospital)

This scenario will illustrate how the National hospital experiences smart home technologies. The first section 5.3.1 is the background of the scenario. The second section 5.3.2 talks about the security and privacy issues. The final section 5.3.3 will give suggestion which security solution is suitable for this hospital.

1. Description

The National hospital is the 100-year-old hospital in the city. This hospital specializes in heart health services such as chest pain, cardiac rehabilitation, heart attack and so on. To improve the medical efficiency of the hospital as well as the patient experience, the hospital embraces smart technology. For example, the automated and streamlined admission process assists patients to cut off their waiting time. Another example of smart devices used in hospital is the electronic wristband which allows doctors and nurses to track essential signs of patients such as heartbeat, medication time and sleep patterns. Besides, the trackers also alert doctors of any anomalies in order to provide prompt action. Various IoT- enable devices integrate with the electronic medical record and share with nurses and health care professionals.

1. Security and Privacy Issues

Recently, hackers have gained access to medical record database where stores sensitive information of patients. They used patients’ valuable information to buy medical equipment or drugs and then resold them to the black market. Patients’ data was also used for blackmail and filing fraudulent insurance claims. Those transactions are carried on under patients’ identities. This incident has adversely affected the National hospital’s reputation. The hospital needs to consider a strict and secured system to protect its database from those cyber-attackers. Otherwise, patients and their health will be put at risk.

1. Solution

After reviewing the incident of the National hospital, possible security solutions for this hospital are Security at the Network Level Approach from Sivaraman et al. (2015) and Attack Graph Prototype System from Zhang (2016) which have medium or strong value for the security performance criterion and fast responsiveness which is vital for the National hospital. However, Attack Graph Prototype System from Zhang (2016) has low level of maintenance and consumes more energy, which will increase the electricity bill. Therefore, the highly recommended security solution is Security at the Network Level Approach from Sivaraman et al. (2015)

1. Generic Guidelines

Chapter 4 not only analyzed the advantages and disadvantages of six security approaches for smart home systems, it also mentioned different criteria which are used to compare and contrast among those six security solutions. Chapter 5 discussed three particular scenarios of security and privacy breaches in the real world which needs to consider to adopt a new security solution. In each situation, the best solution is chosen among six available approaches. Actually, all the six approaches can be deployed in various domains based on users’ preferences, needs and financial conditions. The summarized table in chapter 4 provides all the standards and values of each approach which can help users to make their decisions regarding their security solution for their smart home system.

3. 
   Conclusion

This thesis discussed about the security and privacy matters in the IoT connected home system.

Chapter 2 introduced the general definitions of components within an automated home ecosystem as well as technical terms related to security and privacy.

Chapter 3 reviews existing measurements and some experiments for proposed. Jacobsson, Boldt, and Carlsson[CITATION Jac16 n l 1033 ] provided the information security risk analysis to detect reasons that make the automated home to be vulnerable to intruding. Based on negative outcomes, they suggest some countermeasures to deal with each source. Sivaraman et al. [CITATION Siv15 n l 1033 ] provided the new approach suggesting that we should detect and solve the security problem at the network layer by inserting a new entity named security management provider. They also experimented this new architecture in some smart devices in the market such as Philip Hue light bulbs and Nest smoke alarm. Consequently, they gain some positive outcomes from applying this new prototype.

Furthermore, a strong authentication mechanism seems to be the first solution that most of researchers recommend. There were some researchers that proposed some good authentication schemes at different levels to fulfill security’s goals [ CITATION Pet16 l 1033 ]. In the paper 4, the authors differentiated data into general data and sensitive data, from then they suggest solution to preserve privacy of those sensitive and important information[CITATION Cha13 l 1033 ]. An attack graph was introduced by Zhang et al. [CITATION Zha16 n l 1033 ] to estimate which steps that an attacker will take to compromise the system. Jacobsson and Davidsson [CITATION Jac15 n l 1033 ] recommended that the security part should be considered and structured from the design phase of the intelligent home system.

In my thesis part 2, I am planning to do analysis and compare multiple security approaches based on some criteria. Before giving a conclusion about which security countermeasure is strongest, I will mention about advantages and disadvantages of each approach. A scenario about how to determine the most appropriate approach for a specific organization will also be deliberated. To conclude, no single security solution is perfect, in order to have a fast responding time from the system, users need to pay at higher price, but if responding time is not as important as the cost they have to spend, another solution will be better. Therefore, it depends on the requirements of customers, there is a suitable and optimal security approach.

References

Adiono, T. et al., 2017. Design of database and secure communication protocols for Internet-of-things-based smart home system. In Region 10 Conference, TENCON 2017-2017 IEEE, s.l.: IEEE.

Babar, S. et al., 2011. Proposed embedded security framework for internet of things (iot). In Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011 2nd International Conference on, February.pp. 1-5.

Baccelli, E. et al., 2012. RIOT: one OS to rule them all in the IoT (Doctoral dissertation, INRIA), s.l.: s.n.

Barnard-Wills, D., Marinos, L. & Portesi, S., 2014. Threat landscape and good practice guide for smart home and converged media. European Union Agency for Network and Information Security, ENISA..

Chakravorty, A., Wlodarczyk, T. & Rong, C., 2013. Privacy preserving data analytics for smart homes. In Security and Privacy Workshops (SPW), 2013 IEEE, May.pp. 23-27.

Das, S. et al., 2011, March. Home automation and security for mobile devices.. s.l., IEEE, pp. 141-146.

Denning, T. K. T. L. H., 2013. Computer security and the modern home. Communications of the ACM, 56(1), pp. 94-103.

Djemame, K. A. D. K. M. J. M., 2011. A risk assessment framework and software toolkit for cloud service ecosystems. Cloud Computing, pp. 119-126.

Dunkels, A. G. B. V. T., 2004. Contiki-a lightweight and flexible operating system for tiny networked sensors. s.l., IEEE, pp. 455-462.

Gan, G., Lu, Z. & Jiang, J., 2011. Internet of things security analysis. s.l., IEEE, pp. 1-4.

Hamadi, R., Benatallah, B. & Medjahed, B., 2008. Self-Adapting Recovery Nets for Policy-Driven Exception Handling in Business Processes. Distributed and Parallel Databases, pp. 1-44.

Jacobsson, A. B. M. C. B., 2016. A risk analysis of a smart home automation system. Future Generation Computer Systems, Volume 56, pp. 719-733.

Jacobsson, A. D. P., 2015. Towards a model of privacy and security for smart homes. s.l., IEEE, pp. 727-732.

K., N., 2015. theguardian. [Online]
Available at: https://www.theguardian.com/technology/2015/may/06/what-is-the-internet-of-things-google
[Accessed 27 8 2017].

Kadam, R., Mahmauni, P. & Parikh, Y., 2015. Smart home system. International Journal of Innovative research in Advanced Engineering (IJIRAE), 2(1).

Kim B. K., H. S. H. J. Y. S. E. D. S., 2008. The study of applying sensor networks to a smart home. Fourth international conference on networked computing and advanced information management, pp. 1-6.

Kirkham, T. A. D. D. K. J. M., 2013. Risk Driven Smart Home Resource Management Using Cloud Services. Future Generation Computer Systems, Volume 38, pp. 13-22.

Komninos, N., Philippou, E. & Pitsillides, A., 2014. Survey in smart grid and smart home security: Issues, challenges and countermeasures. IEEE Communications Surveys & Tutorials, 16(4), pp. 1933-1954.

Kozlov, D. V. J. A. Y., 2012. Security and Privacy Threats in IoT Architectures. s.l., ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), pp. 256-262.

Kumar, P. G. A. I. J. Y. M. S. M., 2016. Lightweight and secure session-key establishment scheme in smart home environments. IEEE Sensors Journal, 16(1), pp. 254-264.

Lee, C. Z. L. C. K. C. H., 2014. Securing smart home: Technologies, security challenges, and security requirements. s.l., IEEE, pp. 67-72.

Levis, P. M. S. P. J. S. R. W. K. W. A. G. D. H. J. W. M. B. E. C. D., 2005. TinyOS: An operating system for sensor networks. Ambient intelligence, Volume 35, pp. 115-148.

Li, Y., 2013. Design of a key establishment protocol for smart home energy management system. In Computational Intelligence, Communication Systems and Networks (CICSyN), 2013 Fifth International Conference on, June.pp. 88-93.

Mahalle, P. P. N. P. R., 2014. Threshold cryptography-based group authentication (TCGA) scheme for the internet of things (IoT). In Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE), 2014 4th International Conference on, May.pp. 1-5.

Medium, 2016. Medium. [Online]
Available at: https://medium.com/@iotap/on-privacy-and-security-in-smart-homes-543f62aa9917
[Accessed 27 8 2017].

Ning, H. L. H. Y. L., 2013. Cyberentity security in the internet of things. Computer, 46(4), pp. 46-53.

Norberg, P. H. D. H. D., 2007. The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41(1), pp. 100-126.

Notra, S. et al., 2014, October. An experimental study of security and privacy risks with emerging household appliances. s.l., IEEE, pp. 79-84.

Peter, S. & Gopal, R., 2016. Multi-level authentication system for smart home-security analysis and implementation. s.l., IEEE, pp. 1-7.

Roman, R., Najera, P. & Lopez, J., 2011. Securing the Internet of Things. IEEE Computer, 44(9), pp. 51-58.

Sivaraman, V. et al., 2015. Network-level security and privacy control for smart-home IoT devices. s.l., IEEE, pp. 163-167.

Vaidya, B. M. D. M. H., 2011. Device authentication mechanism for smart energy home area networks. s.l., IEEE, pp. 787-788.

Van Kranenburg, R. et al., 2011. The internet of things. s.l., s.n., pp. 25-27.

Weber, R., 2011. Accountability in the Internet of Things. Computer Law & Security Review, 27(2), pp. 133-138.

Zhang M., L. Y. W. J. H. Y., 2016. A New Approach to Security Analysis of Wireless Sensor Networks for Smart Home Systems. s.l., IEEE.