$QDO\VLVRI6HFXULW\$WWDFNVLQD6PDUW+RPH

1HWZRUNV
Utkarsh Saxena Dr. J.S Sodhi Dr.Yaduveer Singh
Amity University Amity University Ideal Institute of Technology
Noida,India Noida,India Ghaziabad

$EVWUDFW This paper presents an analytical review about smart

II. SMART HOME ENVIRONMENT
home network, their working and technologies from a security
standpoint .It highlights various security flaws in a different smart
home networks. It clearly explain, why a smart home is such an It is very important to understand the basic primary
easy target for the attackers, it also discuss the role of interfaces in components of a smart home systems in order to
a smart home network by describing the scenario in which smart determine the factors that are responsible for the security
home network can be easily trapped. It also explains various types flaws in a smart home networks. There is also a need to
of home automation techniques along with the attacks which are understand the necessary security measures that should
quite more vulnerable to the smart home networks. As there of be taken and implemented in order to reduce the chance
now there are many vulnerabilities which are exploiting the smart of security attacks.
home network but no strong defensive mechanism has been
developed till yet. It also indicates the basic components of a smart
home network and the possible attacks which can be happen on a
smart home networks.

.H\ZRUGV 6PDUW +RPHV 8VHU ,QWHUIDFHV $FFHVV &RQWURO

6HFXULW\$WWDFNV6HFXULW\0HFKDQLVP,QWURGXFWLRQ

I. INTRODUCTION
The concept of Smart Home exist from late 1970s. But due
to the growth and advancement in the field of science and
technology the whole concept of smart home has
revolutionized, this increase the expectation as well as
Figure 1: Smart Home Environment
thinking of the people about Smart Home. Now the Smart
Home is not a dream, it is becoming a reality. But there
Based on its architecture smart home can be decomposed
exist some security concern too. These security flaws are
into three components; the communication network, the
very dangerous to the smart home network.
intelligent control system and the home automation [2, 4].
The idea of smart home existed from 1970s onwards but
has come into knowledge of researchers and data scientist
due to the development in the domain of Internet of Things
(IoT)[1] . A Smart Home is a house consisting of a
communication network that couple the vital electrical
devices and services, and grant them to be monitored either
inside or outside the network. There are many components
of a smart homes i.e. information and
communication,Security,entertainment,healthcare,environm
ent,home appliances[2].

Figure 2: Types of Network in a Smart Home Network

978-1-5090-3519-9/17/$31.00 2017
c IEEE 431
$6PDUW+RPH&RPPXQLFDWLRQ
In the research work of John J. Greichan [5],he describe
some of the severe issues that exist in the smart home
network i.e. large manufacturing cost, large development
cost, lack of protocol on which smart home network relies
,unfamiliarity of the consumer with the smart home system
as well as the complex user interface. Although there exist a
reasonable growth in the field of science and technology and
the computation capability that helps in considerable
reduction in device cost and size. These factors are quite
responsible for the increasing demand of the electronic
products today, and due to this reason there exist many
protocols for the smart home networks like X10 [6], ZigBee
[7], LonTalk [8], and CEBus [9] were defined overtime. All
these factors contributed to addressing the challenges and
concerns of early home automation systems, which lead to
the popularity and wide acceptance of automated homes.
The THREAD is the latest smart home communication
protocol developed by Thread Group .It is an IPV6 based
protocol working on the mesh network based technology
which is quite similar to ZigBee. This protocol is formed by
the group of companies [10] .
The study done by A.J. Brush HWDO. [11] discusses the main
stumbling blocks in modern home automation systems: the
high overall cost of the system, inflexibility due to
integration of different devices into the home automation
system, lack of reliable devices at home, complex user
interfaces, and reliance on skilled consultants. All these
factors lead to poor manageability and lack of convincing
security.
Our work mainly deals with the security areas of home
automation. We first discuss how the concept of security has
changed in modern home automation systems, then focus on
various challenges in the field from a security point of view.
The paper goes on to discuss various home automation
systems and their security issues based on methodology
used: context-aware home automation, central controller-
based home automation, Bluetooth-based home automation,
mobile or GSM-based home automation, Internet-based
home automation, and a decentralized approach to home
automation. Finally, we discuss the role of user interfaces in
security and conclude by discussing where the researchers
should focus their work in the field of home automation
security.
%&XUUHQW5HVHDUFK&KDOOHQJHVIRU6PDUW+RPH1HWZRUN
 ,QWHJUDWLRQDQGLQWHURSHUDELOLW\: As The devices
in a smart home network are heterogeneous in
nature as there are different mechanism and
prerequisite for each and every device belonging to
the same category so there is an issue about how to
connect these devices as well as how to operate
them .
432 2017 7th International Conference on Cloud Computing, Data Science & Engineering Confluence
 3ULYDF\DQG6HFUHF\: As smart home is connected
to the internet and there are several attacks present
to the network because smart home network is no
different from any other wireless network ,So there
is always a risk associated with the wireless
network.
 6\VWHP &RPSOH[LW\: various kind of networks
exist within a smart home network .For example
wireless sensor network and body area
network(BAN), due to occurrence of different
types of networks it is very difficult to establish
communications between these heterogeneous
network and thats why the system becomes more
complex.
 %DQGZLGWK PDQDJHPHQW: In future ,Internet
traffic intensity will be increased severly due to
smart home applications ,As there is no such
effective policy occurred for bandwidth
management in such a complex network. So
bandwidth management is also an important
problem in a smart home network.
 3URWRFRO LVVXHV: As smart home network is made
up of heterogeneous components ,new
communication protocol are required to exchange
information with heterogeneous types of networks.
 &RVWHIIHFWLYHQHVV: deploying smart home network
and securing it effectively is very much costly as
for this huge amount of resources are needed ,So
making it cost effective and secure in a best
possible manner is the challenges for smart home
network.
 6RFLDO,PSDFW: Smart home may have some impact
on society, For Example some people might be
isolated from the society. As smart home can do all
the work automatically without any human
intervention so there will be a lack of
communication between a human and the society
where he lives.
& 6HFXULW\&RQFHUQLQD6PDUW+RPH1HWZRUN
Implementing security mechanism in a smart home network
is a very challenging issue due to their heterogeneous nature
[2,12,13].In a smart home environment there are several
devices with different working mechanisms.
Thus, the implementation of security mechanisms differ
from device to device depending on the environment in
which they exist as well as the protocol used for
communication. As it is already knows to us that in a smart
home there exist a heterogeneous devices which are
connected to each other, this causes one more vulnerability
in a smart home network because due to its heterogeneous
nature it uses broadcasting for packet transferring from one
node to other node and that broadcasted packet can be easily
trapped by the intruder .
'6HFXULW\7KUHDWVLQD6PDUW+RPH1HWZRUNV
7KHPRGHUQVHFXULW\V\VWHPVZRUNVRQWKHEDVLFSULQFLSOH
RI GHWHUPLQLQJ WKH LQWUXGHU DQG GHWHUPLQH ZKLFK LQWUXGHU
WULHVWRDOWHUWKHEDVLFQHWZRUNFRQILJXUDWLRQDQGWKHPRGH
RI WKHLU DFFHVV VRW KDW D FRPSOHWH LQIRUPDWLRQ FDQ EH
FDSWXUHG DQG WKDW LQWUXGHU FDQ EH FDSWXUHG E\ WKH DWWDFN
ORJV WKDW DUHV WRUHG LQ WKH SUHGHILQHG FRQILJXUDWLRQ RIW KH
QHWZRUNVHFXULW\HTXLSPHQWV. Due to the advancement in
the field of science and technology, the concept of security
mechanism also changed. Now user can monitor their own
hose remotely via handheld device and can perform actions
whatever necessary at any instant of time. Due to the
advancement of the processing power of the recent
processors there is huge amount of reduction in power
consumption as well as resource consumption. In a wireless-
sensor-actor network, the sensors gathers the information
from the physical environment in which it resides and then
actors performs the functions that were ordered by the
administrator who is monitoring that house.
There are many vulnerabilities which exist in the present
days technologies used in Smart Home Communication
Network. C. Karlof and D. Wagner [14] discussed many
vulnerabilities like Sinkhole attacks, Sybil Attacks,
Selective-Forwarding Attacks and many other routing
attacks which alters the routing table data, thus cause
inappropriate data transfer in the network. Y.C Hu HW DO
[15] described Wormhole Attacks in which the two
adversaries node communicate with each other. These two
nodes have much better communication resources than any
other nodes in a network and can establish a much better
communication channel. In this the wormhole node makes a
false tunnel between other nodes in such a way that it
disturb the routing table .When a data packet is delivered
from one node to other node the wormhole node transfer the
packets to some different node as a result the destination
node gets the data packet very late.
All the wireless protocol encryption standards that are used
in the present day scenario uses techniques like Data packet
integrity, device authenticity, key establishment. , J. Wright
HWDO[16] in 2011 shows that how a Zigbee network can be
compromised by an attacker using Replay Attack [17].As
the keys are sent over the wireless medium in form of Plain-
Text, an attacker takes advantage of this situation and
performs sniffing, inject codes into the Plain-text, Thus it
makes device vary difficult to understand and due to this
reason there occurs malfunctioning of device. B. Fouladi
and S. Ghanoun [18] in 2013 demonstrate that how a Z-
Wave doors are vulnerable to attackers by providing
complete access to the attacker without proper
authorization.
T. Oluwafemi HW DO [19] in 2013 shows that how a simple
house-hold device like CFL( compact fluorescent lamp)
could be an victim of the attacker .An attacker could
manipulate working of the lamp in order to cause harm for
2017 7th International Conference on Cloud Computing, Data Science & Engineering Confluence
the inhabitants i.e. shattered glass, mercury poisoning etc.
Also variation in the lighting frequencies can cause a severe
damage to the person that is suffering from photosensitive
epilepsy [20]. XSS (Cross-Side Scripting) can also be used
by the attacker to violate network functionality.
JavaScript code can be embed into any log page ,as
JavaScript works on the client side library, an attacker can
cause any desirable functionality at the Home site. As in
Smart Home each communication in Smart Home Networks
takes place through Plain-Text, thus it becomes more
vulnerable to attackers to sniff the packets and acquired
legitimate credentials.
 (DYHVGURSSLQJ
In this type of attack an intruder just monitor the
data traffic that takes place between the two nodes
in a smart home network. Here the aim of intruder is
to know about what data transfer is taking place and
what is the pattern of that data without getting actual
user to know about it [21]. The data which the
intruder captures might contain sensitive
information. Thus access to the sensitive
information by the intruder can cause a severe
danger for the network.
 0DVTXHUDGLQJ
In this type of attack an attacker uses fake identity
with the aim of gaining unauthorized access to the
network through legitimate access identification. If
the authorization process is not fully protected then
this attack can be extremely vulnerable to the
network. Here in this attack the main mindset of the
intruder is to get the secret data or to acquired
authentic services[21].
 5HSOD\$WWDFN
Replay Attack is a network attack in which an
attacker in which the data transfer between two
nodes is maliciously or fraudulently repeated in
order to get the identity of the authentic node. Here
the main aim of intruder is to get the same
authenticity as the original node has so that it can
easily monitor the data.[22]
 0HVVDJH0RGLILFDWLRQ
Message modification is the attack in which an
intruder deliberately attempts to capture the data
transmitted between two nodes and then it modifies
that data so that no authenticity of the message exist.
These changes can contain malicious codes[21].
 'HQLDORI6HUYLFH
433
 A denial of service(DoS) is an attack that prevents
or impairs the authorized use of networks, system or
applications by consuming resources such as
CPU,Memory bandwidth and disk space etc. The
main aim of DoS attack is to overburden the
network by sending continuously messages so that
the server becomes busy and becomes unavailable
to process request from other nodes[21].
 0,70$WWDFN
Here in this scenario, an attacker intercepts the
communication that is occurring between two parties
and that parties are unknown to this situation, as a
result they communicate with each other believing
such that nobody is listening to their
communication.[23]
Here in this an attacker just break the
communication string into two parts, one connection
is made with sender and an attacker and the another
connection is made between an attacker and the
receiver. the communication can takes place in
either form i.e. http or https. The MITM Attack in
http is very effective because all the data transmitted
is in ASCII form which is easily understandable and
can be easily manipulated. If we are using HTTPS
connection MITM Attack can take place, In that
scenario here we have to make two independent
SSL Connection over each TCP connection. First
connection established between Web browser and
an attacker and second SSL connection is made
between an attacker and the web server.[23]
 :RUPKROH$WWDFN
Wormhole Attack is an attack in which the two
adversaries node communicate with each other.
These two nodes have much better communication
resources than any other nodes in a network and
can establish a much better communication
channel. In this the wormhole node makes a false
tunnel between other nodes in such a way that it
disturb the routing table .When a data packet is
delivered from one node to other node the
wormhole node transfer the packets to some
different node as a result the destination node gets
the data packet very late.[24]
 6LQNKROH$WWDFN
Sinkhole Attack is an attack in which an attacker
first analyze the compromised node in a network
.After analyzing the compromised node the attacker
&RPSDULVRQRI'LIIHUHQW6PDUW+RPHV1HWZRUNDORQJZLWKWKHULU6HFXULW\&RQFHUQ
TABLE I.
434 2017 7th International Conference on Cloud Computing, Data Science & Engineering Confluence
inject some malicious code into its routing table so
that it can attract other nodes in the same network.
Then after attracting all other nodes the
compromised node attacks on most closest node in
the network and then the most closest node gets
attacked. This creates sync between attacked nodes
and the attack carries out.[25]
 ,PSHUVRQDWH$WWDFNDQG6\ELO$WWDFN
This attack is very common in the network scenario,
here in this attack an attacker obtain the IP Address
and the MAC Address of the legitimate user and by
obtaining this it can steal the identity of the actual
user. After stealing an attacker can do plenty of
things i.e. it can cause harm to another victim.[26]
A Sybil attack is much advanced form of
impersonate attack, here in this attack an attacker
steals multiple identities and performs malicious
activity over the network and it represent itself as a
node which contains multiple identities to the other
fellow nodes.
 7UDIILF$QDO\VLV$WWDFN
Traffic Analysis Attack deals with the analysis of
traffic that occurs during the communication
between two nodes. This Attack can be performed
even when the messages are encrypted and difficult
to decrypt. Traffic Analysis Attack becomes more
stronger when there is large amount of messages
present to be analyzed. More valuable information
can be gathered by Traffic Analysis Attack.[27]
 'H6\QFKURQL]DWLRQ$WWDFN
The main motive of De-Synchronization attack is to
disturb the established connection between the two end
points or devices in a smart home network. here in this
attack, attacker tries to modify the control flags as well
as the sequence number in order to alter the packets, or
messages that takes place between the two devices or
the end points. Due to this it limits the legitimate user
to send and receive data or messages.[28] It will
continuously request transmission of those messages
that causes an infinite cycle of retransmitted messages.
Due to this a deadlock situation occurs which requires
lot of energy.
Type Function/Working Implementation Problem Presents Security Concern
Technique Exist
Context-aware 1) System tries to be 1) Infrared grid 1)Implementation Yes
aware of the context is used to of infrared grid is (Messages can be
in which user makes predict the difficult as it easily trapped in IF
the decision. location of user incurs so much Grid).
inside home cost.
2) Predicting the
location of user helps 2) Use of 2) Badges can be
in defining the badges can be misplaced by the
context implemented. users.

3)Static Object
Checking
method
Central- 1) Combines many GPRS (General 1) All homes Yes
Controller homes into a security Packet Radio must be (If anyone gets access
network with a Service) connected to each to the central node
central node through which other for the then all other node can
dedicated for each many individual approach to be be easily tracked as
locality depending on home users are cost-effective and well as altered)
number of users. connected. successful.
2) Who will have
access to all the
data and upto
what level.
Bluetooth Bluetooth adapter is Bluetooth 1) Bluetooth has Yes
Based used for technology for maximum range (Eavesdropping and
communication communicating of only 100m signal strength
between two nodes between two which is not ideal weakness exist)
via host controller nodes in a for home
using Bluetooth network. communication.
2) High Power
Consumption.
3) Only used for
short lived
communication.
4)Bluetooth has
advanced to
BTLE(Bluetooth
low Energy)
which provide
same
communication
range in
minimum power
GSM Based 1)System converts GSM based 1)SMS pass key Yes
(includes) machine function into communication can be easily
electrical signals is totally hacked.
1)SMS based through transducer dependent on 2)Facial
2)GPRS based which gets into GSM module as recognition can
3)DTMF based microcontroller. well as the be hacked by the
2)A transducer microcontroller photo of
converts physical which helps in authorized
quantities like sound generation of person.
,temperature, command 3)Constant
humidity into voltage. monitoring is
3)The microcontroller required.
analyses these signals

2017 7th International Conference on Cloud Computing, Data Science & Engineering Confluence 435
 and converts them
into commands that
can be understand by
GSM module
Internet Based 1)Accessing Simple Client- 1)Browser Yes
system/network Server related security
through a web based Communication issues.
application hosted technology is 2)uses of weak
over the web. used for passwords for
2)User interact communicating accessing.
through browser to between the 3)An attacker can
the application via user and the use keylogger
some protocols such application software to detect
as HTTPS pass-key

CONCLUSION &RPSXWLQJ6\VWHPV, pp. 2115-2124, 2011. Article (CrossRef Link)

This Paper focuses on the security aspect of the existing
Smart Home Networks system and points out its flaws. This
paper points out the shortcomings of existing home
automation systems in identifying and preventing
sophisticated intruders in a home environment. For future
work in the field of home automation security, we will try to
consider a home network as a whole and develop a trap that
can easily identify the attacker and its activities which he
performed during attack. Further we will find out the
security limitation of the protocols used in Home
Automation. By applying the security mechanism we can
reduce the security risk up to 50%.
Security is vital for the proper implementation and
development of the home automation systems. Moreover, it
provides a sense of security to a homes inhabitants and puts
their minds at ease.
REFERENCES
[1]H. Kopetz, Internet of things, in Real-Time Systems, ed:
Springer,2011,pp.307-323.
[2] G. Mantas,D.Lymberopoulos, and N.Komnios, Security in Smart
Home Environment, Wireless Technologies for Ambient Assisted Living
and
Healthcare:Systems and Applications,Hershey,PA:Medical Information
Science,pp.170-191,2010.
[3]M. Chan,D. esteve, C.Escriba, and E.Campo, A review of smart
homesPresent state and future challenges, Computer methods and
programs in biomedicine,vol,91,pp.55-81,2008
[4]V.Ricquebourg,D. Menga,D. Durand, B. Marhic,L.Delahoche,and C.
Loge, The smart home concept:our immediate future, in E-Learning in
Industrial Elecvtronics, 2006 IST IEEE International Conference
on,2006,pp.23-28
[5] Greichen, J.J., Value based home automation or today's market,
,((( 7UDQVDFWLRQV RQ &RQVXPHU (OHFWURQLFV, vol. 38, no. 3, pp.34-38,
Aug.1992. Article (CrossRef Link)
[12]M. Hager,S.Schellenberg,J.Seitz,S.Mann,and G.Schorcht, Secure and
QoS-aware communications for smart home services, in
Telecommunications and
th
Signal Processing (TSP),2012 35 International Conference on
2012,pp.11-17
[13]M.M Haque and S.I. Ahamed, Security in Pervasive
Computing:Current Status and Open Issues, IJ Network
Security,vol.3,pp.203-214,2006
[14]C. Karlof, D. Wagner, Secure routing in wireless sensor networks:
attacks and countermeasures , $G+RF1HWZRUNV, vol. 1, pp. 293315,
2003. Article (CrossRef Link)
[15]Y. Hu, A. Perrig, D. Johnson, Wormhole attacks in wireless
networks , ,(((-RXUQDORQ6HOHFWHG$UHDVLQ&RPPXQLFDWLRQV, vol. 24,
no. 2, pp. 370380, Feb. 2006. Article (CrossRef Link)
[16]J. Wright, Practical ZigBee Exploitation Framework , 7RRUFRQ,
Oct. 2011.
[17] Z. Feng, J. Ning, I. Broustis, K. Pelechrinis, S.V. Krishnamurthy, M.
Faloutsos, Coping with Packet Replay Attacks in Wireless Net works,
WK $QQXDO ,((( &RPPXQLFDWLRQV 6RFLHW\ &RQIHUHQFH RQ 6HQVRU, 0HVK
DQG $G +RF &RPPXQLFDWLRQV DQG 1HWZRUNV, pp. 368-376, Jun. 2011.
Article (CrossRef Link)
[18]B. Fouladi, S. Ghanoun, Security Evaluation of the Z-Wave Wireless
Protocol, %ODFNKDW86$, Aug. 2013.
[19] T. Oluwafemi, S. Gupta, S. Patel, T. Kohno, Experimental Security
Analyses of Non -Networked Compact Fluorescent Lamps: A Case Study
of home automation Security, :RUNVKRSRQ/HDUQLQJIURP$XWKRULWDWLYH
6HFXULW\([SHULPHQW5HVXOWV, pp. 13 34, Oct. 2013.
[20]A. Verrotti, D. Trotta, C. Salladini, G. Corcia, G. Latini, R. Cutarella,
F. Chiarelli, Photosensitivit y and epilepsy: a follow-up study,
Developmental
Medicine & Child Neurology, vol. 46, no. 5, pp. 347-351, May 2004.
Article (CrossRef Link)
[21]S.A. Shaikh, Information security education in the UK:a proposed
st
course in secure e-commerce systems, in Proceedings of the 1 annual
conference on Information security curriculum development,2004,pp.53-58
[22]old.iseclab.org/people/andrew/download/acsac05.pdf.
[23]https://www.owasp.org/index.php/Man-in-the-middle_attack.
[24] Yih-Chun Hu, Member, IEEE, Adrian Perrig, Wormhole Attacks in
Wireless Networks,2006.
[25] Vinay Soni,Pratik Modi,Vishvash Chaudhri,IJAIEM, Detecting
[6]The X10 Specification, ;86$,QF., 1990. Sinkhole Attack in Wireless Sensor Network,2013.
[7]ZigBee Specifications, =LJ%HH$OOLDQFH, version 1.0 r13, Dec. 2006.
[26]Menezes A, van Oorschot P, Vanstone S (1997) Handbook of applied
[8]LonTalk Protocol Specification Version 3.0, (FKHORQ&R, 1994.
[9]EIA-600 CEBus Standard Specification, (,$, 1992. cryptography. CRC, Boca Raton, FL.
[10]https://en.wikipedia.org/wiki/Thread_(network_protocol) [27] http://www.sans.edu/cyber-research/security-laboratory/article/traffic-
[11]A.J. Bernheim Brush, B. Lee, R. Mahajan, S. Agarwal, S. Saroiu, C.
analysis.
Dixon, Home automation in the Wild: Challenges and Opportunities,
[28]0LDROHL'HQJ:HLMXQ=KX Desynchronization Attacks on RFID
in
Security Protocols,1993
&+,3URFHHGLQJVRIWKH6,*&+,&RQIHUHQFHRQ+XPDQ)DFWRUVLQ

436 2017 7th International Conference on Cloud Computing, Data Science & Engineering Confluence