ReadWrite

Homes Can’t Truly Be Smart Without Security

Guest author Chris Boross is president of the Thread Group and Nest’s technical product marketing manager overseeing technology partnerships and wireless networking technologies.

The connected home is now closer within reach for consumers than ever before, and “smart” products are being deployed to the market in full force. Due to this sheer number of products and scenarios in the connected home, and the inordinate volume of data in constant transfer, the area of the Internet of Things has also caught the attention of hackers. 

See also: Amazon’s Echo Update Gives Alexa The Keys To Your House

If devices communicate over standard Wi-Fi, for example, there’s suddenly much more at stake than a disingenuous neighbor stealing bandwidth to stream movies. Cyber criminals could gain control of an entire household, from the sabotaging of energy consumption to manipulating smart medical devices.

And who is responsible for protecting our homes? What is our first line of defense for the new connected home? The answer reflects the complexity and the implications of the Internet of Things.

Living the dream

A broad range of companies will offer lights, door locks, thermostats and appliances that can communicate with each other to make people’s lives easier. 

See also: 6 Steps Developers Need To Take To Harness The Internet Of Things

Conceptually, the connected home enables a lifestyle of exceptional convenience and efficiency. People can set lights to come on a few minutes before they get home at night or for a few hours every evening to give the illusion of activity if they’re on vacation. They can preheat an oven from the grocery store, turn on the dishwasher while commuting to work, or program the coffee maker while they are lying in bed.

The long-fabled Internet of Things (IoT) employs connected devices such as sensors to capture information in the surrounding environment, devices to act on that sensor data, and wireless technology to communicate the information to other devices and provide a useful user experience. From water leak sensors to smoke detectors, today’s devices can flag when they need attention, so consumers always know that their home is protected.

The convenience is undeniable. Yet it also presents an irresistible landscape for hackers looking for the next mother lode.

Security in the connected home must be addressed at multiple levels: by product manufacturers, service providers, technology providers, such as network protocol alliances, and even the end-consumer. In other words, the job of ensuring consumers can build and enjoy smart homes—without compromising the security of their families and possessions, or sacrificing ease-of-use—belongs to the entire connected ecosystem.

Ultimately each communications layer should own a degree of responsibility. However, the assumptions in this approach open up major security gaps.

For example, networking standards are built on very specific layers of the software stack and can only address security to that extent. Additionally, product manufacturers may assume that the networks people are connecting their devices to are secure, but we know that this is not always the case. And ideally, service and application-layer protocol providers should build additional security features on top of the connectivity protocol.

Locking the electronic door

Front and center in the provision of IoT security are product manufacturers, service providers and the industry consortia that provide the technologies common to both. These three entities must work together to provide consumers with state-of-the-art network- and application-level encryption and security, all without compromising ease of use. This is a tall order, but one that the industry is committed to tackling.

If we look at security from the top down, it’s the work of IoT alliances and consortia to develop best practices and technology standards with security built-in from the beginning. This offers a structure in which member companies can apply their vast experience in connected products and networking protocols to deliver the utmost in asset protection and ease-of-use.

Banking-class cryptography and security architecting can close security holes that exist in other wireless networking protocols. (This is the strategy employed by my organization, Thread Group.) The approaches may vary, but the good news is that across the board, industry alliances that support the connected home industry have also established frameworks and best practices to ensure security amongst smart home devices.

Home, Safe Home

To ensure compliance, consortia provide product manufacturers with a wide range of tools to test security before the certification process even begins. Then it’s the responsibility of each consortium to provide reliable and rigorous testing in objective third-party laboratories before granting their final stamps of approval.

Much like building a house, the network layer provides the foundation that companies at the application layer can build on. Solid security at the network layer enables the application layer to incorporate their own security features on top of the existing architecture.

The goal of many IoT industry groups and consortia is to align the ecosystem around a shared vision of a secure home. With a reliable set of best practices and testing, this connected ecosystem can operate full steam without exposing consumers and governments to theft and cyber terrorism. The industry also benefits from learning the lessons from our e-forefathers, who were tasked with securing the Web and then mobile devices.

The peace of mind—and the confidence—people feel when their favorite home devices work harmoniously would be shattered by a security breach. Given this, the true promise of the connected home, and ultimately the connected lifestyle, lies in the secure connections among people and their favorite devices.

Personally, I’m really excited about my home environment being exactly what I want. When I walk in the door, the lights in my house turn on, my eco-friendly home warms up to my preferred temperature, and my oven—which knew I was arriving minutes in advance—is pre-heated, just waiting for me to pop in dinner. When I enter my home theater, it’s already set for me to watch my favorite show.

These are conveniences I want. But what I want most of all is to come home knowing that my devices and data are there, safe and secure.

Conceptually, the connected home enables a lifestyle of exceptional convenience and efficiency. People can set lights to come on a few minutes before they get home at night or for a few hours every evening to give the illusion of activity if they’re on vacation. They can preheat an oven from the grocery store, turn on the dishwasher while commuting to work, or program the coffee maker while they are lying in bed.

Lead photo by Pete Markham