A ground radiation antenna with tunable metal loads is proposed to improve the performance of a normal antenna at 900 MHz for Z-wave applications. The proposed design is comprised of a 5 mm × 5 mm ...ground radiation antenna and inductor-connected metal loads in a 30 × 50 mm ground plane. The metal loads can take the form of rims, a frame, strips, or wires at the ends of the ground plane and are connected with lumped elements to allow easy adjustment. The proposed antenna was simulated to tune the metal loads, and was then fabricated and measured to verify its improved performance in the Z-wave band.
Z-Wave is a proprietary technology used to integrate sensors and actuators over RF and perform smart home and office automation services. Lacking implementation details, consumers are under-informed ...on the security aptitude of their installed distributed sensing and actuating systems. While the Physical (PHY) and Medium Access Control (MAC) layers of the protocol have been made public, details regarding the network layer are not available for analysis. Using a real-world Z-Wave network, the frame forwarding and topology management aspects of the Z-Wave routing protocol are reverse engineered. A security analysis is also performed on the network under study to identify source and data integrity vulnerabilities of the routing protocol. It is discovered that the topology and routes may be modified by an outsider through the exploitation of the blind trust inherent to the routing nodes of the network. A Black Hole attack is conducted on a real-world Z-Wave network to demonstrate a well-known routing attack that exploits the exposed vulnerabilities. As a result of the discoveries, several recommendations are made to enhance the security of the routing protocol.
•Definition of a library of primitives to model security communication protocols.•Definition of a set of schema for temporal logic formulas to specify confidentiality, integrity and authentication ...properties and verify protocol security goals.•Formal specification of the IoT Z-Wave protocol using the S2 Security class, and model-based validation and verification to analyse protocol properties and vulnerabilities.
IoT (Internet of Things) devices are extensively used in security-critical services, as for example home door opening, gas monitoring, alarm systems, etc. Often, they use communication protocols with no standardisation and no security guarantee. Unsecured use of connected devices can cause threats or damages to the users, so security assurance, which can be ensured by the use of formal methods, must be guaranteed. Unfortunately practical usage of formal methods during the protocol design is very limited or missing at all.
To address the problem of providing the designer with a user-friendly but rigorous design approach based on the use of formal methods, supporting security assurance already at the model level, but hiding the complexity of formal notations and verification techniques, in this paper we propose an approach, based on the Abstract State Machine formal method, for the specification and verification of security protocols. Specifically, we introduce a set of built-in primitives to model communication protocols and their security properties. Security verification can be carried out under the hypothesis of either a passive or an active attacker.
The effectiveness of this approach is shown by means of its application to the Z-Wave protocol, claimed to be one of the most secure protocol for IoT devices communication thanks to the addition of the S2 Security class. We show the formal specification of the Z-Wave protocol and the security verification process.
The Internet of Things (IoT) will bring about the next industrial revolution in Industry 4.0. The communication aspect of IoT devices is one of the most critical factors in choosing the device that ...is suitable for use. Thus far, the IoT physical layer communication challenges have been met with various communications protocols that provide varying strengths and weaknesses. This paper summarizes the network architectures of some of the most popular IoT wireless communications protocols. It also presents a comparative analysis of some of the critical features, including power consumption, coverage, data rate, security, cost, and quality of service (QoS). This comparative study shows that low-power wide area network (LPWAN)-based IoT protocols (LoRa, Sigfox, NB-IoT, LTE-M) are more suitable for future industrial applications because of their energy efficiency, high coverage, and cost efficiency. In addition, the study also presents an Industrial Internet of Things (IIoT) application perspective on the suitability of LPWAN protocols in a particular scenario and addresses some open issues that need to be researched. Thus, this study can assist in deciding the most suitable IoT communication protocol for an industrial and production field.
We propose a device for monitoring the number of people who are physically present inside indoor environments. The device performs local processing of infrared array sensor data detecting people’s ...direction, which allows monitoring users’ occupancy in any space of the building and also respects people privacy. The device implements a novel real-time pattern recognition algorithm for processing data sensed by a low-cost infrared (IR) array sensor. The computed information is transferred through a Z-Wave network. On-field evaluation of the algorithm has been conducted by placing the device on top of doorways in offices and laboratory rooms. To evaluate the performance of the algorithm in varying ambient temperatures, two groups of stress tests have been designed and performed. These tests established the detection limits linked to the difference between the average ambient temperature and perturbation. For an in-depth analysis of the accuracy of the algorithm, synthetic data have been generated considering temperature ranges typical of a residential environment, different human walking speeds (normal, brisk, running), and distance between the person and the sensor (1.5 m, 5 m, 7.5 m). The algorithm performed with high accuracy for routine human passage detection through a doorway, considering indoor ambient conditions of 21–30 °C.
With the evolution of state-of-the-art applications and paradigms, the world is progressing toward smart cities. Smart homes are an important aspect of smart cities, wherein various mobile computing ...and network technologies are used. However, they are also susceptible to security threats that can cause serious issues related to privacy and safety. Z-Wave is a wireless technology primarily used in smart homes; however, its protocol has not been sufficiently investigated. In this study, we examined threat modeling for the Z-Wave protocol to determine the security issues and suggested attack scenarios in which we gained full control over the commercial products that implement Z-Wave. We analyzed the level 2 data flow diagram of actual products. The experimental results revealed that the major products that implement Z-Wave have several vulnerabilities.
A video demonstrating our experimental result can be found at https://youtu.be/sM-NlJexDPU.
Display omitted
•We analyzed the level 2 data flow diagram of Z-Wave to find vulnerabilities.•We identified 46 threats based on the STRIDE model for Z-Wave devices.•We described three attack vectors on the Z-Wave protocol.•Experimental results of real-world scenarios revealed the vulnerabilities of Z-Wave.
Protocol stacks specifically designed for the Internet of Things (IoT) have become commonplace. At the same time, security and privacy concerns regarding IoT technologies are also attracting ...significant attention given the risks that are inherently associated with the respective devices and their numerous applications, ranging from healthcare, smart homes, and cities, to intelligent transportation systems and industrial automation. Considering the still heterogeneous nature of the majority of IoT protocols, a major concern is to find common references for investigating and analyzing their security and privacy threats. To this end, and on top of the current literature, this work provides a comprehensive, vis-à-vis comparison of the security aspects of the thus far most widespread IoT Wireless Personal Area Network (WPAN) protocols, namely BLE, Z-Wave, ZigBee, Thread, and EnOcean. A succinct but exhaustive review of the relevant literature from 2013 up to now is offered as a side contribution.
The article introduces an ambient intelligence system for blind people which besides providing assistance in home environment also helps with various situations and roles in which blind people may ...find themselves involved. RUDO, the designed system, comprises several modules that mainly support or ensure recognition of approaching people, alerting to other household members' movement in the flat, work on a computer, supervision of (sighted) children, cooperation of a sighted and a blind person (e.g., when studying), control of heating and zonal regulation by a blind person. It has a unified user interface that gives the blind person access to individual functions. The interface for blind people offers assistance with work on a computer, including writing in Braille on a regular keyboard and specialized work in informatics and electronics (e.g., programming). RUDO can complement the standard aids used by blind people at home, it increases their independence and creates conditions that allow them to become fully involved. RUDO also supports blind people sharing a home with sighted people, which contributes to their feeling of security and greater inclusion in society. RUDO has been implemented in a household for two years, which allows an evaluation of its use in practice.
One of the most challenging problems related to the operation of smart microgrids is the optimal home energy management scheme with multiple and conflicting objectives. Moreover, there is a ...noticeable increase in homes equipped with renewable energy sources (RESs), where the coordination of loads and generation can achieve extra savings and minimize peak loads. In this paper, a solar-powered smart home with optimal energy management is designed in an affordable and secure manner, allowing the owner to control the home from remote and local sites using their smartphones and PCs. The Raspberry Pi 4 B is used as the brain of the proposed smart home automation management system (HAMS). It is used to collect the data from the existing sensors and store them, and then take the decision. The home is monitored using a graphical interface that monitors room temperature, humidity, smoke, and lighting through a set of sensors, as well as PIR sensors to monitor the people movement. This action enables remote control of all home appliances in a safe and emission-free manner. This target is reached using Cayenne, which is an IoT platform, in addition to building some codes related to some appliances and sensors not supported in Cayenne from scratch. Convenience for people with disabilities is considered by using the Amazon Echo Dot (Alexa) to control home appliances and the charging point by voice, implementing the associated code for connecting the Raspberry pi with Alexa from scratch, and simulating the system on LabVIEW. To reach the optimal operation and reduce the operating costs, an optimization framework for the home energy management system (HEMS) is proposed. The operating costs for the day amounted to approximately 16.039 €. There is a decrease in the operating costs by about 23.13%. The consumption decreased after using the smart HAMS by 18.161 kWh. The results of the optimization also show that the least area that can be used to install solar panels to produce the desired energy with the lowest cost is about 118.1039 m2, which is about 23.62% of the total surface area of the home in which the study was conducted. The obtained results prove the effectiveness of the proposed system in terms of automation, security, safety, and low operating costs.
Smart home automation is part of the Internet of Things that enables house remote control via the use of smart devices, sensors, and actuators. Despite its convenience, vulnerabilities in smart home ...devices provide attackers with an opportunity to break into the smart home infrastructure without permission. In fact, millions of Z-Wave smart home legacy devices are vulnerable to wireless injection attacks due to the lack of encryption support and the lack of firmware updates. Worse yet, recent Z-Wave secure S2 devices with built-in encryption are also vulnerable to specific targeted attacks, i.e. , attacking S2 devices is possible via vulnerable legacy devices or injecting malicious unencrypted packets that alter S2 devices normal operations. In this paper, we present ZMAD, a lightweight anomaly-based intrusion detection system (IDS) for monitoring and detecting wireless attacks on Z-Wave smart home devices. ZMAD uses a technique called packet formalization to address heterogeneous packets coming from various Z-Wave devices. ZMAD also uses a centralized learning approach to profile normal communication patterns of devices to increase Z-Wave Command Class coverage. By constructing a lightweight artificial neural network built from scratch in consideration of packet formalization and centralized learning, ZMAD can effectively detect abnormal behaviors in Z-Wave networks and runs on an external device to avoid network overhead. We applied ZMAD to an evaluation testbed constructed using 17 top-rated real-world Z-Wave smart home devices. From our experiments, we confirmed that ZMAD could effectively discover wireless injected packets with an accuracy of 98% for its artificial neural network. Our further analysis demonstrated that ZMAD is more effective than existing approaches, increasing the coverage of Z-Wave Command Classes by 663% while reducing five to 47 times the size of the trained model (23.1 KB) compared to existing deep learning architectures.