Avi Rosenthal, vice president of Security and Control at Nortek Security and Control gave a speech at SMAhome International Conference 2016 to talk about new Z-Wave Security 2 (S2) standard.
Avi Rosenthal, vice president of Security and Control at Nortek Security and Control gave a speech at SMAhome International Conference 2016 to talk about new Z-Wave Security 2 (S2) standard. He is also the founding member of the Z-Wave Alliance, and member of the Z-Wave Alliance Executive Board, with 25 years of experience in IoT and connected devices for residential integration.
Cyber security has been a critical issue in the IoT space, and security becomes the number one concern to the consumers. To be successful in the market, consumers need to feel confident in the security of their privacy.
Rosenthal said, “Security has to be designed in from the start, and there is always a balance with convenience. The new security may cause backward compatibility issues. We need to make sure they are compatible with millions of devices installed. Gateways also must resist Internet hacking as well, and the gateway can take the advantage of S2.”
To provide secure network environment, Z-Wave is introducing a new security protocol called S2 to enhance security of wireless devices. All new Z-Wave devices, shipping after January 1st, 2017 must adhere to the new S2 rules. S2 is contained in the SDK version 6.7. The S2 SDK is available now from the Z-Wave Alliance website for Beta Development. The published version will be available in September this year.
S2 features higher level of security and lower power consumption in comparison with Security 0. Rosenthal explains the disadvantage of Security 0 which has weak key exchange. The network key can be captured because of that weak exchange. Also, the Security 0 is power hungry for sensors, does not support for multicast applications, and slow for groups of lamps and firmware update.
“We are not trying to create new standard but use the available industry standard.” S2 utilizes AES 128 encryption, industry-wide accepted secure key exchange which uses Elliptic Curve Diffie-Hellman (ECDH), and authentication via PIN or QR code. “EDCH is an industry-wide accepted practice that is well-established and used for security corporations and governments. We're going to use this strict standard and apply that to residential systems.” He added that there will be options for low-cost devices and simple systems provided to consumers who don’t need this level of authentication. For example, controlling two light bulbs with the mesh network doesn't necessarily require ECDH-level of security.
Security 2 is hack-proof and supports multicast. If there is a hack around there when an installation is taking place, a rogue node can be actually put off. The nonces are synchronized via single-cast follow-up transmissions. S2 Multicast uses new methodology that is primed via single-cast follow-up instead of using Z-Wave multi-cast. S2 Multicast receiver listens for S2 Multicast GroupID. Even the hackers manage to grab the package of information, he won't be able to duplicate the message to talk to the individual nodes. This makes S2 virtually hack-proof. “S2 supports multicast that the device can actually be included to a Z-Wave network full of nodes, being able to do synchronization and a single cast follow-up.“
Talking about security threats, Rosenthal mentioned that a controller may include a rogue node which might be owned by an attacker. S2 layer does not hand out network keys to rogue nodes. Hackers may listen during key exchange to read what's going on in the path when the communications are back and forth. Secure channel is used for S2 key exchange to prevent eavesdropping. The rogue node may request S2 keys; however, authentication is used to ensure that S2 keys are only assigned to authenticated nodes. In addition, attackers may sniff and replay message with just a special Z-Wave transceiver; S2 uses a rolling code to invalidate old messages. If attackers uses jammer, special antennas and Z-Wave transceiver to sniff, delay and replay message, S2 transmitter can detect the attack via missing or wrong application response.
“You may have customers that add nodes at the same time, and the node might be included with the wrong gateway. It’s annoying, but not critical from a security perspective. The QR code and PIN number can make sure the devices are installed in the right place,” added he.
OTA performance is extremely important in the wireless mesh devices. S2 rolling code is automatically updated by sender and receiver, without need to negotiate new nonce for each image fragment. It doesn’t have to send the package back and forth in order to establish connection between devices. So the battery-operated devices could use much less power when they are added to this security device.
“It takes five different transmissions in the non-secure environment to turn a light off. In S2, it only takes three. It saves a lot of power and transmission. It also makes your mesh network much healthier.“
Today, gateways use Get-Report to monitor application progress. S2 integrates with supervision CC report for set commands, and eliminates the need for gateway Get-Report follow-up queries. Security 2 Nonce Report provides positive acknowledgement that allows sender to send next command with minimum delay.
We also have Beam command for waking up certain battery-operated devices. The device can be waked up in a short period of time. It will save battery life and cut down network traffic.
Rosenthal stressed that the gateway manufacturers are going to have to be aware of these new protocols because they will be implemented as a methodology to be added to the gateway. All new Z-Wave devices for getting certification, shipping after January 1st, 2017 need to be submitted using SDK version 6.7 and must adhere to the new S2 rules. “It doesn't mean you need to go to your old devices and upgrade them to the S2. We are intending to use it as a leverage against the hacking that's going on right now. Z-Wave is going to raise the bar in security for industry. We hope more people are going to take the advantage of the products we made and design every day,” he concluded.