The appliance industry is now at a point where it is ready to make some money in the so-called "Home Automation affair." The efforts are now fully being directed toward the specification and design of architectures that would guarantee an affordable level of satisfaction of investors and possibly of customers.
Home connectivity systems are complex. Both technicians and business developers have been busy solving many problems related to communication, cost of devices, and interoperability of applications, along with problems related to services definitions and business models characterization. Development and research are still the key points for preparing both the market and appliance producers for a successful launch of home automation.
Two years ago under the IST program (Information Society Technology), a research project was funded by the European Commission to address one of the pending home automation issues - security. The initiative is called e-PASTA, which stands for "Electronic Protection of Appliances through a Secure and Trusted Access."
When the project started in January 2000, the overall feeling was that the problem of security of home connectivity environments - in terms of security of access and privacy - had not been properly addressed yet. Moreover, white goods manufacturers believed there was a general lack of awareness in this specific area.
The e-PASTA Consortium consists of five companies - Merloni Elettrodomestici SpA, Trialog, Trusted Logic, T-Systems International GmbH, and Wr@p SpA. Each company has an individual specialization, demonstrating that working together in a cross-sector must be a common priority in order to define a solid approach to security architecture definition and security components design.
The e-PASTA project applied the methodology of evaluating security using the approach of the International Common Criteria standard. ISO15408 is a standard for security evaluation that has been used extensively in a variety of environments. It is currently required for the design of sensitive components such as smart cards, payment terminals, and firewalls. It brings assurance that efficient procedures have been integrated to counter security attacks. It also provides an ideal framework to carry out a security analysis and derive security architectures for home connectivity.
This globally accepted standard has been used both as a methodology to provide a sound security specification and as a suitable standard for future evaluation and certification of security components. Two types of connectivity are being taken into account - those based on simple gateways and those based on services gateways where Java applications can be deployed following the Open Services Gateway initiative (OSGi).
While carrying out the security analysis of smart applications such as remote control, remote monitoring, and maintenance of appliances, some specific reference environments were identified and defined as e-PREs (electronic Protection Reference Environments). An e-PRE is a generic home network configuration, which includes a set of use cases. It is defined as the association between a physical architecture made of network elements (such as gateways, communication modules, appliances, terminals, etc.) and a home application with real security issues (such as remote monitoring, content delivery, etc.).
Thus, an e-PRE implies smart appliances and network elements; it may include some configuration options, as well as some assumptions concerning the use and the behavior of the overall system.
Part of the security analysis of an e-PRE is the definition of the following aspects:
assets requiring protection (for example, the network address, the device address, and the programs of the appliance and its operational data, etc.);
assumptions to be made for the application (for example, pre-installation and initialization of appliances);
threats to countermeasure and vulnerabilities of the system (for example, Hijacking, Impersonation, Replay, etc.); and
organizational security policy and security objectives.
Most of the time, a complex home network environment can be made of one or more e-PRE. The e-PASTA project has identified the following three e-PREs:
"Local Operations" e-PRE; "Remote Operations" e-PRE; and "Service on Demand" e-PRE.
One of the main achievements of the project is that the concept and definition of e-PREs can be entirely reused as a "template" or "profile" to analyze other home connectivity architectures and applications. Furthermore, the e-PASTA project has developed the first home connectivity platform that includes certifiable security components.
E-PASTA has demonstrated the first connectivity platform that has been designed with the ISO15408 methodology. It is the first step on the roadmap to future secure and trusted connectivity platforms design. Further aspects of an actual security solution have to be dealt with and validated; this concerns all the details of deployment, performances, and security management (registration, key distribution, monitoring, revocation of service, etc.).
Furthermore, some specific attacks may get higher priority in the future. As an example, denial of service attacks could have a higher priority in the local e-PRE. In this situation, revising the e-PRE specifications might be needed. Because e-PASTA is presently focused on feasibility and not on completeness, the current e-PRE do not produce ready-to-be -evaluated products. Therefore, e-PREs have to be finalized and interworking mechanisms consequently standardized.
About the Author
Daniele De Bellis graduated summa cum laude in Mechanical Engineering from the University of Ancona, Italy, in 1999. From 1999-2000, he worked for Merloni Elettrodomestici SpA in researching home automation. In 2000, Mr. De Bellis joined Wr@p SpA, a spin-off of the Corporate Electronics R&D unit of Merloni Elettrodomestici.