Cyber Security of Smart Homes: Development of a Reference

Architecture for Attack Surface Analysis

K. Ghirardello*, C. Maple*, D. Ng†, P. Kearney§

*CSC, WMG, University of Warwick, UK. {K.ghirardello.1, cm}@warwick.ac.uk; †Cyberowl, UK. [email protected];
§
Birmingham City University, UK. [email protected]

use of remote servers, where the information is processed,

Keywords: Smart Home, Reference Architecture, Internet of stored and interpreted.
Things, Attack Surface.
While there are clear benefits to Smart Homes, such as
Abstract remote control of home functions and efficient energy
consumption, there are also major concerns regarding their
Recent advances in pervasive computing have caused a rapid security that must be addressed [3]. The introduction of a
growth of the Smart Home market, where a number of variety of IoT devices into a Personal Area Network (PAN),
otherwise mundane pieces of technology are capable of in fact, necessarily leads to an increase of the attack surfaces
connecting to the Internet and interacting with other similar that may be exploited by malicious hackers [4], which is
devices. However, with the lack of a commonly adopted set especially worrisome considering the high number of average
of guidelines, several IT companies are producing smart vulnerabilities associated with the most popular IoT products
devices with their own proprietary standards, leading to [5]. Moreover, the absence of widely adopted guidelines
highly heterogeneous Smart Home systems in which the related to how Smart Home devices are to be designed and
interoperability of the present elements is not always assembled has created a myriad of products that follow
implemented in the most straightforward manner. As such, proprietary standards. This commonly leads to the creation of
understanding the cyber risk of these cyber-physical systems heterogeneous residential networks in which it is difficult to
beyond the individual devices has become an almost assure the security and privacy of consumers [6], particularly
intractable problem. This paper tackles this issue by when different cloud services are interacting with each other
introducing a Smart Home reference architecture which [7, 8]. On the other hand, as businesses have a priority of
facilitates security analysis. Being composed by three minimizing costs and releasing their product to the public as
viewpoints, it gives a high-level description of the various quickly as possible [9], an insufficient amount of resources is
functions and components needed in a domestic IoT device being devoted to ensuring that products and services are
and network. Furthermore, this document demonstrates how secure by design. There is, therefore, a critical need to
the architecture can be used to determine the various attack understand the cyber risk of Smart Home networks beyond
surfaces of a home automation system from which its key the individual devices and in the context of the entire system.
vulnerabilities can be determined.
This paper proposes a high level reference architecture which
1 Introduction maps Smart Home products and services to facilitate security
analysis on residential IoT systems. It comprises multiple
The Internet of Things (IoT) is rapidly gaining momentum in viewpoints through which a home automation network can be
a variety of different industries, promising to change the defined, each of which was chosen to detail the processes that
manners with which people work, live and interact with enable IoT cloud platforms, the elements that compose Smart
technology. With both ubiquitous and cloud computing Home devices and networks and the methods through which
becoming increasingly widespread and relevant, it is no device communication and interaction are possible. This
surprise that many multinational technology companies have architecture enables the creation of a detailed account of the
entered the Smart Home market by releasing Smart Home crucial vulnerabilities associated with the different Smart
control points (i.e. Google Home, Amazon Echo, and so on) Home attack vectors, thus allowing IoT developers and
and cloud platform services (such as Amazon Web Services). manufacturers to recognize the ecosystem in which their
In fact, it is estimated that by 2020 the total number of product or service will operate and identify its attack surface.
employed Smart Home devices will reach approximately 12.8 The remainder of this paper is organised as follows. Section 2
billion units [1], while, according to Jupiter Research, the summarises other IoT reference architectures that were
global revenue generated from Smart Home services will considered in the development of the one presented in this
amount to $71 billion by the end of 2018 [2]. As such, future paper. In Section 3 the derived Smart Home reference
home environments are set to accommodate a sundry of new architecture is presented, divided in its three viewpoints and
internet connected devices which perpetually collect data on components. Section 4, then, explains the way with which the
their surroundings and take action accordingly through the architecture may be used in determining a residential IoT

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
network’s attack surfaces. Finally, a summary and conclusion comprehensive understanding of smart device behaviour and
round up the paper in Section 5. interactions through multiple viewpoints. Each viewpoint is
furthermore deconstructed into components, which serve a
2 Related Work specific purpose and interact with other components in its
viewpoint. The viewpoints were chosen by dividing the smart
A number of different reference architectures have been home ecosystem in three essential components: Services,
developed in the IoT domain, either to generalize its various Devices and Connections. As such, the following were
applications or to specify a particular type of implementation. delineated:
The IoT-A reference model [10] and the ISO/IEC IoT
reference architecture (IoT RA) [11] represent high level, The Functional Viewpoint, concerned with the functions that
multi-dimensional architectural frameworks which are enable IoT devices, their structure and interactions.
decomposed into various architecture views to give an all-
encompassing understanding of IoT systems. Both documents The Physical Viewpoint, concerned with the physical
aim to provide a starting point for the development and components of the of the Smart Home ecosystem.
deployment of system specific architectures and thus
represent very general descriptions with little detail on the The Communication Viewpoint, concerned with the
actual interactions between certain components within technologies that enable devices and cloud platforms to
specific Views. The Industrial Internet Consortium has interact.
likewise produced a reference architecture [12] which takes
on a similar approach as the previously mentioned examples, These viewpoints should not be considered separate and
delineating five separate viewpoints concerned with distinct independent from one another, but specific perspectives that
topics of interest, and while it does present a more granular work together in conjunction. Having scrutinized a multitude
portrayal of IoT systems, it was conceived exclusively as an of cloud platforms and IoT devices, the resulting architecture
architecture for Industry 4.0. is vendor-neutral and not dependent on specific types of
technologies or information. Furthermore, its high level of
Numerous IT companies have also produced reference abstraction and modular nature, given how not every
architectures for their own IoT platforms. Indeed, Intel IoT viewpoint component must be present in a specific
[13], Microsoft Azure IoT Hub [14], Amazon Web Services implementation of a domestic IoT system, allows it to be
[15] and IBM Watson IoT Platform [16] are accompanied applicable to a wide variety of Smart Home systems.
with documentation of the inner workings of their services.
Compared to the more general IoT-A model and IoT RA, 3.1 Functional Viewpoint
these reference architectures offer a vastly more detailed
explanation of the back-end components of the cloud with The Functional Viewpoint highlights the necessary functions
their relative connections and interactions, furthermore needed for a Smart Home ecosystem to operate correctly. The
allowing different cloud services to interact with one another. IoT network is divided into six functional layers, each with a
While these characteristics are of great importance for a generic range of capabilities, which can be further divided
Smart Home reference architecture which facilitates security into functional modules that serve more specific purposes
analysis, the diversity in technologies and applications critical for the layer they reside in.
adopted by these IoT solutions has resulted in dissimilar
architectures which are dependent on each service’s 3.1.1 Edge Layer
specifications. Moreover, these architectures do not offer
multiple viewpoints, as they present a combination of The Edge layer presents the functions that allow smart
different concepts which would be described separately in devices to interact with their surroundings. It is responsible
models more similar to the ISO/IEC IoT RA. for the observation of an environment, the creation of data
relative to such environment and its manipulation according
Exclusively for domestic environments, the SmartThings to the information extracted from the data. Because it deals
reference architecture [17] depicts the structure behind the with the physical world, this layer is necessarily implemented
open platform developed by SmartThings Inc., which through tangible devices to be located in a consumer’s
connects Smart Home devices to the cloud and provides household.
communication among all connected devices. Unfortunately,
this architecture presents many of the problems of the Sensor. Sensing is the function with which a piece of
precedent models, since it is unable to clearly specify the way hardware can determine the parameters of its environment
with which the cloud functions and it lacks the multiple and convert it into a digital signal, which is then processed in
viewpoints that describe the entire system. order for the system to understand the state of said
environment.
3 Smart Home Reference Architecture Actuator. Actuators are components of the IoT system which
This Smart Home reference architecture aims to give a can control and manipulate the real world. It receives a
layered description of domestic IoT systems, providing a control signal which is then converted into an action, such as

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
switching a light off, turning a boiler on or activating a 3.1.3 Information and Analytics Layer
speaker.
The Information and Analytics layer is composed of the set of
functions necessary for the correct and secure handling of
 
gathered data. This layer also interacts with the Operations
and Management layer by supplying it with the necessary
 



 
information for the system to make decisions in a timely
fashion, and with the Enterprise and User layer by presenting
data on connected smart devices to end-users, application
developers or internal departments of the same enterprise.
 



 




Data Flow and Transmission. This module is tasked with
 
the rapid and efficient transfer of data within the cloud to its
individual components. As the cloud gateway identifies and
authenticates data into the system, data streams are then

channelled in order to facilitate the transportation of such


information to either be stored, analysed or processed to start
a chain of actions. As cloud platforms are typically required
to connect to a vast number of geographically dispersed
devices, this module may employ load balancers to distribute
traffic into multiple data streams across many processors,
Figure 1: Functional Layers of the Smart Home System. storage units, etc. By segregating data according to
Green arrows represent data flow, orange control flow and information contained in the application protocol header, the
yellow management flow. cloud provider can increase its reliability of service and
minimize its downtime. The type of data it may handle
3.1.2 Connectivity Layer include telemetry, generated by a device’s sensor, device
metadata, which is information relative to a specific IoT
The Connectivity layer is tasked with the integration of cloud device, and alerts and actions, which may be incurred when
services in smart devices. With many smart devices not Smart Home devices present the capability of pre-processing
holding the capability to process, store and analyse collected data at the Edge.
data locally, this section of the system connects a local
network of devices to the Internet, where the IoT cloud Data Analytics. The Analytics module utilizes Machine
services can be accessed. Learning and Big Data analytics to extract vital information
from raw, unstructured data. Therefore, the cloud utilizes the
Residential Gateway. This component allows a local area entirety of a device’s telemetry data, often supported by data
network (LAN) to connect to a wide area network (WAN). A from secondary sources, to uncover particular patterns that
residential gateway manages information flow by receiving may be instrumental in the service provided by the back end.
data from various sources and standardizing it to a form The Analytics module can process data either in bulk, when
which can be handled by the Internet. Also, to ease the real-time analysis is not required, or streaming, when an
workload of cloud providers, these components may also be associated cloud service will continuously receive and
provided with certain capabilities such as data aggregation, immediately process high volumes of time constrained data,
filtering and transformation. applying decision making to the transient data flows. As the
Analytics module receives and processes data from the
Cloud Gateway. Comparable to how a Residential Gateway Storage module or Data Flow and Transmission module, it
enables smart devices to connect over the internet, the Cloud then interacts with the Logic and Rules module, where further
Gateway is responsible for the safe flow of data from the actions are taken depending on the resulting intelligence
Wide Area Network to a cloud provider and vice versa. It received.
therefore enables the connection of multiple devices,
normalizing their data flow and permits the back end to Storage. Once data is received by the cloud service, the
further process the information it receives, while also Storage module is tasked with its safe and persistent storage
allowing to receive and send information to third party cloud within the system to facilitate cloud analytics and service
providers, which is the primary method through which orchestration. This data can either originate from the devices
heterogeneous IoT devices can communicate. In order to themselves, from third-party cloud services or, in the case of
enable a secure form of communication to and from the processed data, from the Analytics module. Device originated
system, Cloud Gateways are provided with a firewall which data that is not telemetry, such as device identity and
blocks any form of data that does not meet distinct metadata, will generally not be handled by this module, rather
predetermined policies. Furthermore, a Cloud Gateway will by the Device Management and Device Identity and Registry
enact both device authorization and authentication through modules.
the help of the Device Identity module.

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
3.1.4 Operations Layer Home network, APIs expose a cloud's information and
services for the public to utilize, enabling third party
The Operations Layer represents the set of functions which developers and business partners to produce pieces of
apply domain logic, rules and models. It receives processed software dependent on key elements of the IoT cloud. This
data from the Information and Analytics layer and, depending module represents the primary manner with which smart
on its value, takes the required actions. Alternatively, it devices communicate with different cloud services or devices.
receives direct commands which must be executed from the Furthermore, it connects to the Storage or Data Analytics
Edge or Enterprise and User layer. module through Data Flow and Transformation, since
information must first be standardized before leaving the
Logic and Rules. The Logic and Rules module represents the cloud platform, and to the Logic and Rules module when
collection of domain logic functions which aim to enforce commands to be executed are received.
specific business functionalities of the IoT cloud service. It
receives the normalized or analysed telemetry data and User Interface. While APIs are generally created for
generates actions based on predefined rules. Additionally, the application developers, the User Interface (UI) represents the
Logic and Rules module will include the set of functions main point of access to IoT services and information for the
which determine what commands are given to devices in end user. As ordinary consumers are not assumed to be
order to operate their actuators, and application logic, which technically proficient, a focal point of these interfaces is to
enables the use of User Interfaces and API. ensure that they are intuitive and easy to use. Through this
component, end users are able to register new devices by
3.1.5 Management Layer sending the necessary information to the Device Management
The Management layer is responsible for the continued module (which subsequently will update the Device Identity
operation of IoT services associated with smart devices, and Registry), control their device by directing commands to
representing the set of functions devoted to device the Logic and Rules module and monitor it by receiving either
provisioning, monitoring and control. real-time data (live streaming from smart security camera) or
processed and analysed information. While UIs
Device Management. Device Management includes the set predominantly employ APIs to operate, there are some which
of functions which assure that IoT devices safely and properly communicate directly with the cloud service. Whether smart
make use of a cloud’s services. These includes device devices are devoid of a built in interface or are large enough
provisioning, which refers to the process of registering new to accommodate one, the main method of implementing UIs
devices into the IoT system, device configuration, which is through mobile and web applications. In other cases, such
allows users to set up their device with specific attributes, as with the Amazon Echo and Google Home, smart devices
device monitoring and software/firmware updating. may exist solely to provide a centralized user interface for
many other smart devices and cloud services.
Device Identity and Registry. This module stores the
information needed for each connected device to be fully Business Domain. The Business Domain module represents
functional and able to utilize cloud-based services. Device the gateway through which business decisions can affect the
Identity contains cryptographic material and attributes used normal functioning of the cloud services and associated
by the Cloud Gateway module to authenticate incoming flows products. Being connected to the Logic and Rules component,
of data, while the Device Registry stores information, it is able to alter the network’s domain logic, reshaping its
different from the records present in the Device Identity, existing characteristics or adding new features to the cloud.
about devices that the cloud provider may access, control and Also, it is responsible for the release of new software and
manage. Ordinarily, these two components are kept separate firmware updates to each connected device, thus triggering
in order to ensure low latency the device-cloud specific functionalities in the Device Management module.
communication by limiting the amount of information
associated with the Device Identity and to prevent the Device 3.2 Physical Viewpoint
Registry to contain critical key or cryptographic material The Physical Viewpoint of the Smart Home reference
architecture aims to delineate a residential IoT system through
3.1.6 Enterprise and User Layer the technological components necessary for the
The Enterprise and User layer represents the set of functions implementation of the functions described in the previous
managed by a business that enable smart device consumers viewpoint. It therefore presents the required pieces of
and third party services to gain access to cloud applications, hardware and software to be used for the collection,
functionalities and collected/analysed data through a common transportation and processing of data, with subsequent
interface. Furthermore, through this layer businesses are able commands being created and directed to specific components.
to implement their own domain logic in the Cloud layer. Other than the functions delineated in the previous viewpoint,
there are a multitude of system requirements that the Physical
APIs. An Application Programming Interface (API) is a set of Viewpoint must also take into account, such as computational
methods and functions which promote communication constraints, low latency data transmission, low energy
between various software programs. In the context of a Smart consumption, interoperability of dissimilar technologies, etc.

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
Since the detailed presentation of each variation of IoT and the consequent enactment of control logic. This process
technology is a time consuming process outside of the scope ranges from very simplistic, such as perceiving and altering a
of this document, this Physical Viewpoint rather describes the room’s temperature, or extremely complex, in which case
general tools that either interact with an environment and Machine Learning and Artificial Intelligence techniques may
transmit data or that enable other devices to interact and be involved. Although certain IoT technologies do present
communicate in an environment. edge computing (i.e. local processors) to decrease the
processing load of remote systems, most devices rely on
cloud processing almost exclusively.

Memory. Memory can either be volatile or non-volatile.

Volatile memory is generally used in aiding the normal
activity of a processor, retaining data and information that is
currently being used. Non-volatile memory permanently
stores information, even after its power source is removed.
This kind of memory is often used in smart devices that seek
to store sensor data locally, either as back-up or to be
uploaded to the cloud in bulk at a later time.

Power Source. This component is responsible for providing

electrical devices and appliances with enough power to ensure
their ordinary operability. A Power Source may be included
in a piece of technology either through portable batteries or
direct mains electrical power supply. This component is
particularly important in determining the mobility of the
considered device.

Figure 2: Physical viewpoint of a Smart Home System. Firmware. This component is comprised by the class of
software used to control and monitor hardware components
while being able to receive, read and transform data signals. It
3.2.1 Components bridges the digital world with the material one by abstracting
common computing resources and allowing digital signals to
In this viewpoint, a device can be broken down in the be converted into motion. For any IoT device able to connect
following components: sensors, actuators, processors, to a cloud platform, it is of central importance that the Smart
memory, power sources and firmware. These components Home system can frequently update device software to patch
don’t all necessarily have to be present for the piece of bugs, fix vulnerabilities and add new functionalities.
technology to be considered an edge device.
3.2.2 Devices
Sensors. Being the component which implements the sensing
function from the Functional Viewpoint, a sensor detects The following represent the types of devices present at the
changes or events in its environment, converting analogue end user’s residence that compose the Smart Home Local
signals to electric ones and sending them to other electronic Area Network.
components. Other than ensuring that a sensor does not
actively interact with the entity it is observing, it is typically IoT Smart Devices. Known as the “things” of the Internet of
important that the generated readings are as accurate as Things, IoT devices are the physical objects with non-
possible. computing primary functions, that is they are able to sense
and/or interact with an environment and can connect to a
Actuators. As with sensors, actuators are the physical network over which they transfer data and receive commands.
implementation of the actuation function from the Edge These may range from security cameras, lightbulbs and door
Layer, thus taking action or controlling a specific entity of locks to fridges, dishwashers and kettles.
interest. They receive commands directly from a user
interface or indirectly through sensor data processed either IoT Hubs. IoT hubs are designed to provide a central
locally or, more commonly, through the cloud. A single controller that can connect a multitude of smart devices.
actuator can either operate independently or in conjunction These can be homogenous or heterogeneous hubs. The first
with other actuators to provide a more complex set of state kind is generally produced by the same company that
changes to a physical entity. Common examples of actuators produces the IoT devices it is able to connect to and,
are loudspeakers and power switches. therefore, are generally required for the normal functioning of
the connected devices. This is common for especially small
Processors. These components are responsible for the IoT devices which alone are not able to connect to the WAN
interpretation of data produced by sensors and third parties or cannot process the data it produces. Heterogeneous hubs

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
connect a multitude of different devices and enable them to
communicate with each other. They usually come with their Wi-Fi. Being present in all homes with a wireless router, a
own application which allows the consumer to control all vast number of smart device manufacturers currently create
connected technology through a single portal. devices which utilize this protocol. It supports high
bandwidth frequencies, around 2.4 and 5 GHz, and high data
Residential Gateway. Residential Gateways are customer- rates of hundreds of bits per second. While these
premises equipment that connects IoT devices with the specifications are optimal for video streaming and file
Internet. They are the physical implementation of the transfers, they imply higher power consumptions, thus
Residential Gateway functional module, thus they receive smaller, battery-provisioned IoT devices may not be best
data from connected devices and translate it into the suitable suited for Wi-Fi connections. Also, being a fairly well
communication protocol. In certain cases, Residential supported protocol, it is not uncommon for domestic Wi-Fi
Gateways may integrate some of the functionalities of IoT networks to include a number of different devices (IoT and
hubs, providing local data pre-processing and analytics or not) competing for bandwidth, which results in their slower
two-way device communication without the need to connect response times and higher latency.
to a cloud server.
Ethernet. As with Wi-Fi, Ethernet is similarly a protocol
Smartphones/Tablets/Computers.
These are devices whose implemented or supported by many residential LANs. It
primary functions are computing related, which, in the sports some of the highest data rates possible, with extreme
context of the Smart Home system, include providing to an cases going up to 10 Gbps, and without the problem of
end user a way through which IoT devices can be monitored bandwidth interference, it represents one of the most reliable
and controlled. While not generally considered IoT smart communication protocols at this layer. On the other hand,
devices, smartphones occupy a particular position in these being a wired solution implies that its connected devices must
networks, since they also include sensors, such as be stationary and connected to an Ethernet port.
microphones and accelerometers.
IEEE 802.15.4. Defined in 2003 by the IEEE 802 working
group, 802.15.4 represents a communication standard for low
3.3 Communication Viewpoint data rate wireless personal area networks (LR-WPAN) for
devices using low-complexity, short-range radio frequency
The Communication Viewpoint describes the communication transmissions [18]. Compared to the more power intensive
protocols employed to enable IoT devices to receive and WI-FI, it operates on bandwidths that generally span from
transmit information to other devices and cloud services. 868/915 MHz to 2.4 GHz, with transfer rates between 20 and
Being a crucial element of any Machine-to-Machine network, 250 Kbps. This standard is targeted for devices with very low
these protocols determine the manner with which data is manufacturing costs and simplistic architectures, therefore
encoded, formatted, and transported from host to host. This needing a form of communication with low power
viewpoint draws from the Internet Protocol Suite (TCP/IP) to consumption.
categorize the various used protocols in four abstraction
layers, each of which provides a number of functions needed Cellular. Cellular communication protocols are the set
for device networking, making use of layers below and standards which enable certain devices to communicate over a
providing services to the ones above. Therefore, a Smart long distance. Though dependent on the specific protocol
Home system will employ a stack of protocols in which lower used, cellular communications generally support high data
layers are logically closer to the physical transmission of data, rates (around 600kbps to 10Mbps for 3G, 3 to 10Mbps for
while higher layers deal with more abstract data, being 4G) and frequencies that go from 800 to 2600MHz.
logically closer to application programs.
3.3.2 Internet Layer
3.3.1 Link Layer
The Internet Layer is tasked with the routing of data to the
The lowest layer of the TCP/IP model, it defines the correct destination which is specified through an
technology through which data is physically transmitted identification, such as the IP address for the Internet Protocol.
through the system. This layer connects sensors, actuators, It determines the fastest route through which a message can
devices and other edge nodes, regulating how information is be received and, in case the selected route presents any sort of
transformed in electrical or radio signals, depending on the issue, it selects alternative routes. The Internet Layer receives
kind of network connection capabilities of the device. data from the Transport Layer and sends data to the Link
Furthermore, the link layer is responsible for receiving data Layer.
from the Internet Layer and encoding IP packets/data into
frames, which include source and destination MAC addresses, IPv6. The Internet Protocol version 6 (IPv6) is the latest form
a Frame Check Sequence which checks for transmission of the Internet Protocol, which is the principal protocol used
errors for the frame and a Preamble that synchronizes the in the Internet Layer. It is responsible for delivering data
receiving of frames. packets by the IP address present in the header of the
datagram. This protocol was created to address a core

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
problem present in the previous version (IPv4), that is the provided by the lower layers. Since there are numerous
limited amount of addresses that it is able to provide. In order Application Layer protocols depending on the application
to bridge the IPv6 technology to unsupported wireless they interact with, this document presents some of the more
networks of devices with low power consumption and relevant for their implementation in Smart Home
processing abilities, such as BLE, the IPv6 Low Power environments.
Wireless Personal Area Network (6LoWPAN) is commonly
used. Moreover, these low-power networks often present MQTT.
The Messaging Queuing Telemetry Transport
frequent topology changes and lossy radio links, resulting in (MQTT) protocol is a lightweight communication standard
an environment in which routing packets becomes designed for resource constrained, low bandwidth networks.
challenging. To that end, the IPv6 Routing Protocol for Low- It employs a publish/subscribe in which edge nodes publish
Power and Lossy Networks (RPL) is used to reactively create information to a broker that, in turn, conveys such
a graph of nodes which determines the optimal path through information to selected clients according to the topics to
which data can be transferred. which they are subscribed. Also, the broker is capable of
buffering information in case a device disconnects from the
3.3.3 Transport Layer network, allowing it to receive it the moment it reconnects.
As a lightweight protocol, it is suitable for monitoring a large
The Transport Layer provides host-to-host communication, number of devices without having severe performance
delivering information to the target application program. As implications to a network’s bandwidth.
the Application Layer normally processes data streams rather
than datagrams, this layer ensures that data is received by the AMQP. The Advanced Message Queueing Protocol (AMQP)
host in the appropriate order and, through an error detection is an open-source standard that supports various middleware
code, that it has not been corrupted or lost. The Transport messaging applications, allowing different systems to
Layer is also responsible for the control of data flow: it, in communicate independently of their internal specification.
fact, determines if a host’s data buffer is able to handle the
amount of data it needs to receive. CoAP.
The Constrained Application Protocol (CoAP) allows
resource-constrained devices to interact with the Internet,
TCP. The Transmission Control Protocol (TCP) is a enabling IoT and Machine-to-Machine applications. As with
connection-oriented protocol, meaning that it creates a MQTT, CoAP is applied in lossy networks with low-powered
connection between a sender and receiver which is devices where the network requirements are low message
maintained active until all required messages have been sent. overhead and contained data size transfers, while it differs
Even if any problem is incurred in the Link or Internet Layers from MQTT in the fact that it does not require an underlying
while transferring data, TCP enacts a series of procedures that reliable Transport Layer protocol, as it runs over UDP. Also,
guarantee that the information is received intact: a sender CoAP is a one to one protocol that supports one-to-many or
keeps track of all packets sent with a timer and waits for the many-to-many multicast message delivery.
receiver to respond with an acknowledgment message. If the
timer stops and no such message is received, the sender then XMPP.
Initially created for instant messaging and presence
re-transfers the “lost” packet. It is one of the central protocols information, the Extensible Messaging and Presence Protocol
of the Internet Protocol Suite, being used by applications such (XMPP) is a decentralized messaging protocol with near real
as the World Wide Web, email correspondence and video time exchange of data between network nodes. It presents a
streaming. set of core protocol standards to specify its client-server
messaging, while a set of XMPP extensions can broaden its
UDP. Compared to TCP, the User Datagram Protocol (UDP) implementation. For IoT specifically, XMPP can define the
uses a much simpler method to transmit data, which does not structure of the retrieved device data, provides a relatively
check whether packets have been received by an end host, or lightweight middleware (although not to the extent of MQTT
whether they arrived in the correct order. Thus, UDP and CoAP) and is federated, thus allowing device
represents a less reliable Transport Protocol than TCP, interoperability.
possessing only data integrity capabilities through checksum
algorithms. On the other hand, the simplified datagram- DDS.
The Data Distribution Service (DDS) is a
transfer process results in a faster connection with lower publish/subscribe communication standard which presents
latency and protocol overhead, which makes UDP a more distributed processing – directly connecting sensors, devices
appropriate protocol for applications that can tolerate some and applications to each other without any dependence on
data loss without affecting their service. centralized IT infrastructure.
3.3.4 Application Layer HTTP/HTTPS. The most widely deployed protocols on the
internet, the Hypertext Transfer Protocol (HTTP) and HTTP
The Application Layer represents the highest layer of the Secure (HTTPS) are less suited for IoT applications because
TCP/IP stack, where communication is standardized for of the length of messages transmitted and short-lived device
network processes. Here protocols directly interact with connections it would create.
applications, allowing them to make use of the functionalities

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
3.3.5 Other protocols version of the X10, being a peer-to-peer powerline
communication protocol with greater reliability and faster
Although the previously defined list provides a solid basis to data transmission rates. Its main downside is the fact that,
outline a Smart Home communication network, there are a while it supports a considerably higher number of connected
number of widespread standards that either are based on a devices at a time compared to the X10, it has far fewer
group of the described protocols (ZigBee, Thread), employ compatible devices. Both protocols offer relatively low
their own proprietary protocols (BLE, Z-Wave) or operate bandwidth, no encryption capabilities and must be
through different pieces of technology (X10, UPB, Insteon). implemented into a house by technicians. Lastly, these
protocols are not designed to grant the connected devices
BLE. Bluetooth Low Energy (BLE) supports frequencies Internet access.
(2.4GHz) and connection ranges (50-150 meters) similar to
previous Bluetooth versions. What it improves on its Insteon. Insteon uses both wireless and wired technology to
predecessor is the fact that it consumes a very contained provide a dual-mesh network of various devices that each
amount of power. Hence, this protocol is better suited for independently transmit and repeat data signals, allowing it to
devices that do not require a constant connection to back-end support a large number of nodes at a time. Furthermore, by
servers, but rather that transmit low amounts of data at being able to send signals over both wired and wireless
specific points in time, disabling the connection as soon it is options, it represents one of the best options for reliable
not required to conserve power. connectivity.

ZigBee. Based on the 802.15.4 wireless standard, ZigBee is a

communication protocol with a 2.4 GHz radio frequency, 4 Smart Home Attack Surface
100-meter range and supported data rate of 250 Kbps. If
configured correctly, it has the potential to be one of the most The multiple viewpoints presented in this Smart Home
secure residential communication protocols, since it uses the reference architecture offer a comprehensive, high-level
same encryption technology used by international banks and overview of a domestic IoT network. With the actual
financial institutions. Being a mesh network protocol, ZigBee realization of such systems frequently resulting in notably
counts 3 types of devices in its network: a controller which idiosyncratic and heterogeneous structures, the modular
coordinates the network composition, a router that extends the nature of the presented architecture allows it to be applied to
network’s range and end-devices. As each device can be used Smart Home ecosystems which may vastly differ on an ad
as a router, end devices here do not need to communicate hoc basis, being heavily influenced by such factors as
directly with a central hub. available technology and device compatibility with previously
installed technology. As a result, both small and large scale
Z-Wave. Closely related to ZigBee, Z-Wave is a protocol home automation networks can be outlined, given the absence
specifically created for home automation purposes. It is of implicit structural restrictions on the number of devices
likewise based on mesh network technology with a central and back-end services that may be represented. Figure 3
control hub, which can configure and manage the network. depicts a particular Smart Home implementation, where
With low data rates that reach at most 100 Kbit/s, Z-Wave Functional, Physical and Communication Viewpoints are
offers low-latency communication among a long list of presented together.
supported devices, all of which can communicate and interact
with each other. This protocol runs on a lower than usual
908.42MHz frequency, which ensures that the network does
not experience interference from technologies which use
higher bands and that there are fewer devices on that
frequency.

Thread. Specifically designed for home automation, Thread

is a low power open source protocol based on IEEE802.15.4,
IPv6-6LoWPAN and UDP. As such, it is able to interact with
other IP-based standards (unlike ZigBee and Z-Wave) and
handle up to 250 power-constrained devices, making it a
complementary protocol to WI-FI for home automation.

X10/UPB. The oldest protocol created for Smart Home

devices still in use, X10 employs a house’s electrical wires to
transmit signals representing digital information to any of the
millions of supported devices. However, it suffers from very
slow command/information transmission and is quite limited Figure 3: Smart Home architecture example with the three
in terms of the amount of data transmitted at a time. The viewpoints merged
Universal Powerline Bus (UPB) can be considered the next

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
In this structure the Edge presents a series of different IoT Additionally, the reference architecture is able to briefly
Devices connected to a router directly through Wi-Fi or approach security analysis through the supply chain of
indirectly through an IoT hub. Each device with a sensor consumer IoT devices and services. For products, in fact,
produces data as it observes its environment and uses its Section 3.2.1 details the necessary components that make up
connection to a router to send it to the remote Cloud servers. the devices at the Edge, while Section 3.3.1 lists the possible
As data reaches the cloud through the Cloud Gateway, it is communication protocols that said devices may employ. In
further transferred to the Storage, Analytics or Logic and such manner the complete Smart Home attack surface will
Rules component. If this last module creates a device consider possible vulnerabilities present in the core elements
actuation command, it is forwarded to the Cloud Gateway, of consumer products. On the other hand, the supply chain for
which then connects to the Residential Gateway and sends the services can be examined through the Functional Viewpoint,
command to an Actuator. In case the created command which details the inner processes through which cloud
involves a device or service not managed by the same cloud platforms collect data and implement application and domain
platform, which is often the case in Smart Home logic.
environments, then APIs may be used to connect to the
appropriate Third-Party Cloud. Alternatively, devices with the 5 Conclusion
Logic and Rules module may make certain control decisions
locally, without the need to connect to remote servers. With the Internet of Things recently surfacing into the public
view, a variety of novel devices have emerged to compose
By clearly illustrating the various processes, devices and ever-more complex and heterogeneous Smart Home
data/control flows pertaining to a Smart Home network, a networks, for which understanding their inherent cyber risk
straightforward assessment can be made of the particular has become a challenge. This paper seeks to represent such
elements or areas critical to the overall functioning of the systems through a high-level reference architecture that maps
system and of the many pathways and entry points malicious IoT products and services. It is comprised of three
attackers may exploit to compromise said system. As such, a viewpoints, namely the functional viewpoint, which
stakeholder may employ the proposed reference architecture introduces the functions that enable Smart Home technology,
to determine the attack surface of Smart Home products and the physical viewpoint, which presents the different elements
services, which is crucial to systematically identifying that compose domestic IoT devices and networks, and the
relevant threats for each component and interaction, generally communication viewpoint concerned with the communication
achieved by adopting a threat categorization such as STRIDE. protocols associated with these cyber-physical systems. Each
Not only would this assist engineers and system designers to viewpoint is further decomposed into modular components
implement security by design in their products, but which allow the reference architecture to be applied to a range
furthermore allows them to determine how secure a certain of different Smart Home implementations. The paper then
piece of technology is in the context of the network it resides illustrates that the combination of the three viewpoints gives a
in. detailed enough understanding of these systems, outlining its
most important components and connections, to be used to
To clarify the preceding paragraph, the following example is determine its attack surfaces, through which the system’s
proposed. Utilizing the architecture present in Figure 3, a vulnerabilities may be categorised.
security analysis on the represented system might start with
the residential gateway, as it is the main entry point to the
considered Home Area Network. While these are provisioned
Acknowledgements
with firewall filtering capabilities, a possible way of
compromising it would be to physically tamper it (T in the This paper is produced as part of the PETRAS project
STRIDE classification): attackers with physical access to the “Security and Performance in the IoT Smart Home”
network, in fact, may be able to alter its settings, creating new (SPIoTSH), which is in collaboration with the IoT Security
device pairing requests and installing custom SSL certificates. Foundation (IoTSF), the Building Research Establishment
This would allow the network’s traffic to be redirected to (BRE) and CyberOwl.
alternative servers owned by the attackers [19]. As residential
gateways are responsible for connecting IoT devices to the References
cloud, telemetry data may be read and specific control
commands may be redirected. Furthermore, a compromised [1] Gartner, “Gartner Says 8.4 Billion Connected "Things"
residential gateway would have several other implications to Will Be in Use in 2017, Up 31 Percent from 2016”
the security of the system. Figure 3, in fact, shows that a (2017). Available at:
ZigBee network is connected to the residential gateway https://www.gartner.com/newsroom/id/3598917
through a IoT hub. As many of these devices continuously
generate network traffic to check for firmware updates [2] Juniper Research, “Smart Home Revenues to Reach $71
without any form of encryption or authentication, an attacker Billion by 2018, Juniper Research Finds” (2014).
may be able to carry out a man-in-the-middle attack and Available at: https://www.juniperresearch.com/press-
compromise the hub’s firmware [19]. release/smart-home-pr1

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.
 [15] Amazon Web Services, “AWS IoT Documentation,”
[3] C. Maple, “Security and privacy in the internet of (2016). Available at:
things.”, Journal of Cyber Policy, 2(2), pp. 155–184 https://aws.amazon.com/de/documentation/iot/
(2017).
[16] BM, “IBM Edge Delivery Services” (2017). Available
[4] I. Lee, K. Lee, “The Internet of Things (IoT): at: https://www.ibm.com/msen/marketplace/global-
Applications, investments, and challenges for network-for-online-workloads.
enterprises.” Bus. Horiz. 58, pp. 431–440 (2015).
[17] SmartThings Inc., “SmartThings API Documentation.”
[5] Hewlett Packard, “HP study reveals 70 percent of (2015) http://docs.smartthings.com/en/latest/ref-
Internet of Things devices vulnerable to attack.” (2014) docs/reference.html.
Available at: http://www8.hp.com/us/en/hp-news/press-
release.html?id=1744676#.VOTykPnF-ok [18] “IEEE Standard for Low-Rate Wireless Networks",
(2016).
[6] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, E.
Cayirci, 2002a. “A survey on sensor networks.” IEEE [19] M.B. Barcena, C. Wueest, “Insecurity in the Internet of
Commun. Mag. 40 (8), pp. 102–114 (2002). Things” (2015). Available at:
https://www.symantec.com/content/en/us/enterprise/fact
[7] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, _sheets/b-insecurity-in-the-internet-of-things-ds.pdf
"Internet of things (IoT): A vision architectural elements
and future directions", Future Gen. Comput. Syst., 29
(7), pp. 1645-1660, (2013).

[8] L.M. Kaufman, “Data security in the world of cloud

computing”, IEEE Security and Privacy Magazine, 7,
pp. 61–64 (2009).

[9] Accenture, “Igniting Growth in Consumer Technology.”

(2016) Available at:
https://www.accenture.com/_acnmedia/PDF-
3/Accenture-Igniting-Growth-in-Consumer-
Technology.pdf

[10] M. Bauer et al., “Iot reference architecture.” In Enabling

Things to Talk, pages 163–211. Springer, 2013

[11] F. Carrez et al., “IoT-A Deliverable D1.5 – Final

Architectural Reference Model for the IoT v3.0”,
ISO/IEC CD 30141:20160910(E) (2013). Available
at:https://www.w3.org/WoT/IG/wiki/images/9/9a/10N0
536_CD_text_of_ISO_IEC_30141.pdf

[12] S.-W. Lin et al., “Industrial Internet reference

architecture,” Industrial Internet Consortium (IIC)Tech.
Rep., (2015). Available at:
https://www.iiconsortium.org/IIRA-1-7-ajs.pdf

[13] Intel, “The Intel IoT Platform”. Available at:

https://www.intel.co.uk/content/www/uk/en/internet-of-
things/white-papers/iot-platform-reference-architecture-
paper.html

[14] Microsoft, “Microsoft Azure IoT Reference

Architecture” (2016). Available at:
https://azure.microsoft.com/en-gb/updates/microsoft-
azure-iot-reference-architecture-available/

10

Authorized licensed use limited to: Universidad de Sevilla. Downloaded on March 14,2023 at 13:13:29 UTC from IEEE Xplore. Restrictions apply.