Security in Private Networks of Appliance Sensors and ActuatorsStu Mesnier, [email protected] (A project report written under the guidance of Prof. Raj Jain)DownloadAbstractAn explosion of networked appliances is approaching. The idea of wiring home appliances for control and analysis has been around for decades [X10Industry Standard], but market and technology obstacles have long prevented acceptance. Cost, convenience, compatibility, reliability, and utility areamong the top issues retarding consumer acceptance of network-connected appliances. Cost has been dropping as a result of Moore's Law and itscorollaries. [Moore65]. Compatibility continues to increase as manufacturers agree upon standard protocols. Utility refers to the incremental servicesa consumer derives from network connectivity, and convenience refers to the transparency of establishing and maintaining the network connection,including, if necessary, changing or charging batteries. Reliability is always a genuine concern and being rapidly addressed because of pressure frommobile devices.Technological barriers are lowering and soon companies will offer specialized but useful services relying upon web-enabled appliances and devicesorganized into Private Appliance Networks, or PANs. Despite progress, special considerations are necessary for home and small business devicesconnected to a LAN and internet. This paper introduces the subject, offers a background existing communications and security services, and exposesand analyzes some activities and vulnerabilities that are peculiar for private home and small office appliance networks.Keywords: private appliance network, PAN, appliance, web-enabled device, access point, security, cryptography, vulnerability, attacks, defensesTable of Contents1. Introduction2. Background2.1. Essential Features2.2. Communication Mediums2.3. Battery Power3. Common Private Appliance Network Features4. Common Private Appliance Network Functions4.1. Adding an Appliance4.2. Configuring Appliances4.3. Removing an Appliance4.4. Adding or Replacing an Access Point5. General Problems and Attacks5.1. Sniffing Attacks5.2. Spoofing Attacks5.3. Denial of Service Attacks5.4. Man in the Middle Attacks6. ConclusionReferencesAcronyms1. IntroductionThe value of web-enabled home appliances has centered on contrived and unproven but emotionally appealing convenience and novelty applications.Have you heard of the web-enabled microwave? It reads a product bar code and sets cooking time appropriately for the power that it can deliver[THALIA01]. This can save the consumer a few keypresses, and few seconds of reading the packaging, and making mental adjustments tocompensate for the oven's power and the product's temperature. Sadly, the web-enabled microwave can only obtain information regarding the energyrequired to heat a standard sized portion of a product from a typical starting to a typical ending temperatures, though perhaps additional, non-webrelated sensors can detect actual serving sizes and temperatures and adjust cooking times and energy profiles accordingly. It is an open issue how theweb-enabled microwave oven will determine desired final temperatures or how they are met, or what mix of items might be present for heating in theabsence of product barcodes? But if you don't mind storing unrefrigerated dinner in your oven all day, then you can text or email it to start cooking sothat dinner is ready to eat as you are walking in the door!Do you rely upon a programmable coffee maker that you load with water and fresh grounds then program to brew 10 minutes before you awake? Ifso, then you may wish to upgrade to the web-enabled version. Why? Because maybe on Sunday you want to sleep a bit later yet still wake in time forchurch, so you don't program the coffee maker but only your alarm clock, and since the two talk over the network, the coffee maker adjusts its starttime to your new alarm clock setting, and even then only if you set the alarm. In fact, when you set the clock, you are warned if the brewer needscharging with water and fresh grounds! Unfortunately, without additional robotic controls you might run out of fresh java because you haveunexpected guests, or brew too much, or the wrong flavor. And you will still have to fry your own bacon and eggs even if the toast is timed perfectlyto pop up as you walk in.Cost, convenience, and utility are all practical barriers to the adoption of complex technology to accomplish relatively simple or minor tasks.Nonetheless, some appliances are amenable to web-enabling, and not merely for vanity or trivial convenience. Appliances that supply security andSecurity in Private Networks of Appliance Sensors and Actuatorshttp://www.cse.wustl.edu/~jain/cse571-09/ftp/sensors/index.html 1 of 8durable appliances that required maintenance to forestall or prevent costly repairs are candidates for web-enabling. In place of a web-enabled coffeemaker, you may prefer that your furnace alerts you and possibly the service company that an operational fault has disabled the system. So even if youare on business seven time zones away you can take action for quick and necessary repairs to keep your water pipes from freezing and bursting. Inorder for the service technician to enter your premises, you will need to prepare and activate a one-time-use password allowing entry and access toonly the parts of your home containing the furnace and its controls.Behavior of web-enabled devices generally fall into two categories: sensing and actuating. Sensors detect states or perform measurements thendeliver the information according to a policy. Depending on the nature of the device and the importance of its information, a sensor could sendinformation periodically (such as by time schedule), sporadically (such as when predefined thresholds are exceeded), or in response to command.Actuators cause a change to the device state, usually to cause work to be performed or prevented. Enabling network connectivity allows both kindsof activity, not only locally, but also globally when appropriate.Three components are necessary to enable web (or Local Area Network, LAN) connectivity: the special sensing and activating systems required tosupport a device's ordinary utility, reporting and control software, and a communications link. Each of the first two components will containnumerous elements engineered for the type of device it supports, such as thermocouples in furnaces or refrigerators, and pressure