A Secure and Reliable Smart Home Guoping Wang Department of ECE Purdue University Fort Wayne

1. A Secure and Reliable Smart Home Guoping Wang Department of ECE Purdue University Fort Wayne

2. Presentation Outline: • Project Objective • Introduction to IoT • Project Requirements • Contraints • Components for the project • Secure Features • Summary • Future Research

3. Project objective:The goal of the project was to create a Secure and Reliable IoT Smart House that can monitor specific criteria, as well as control specific devices. The user will be notified of specified changes in the monitored data.

4. Internet of Things:The Internet of Things (IoT) is the inter-networking of physical devices, vehicles (also referred to as "connected devices" and "smart devices"), buildings, and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. IoT allows objects to be controlled and gather information remotely across the already established network.

5. Project Requirements: • A Smart Home with the capability of monitoring the state of the house • Users should be able to easily make use of the Smart Home through a web application • The ability to notify the user of changes in the house state • The ability to control devices within the Smart Home from the web • Data sent to and from the Smart Home should be secure

6. Constraints Implemented Smart Devices: • Humidity Sensor • Temperature Sensor • Motion Detector • Light Control System Backups: • Battery Power

7. Hardware Raspberry Pi Model B Control and monitor each sensor independently Send data to server for user access Server Mosquitto (MQTT) Ensure secure and accurate data transmission Fast and efficient message format Web Application HTML/Javascript MQTT libraries available for efficient programing Enables user to access real time information Component Definition

8. System Boundary

9. Government Regulations FCC regulations to be followed Internet Ensure secure and reliable data transmission Power Grid Provide battery backup to limit down time Sensor Interface System that allows sensors to work together Interface Requirements

10. Design Verification and Validation • Initial testing hardware - Raspberry Pi, Cloud MQTT, web client sample • Goal is to establish a system where each component is controlled by the web client • Successfully able to turn devices on and off with the appropriate commands • Validation of design required us to prove that the system is able to adapt to technological change

11. Create an IOT Smart Home Interconnected system of devices System that can measure and control sensors Raspberry Pi with sensors Allow communication between devices and users MQTT server Enable user to access current data Web application Top Level Functional Requirements

12. Raspberry PiAllows multiple programs to be run at onceSimple implementation of even large systemsMany GPIO connection pins

13. MosquittoOpen Source, FreeGreat degree of controlEfficient message format

14. Web applicationHTML/JavascriptLibraries available for MQTT protocolVery easy to edit using notepad or notepad++Universal, runs on most web browsers regardless of OSSmall filesize

15. Planned Build • Components connected together in an Internet of Things network: • Sensors measure data to send to server • Server controls flow of data between devices • Web application connected to server to receive data and allow device control

16. Raspberry Pi, breadboard, and devices all within a single container Server implemented in separate Raspberry Pi Web client local to user, communicates with server through web Final Build

17. Device Hub Casing • Wood casing to contain and protect devices • Apertures for motion sensor and camera • Wall power routed in through back • Water sensor routed through top • Sound sensor, RF transmitter, and power relay are internal • Latch and hinged top for device access

18. IoT System Diagram • MCU Platform: Devices within the Smart Home • MiddleWare: MQTT Mosquitto server • User App: HTML web interface

19. Test Execution Hardware: • Test accuracy of sensors • Test camera quality • Test RF transmission • Test power loss detection and battery backup Software: • Test latency of device control • Test and adjust volume of data • Test user verification system • Test system under high load

20. Verification Results • Water detection, RF transmission, power control, and camera worked completely to specification • Motion sensor and sound sensor encountered various issues in sensitivity throughout testing • Images and videos were perfectly sent with a time delay but had to be compressed below 2 MB

21. Secure Features: • Firewall: The Raspberry Pi runs in Linux-based Raspbian Operating System. The firewall feature is activated which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. For our application, only Ports 8883 and 8884 are enabled for the communication. The port 8883 is for encrypted MQTT and 8884 is for MQTT encrypted with client certification required. Only certain ports are open and only certain applications are allowed. The firewall can be easily configured and turned on and off.

22. Secure Features: • Client Authentication: The MQTT broker is configured to require a valid username and password from a client before a connection is permitted. Both the Raspberry Pi and mobile APPs need to provide correct combinations of user name and password to establish a connection. The username/password combination is transmitted in clear text and is not secure without some form of transport encryption. However, this approach does provide an easy way of restricting access to a broker and is probably the most common form of identification used.

23. Secure Features: • Client Certification: For high level of security, TLS client certification is adopted in this Smart Home system. This is the most secure method of client authentication but also the most difficult to implement in a regular embedded system. Since Linux OS is used on the edge device, it is relatively easy to implement. • TLS security is a part of the TCP IP protocol and not part of MQTT, and it provides an encrypted pipeline through which MQTT message can flow. The TLS certification provides an encryption of all MQTT message instead of MQTT message payload.

24. Secure Features: • Payload Encryption: If necessary, Payload encryption can be used to encrypt/decrypt MQTT message. Payload encryption is done at the application layer and not by MQTT broker. The data is encrypted end to end and not just between the client and the broker, however, the payload encryption will add significant overhead for the communication. In our system, Payload encryption is not employed.

25. Secure Features: • Overall, by combing Linux firewall, client user name and password, TLS encryption, this Smart IoT system is secure and meet industrial standard.

26. Summary • An IoT Smart Home using off-the-shelf Raspberry Pi, with the combination of various sensors (gas, motion, sound, water, etc) and actuators (Outlet control, camera, etc) is introduced in this paper. • Data to be monitored are: temperature, humidity, movement, water, and power. An outlet, camera, and microphone can be controlled by the user from any mobile device. • The user will be notified in any change in the monitored data, if it changes beyond their given range. The device also works while power is out in the house; which means a battery back-up and Internet hot spot can be included as well. • The transmission of data is secure and reliable with firewall configuration, client authorization and certification, payload encryption, etc.

27. Future Research: • Instead of using Raspberry Pi as front-end, Ti secure embedded Launchpad will be used which is more secure. Ti Launchpad is a bare-metal EM platform which is widely used in industry. • Android and/or IoS App developed instead of using HTML/Javascript for back-end

28. Questions?