Security is a very important part of home automation system. However it is often overlooked by the end users.
Somehow users are under impression that security has been very well taken care by the home automation system vendors, which unfortunately is most likely not true.Recently the massive government surveillance programs raised concern about the privacy. I hope it will draw people's attention about the security of the home automation systems as well.
One of the fundamental principles of information systems security is that
security requires user participation. In this chapter we will disclose the
security measures implemented in QW Home Automation systems, in detail, in
hopes that users will be aware of all potential risks associated with the
Starting from version 1.7 of QWHA controller, the communication channels used by QWHA Admin and QWHA Android client are encrypted only. The legacy system uses TCP sessions with plain text, which will be completely disabled with version 1.7+.
The QWHA system uses two encryption schemes, SSL and AES.
SSL is only used in commissioning. For example, retrieving certain system configuration parameters at the first time the system is set up.
Once the client retrieves the system parameters, the client can operate with AES scheme, which is QWHA proprietary.
There are two reasons:
QWHA AES required a shared secret, a 256 bit encryption key (32 bytes).
QWHA controller creates a unique key per user, at the first time the user is created. The key can be later updated by generating a new one. However, once the key is updated, the client has to re-synchronize the new key with server (using a SSL session with user name and password as authentication).
The QWHA AES encryption is proprietary, but we don't have to keep the scheme as a secret. Here is the full disclosure of the scheme:
The description above is not intended for end users. It is for security experts to verify the scheme is actually secure.
For version 1.7+, the new encrypted communication requires some configuration change of the system.
Previously, the system only needs to open one port for both admin and control applications.
With version 1.7+, the system now requires two ports, SSL port and AES port.
System upgraded from pre 1.7 won't work properly until the configuration is modified.
Theoretically, the encryption in communication can't be broken by simple eavesdropping.
So your system is safe as long as the shared secret key is safe from
However, a lot is required to keep the shared secret key safe.
For example, if your android phone is infected by some malware. The shared secret key, which is stored in your phone, is at risk because the malware can access it. It is the inherent problem because android doesn't offer secure storage as fart of the system. So there is no way to keep a file from being accessed by other programs.
The same is also true for the user name and password, which is also stored in the phone.
How about encrypting the key with another master key obfuscated in the code? It is security through obscurity? It will certainly help. However it is still risky because the code itself is public and is subject to all kinds of analysis by anybody. The advantage is that this approach increases the cost of breaking the system. The disadvantage is that it is much easier to break the obfuscated code than breaking the encryption itself, and it always give users a false impression that the system is safe and unbreakable.
Now you would understand why the cellphone of president's costs tens of millions to enforce security. They have to carefully choose application installed to make sure every application can be trusted and without vulnerability. Also the maintenance is also very high. So average people will never afford that kind of technology.
Also the SSL channel is subject to man-in-the middle attack. The simple solution for average user is to try to only do commissioning at home. The future version of QWHA will employ more complicated SSL certificate checks to alleviate the risk.
Copyright © 2005 - 2013 Teraspaces Inc. All rights reserved.