How Precise Location Can Add Security in Smart Homes
POS, connected car and smart home security worries are bubbling up, but with the help of UWB precise location, bubbles could come to the rescue.
New connected appliances and devices are appearing almost daily for the smart home. Virtually any appliance can now be purchased with built-in wireless connectivity. Wide varieties of sensors can be brought home and installed to start collecting data, and platforms are available that integrate all these and more.
Along with the growth in smart home products and services is a corresponding growth in smart home security concerns. Home control systems that are accessible from a homeowner’s smartphone are also potentially accessible from a hacker’s device. Sensor data that is transmitted over the Internet can potentially be accessed by others. Rogue devices outside homes can access wide ranges of personal data and home appliances. Early adopters are finding that the cutting edge products they have purchased are accompanied by a growing realization that they are very vulnerable (Figure 1).
One concept that is gaining acceptance in the electronic payments world, which has the potential to add security to the smart home realm as well, is called “secure bubbles.” Secure bubbles are small physical areas that define where some transactions can be made or data can be accessed. A device that is physically outside the secure bubble cannot access the service, while that same device when inside the secure bubble can access the service.
Before looking at how secure bubbles can add security to smart homes, we will first understand how secure bubbles are being used in other fields.
Protection Against Relay Attacks
In the electronic payments area, vendors are exploring how to protect against what are called “relay attacks.” In a relay attack, if someone can get access to your mobile phone (or your credit card with a contactless chip inside), they can use their own phone to impersonate a store’s payment system, and pass your phone’s payment details to a partner’s phone, located in a real store, to make the purchase using your payment details. With two phones acting together to relay the communication, the store’s payment system and your phone think that they’re communicating securely. This would only require a minute or so of access to your phone.
The eGo Project, an initiative by Gemalto to develop next-generation electronic payment and transaction solutions, is one of several initiatives protecting against relay attacks using secure bubbles, also called location bubbles. With the eGo Project approach, the device making the payment and the point-of-sale terminal ensure that they are within a short distance of each other, such as one or two meters. This requires that the customer’s mobile phone be able to measure the precise distance to the point-of-sale terminal (Figure 2). This location data is communicated with encryption to avoid a relay attacker modifying the location data en route.
Connected Car Security
Secure bubbles are similarly being used to add security to connected cars. Many car companies are envisioning this scenario: As a connected car pulls up to a payment station, the car’s computer communicates with the payment station to make the payment. One of the challenges of implementing this vision, however, is that a car that is waiting to exit can communicate with the car behind it, trick the second car into thinking it is at the payment station and give payment details, and use those payment details for its (the first car’s) own payment. This can be solved using secure bubbles, in which the car will only make a payment when it can verify that it is within a given distance from the payment station.
Smart Home Security: Separating Good from Bad
If you are worried about your smart home systems being accessed by outsiders, specify that they can only be accessed by smartphones that are physically inside the house. If you don’t want an annoying sibling to access a child’s bedroom systems or sensors, specify that they can only be accessed from inside the room. If you want a sensor’s data stream to be secure, specify exactly where a person must be before they can access your private data.
Security based on secure bubbles also answers the challenge of distinguishing between new devices purchased by the homeowner and rogue devices outside the home. When a homeowner gets authorization requests for new devices, they often assume that these new devices belong to family members and approve them. But if the authorization request distinguishes between new devices in and out of the home, and ideally includes the precise location of the new devices, homeowners can have the information required to distinguish good from bad, and thereby avoid rogue devices slipping in.
The above constraints on access to smart home services come with tradeoffs. Much of the goal of smart home systems is that they can be controlled from anywhere, such as a commuter on the way home adjusting the thermostat before arrival. Each system owner will need to consider these tradeoffs before initiating the security.
One challenge in implementing secure bubbles is that they require precise measurement of location. Most of today’s indoor location measurement systems are accurate only to within 2-4 meters, which means that they cannot distinguish between a man standing in a room along a wall and someone standing just on the other side of that wall.
Why UWB Measures with 5-10cm Precision
Ultra-Wideband (UWB) radio is a location technology that delivers the accuracy, speed and embeddability that smart homes need. UWB can measure location to within 5-10cm, which is much more accurate than can be achieved using Wi-Fi or Bluetooth. This is because UWB was designed for location positioning, using fast impulse transmissions and sharp spikes for easier measurement of time of flight. This enables more accurate measurement with less susceptibility to noise and other error. UWB has recently been embedded in a wide variety of electronic devices, based on chips from Decawave.
One strength of UWB is that its signals can be used to measure distance in two ways. One is simply for one chip to transmit a signal that is received by another chip, which uses the signal to measure distance. A more accurate and resilient method, when both sides have sufficient power, is to use a two-way three-step protocol. UWB chips can generally support both of these methods.
Another strength of UWB technology is that it can be implemented in different topologies depending on the requirements and constraints of the applications. For applications that require the highest accuracy—sub 10cm in 3D—an infrastructure-based topology is recommended. The infrastructure consists of locators, also called anchors, embedding UWB chips, which are deployed around a site. The locators pick the signals transmitted by moving objects, which also embed a UWB chip, and use trilateration or multi-lateration algorithms to calculate the position of the object.
Unfortunately, it is not always an option to deploy infrastructure, and other topologies are required for such applications. A good example is emergency services entering an unequipped and unknown building, like fire fighters do. In such a situation, leveraging mesh capability is the only solution. By using this capability, the system can measure the distance between all the nodes in the network, resulting in the calculation of a relative positioning of the moving nodes, namely the fire fighters. The accuracy is slightly degraded—around 30cm—but in this topology the most important criteria is to reach an infrastructure free topology.
In still other contexts, a point-to-point topology can be valuable. An example of this is some of the secure bubbles discussed above. The idea is to create a virtual bubble around objects either to ensure they are entering/leaving the zone (geo-fencing) but more importantly to protect the data communication between those objects.
All of these factors are enabling secure bubbles to add security in a wide variety of contexts. The same approach that adds security in the payments and automotive arenas can do the same in smart home systems. The key enabler of this security is the precise location measurement that is delivered by Ultra-Wideband technologies.
Luc Darmon is chief marketing officer at Decawave, a fabless semiconductor company headquartered in Dublin, Ireland.