Some of you may remember those x-ray vision glasses that used to be advertised in the back of comic strip magazines. I never did send off the few dollars and loose change needed to acquire a pair of these spiral-lensed wonders, but I spent my share of time imagining all kinds of scenarios where they would be worth their weight in gold. I’ll at least credit myself with having been wise enough to listen to someone that had experienced these glasses first hand and found them to be a hoax. I was reminded of the privacy threat these devices represented as I began to organize my thoughts for this month’s article concerning what security measures home owners can take in guarding their privacy when using the powerline medium for home automation and control purposes. Imagine with me for a moment that these x-ray vision glasses did indeed work. Some people would go through great effort to put in place countermeasures necessary to preserve their personal privacy, while other people would just consider them an irritant to be ignored. Our response to something of this nature would depend a lot on the perceived threat. Perception and reality are not so tightly bound together that we can be sure that one is tracking the other. Indeed, a seasoned illusionist can demonstrate cases where our senses can be convinced to accept as reality what is actually nothing more than a perception induced by strategic use of smoke and mirrors.
AirVac Pers 2400a
Before we pursue this topic much further I think it will help us maintain a healthy perspective if we review some areas where we have accepted a certain level of vulnerability; the point where we decide to draw the line between paranoia and responsible guardianship of our privacy. A case in point is what we discard daily at home in our wastebasket. If you want to obtain information about someone that would generally be considered private, you could acquire a wealth of knowledge by sifting through his or her trash. Some of us concerned about this minuscule yet real threat to our privacy take measures to limit our vulnerability by destroying documents with shredders or fire instead of tossing them directly in the trash. Though I hope that none of us tosses and turns through the night worrying about what is sitting in the wastebasket under the kitchen sink that might possibly reveal some secret we have kept from society, we do gain a certain level of comfort knowing we have taken certain precautions to safeguard obviously sensitive material from reckless disposal.
Likewise, we have generally come to accept a certain level of vulnerability in using radio technology used by cordless and cellular phones. The utility and convenience provided by these devices tend to overcome any shadow cast by the threat (perceived or real) that someone could be eavesdropping on our private conversations. Certainly the equipment exists that would enable someone to invade our privacy. Who really knows as to how many of our personal calls have been monitored by someone with a twisted curiosity.
The powerline medium used in many homes for home automation and control represents a unique source of information about the activity occurring in that home. As a matter of economics for the electric utility company, most homes share a distribution transformer with one or more other homes in the immediate vicinity. Control signals in one home on a given transformer are present at any outlet in another home sharing the same transformer. This is why the installation process of most devices that utilize the powerline for communication requires selection of a unique House Code or House ID number. This unique identifier allows packets from multiple home networks to coexist with one another on the shared powerline medium without interference or improper operation. The presence of communication packets on the powerline from a neighboring household can become significant in multifamily dwellings such as apartment buildings. This is because these buildings typically distribute power to individual apartments using many circuits branched off of a single service entry. These control packets from neighboring home networks represent a form of electronic garbage available for interested parties to sift through and sort out once the existence of such electronic traffic is discovered.
Assuming your dwelling place falls within the national norm of having at least one other residence sharing your powerline, your vulnerability to exposing private and sensitive information to a potential listener depends, to a large degree, on the level of sophistication of your home automation equipment. If your automation and control system is limited to simple remote or time-based lighting control, your security risk is probably minimal. On the other end of the spectrum are systems that utilize the powerline to communicate information that includes home or room occupancy and or control messages that lock and unlock entrances to the home. These packets could be captured and replayed as a means of spoofing the system or gaining unauthorized access to the premises.
Another facet of your system’s vulnerability would relate to the communications protocol being used and what security mechanisms it supports. Some of the basic protocols available from your local electronics or home improvement center focus on economy and offer little in the way of providing secure communications.
The CEBus communications protocol addressed home security early in its development stages and includes a mechanism for authenticating and even encrypting packets on the powerline. General Electric’s Corporate Research and Development Center made a significant contribution to the CEBus standard in what is referred to in the standard as the GE Authentication and Encryption algorithm. This algorithm was intended to provide a high level of security and yet remain simple enough to be implemented in low cost microprocessors commonly used in metering and demand side management. Information from the meter measuring your electricity usage and demand is certainly considered private and sensitive by the utility companies providing your electric service. It stands to reason that such information should be well guarded if any portion of it is transferred over the powerline. GE’s algorithm represented their solution to protecting the privacy of this information. Since this algorithm is a time-based, self-reversing process that does not require handshaking, it is considered ideal for broadcasting authenticated messages. The concept of authentication is used whenever you key in your Personal Identification Number (PIN) at an Automated Teller Machine (ATM). By entering the correct PIN, you are authenticating your use of the ATM card and your access to your account. A dual authentication mechanism is provided within GE’s algorithm because the information passed is also encrypted or scrambled to prevent unauthorized viewing. The recipient must be able to unscramble the information as a second means of authentication. Using GE’s or a similar algorithm, home management and control systems can provide a very high level of security.
The task force developing the Home Plug and Play Specification are considering other methods of securing information passed along on the powerline medium. In some cases the level of security provided by GE’s algorithm would be considered overkill. This could be the case for devices providing simple motion sensing for the purpose of occupancy detection. Ideally theses devices should be simple and inexpensive so that many units could be strategically placed throughout the home. The information they provide generally falls in one of the more secure categories. Two of the main goals in selecting alternate algorithms for encrypting information in the Home Plug and Play system is that a high degree of interoperability be maintained while keeping cost minimized.
When installing an automation or control system in your home that utilizes the powerline for communication, you should begin by educating yourself on what potential security risks there are and use sound judgment in determining how realistic the security breech scenarios are. You could invest large sums of money for an ultra secure system when a simple isolation device placed at your electric service entrance is all that is necessary. A professional installer should be helpful in determining what degree of security measures you should take. Be leery of anyone who insists on either extreme when discussing powerline communications security issues. Remember that nuisance packets sent by hacker-type neighbors to cycle your lights on and off in the wee hours of the morning are also considered part of the powerline security issue. You may not be at risk of life or limb in such a case, but you may find yourself wanting to risk someone else’s because of their clever pranks. A reasonable and properly applied security algorithm used with a robust communications protocol such as CEBus will provide you with the convenience of powerline communication and confidence that your system will operate as expected and not broadcast your every move.
Updated Biography Mar/03 – Brian Baker is a software engineer at Raytheon Missile Systems located in Tucson Arizona. He was a contributing member of multiple committees and working groups of the CEBus Industry Council while employed at Smart Corporation previous to his joining Raytheon. His background includes development of home automation subsystems and over 15 years of embedded systems development in the defense industry. He was a core member of the developers of the Home Plug and Play specification. Brian can be reached at email@example.com