Purdue University Fort Wayne A Secure and Reliable Smart Home Guoping Wang Department of ECE Purdue University Fort Wayne

Presentation Outline: Project Objective Introduction to IoT Project Requirements Contraints Components for the project Secure Features Summary Future Research

Project objective: The goal of the project was to create a Secure and Reliable IoT Smart House that can monitor specific criteria, as well as control specific devices. The user will be notified of specified changes in the monitored data. Arif

Internet of Things: The Internet of Things (IoT) is the inter-networking of physical devices, vehicles (also referred to as "connected devices" and "smart devices"), buildings, and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. IoT allows objects to be controlled and gather information remotely across the already established network. Arif

Project Requirements: A Smart Home with the capability of monitoring the state of the house Users should be able to easily make use of the Smart Home through a web application The ability to notify the user of changes in the house state The ability to control devices within the Smart Home from the web Data sent to and from the Smart Home should be secure Austin

Constraints Implemented Smart Devices: Humidity Sensor Temperature Sensor Motion Detector Light Control System Backups: Battery Power

Component Definition Hardware Server Web Application Raspberry Pi Model B Control and monitor each sensor independently Send data to server for user access Mosquitto (MQTT) Ensure secure and accurate data transmission Fast and efficient message format HTML/Javascript MQTT libraries available for efficient programing Enables user to access real time information Arif

System Boundary

Interface Requirements Government Regulations FCC regulations to be followed Internet Ensure secure and reliable data transmission Power Grid Provide battery backup to limit down time Sensor Interface System that allows sensors to work together Austin

Design Verification and Validation Initial testing hardware - Raspberry Pi, Cloud MQTT, web client sample Goal is to establish a system where each component is controlled by the web client Successfully able to turn devices on and off with the appropriate commands Validation of design required us to prove that the system is able to adapt to technological change Austin

Top Level Functional Requirements Create an IOT Smart Home Interconnected system of devices System that can measure and control sensors Raspberry Pi with sensors Allow communication between devices and users MQTT server Enable user to access current data Web application Arif

Raspberry Pi Allows multiple programs to be run at once Simple implementation of even large systems Many GPIO connection pins

Mosquitto Open Source, Free Great degree of control Efficient message format Austin

Web application HTML/Javascript Libraries available for MQTT protocol Very easy to edit using notepad or notepad++ Universal, runs on most web browsers regardless of OS Small filesize Arif

Planned Build Components connected together in an Internet of Things network: Sensors measure data to send to server Server controls flow of data between devices Web application connected to server to receive data and allow device control Austin

Final Build Raspberry Pi, breadboard, and devices all within a single container Server implemented in separate Raspberry Pi Web client local to user, communicates with server through web

Device Hub Casing Wood casing to contain and protect devices Apertures for motion sensor and camera Wall power routed in through back Water sensor routed through top Sound sensor, RF transmitter, and power relay are internal Latch and hinged top for device access

IoT System Diagram MCU Platform: Devices within the Smart Home MiddleWare: MQTT Mosquitto server User App: HTML web interface Austin

Test Execution Software: Hardware: Test latency of device control Test and adjust volume of data Test user verification system Test system under high load Hardware: Test accuracy of sensors Test camera quality Test RF transmission Test power loss detection and battery backup Austin

Verification Results Water detection, RF transmission, power control, and camera worked completely to specification Motion sensor and sound sensor encountered various issues in sensitivity throughout testing Images and videos were perfectly sent with a time delay but had to be compressed below 2 MB Arif

Secure Features: Firewall: The Raspberry Pi runs in Linux-based Raspbian Operating System. The firewall feature is activated which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. For our application, only Ports 8883 and 8884 are enabled for the communication. The port 8883 is for encrypted MQTT and 8884 is for MQTT encrypted with client certification required. Only certain ports are open and only certain applications are allowed. The firewall can be easily configured and turned on and off. Arif

Secure Features: Client Authentication: The MQTT broker is configured to require a valid username and password from a client before a connection is permitted. Both the Raspberry Pi and mobile APPs need to provide correct combinations of user name and password to establish a connection. The username/password combination is transmitted in clear text and is not secure without some form of transport encryption. However, this approach does provide an easy way of restricting access to a broker and is probably the most common form of identification used. Arif

Secure Features: Client Certification: For high level of security, TLS client certification is adopted in this Smart Home system. This is the most secure method of client authentication but also the most difficult to implement in a regular embedded system. Since Linux OS is used on the edge device, it is relatively easy to implement. TLS security is a part of the TCP IP protocol and not part of MQTT, and it provides an encrypted pipeline through which MQTT message can flow. The TLS certification provides an encryption of all MQTT message instead of MQTT message payload. Arif

Secure Features: Payload Encryption: If necessary, Payload encryption can be used to encrypt/decrypt MQTT message. Payload encryption is done at the application layer and not by MQTT broker. The data is encrypted end to end and not just between the client and the broker, however, the payload encryption will add significant overhead for the communication. In our system, Payload encryption is not employed. Arif

Secure Features: Overall, by combing Linux firewall, client user name and password, TLS encryption, this Smart IoT system is secure and meet industrial standard. Arif

Summary An IoT Smart Home using off-the-shelf Raspberry Pi, with the combination of various sensors (gas, motion, sound, water, etc) and actuators (Outlet control, camera, etc) is introduced in this paper. Data to be monitored are: temperature, humidity, movement, water, and power. An outlet, camera, and microphone can be controlled by the user from any mobile device. The user will be notified in any change in the monitored data, if it changes beyond their given range. The device also works while power is out in the house; which means a battery back-up and Internet hot spot can be included as well. The transmission of data is secure and reliable with firewall configuration, client authorization and certification, payload encryption, etc. Arif

Future Research: Instead of using Raspberry Pi as front-end, Ti secure embedded Launchpad will be used which is more secure. Ti Launchpad is a bare-metal EM platform which is widely used in industry. Android and/or IoS App developed instead of using HTML/Javascript for back-end Arif

Questions?