After having accounted for the fact that the technology behind the segment of Internet of Things (IoT) happens to be one of the fastest and most rapidly growing paradigms present on the technological landscape as of today. The primary set of aspirations behind the utilisation of this technology is to harness the power of establishing connectivity between two different kinds of heterogeneous devices pertaining to the field of networking. The domain caters to an entire spectrum of industry types ranging from agriculture, healthcare to education and information technology industry. A fascinating aspect of implementation of this technology in day to day lives of regular people is the concept of a ‘Smart Home’ which in an ideal situation offers a promise of delivering on comfort, safety, energy efficiency, technical proficiency and convenience, all at the same time. But, it is an equally important requirement for the consumers to be instilled with the sense of complete measure of safety where privacy is protected and accounted for. (Kim, Holz, Hu, & Jha, 2017) However, the aforementioned benefits which come attached to the concept of this technology and the concept of a smart home entail numerous potential threats to a user’s data safety and privacy concerns. It is by default, considered to be the manufacturer’s responsibility at the intangible behest of consumers to address and neutralise any such user safety, security and data privacy concerns before moving the product to marketing and sale processes. The proposed design pertaining to the smart home environment presented for its security evaluation is comprised of different sensor equipment, its respective actuator devices, and relevant software for computation, alongside which the provision of respective server environment to facilitate for intra-system information exchange and storage, database to locally store the information and incorporation of various devices within the peripheries of the proposed system. (Patton, Gross, Chinn, & Walker, 2014)
A smart home system, at any point in time is estimated to have storage of many layers of sensitive information pertaining to consumers utilising the smart home infrastructure. Some instances of which can be namely; Personal photos, information that gets stored digitally through the means of a local server set up which at the same time is also utilised for intersystem information exchange. In the grand scheme of things, there are two kinds of threats proposed to such smart home infrastructure, the first of which is a potential threat to privacy over data and the second potential threat is related with context aware privacy. A white box analysis of the system always proves to be helpful in conducting a comprehensive security investigation of the system which can lead to code optimisation, efficient automation, initiation in the early stages of Software Development Life Cycle (SDLC).
Security Concerns: MQTT Client and Local DB Server
In the proposed design view of the smart home infrastructure, the network of interest comprises of a system with computers which are also secondarily used for deployment of main script and the establishment of its connectivity with a switch. Considering how the Message Queue Telemetry Transport (MQTT) clients have been coded using the library ‘paho.mqtt’ which accounts for main implementation of the MQTT protocol as evident from the snippet of code down below:
Such implementation allows for the clients to be subject to configuration through either of the two ways that is, as subscribers or as publishers. The choice of Onion Omega2+ being considered as the source of computation over any other such computers can present a grave risk especially when an attacker of any sort is able to successfully retrieve the originally set password by incorporating the means of procuring a largely pre-computed hash table considering how algorithms to employ hashing techniques are available in the public domain. (Drushti Desai, 2014) This would lead the attacker in gaining significant degree of access to the appended supposedly secure status log which consists of the payload or contents of an information chain maintained in forms of message chain alongside user information.
Value-to-Hashed Message Authenticate Code mapping, which is indeed, a path breaking approach in order for the system to maintain an overall standard pertaining to the confidentiality and integrity of information exchange chain, is demonstrated through an experimental procedure on the proposed smart home infrastructure through the means of performing a white box analysis on the same to outperform traditional symmetric-key encryption algorithms and to ensure facilitation of better levels of user privacy.
As an added benefit, hash values with matching entries when cross referenced with pre computed tables will be accepted, thereby ensuring that the message's integrity is maintained. The technique will be particularly useful in an industrial domain, where nodes must distribute predictable data, such as that from controllers or sensors, among themselves.
Furthermore, alongside accounting for consideration of shared data, it is also equally crucial and critical to consider the platform for execution of docker scripts. It is, at the same time also necessary to facilitate for generation of and storage of multiple mapping tables in case, if a node might necessitate a greater degree of information from multiple sources, which results in the need for more secret keys as a result of this requirement. With the focus on safeguard against Denial of Service attacks, it is necessary to properly manage key and publish requests.