Z-Wave Security Whitepaper
Description : Introduction to the Z-Wave Security ecosystem
This white paper provides an overview of the Z-Wave Security ecosystem.
Whether one is providing remote access to, or securing communication between, Z-Wave (PAN) nodes from the Internet (WAN) via a home network (LAN), there area number of challenges to consider. These include security attack threats, available cryptographic computation power,available network bandwidth, available code space, firewall policies, efficient battery operation and more.
S2 Security introduces best-in-class security in the PAN while maintaining the user friendliness and power efficiency, that Z-Wave is so well-known for.Consumer product manufacturers will appreciate that the S2 Security solution only requires a small code footprintin embedded devices while installers benefit from the simple installation procedure.S2 complements similar optimized mechanisms for IP domains that allow Z-Wave services to operate securely in an end-to-end fashion.
S2 Security may be considered as the first true smart home security solution. It enables secure communication for sensor devices that run for years on a single battery. At the same time it enables secure multicast addressing of lights, window coverings and similar devices.
Z-Wave nodes are added to the Z-Wave network(PAN)with Out-of-Band (OOB)authentication to ensure that they can be trusted. A strong temporary key is used to assign keys for one or more security classes. This allows for segmentation of safety critical devices in the “S2 Access Control” class and sensors in the “S2 Authenticated” class, while the most constrained devices without authentication support are only allowed access to the “S2 Unauthenticated” class.
The Z/IP Gateway controls access to the Z-Wave network by only forwarding commands from trusted LAN clients or from a trusted Internet host such as a service provider portal. It must be expected that a typical home network (LAN)is compromised by malware or bots. DTLSis used to secure communicationbetween LAN hosts and Z-Wave nodes. LAN hosts andZ-Wave nodes communicate via a Z/IP Gateway which terminates the DTLS encryption and strips Z/IP and IP headersbefore forwarding Z-Wave commands securely in theZ-Wave network.
Users do not want to mess with firewalls. Therefore, the Z/IPGateway punches a hole from the LAN side of the firewallby creating a secure TLS-based tunnel to a service provider portalin the Internet (WAN). The portal only accepts trusted gateways and the gateway only accepts trusted internet hosts.
|
|
|
|
|
|
|
White Paper |
|
|
|
|
Please see the document for details |
|
|
|
|
|
|
|
|
|
|
|
English Chinese Chinese and English Japanese |
|
|
2018-03-05 |
|
|
Version3 |
|
|
INS13474 |
|
|
1014 KB |
- +1 Like
- Add to Favorites
Recommend
All reproduced articles on this site are for the purpose of conveying more information and clearly indicate the source. If media or individuals who do not want to be reproduced can contact us, which will be deleted.
Integrated Circuits
Discrete Components
Connectors & Structural Components
Assembly UnitModules & Accessories
Power Supplies & Power Modules
Electronic Materials
Instrumentation & Test Kit
Electrical Tools & Materials
Mechatronics
Processing & Customization
