| T O P I C R E V I E W |
| mountainman3520 |
Posted - 06/25/2012 : 08:13:57 AM
Hello,
I've been wanting to install a home automation system for years but have been holding off for the technology to mature to an acceptable level so I can pick a standard likely to survive, with sufficient compatible devices available, etc. It look's like INSTEON might be there, finally. It's been a long wait.
I do have a few questions that didn't seem to be answered in any of the documents I read.
INSTEON uses a hardcoded 24 bit physical address on each device, allowing 2^24=16 million unique device addresses. This address is programmed at the factory during manufacturing and apparently cannot be changed. While I like the simplicity, it does cause me a few concerns.
(1) What happens when the 16M addresses have been consumed? This is actually a pretty small number considering that if INSTEON lives up to its potential, many manufacturers will be needing blocks of addresses for their products. If a single automated home uses 100 addresses, only 160,000 homes worldwide could be automated. So it seems likely that the address space will run out a few years after widespread adoption. What then? It seems like the address should have used 4 bytes providing 4 billion addresses and that this was a short-sighted decision to slightly improve data rate now at the cost of setting a timebomb that will go off a few years from now. I guess addresses can eventually be reused but then the user must ensure they don't end up with any devices with the same address and exchange any since they can't change them. Even worse, if their neighbors have a device with the same address they will see problems and have to exchange their device, which might not be possible if they have had it for awhile. . . anyway, it seems like an inevitable headache, especially since INSTEON depends mostly on the address uniqueness for security. Who is managing the assignment and tracking of addresses to ensure uniqueness across all the many companies that will eventually be building compatible products?
(2) Security is based primarily on maintaining secrecy of the device physical address but these are transmitted unprotected with every message. The issue here is that after spending hundreds of hours and $10K+ to automated my house, if someone such as a malicious neighbor were to gain access to the list device addresses for my house, I would have to scrap all the equipment since they could now control all my devices. I think the only answer from the INSTEON standard developers is that their own controllers have software protection to not display the full address or allow addition of a device to a network without the user knowing the full address, even though the software knows everything it needs to do so. This kind of friendly, cooperative approach won't survive widespread adoption. Other people will make software that will capture and control any devices so the networks will be compromised and once compromised, I don't think there is anything that can be done other than scrapping all hardware. Correct? Doing this to a neighbor, ie hacking and controlling their INSTEON network to torment them, is probably even legal!
If I'm correct on these issues, it seems like the INSTEON standard will need changes to survive widespread adoption. A potential backward compatible solution would be something like AES encryption of all message cargo bytes to every device. This could address issue (2) and might help with issue (1) as well since devices with duplicate addresses would still reject messages that failed decryption. I'm not sure the INSTEON standard developers really thought the encryption out when they wrote the current standard as I don't see any bits in the header for flagging encrypted messages. It might be tricky to add encryption now in a backward compatible way so current devices can inter-operate with new secure devices.
Comments?
Thanks!
|
| 7 L A T E S T R E P L I E S (Newest First) |
| mountainman3520 |
Posted - 06/25/2012 : 10:13:59 PM
I'm an engineer and have products that include AES encryption. It isn't very difficult, complex, or expensive. It took a few engineers a month to get it working on my project. I believe that if someone put careful thought into a secure architecture for INSTEON it could be accomplished without really affecting the recurring cost of each device. All devices on a network could use a common programmable key and the whole network could share a synchronized incrementing nonce so simple attacks such as traffic record and playback would fail. This approach would be relatively easy if it was allowable to have the initial configuration be unsecured, ie the initial transmission to a new device of the key and the synchronized nonce. If an attacker was waiting for that crypto configuration message and intercepted it, then again the network would be compromised. But at least you could change the key and reset the counter if you had reason to believe there was a problem. This approach would need to be initialized by a controller like an ISY or a PC since the simple push button linkage wouldn't allow entry of a key, etc.
The AES core could be integrated into a single ASIC with the rest of the INSTEON digital circuitry. Anyway, I wish that had been done from the start.
But still I like a lot about INSTEON and plan to begin using soon. It seems to be clearly the best available option.
|
| EVIL Teken |
Posted - 06/25/2012 : 4:34:18 PM
Anyone who is serious about true security, would not be integrating their system with direct home automation. The two should be mutually exclusive to one another to ensure security, reliability, and consistent monitoring and feed-back.
Those who do, simply are leaving themselves in disaster scenario . . . The problem in the world is that people insist upon having everything in one box, while ignoring the facts.
That one box can not do all things equally well. The only time this is proven wrong is when the client pays the associated fee's to do it right. The phrase you get what you pay for has never been so true, as it is in this case. Regarding the Insteon product, I am of the opinion that they have come a long way, and continue to improve their products and offerings.
Smarthome has proven over time, that they are watching, reading, listening to their end clients. As many features have been incorporated, along with new products which offer new and exciting methods to perform a task. Now, back to the whole security thing . . . Security is a lifestyle, not just a thing, or a device. Those that believe just because they have XXX devices, or services, they are well protected.
Wrong . . .
Security is a lifestyle, and it comes down to awareness, and having the for thought to act, react, and action those things around them. The four rings of security is essential to protect not just you, but your possessions. Again, this has nothing to do with home automation as it does with convenience. Many people try to incorporate many facets of automation into their alarm system.
Not a problem, so long as they are independent, and separate from each other. That is why its called redundancy and there is nothing wrong with that. Layering your security is a good thing, and it also allows a person to enjoy those things which are not part of the alarm system. Keep in mind when I say true security I am speaking from a certified UL installation view point.
Not just some Joe Blow home in the woods . . . 70% of the population do not require that level of assurance or vetting. But, rest assured those who have installs meeting such requirements never complain, either! At the end of the day I would encourage you to try the new offerings from Insteon and enjoy what it has to offer, which is a lot.
With respect to security keep it separate, and know when you go to sleep, or go away your system was built, designed, and installed for only one purpose. That is to protect you, property, and those things you value the most.
Teken . . . |
| Tfitzpatri8 |
Posted - 06/25/2012 : 12:51:47 PM
Xpendable's reply is right on-target.
A record-and-rebroadcast from within the RF range of your Insteon gear would repeat a signal you previously sent, but it would not provide the hacker with any knowledge of the make, model, device address or available features. They'd be transmitting blind, and you would know that the perpetrators were very close by since Insteon hardware intentionally minimizes signal hops. You would have to implement a much more complex and expensive signal-hopping scheme or commit to use only single-band or hard-wired controls to avoid this vulnerability. Since all Insteon links are one-way, from a single controller to multiple receivers, you could theoretically thwart such an attack by avoiding direct links and using ISY programming instead--a controller would send a signal to the ISY, the ISY could wait a random period, then it could interrogate and confirm the identity of the original controller before directing responders to react. If the hackers didn't get the timing just right and cut off the replay at the right point, the ISY's interrogation would be aborted by the replayed signals and it could contradict the hacked control message. |
| Xpendable |
Posted - 06/25/2012 : 12:16:20 PM
It's naive to think that there is any kind of real security here. It's better than X10, but it's not even close to being hack-proof. If somebody really wanted to screw with you, they could. One thing that comes to mind is the dual band radios. Somebody with the right off-the-shelf equipment could easily record the 9XXmhz radio traffic from your house and decode the signals and then re-broadcast them later. Your Insteon network wouldn't know the difference. Heck, the dual band radios even mess with my baby monitor which also operates on 9XXmhz, and I can actually hear each message and ack going across the network. Just saying. |
| Tfitzpatri8 |
Posted - 06/25/2012 : 11:26:42 AM
No worries, just because you are paranoid doesn't mean they aren't out to get you!
As I already mentioned, the security features are hardware-based and hard-coded. A hacker could not just write an application, they'd have to build their own new Insteon-compatible hardware, reverse-engineer and rewrite firmware compatible with the secret and proprietary firmware not allowed to leave the SmartLabs campus, then load it into their home-built equipment. If you have that much time and money on your hands, you'd have a considerably easier job of hacking into pricey neighboring homes employing less sophisticated automation controls from competing vendors, manipulating electronic voting devices to change the outcome of local elections, or even hacking into the local bank where you could make some money off the deal. Unless you have priceless objects to protect, security is a lot like a familiar problem in nature: you don't need to outrun a bear, you only need to outrun your slower traveling companion! 
There is already a dual-band InLineLinc available. The designs for an InLineLinc and a SwitchLinc are substantially similar, so I suspect a dual-band relay-type switch will hit the market any day now. |
| mountainman3520 |
Posted - 06/25/2012 : 10:55:36 AM
Haha, sure, mock my patience and scrutiny of home automation technology before adopting! Seriously though, it hasn't been until very recently that there were home automation solutions that include a reasonable selection of key devices from multiple vendors, spec maturity/stability so devices interoperate without glitches and don't develop compatibility issues over time, and enough time in real-life use to work out the protocol kinks and resolve design defects in devices.
INSTEON suffered it's share of issues such as unreliable communication of single mode devices and design defects in early devices that caused them to burn out after only a few years, etc. And the device selection is still barely adequate, with few manufacturers or only smarthome in many cases, missing or flaky key products such as motion sensors, thermostats, and door locks, etc. Its getting better with the latest dual mode devices but I'd say I'm being rewarded for my skepticism and not being an early adopter of this technology.
At $80 plus 30 minutes per switch, I really don't want to replace all my switches more than once! But that's just me.
Security on lighting is really just an annoyance and not the more serious example. I'm more worried about items that could facilitate theft or damage. Examples include locking/unlocking doors, opening/closing garage doors, changing thermostat temperature higher or lower, changing pool temperature, viewing or changing alarm status, etc. One of my key uses for home automation is remote control of a home while I am on business travel or a vacation home while I am away. If someone were to turn off the heater, the pipes would freeze causing huge damage, but having control of the thermostat so I can check temperature and turn the heat up before arriving is a key reason for me to automate. And having the ability to control and status an alarm such as the Elk with its sensors integrated into the system would also be great, but I wonder about the wisdom of connecting an unsecured INSTEON network into the alarm panel, potentially creating the opportunity for a back door?
I guess this may sound like paranoia. I'm not worried about super hackers or the CIA trying to compromise my network. Someone like that is likely to succeed but could also simply break in! I'm more worried about clever/malicious people creating software and distributing it online that is designed to compromise INSTEON networks and makes it easy for normal people to do nasty things. It would be nice if INSTEON was designed such that this wasn't possible. Maybe if the protocol designers had included security from the start we would have some better security related products such as doorlocks. I've seen a few notes that they are "working on it". Better late than never.
Even with these concerns, I soon plan to buy an ISY994i/IR PRO and a few 2477DH dimmer switches. I'll use these to run experiments and confirm it works well before expanding the system. I wish a dual band relay switch was available. There are quite a few loads that don't need or want dimmers and I'm hesitant to purchase and semi-permanently install a lot of single band relay switches.
|
| Tfitzpatri8 |
Posted - 06/25/2012 : 09:41:46 AM
The Insteon design prevents your signals from propagating beyond a few homes in either direction by design. Even if a neighbor a block away from you is using gear with the identical device addresses, it won't have any impact on you or your home. Every time they sell 16 million units, they simply reset the counter and start issuing the same addresses again. I'm not a statistician, but I'm guessing you'd have to be very lucky (or very unlucky) for you and your ten closest next door neighbors to randomly draw the exact same numbers out of a 16 million number pool, even if you are both pulling 100 or 200 numbers three or four years apart.
Insteon computer interfaces use proprietary firmware to intentionally mask addresses and messages from devices to which they are not linked, and the newest device updates allow all equipment to intentionally ignore control commands from devices not explicitly linked, so even without encryption hacking an Insteon installation would require substantially time, custom equipment and specialized expertise in order to turn your lights on and off without your consent. While this is a substantial improvement over competing home automation technologies that just assign units a reprogrammable number between 1 and 255 that anyone could hack with only a few minutes of trying, IMHO Insteon gear is not designed, nor should it be used for, a replacement for Fort Knox security.
While you've been waiting, every day for the past several years I've enjoyed the convenience and energy efficiency of a smart home with scene lighting controls; automatic load adjustments in response to weather, schedules and house and room occupancy; and remote control from wired and wireless remotes, keypads, phones, tablets and regular computers anywhere inside or outside the house within range of an Internet connection. Technology will continue to evolve, and if you just hold off another 20 years you might find new switches can be controlled using thought waves alone. Contacts or genetic manipulation or artificial implants may even allow us to see in the dark, making all artificial lighting obsolete! But do you want to wait that long when the rest of us are enjoying what is available today? I say jump in, the water's fine! |
|
|
