Nowadays, enormous interest has emerged due to the use of networks and the technologies embedded in them. By the use of those technologies, home devices become able to communicate, sense actions, and identify certain events. When those devices are connected to the Internet, Internet of Things (IoT) smart network is formed. 3
A smart home can be defined as a home supported by technologies that make human needs can be fulfilled. 2
In smart home design, the user can make an environment that provide machine-driven applications that are controlled with or without the user presence which makes energy distributed in the most efficient way. 9
In order to connect the smart home devices with the Internet, it is important to know that although the Internet is cosidered cheaper than othe networks like the leased line but it is more dangorous due to the generality it has. A VPN (Virtual Private Network) handles such a problem and keeps the networks public and safe in the same time. 10
Smart Home Overview
In the last third of the past century, the basics of home control were developed which they are considered slow, unreliable, and insecure in today’s views.
Nowadays, home control is based on setting up controllable devices like power-outlets or light switches and wiring infrared (IR) controls around the house. 6
Anyhow, smart home offers human needs such as E-Health, E-Education, devices monitoring, home safety, entertainment, etc.
A conceptual SMART HOME model 2
Smart home holders differs obviously from those on the conventional homes in that there is a large degree of devices and systems control and empathizing.
A smart home may contain:
• Sensing devices like programmable communicating thermostats, lighting and smart power strips;
• Systems that easily connect and control the flow of information between either devices and home users or even between devices and a third-party such as security system providers; and,
• Energy tracking and control systems that enable home users to monitor the usage of energy and modify devices functions in the home.
Despite the huge differences in the usage and design of smart home devices, they all can make the clients be able to track energy usage within the house either in real-time or around real-time, and allow them to control home devices or systems remotely.
The functions of smart devices are achieved through built-in controls that are remotely programmed and operated through smart phone or the internet in order to manage energy levels in the best way. Some devices minimize energy use according to environmental circumstances’ changes by using special sensors.
All smart home appliances, systems, security algorithms, linking system – either wired or wireless- are aggregated through a communication system to help home owners and energy suppliers utilize home devices in a more efficient way. 7
Achieving the purposes behind smart home, does not mean that it is risk free. Attention must be paid to make a balance between the profits obtained by using smart home technology and the security methods and algorithms that are must be applied to eliminate any suspicious attacks that can threaten the safety of this technology. 8
A Virtual Private Network is the technology that utilizes an insecure network such as Internet to connect two computers by forming an encrypted tunnel between them, which contains the information that enable the two nodes / computers to trust each other and provides the security of communication and is considered more economical depending on the type of connection and the locations of the two nodes on both tunnel’s sides.
The following figure represent briefly the idea behind VPN, The tunnel contains all the information necessary for Gateway A to manage a secure and encrypted communication with Gateway B. 4
A Virtual Private Network 4
Many methods are used to carry out VPN services, such as the edge router, the firewall, or a dedicated VPN device. 1
In this research, the edge router is used to configure the VPN – IPSec on it.
An example showing configuring VPN using the edge router 1
VPNs are traditionally used for:
Intranets: Networks that can connect locations inside a single building. Those locations are near from each other.
Remote Access: Networks that allow remote access the e-mail application. Those networks are dedicated for telecommuters and mobile workers.
Extranets: Networks that allow connections between two or more buildings securely. They are used in supply-chain management, development partnerships, and subscription services.
The reason behind using VPN comes from the Internet downside which states that there might be data snooping because the Internet is a public network.
A VPN can manage this problem by providing the following:
Confidentiality: means that traffic is encrypted in a way that no one could read the data sent.
Authentication: means checking the data sender whether it is a legitimate device or not.
Integrity: making sure that the data cannot be changed or altered. This is done by using hashing.
Anti-Replay: keeping data packets far away from attackers who might try to pretend that they are legitimate users. The attacker might be able to get and check which IP packet(s) have the encrypted or hashed password. 10
– Network Addresses and Interfaces
The name “VPN” gateway implies the function as a “gatekeeper” that it does for the nodes connected on the network behind this gate.
The gateway is usually have a public address (on the WAN side) and a private address (on the LAN side) which are named as the “network interface”.
– Interface Addressing
There are significant rules that must be understood when using addresses, they are briefly as the following:
1. Each device connected via VPN must has a specific address.
2. There must not be any conflict or overlap with the used addresses
3. Each set of address should be separate and distinct. 10
IPSec is a standard suite of protocols developed by an Internet Engineering Task Force (IETF) which is used to support provides data authentication, integrity, and confidentiality while the data is moved between communication nodes through IP networks. 4
The Proposed Smart Home System Development:
1. The System without VPN:
The proposed system is designed and simulated using (cisco packet tracer application software) and it is supposed to contain home devices that the owner wish to control them remotely and easily using a Smart Phone devise.
In the designed system there are the following components:
a) Home Gateway that connected directly to the router named (Home Router) and has the address (192.168.25.10).
b) Smart Phone device that is connected to Home Gateway and has the address (192.168.25.100). Using this devise, the home owner can access the other devices that can be controlled remotely by switching them on or off.
c) Light, Door, and a Ceiling Fan: these devices are connected to the Home Gateway and can be controlled by the Smart Phone.
2. The System after applying VPN:
The idea behind applying VPN between the smart home and the outside network (Internet Service Provider Network) is making a tunnel that holds a fake IP addresses on both of its ends, in a manner that prevents any intruder trying to access the inside network.
First of all, a special names are given to the routers in the design as a brief description to the real routers networks. As an example: Home is used for the router of the Smart Home Network, Public is used for the
Home Network via VPN, and Internet is used for the router that represent the interface of the Internet Network.
The steps of applying the IPSec VPN protocol:
1. Assigning IP addresses to the interfaces:
In this step, the routers’ interfaces must be assigned a specific IP addresses as the following:
a) The Internet router interface Serial 2/0 is assigned the address (10.10.10.2) and the interface Serial 3/0 is assigned the address (184.108.40.206). Through the use of these addresses.
b) The Public router interface Serial 3/0 is assigned the address (220.127.116.11) and the interface Fast Ethernet 0/0 is assigned the address (192.168.50.1).
c) The Home router interface Serial 2/0 is assigned the address (10.10.10.1) and the interface Fast Ethernet 0/0 is assigned the address (192.168.25.1).
2. IPsec and VPN:
a) ACL: defining an access-list rule that permits the connection between the Smart Home network and the Public network by using the addresses (192.168.25.1) and (192.168.50.1) respectively for the interfaces of the previous networks. Through this rule, the VPN tunnel is created and the two networks now become connected. The Internet router and the whole Internet network now cannot distinguish this tunnel and can access only the address (10.10.10.2) instead of (192.168.25.1) for the Smart Home Network, and the address (18.104.22.168) instead of (192.168.50.1) for the Public Network.
b) ISAKMP policy (PHASE1)
In this step the AES 256 method of encryption is applied and the authentication between the two networks is verified.
c) IPsec transform-set (PHASE2)
Applying a set of peer transformations between the connected networks with the encryption methods associated with them forming what is called by a crypto map.
d) Applying crypto map
The crypto map created above is applied on the Fast Ethernet interfaces of the Home and Public routers.