Best Options For a Secured HA Platform?

moleman

New Member
Hi,
 
I am going to be slowly working towards my ultimate HA goals one device at a time as time permits. I played around with X10 in previous homes for fun and it was OK, but I'm going to be at this house for a long time and want to scale up with a serious HA solution over time. I've been lurking for a long time trying to get caught up with the latest offerings but I'm affraid I'm having trouble locating much discussion on what I'm looking for, or there just hasn't been that much. I am a software developer by trade, so you can imagine I'm drooling over the idea of eventually writing code tailored exactly to my needs at some point. In fact, I've had it all planned out on multiple occassions over the years but moves and free time would often wreck those plans. The big thing stopping me from moving forward confidently right now it hard to imagine sinking any time and money beyond tinkering with something that can't be scaled to meet my "big picture" requirements.
 
The biggest unknown for me is what hardware to go with. My biggest problem with all the main offerings like UPB, Insteon, Zwave, Zigbee, etc is they offer no encryption or 128 WEP encryption (which is trivial to crack). Clearly I wouldn't even consider putting door locks or alarm systems on such a network, but I don't even like the idea of investing that effort and money into systems with less implications like lighting and A/V. People are getting more sophisticated... be it kids trying to hack for fun or criminals with malicious intent, and these systems mainly go unaffected due to odds... but the odds do increase when the number of people using the solutions more and number of people who want to "explore" such networks go up. 99 people may never have a problem but you'd surely hate to be the 1 out of 100 to spend a ton of cash on a HA system only to someone in your neighborhood is capable of turning your lights, TVs and home audio on and off at will and you have no choice but to scrap it to get control back.
 
With that in mind, is there any powerline or RF based solution that has stronger encryption, or is hardwired the only way to go? Since this will be a piecemeal project I'm not really concerned with pulling extra cables to all my existing wall switches over time to replace them with something controlable. I'm just not familiar with any hardware that is hardwired based, nor the controller options (ideally PC based software - either Windows or Linux). Can anyone recommend options along these lines?
 
Actually... let me clarify... by hardwire I mean something like replacement wall switches you'd buy for a UPB or Insteon setup... where they work just like regular wall switches you can flip on and off manually at the switch, but also can control remotely also. In my mind I would assume a hardwire device like this would cheaper and basically be more or less a regular switch but with a relay that was flipped when a signal (maybe 12v or something?) is sent down the signal wires as opposed to being picked out of the power lines.
 
Or, are there only hardwire solutions out there geared towards new builds where all of the wiring to loads goes straight through the controller and you have no traditional switches anymore? A solution like that would not work for me, so hopefully there are hardwire equivalents of UPB and Insteon type switches.
 
Thanks!
 
I have Zwave deadbolts... if someone hacks it to unlock my front door, I have bigger problems. In reality, having that done isn't any different than someone smashing in the front door (or a window) - either way they have gained entry which isn't very difficult to do in most any home. Hence my reason having an alarm system on the other side of that as well. The fact is that there are always trade offs between security and convenience.
 
Having said that, all of the technologies (Zwave, Zigbee, UPB, Insteon, etc) work as you explained - they work just like regular wall switches if you use them manually, but have the communication technology to be controlled. I think UPB is the only "hardwired" system left - the signals are sent over the power lines. I don't think there are any systems left that utilize a separate control wire - I may be wrong. However, UPB switches aren't really any cheaper than wireless ones - and none of them are cheap when you consider that you are replacing a $2 switch.
 
moleman said:
The biggest unknown for me is what hardware to go with. My biggest problem with all the main offerings like UPB, Insteon, Zwave, Zigbee, etc is they offer no encryption or 128 WEP encryption (which is trivial to crack).
I'm not sure you have done your research. What leds you to beleive Zigbee has no security?  https://docs.zigbee.org/zigbee-docs/dcn/09/docs-09-5378-00-0mwg-zigbee-security.pdf I have no doubt that any bad guy would break in your door, before they bothered to break the Zigbee security.
 
And Zigbee doesn't just have one layer of security, it can have many. Whether you know it or not, you likely have a Zigbee smartmeter, and if you stop paying your electric bill, its very likely your utility can remotely shut off your power. So you probably are already using more Zigbee security than you even know.
 
Regardless of security, if you have the option and funds to go with a hardwired system, do it. It's always likely to be the safest, fastest, most robust way to go. There are just fewer moving parts and, other things being equal, that's always a good thing. There are certainly hard wired options out there for lighting systems (which also generally cover some other combination of sensors, locks, thermos, etc... as well.)
 
They will likely cost more up front. But, if I were building new and could afford it, I'd not consider for a second which way to go.
 
And of course that doesn't mean you can't still (not never use double negatives) use non-hard wired things in some peripheral scenarios where it's less important. You can always use a combination. If someone can manage to turn on your shed light or something, that's not too much to worry about, if it was cost prohibitive to get the hardwired system from the house to the shed, etc... And some systems (AFAIK) are designed purposefully to provide that combination of hardwired and wireless, in the same product, so it doesn't necessarily require some sort of bits and pieces hybrid to do it.
 
Wouldn't Centralite fall into that category of supporting a combination of hardwired and Zigbee modules?
 
How about installing noise absorber or filters to block powerline sognals?

Btw, what wireless HA protocol use wep? Kwikset's zwave door locks use aes-128 encryption for control.
 
Regarding electronic locks: if they allow for the use of a bypass key, then most likely that's a much higher vulnerability than the wireless electronics.  For instance, the mechanical hardware made by both Kwikset and Schlage seems ridiculously easy to bypass, as you can see for yourself on youtube.  I can't fathom why it isn't more secure than it is, unless maybe it's to appease locksmiths who earn a living defeating it.
 
My view is that most locks just keep honest people honest.  The Kwikset and Schlage locks you can buy at the big box stores aren't going to stand up to anything more than a minimal attack.
 
If you want your lock to provide good security, then you need to go with a lock that has a high security cylinder, like a Medeco or ASSA. 
 
But the reality is that most burglars don't bother picking locks or using bump keys.  They'll just kick in the door or break a window.
 
Thanks for the replies. No doubt the average crook could smash a window easier than hacking the locks, but what if you were trying to incorporate you alarm into your HA (lock doors, alarm set)? Having the alarm on the same layer would undoubtably insecure. A lot of my HA goals are actually geared towards security as opposed to pure convience.  
 
I didn't claim Zigbee was insecure, said the products were either no encryption or 128 bit encrypted, but I mistakenly said Zigbee was using WEP (which was repeated on a different site), but it is actually using AES-CCM. In theroy, if you use a long and strong key (lower+upper case+numbers+symbols) it should not be easy to crack. The only option available would be to brute force it, assuming there are not inherent flaws in the vendors devices themselves, for instance when pairing. But there is... if you update the keys over the air someone can grab them. Also, Zigbee suffers from replay attacks. Unless the devices themselves have additional session checking, and not relying on just the protocol, you can just rebroadcast the packets and the nodes will think they are legit. For someone who just wants to screw around they don't need to isolate each command to a physcial event taking place at your home. Having a bunch of devices toggling at random would such.
 
I'll go and look harder at the hardwired options I found the other night, but they look like they're geared towards new builds or overhauls as opposed to minor retrofit. I was really hoping to find the equivalent of an Insteon switch that either took something like a 12v 2-wire command wire, or perhaps a Cat5 cable, and the command wires ran to the controller of course. So the load is still controlled at the switch, but the switch is able to be controlled by the command wire.
 
Looking at these hardwire systems it appears that all of the load wires go through the controller, and the command wires go to the wall switch.
 
My touchpad made that reply seem a little garbled, some missing words and such... but hopefully it makes enough sense.
 
RAL said:
My view is that most locks just keep honest people honest.  The Kwikset and Schlage locks you can buy at the big box stores aren't going to stand up to anything more than a minimal attack.
 
If you want your lock to provide good security, then you need to go with a lock that has a high security cylinder, like a Medeco or ASSA. 
 
But the reality is that most burglars don't bother picking locks or using bump keys.  They'll just kick in the door or break a window.
So, at the end of the day, is the better cylinder worth it or not?
 
I think the moral is to stop worrying about the lock cylinder or encryption technology and reinforce your door frame. (Or you could add a security door.)
 
moleman said:
I'll go and look harder at the hardwired options I found the other night, but they look like they're geared towards new builds or overhauls as opposed to minor retrofit. I was really hoping to find the equivalent of an Insteon switch that either took something like a 12v 2-wire command wire, or perhaps a Cat5 cable, and the command wires ran to the controller of course. So the load is still controlled at the switch, but the switch is able to be controlled by the command wire.
 
Looking at these hardwire systems it appears that all of the load wires go through the controller, and the command wires go to the wall switch.
Most UL listed hard-wired systems have loads home-run to the controller, and run cat5 wire to low-voltage keypads that control the loads at the wall locations. The electric code is very unfriendly to combining low and high voltage wires in the same box, this is one of the the reasons such switches do not exist in consumer market. So you don't have many options to choose from. Aside from going with the full hard-wired system, your current best options would be UPB or zigbee Jetstream that are a bit more secure than the rest of the wireless tech, but nothing will beat the hard wire in both lighting and the rest of the HA.
 
I somehow read the original post as asking about hardwired systems, because of perceived lackings in non-hardwired. My eyes are getting worse by the day, or maybe it's the brain operating them, who knows. But yeh, if need to retrofit, then hardwired probably ain't too practical. As mentioned Jetstream or possibly Radio RA2 would be good choices. would be good choices for a high quality retrofit friendly solution. As far as RA2, I don't know what their security setup is at the wireless level, or even what technology they use. But the control interface uses a username/password that the automation system has to provide. It's in the clear of course since they don't utilize any sort of certificate system or shared secret encryption.
 
ano said:
I think the moral is to stop worrying about the lock cylinder or encryption technology and reinforce your door frame. (Or you could add a security door.)
 
And add security screens to all your windows, and a moat... and... don't forget the razor wire.
 
If someone truly wants to break into your house, good luck keeping them out.
 
ano said:
I think the moral is to stop worrying about the lock cylinder or encryption technology and reinforce your door frame. (Or you could add a security door.)
 
This. Everyone is worried about lack of encryption - it doesn't matter until someone is inside your home, and most homes can't stop a single kick to the door or brick to the window. 
 
Back
Top