Z-Wave Alliance announces S2 framework for IoT devices
The Z-Wave Alliance, an open consortium of global companies deploying the Z-Wave smart home standard, is adding a security requirement to its interoperability certification, requiring manufacturers to adopt “the strongest levels of IoT security in the industry”, Z-Wave Alliance says.
December 1, 2016 By SP&T Staff
The Alliance board of directors has voted to make the implementation of the new Security 2 (S2) framework mandatory for all products that are Z-Wave certified after April 2, 2017.
A 2016 survey by Intel Security showed that two-thirds of consumers are worried about cybersecurity of connected devices and recent incidents involving popular brands demonstrates the real need for industry leadership.
“This decision to make the S2 framework mandatory on all Z-Wave certified devices stems from a growing need for industry leadership in the smart home space to take the security and privacy of devices in the market seriously,” said Mitchell Klein, executive director of the Z-Wave Alliance. “No one can afford to sit on their hands and wait—consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don’t act will be left behind.”
Z-Wave says its S2 framework was developed in conjunction with cybersecurity hacking experts and by securing communication both locally for home-based devices and in the hub or gateway for cloud functions, S2 “completely removes the risk of devices being hacked while they are included in the network”. By using a QR or pin-code on the device itself the devices are “uniquely authenticated to the network” as well.
“Common hacks such as man in the middle and brute force are virtually powerless against the S2 framework through the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH)”, the company added, noting Z-Wave also strengthened its cloud communication, enabling the tunnelling of all Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel.
Print this page