The Z-Wave Alliance is taking steps to boost security for the Internet of Things (IoT) with a new mandate for connected devices seeking certification from the group.
The alliance’s board of directors recently voted to require implementation of the new Security 2 (S2) framework in all products that are seeking Z-Wave certification. The mandate will go into effect on April 2, 2017, the alliance said.
“This is an important addition to its certification program that will require manufacturers to adopt the strongest levels of IoT security in the industry,” the Z-Wave Alliance said in a statement announcing the decision. “The security measures in S2 provide the most advanced security for smart home devices and controllers, gateways, and hubs in the market today.”
According to the group, S2 was developed via collaboration with cybersecurity hacking experts, and includes secure communication features both locally for home-based devices as well as in the hub or gateway for cloud functions. The alliance said S2 requires a QR or pin-code on the device to uniquely authenticate it to the network, and negates common hacking techniques such as man-in-the-middle and brute force through the use of a secure key exchange using Elliptic Curve Diffie-Hellman (ECDH). Z-Wave said S2 also boosted cloud security by routing all Z-Wave-over-IP traffic through a secure TLS 1.1 tunnel.
The move comes amid growing concerns around IoT security and a push from those in the industry – as well as the U.S. Department of Homeland Security – to address the issue before it’s too late.
“This recent decision to make the S2 framework mandatory on all Z-Wave certified devices stems from a growing need for industry leadership in the smart home space to take the security and privacy of devices in the market seriously,” Mitchell Klein, executive director of the Z-Wave Alliance, commented. “No one can afford to sit on their hands and wait – consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don’t act will be left behind.”