CZ:Featured article/Current: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Chunbum Park
(→‎Acid rain: Active attack)
imported>John Stephenson
(template)
 
(32 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== '''[[Active attack]]''' ==
{{:{{FeaturedArticleTitle}}}}
----
<small>
In [[cryptography]] an '''active attack''' on a communications system is one in which the attacker changes the communication. He may create, forge, alter, replace, block or reroute messages. This contrasts with a [[passive attack]] in which the attacker only eavesdrops; he may read messages he is not supposed to see, but he does not alter messages.
==Footnotes==
 
== Active attacks on communication ==
 
Active attacks that target the communication system itself include:
* [[man-in-the-middle attack]]; the attacker tricks both communicating parties into communicating with him; they think they are talking to each other
* [[Stream_cipher#Rewrite_attacks | rewrite attacks]]; the attacker can replace a message with anything he chooses
 
'''Successful active attacks are devastating!''' If the attacker can replace messages and have them taken as genuine, it is all over. The security system is then at best worthless; at worst it is of great value to the enemy.
 
Fortunately, these attacks are '''generally hard to execute'''. The attacker must not only intercept messages, break whatever [[cryptography]] is in use (often ''both'' an authentication mechanism and a cipher), and send off his bogus message; he also has to block delivery of the genuine message. Moreover, he has to do it all '''in real time''', fast enough to avoid alerting his victims and to beat whatever synchronisation mechanisms the network may be using. A cryptosystem that an enemy can break in hours or days would generally be considered insecure, even worthless, but it will prevent active attacks as long as the enemy cannot break it quickly enough to replace messages.
 
''[[Active attack|.... (read more)]]''
 
{| class="wikitable collapsible collapsed" style="width: 90%; float: center; margin: 0.5em 1em 0.8em 0px;"
|-
! style="text-align: center;" | &nbsp;[[Active attack|notes]]
|-
|
{{reflist|2}}
{{reflist|2}}
|}
</small>

Latest revision as of 10:19, 11 September 2020

Categories of smart home devices shown on Amazon's website in April 2023.

The phrase smart home refers to home automation devices that have internet access. Home automation, a broader category, includes any device that can be monitored or controlled via wireless radio signals, not just those having internet access. Whether the device is powered by the electrical grid or by battery, if it uses the home Wi-Fi network and if an internet logon needs to be created to use it, then it is smart home technology.

Collectively, all the smart home devices on every home's Wi-Fi network helps to make up what is called the Internet of Things (IoT), a huge sea of sensors and control devices across the world that are capable of being accessed from afar via the internet. One of the key reasons such devices need internet access is so that the manufacturer can periodically download updated firmware to the device to keep it up-to-date. However, being available via the internet also means that such devices are, potentially, available for spying or hacking. Today, homes may contain dozens or even hundreds of such devices, and consumers may enjoy their benefits while knowing little about how they work, or even realizing that they are present.

Not all home automation is "smart"

Many remotely controllable devices do not require internet access. They may instead have physical control devices that use either RF (“Radio Frequency”) or IR (“Infrared”) beams, two different kinds of energy used in remote controls to communicate commands. Non-"smart" home automation may also present security risks, because the control signals can be hijacked by bad actors with the right signaling equipment. Garage door openers are of particular note in this regard. Modern automobiles, in fact, are full of automation similar to home automation, and cars are hackable by bad actors in a number of ways. See Wikipedia's Automotive hacking article for more information.

Incompatibility hassles

At present, consumers must make sure that the smart device they wish to use is specified to be compatible whichever phone/tablet operating system they use (Apple vs. Android). Since smart home products emerged in the absence of any standard, a morass of competing methods for networking, control and monitoring now exist. For some products, consumers may need to buy an expensive hub, or bridge, a device that is specific to one vendor. Products made by different manufacturers but performing the same function are typically not interoperable. Consumers often need to open a different app on their smartphone or tablet in order to control devices by each manufacturer. This may make it too expensive and awkward to try out competing devices, leaving consumers stuck with the product they bought originally or else having to add yet more apps to their phones.

Security concerns

Security for smart home products has been uneven and sometimes seriously inadequate. Smart thermostats which can monitor whether a home's occupants are present or not, entry-way locks, robotic vacuums that work with a map of the house, and other smart home devices can present very real dangers if hackers can access their data.

Matter, an emerging standard

Matter is emerging standard in 2023 intended to increase security, reliability and inter-operability of smart-home devices. About ten years ago, industry consortiums formed to work on standards for smart home device communications, and their underlying wireless communications, which would make it possible for products from all vendors to work together seamlessly and provide fast performance, privacy, and security and would work even if there is not connection to the outside internet (i.e., no connection to "the cloud" or to servers).

Footnotes

Retrieved from "https://citizendium.org/wiki/index.php?title=CZ:Featured_article/Current&oldid=759442"