Secure storage and transfer of data in a smart lock system
Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Master’s Programme in Computer, Communication and Information Sciences
AbstractThe Internet of Things plays a bigger and bigger role in our everyday life. One example of IoT devices are smart locks. Lukoton Experience Oy is a Finnish company working on smart lock systems for businesses. The aims of this work were to analyse their existing smart lock system from the security perspective and to design a new system using the opportunities of an Atmel Corporation EEPROM chip with embedded cryptographic functions. Subsequent to this, the new design was compared to the existing system as well as to similar products on the market. The new system uses AES encryption in CCM mode, stores the keys only in a protected EEPROM chip and the cloud server, and uses Bluetooth Low Energy and HTTPS channels for sending data. The paper presents the new system in detail and shows that it is more secure than the existing one by providing authentication and message integrity as well as better protection of the chip at hardware and software level. It rejects all common attacks and stops Replay attacks at an earlier stage. The new system also resists attacks that many analogues on the market are susceptible to.
Thesis advisorNyberg, Kaisa
cryptography, data exchange, information security, internet of things, replay attack, smart locks