Picture an automated home. This house can perform many functions such as turning on lights, appliances, and your A/C all from a remote location. You can hear your e-mail, the news, the weather, etc by asking for it through a PC microphone or a telephone. You have all kind of timers for various things like sprinklers for example. Outside and inside motion detectors cause various systems to respond. Obviously it has a security alarm... Etc, etc... you get the picture....
This house is either PC or Web controlled, so there are security risks. Someone can break into your system and cause havoc. I don't know, something like starting the fireplace or the stove and setting it on high could cause your house to burn down. Or turning off the heat in sub zero temperatures could cause the pipes to freeze. These are extreme cases. But some annoyances could occur as well such as turning on your home entertainment system full blast at 3 in the morning while your asleep or turning on the outdoors lights every 5 minutes for nothing making you think that someone is at your front porch. Again I think you get the idea...
What I want to know is if someone is to attack such a system, how would they go about it? At what layer of the system (application, utilities, OS) would the attack take place? How would you go about protecting such a home? What kind of security model would you use?
I don't want any scripts or code, I just want the thinking process as I have to design a whole set of security policies. And if you have other ideas about attacks, throw them my way.... attack ideas would be helpful in designing security measures.
As security measures I'm thinking of authentication, role based access control, cryptography, intrusion detection, and the like, but I want to have others opinions so that I can create a well rounded project.
If anyone has any insights on my question I will truly appreciate your comments.
Thanks and happy trails!!!
