The Z-Wave Alliance has added a security requirement to its long-standing interoperability certification for smart home products and services.
Called Security 2 (S2), the framework will become mandatory for all products seeking Z-Wave certification after April 2, 2017, following a vote from the Alliance’s Board of Directors.
According to the consortium, it is an important addition to its certification program that puts the onus on manufacturers to adopt the strongest levels of IoT security in the industry.
The S2 framework was developed in conjunction with cybersecurity hacking experts. It works by securing communication both locally for home-based devices and in the hub or gateway for cloud functions.
By using a QR or pin-code on the device itself, S2 will enable unique authentication to the network on a per-device basis.
In addition, the use of Elliptic Curve Diffie-Hellman (ECDH) secure-key exchange can help prevent common hacks such as man-in-the-middle and brute force.
For cloud communications, S2 will secure all Z-Wave-over-IP traffic through a TLS 1.1 tunnel.
Mitchell Klein, executive director of the Z-Wave Alliance, said in a statement: “This recent decision to make the S2 framework mandatory on all Z-Wave certified devices stems from a growing need for industry leadership in the smart home space to take the security and privacy of devices in the market seriously.
“No one can afford to sit on their hands and wait – consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don’t act will be left behind.”