ond, given the interest of independent researchers in security analysis, vendors need to be
more transparent and engage with the research community to make sure they are promoting
ethics and retaining the trust of their ultimate consumers.
In this section, we took a look at one of the more popular door locks that millions of peo-
ple depend on for their safety. Although the type of lock we looked at can be deemed tradi-
tional (magnetic stripe–based), it still serves as an important lesson for the future, because the
next generation of locks is likely to include a hybrid of magnetic stripes and additional mecha-
nisms for electronic keys. The lessons learned in this section provide a solid foundation to
continue our quest into the analysis of door locks that include wireless and electronic key
functionality, as covered in the following sections.
The Case of Z-Wave-Enabled Door Locks
Z-Wave is a wireless protocol specifically designed for home automation. It transmits data in
small chunks, so it can use minimal power and can easily be embedded in devices such as
lightbulbs, entertainment systems, and various household appliances.
The Z-Wave protocol was first developed by a company called Zen-Sys, which was
acquired by Sigma Designs in 2008. The Z-Wave standard is maintained by a consortium of
manufacturers as part of the Z-Wave Alliance forum.
To get started with Z-Wave, you first need to buy a developer kit from Sigma Designs and
download the Z-Wave SDK. To become Z-Wave certified, you must be a member of the Z-
Wave Alliance.
In this section, we will discuss a specific security vulnerability discovered in the Z-Wave
implementation by Sigma Designs that affected door locks. This will provide a good perspec-
tive on critical security issues that have impacted the secure design of wireless door locks built
with Z-Wave.
Z-WAVE PROTOCOL AND IMPLEMENTATION ANALYSIS
The Z-Wave protocol consists of the following layers:
Physical layer
This layer consists of physical-layer specifications for radio communication.
Transport layer
This layer is responsible for packet transmission and retransmission, when the packet
sent was not acknowledged to have been delivered to the destination. Devices with limited
power supply, such as battery-powered door locks, are often designed to enter sleep mode.
Such devices turn on their radios on a periodic basis to look for incoming data. The trans-
port layer is responsible for coordinating the waking up of the device when such an event
occurs. In this case, the transmitting device sends several back-to-back packets in 100 ms
intervals to make sure the sleeping device notices one of the packets.
THE CASE OF Z-WAVE-ENABLED DOOR LOCKS 43