Wireless Sensor Network, 2009, 1, 1-60
Published Online April 2009 in SciRes (http://www.SciRP.org/journal/wsn/).
Copyright © 2009 SciRes. Wireless Sensor Network, 2009, 1, 1-60
The Analysis of the Structure and Security of Home
Control Subnet*
Chengyi WANG1, Yun ZHANG2,3
1School of Electronic Engineering, Hubei University of Economics, Wuhan, China
2International School of Software, Wuhan University, Wuhan, China
3Research Center of Spatial Information and Digital Engineering, Wuhan University, Wuhan, China
Email: wcytjx@126.com
Received November 16, 2008; revised January 10, 2009; accepted February 5, 2009
A lot of technologies can be used in home control subnet, but the hardware and software resources available
for the home control subnet are limited. There are security problems easily seen. The paper gives the system-
atic analysis of the structure and function of home control subnet based on the general model of home net-
work. The paper has also analyzed two types of major equipment, namely sub-gateways and terminal equip-
ment. The major networking technology used in home control subnet is summarized and concluded. In com-
bination with relationship among home control subnet, home network, as well as the outside main network,
the paper has systematically studied various safety problems related to home control gateways and the possi-
ble solutions to those problems have been made.
Keywords: Home Network, Home Control Subnet, Network Architecture, Network Security
1. Introduction
Home network is developed from the concept of home
LAN, Intelligent home. It is the integrated networks of
home control networks and multimedia information net-
work, which is an integrated business platform with a
voice, data, multimedia, video, control and management.
Home network can be roughly divided into the high-
speed backbone-network and low-speed control subnet.
Subnet of control, there is a lot of technology and stan-
dards can be used, can be connected with home back-
bone-network, and even be connected with the Internet.
Therefore, in building control network function, security
issues associated with the network exists. The paper
gives the analysis of the technology, structure and secu-
rity issue of home subnet and also gives the description
of the possible solutions.
2. The Architecture of the Home Control
2.1. The Reference Model of the Home Network
Home control Subnet is one part of home network. It is
described in detail in the structure reference model [1],
as shown in Figure 1. The home backbone-network is
linked with Internet and the management by home net-
work gateway. Home control Subnet is connected with
home backbone-network through sub-subnet gateway.
Home backbone-network equipment can communicate
with each other, getting access to external networks
through the main gateway, holding the control operations
of the equipment through the sub-subnet gateways.
Home control subnet device can communicate through
sub-gateway and the main gateway with the external
home network.
2.2. Main Functions of the Control Subnet
The functions of home control subnet should be [2]:
Inquiry function: the adoption of home control subnet
gateway can query the status of subnet equipment;
Control function: It can control the devices under the
home control subnet through subnet gateways, but
also implement the remote control through the main
Configure function: implementation of the home sub-
*Fund Project: Hubei Province education department scientific research
C. Y. WANG ET AL. 57
Copyright © 2009 SciRes. Wireless Sensor Network, 2009, 1, 1-60
net configuration control operation;
Message function: For auto-discovery, device man-
agement to provide basic information, it is able to take
the initiative to send its status report to sub-gateways.
2.3. The Typical Structure of Home Control Subnet
A home network can have one or more home control
subnet, each subnet network consisting of a subnet gate-
way and a number of terminal equipment. They can be
connected through twisted pair, power line, radio fre-
quency, infrared fiber and optical fiber, etc. One typical
structure is shown in Figure 2.
2.4. The Structure of Subnet Gateway
Subnet gateway is one of the home control network
equipment, whose functions are to enquire about the
home control network device, parameter setting and con-
trol and to allocate and manage, home subnet equipment.
In terms of hardware, sub-gateway is based on the 32-bit
embedded system (such as the S3C2410x) to achieve
implementation, shown in Figure 2. For the software,
sub-gateways are based on embedded operating system
(such as ARMlinux), Web server (such as boa), data base
management system (such as SQLite) and so on to get
the implementation.
As the central equipment of home control subnet, it is
necessary for subnet to provide services for main net-
work and external network, such as user authentication,
remote control. It is needed for subnet to offer the ser-
vice to the subnet equipment, such as the provision of the
dynamic registration of terminal equipment, collecting
the relevant data of terminal equipment. Subnet will also
have the maintenance of a variety of information data-
bases [3] and give sustained, reliable data information
for information exchange and management. Its logical
structure is as shown in Figure 3.
Figure 1. Home network structure reference model.
Figure 2. The typical structure of home control subnet.
58 C. Y. WANG ET AL.
Copyright © 2009 SciRes. Wireless Sensor Network, 2009, 1, 1-60
Subnet gateway can provide remote services and re-
mote control for the outside network user, the software
architecture is as shown in Figure 4.
3. Networking Technology of Home Control
Home control subnet networking technology, according
to the introduction of home network technology at the
source, can be divided into bus technology, Ethernet
technology and wireless network technology. Among
them, the Ethernet technology mainly refers to industrial
Ethernet technology. In terms of reliability, redundancy
and other aspects of treatment improved the Ethernet
technology is improved, but with less applications. Wire-
less network technology includes the 802.11 series, radio
frequency, infrared, Bluetooth, ZigBee, etc. Bus tech-
nology can best bear the real-time control network, or-
derly and interoperable features. The typical of the bus
technology is as shown in Table 1.
4. The Security Problems and Related
Measures of Terminal Equipment and Wire
The Security risks of home control subnet may come
from different levels, such as from the physics, the vul-
nerability of technology or man-made attack. The details
are as follows.
Figure 3. Subnet logical structure.
Figure 4. The subnet gateway software architecture.
Table 1. Typical bus technology.
Bus typeRelevant standardsThe transmission
transfer rate
X-10 The standard in factpower line 60bps
twisted pair, power
line, coaxial cable,
[4] ANSI/EIA-709
Twisted pair, power
line, coaxial cable,
wireless and optical
EIB European Installa-
tion Bus Association
twisted pair, power
line, wireless, infrared 10kbps
CAN [5]ISO 11898-1 twisted pair, coaxial
cable, and optical fiber1Mbps
4.1. The Physical Security of Equipment
Problem 1: the physical security of equipment is the
home control subnet gateway equipment, terminal equip-
ment their own safety, including accident damage and
man-made events, such as home gateways, connecting
wires, home appliances equipment having been illegally
linked, external electromagnetic interference, fire and
other natural disasters.
Related measures: To set up password for access to
essential equipment and more stringent measure of gate-
way certification is needed.
Problem 2: the power network security of the equip-
ment and the security of weak power supply system.
Related measures: the use of effective protective cir-
cuit (such as the circuit with the energy absorption or
photoelectric isolation function) for security.
Problem 3: There being more wireless networking
technology in home control subnet, it may be overlapped
with the frequency bands of other networks.
Related measures: the application of frequency bands
approved by local relevant agencies for networking.
Problem 4: power line information security, including
EMC (Electromagnetic Compatibility) and the signal
Related measures: strict and effective grounding
equipment, the use of isolators to isolate carrier.
4.2. The Protocol Security of Low Layer Network
Problem 5: RF wireless technology security, such as
802.11b technological security. Take 802.11b as an ex-
ample, it shared key authentication by using one-way
authentication method so that the access point can verify
the identity of the user, but users can not verify the iden-
tity of the access point. If a false place is put to WLAN
access points, it will hijack the legitimate client to launch
a platform of DOS (denial of service stacks).
Related measures: By using two-way authentication
mechanism so that detecting and isolating a false access
point becomes possible. MAC address filtering, Wired
Equivalent Privacy, etc. will be jointly used.
C. Y. WANG ET AL. 59
Copyright © 2009 SciRes. Wireless Sensor Network, 2009, 1, 1-60
Problem 6: wireless coverage and information secu-
rity. Neighbor device gets involved.
Related measures: One solution is to manually set ID
for terminal equipment. The other is to verify the identity
of terminal equipment.
5. The Security Problems and Related
Measures of Subnet Gateway
As for the home control subnet, security of the gateway
is most complex. In addition to the above mentioned
similar device safety problems, more problems will oc-
cur at the top of network protocols. The security of sub-
net gateway is closely related with the location, structure
and functions of subnet gateway. In terms of the location,
the sub-gateway is key equipment between home control
subnet and home backbone-network, being a member of
the main network. In terms of the functions, the sub-
gateways take the responsibilities of equipment registra-
tion, management and control, of verifying authentica-
tion of remote users, of information services and opera-
tional control. The sub-gateways for are responsible for
the communication links between the main network and
subnet, for the implementation of the centralized control
and remote control of home control subnet terminal
equipment, for bridging UPnP network upper protocol of
main network. In terms of the protocol, the sub-gateways
are involved in the multi-layered protocol stack. See Fig-
ure 5, showing that they result in different levels of net-
work security problems.
The main security problems of subnet gateways are:
Security of information: By the home sensors, an at-
tacker can intercept domestic information of one fam-
ily, such the working status of home appliances and
personal privacy.
User authentication: The attacker will illegally play as
family members or staff of property management to
read data and announce false instructions.
User license: The attacker will illegal use or steal the
authorization of the owner to take sabotage activities
on purpose;
Data integrity: An attacker will undermine the integ-
rity of data through tampering the user’s data and in-
structions. Specific analysis is as follows.
Problem 7: The safety of subnet gateway HTTP Au-
thentication [6]. If the system is based on the HTTP ba-
sic authentication (Basic Authorization), and when the
client makes requests to the HTTP server, HTTP server
Figure 5. Subnet gateway protocol stack.
will determine the legality of the user through the basic
certification process of verifying the client's name and
password. In this certification process a user's name and
password is submitted to the Web server after a 64-bit
encoded files are put on the HTTP headers, but the pass-
word and user name is transmitted in plaintext way so
that it can easily be intercepted and any user with that
name and password can have access to these protected
Related measures: For the weaknesses of basic au-
thentication, HTTP/1.1 proposed to improve the user
authentication program, known as the digest access au-
thorization. With the similarity to the basic certification,
digest access authorization is also a testing key know to
both sides, but the transmission is not in plaintext way
transmission, but in cipher text way transmission. Access
control on the client can be divided into three steps,
namely, identification authentication of clients and home
gateway, the identification and authentication of client
name and password, the check of the permissions of cus-
tomer account.
Problem 8: How to encrypt and transmit important
Related measures: One solution is to use SSL (Se-
cure Sockets Layer) protocol to simplify the information
so that it applies to a subnet gateway of home network
[7]. The protocol stack is as shown in Figure 5.
With the introduction of SSL protocol, it can upgrade
the Web server and client communication confidentiality,
data integrity and effective authentication. In combina-
tion with HTTP digest access authorization, different
authentication can be done based on different levels of
security. The visiting right is grouped. Through user
groups of different terminals for different access control,
and thus a more comprehensive security control can be
achieved. The detailed measure is that different levels of
equipment and its operation of home appliances will use
different security systems. High security can hold SSL
secure communication through the port of 443, or other-
wise through the transfer port of 80 for HTTP, just use an
easy authentication at the application layer. The main
process of Web server is monitoring 80 ports and 433
ports. When 80 ports received request from HTTP, HTTP
server would have digest access authorization to the cli-
ents. Upon completion of authentication, data will start
to be transmitted. When there is a request of connection
from the port of 443, the simplified SSL system which
ensures security of transmission and authentication will
be used.
Problem 9: Non-repudiation problem. It mainly refers
to interaction between the two sides not denying the ex-
change of information, focusing on the user who cannot
deny the operation on the home gateway and the terminal
Related measures: A basic approach is to log the user
operations, to set up a log database. All users will be
recorded for all operations. If the problem of non-repu-
diation is tackled, the adoption of digital signatures will
60 C. Y. WANG ET AL.
Copyright © 2009 SciRes. Wireless Sensor Network, 2009, 1, 1-60
Problem 10: Access Control security.
Related measures: For characteristics of home
subnet, manager and user is usually the home member,
therefore it is needless to grasp the complex set of in-
ternal details of permissions. As we know, there will be
more types of electrical appliances at home their func-
tions will become more and more complex. A possible
solution is to establish the control strategy based on the
object-model. From the perspective of the controlled
object, the object-model will directly link the access to
the subject with the controlled access object. On one
hand, it is easy to operate the definition of the access
control list object, deletion, addition and modification.
On the other hand, when the controlled object feature
changes, or the controlled object has the action of in-
herit and derivation, there is no need to update the ac-
cess to the subject with the permissions, only need to
modify the corresponding access of the controlled ob-
ject, thereby reducing access to management of subject
and decreasing the complexity of the authorized data
Problem 11: The security of device auto-discovery
mechanism based on UPnP (Universal Plug and Play) [8]
[9]. In order to get the intelligence of home backbone-
network, there will be implementation of equipment,
service auto-discovery protocol stack. The most typical
one is UPnP. Because of malicious intrusion to the
equipment, UPnP as the main equipment of home back-
bone-network, by subnet gateway as bridge, will get in-
formation of control subnet terminal equipment, and can
do further attacks.
Related measures: the log can be used to record the
user's operation, alarm. Subnet gateway can use the ap-
propriate sub-gateway packet filtering strategy.
Problem 12: The security problem of virus attack and
hacker attack.
Related Measures: The main solution is that the main
gateway of home network is armed with firewall func-
tion so that it can block and prevent the attack of viruses,
Trojans, hacker, and so on.
6. Conclusions
Through systematic analysis of the home control subnet
structures, networking, and the relations of home control
subnet and home backbone-network, especially the
structure, functions of subnet gateway of home network
and protocol stack, safety issues of home control subnet
in different levels and aspects, including security of
physical security equipment, the safety of the underlying
protocol and the protocol level, are analyzed in detail
and workable solutions are provided step by step. In
short, as long as we make the full use of limited re-
sources of the control subnet, make a reasonable choice
of technology and build different levels of security pre-
cautions, a reliable and practical home control subnet
will be surely constructed.
7. References
[1] SJ/T 11316-2005, “Home network system architecture
and reference model,” People’s Republic of China Elec-
tronic Industry Standard, September 2005.
[2] SJ/T 11314-2005, “Specification for home subnet com-
munication protocol,” People’s Republic of China Elec-
tronic Industry Standard, September 2005.
[3] SJ/T 11317-2005, “Home network device description file
specification,” People’s Republic of China Electronic
Industry Standard, September 2005.
[4] F. Q. Wu, J. Li, and D. S. Hu, “Application of LON
works field bus technology in home network system,”
Journal of Chengde Petroleum College, Chengde, No. 4,
pp. 31-56, 2008.
[5] Bosch, “CAN specification Version 2.0,” September
[6] Y. Zhu, “Design and realization of an improved HTTP
digest authentication scheme,” Study on optical commu-
nication, Wuhan, No. 4, pp. 59-62, 2008.
[7] Y. Y. Zeng and Z. H. Zuo, “Design and implementation of
SSL protocol on embedded devices,” Journal of Chengdu
University of Information Technology, Chengdu, No. 4,
pp. 389-392, 2008.
[8] UPnP Forum, “UPnP device architecture 1.0,” April 2008.
[9] SJ/T 11310-2005, “Information device intelligent group-
ing and resource sharing Part1: Core protocol,” People’s
Republic of China Electronic Industry Standard, Sep-
tember 2005.