ISO/IEC 24767-1:2008

ISO/IEC 24767-1
Edition 1.0 2008-09
INTERNATIONAL
STANDARD
Information technology – Home network security –
Part 1: Security requirements
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about ISO/IEC copyright or have an enquiry about obtaining additional rights to this
publication, please contact the address below or your local IEC member National Committee for further information.

IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
ƒ Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
ƒ IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
ƒ Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
ƒ Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00
ISO/IEC 24767-1
Edition 1.0 2008-09
INTERNATIONAL
STANDARD
Information technology – Home network security –
Part 1: Security requirements
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
K
ICS 35.200 ISBN 2-8318-1000-1
– 2 – 24767-1 © ISO/IEC 2008(E)
CONTENTS
FOREWORD.4
1 Scope.5
2 Terms, definitions and abbreviations .5
2.1 Terms and definitions .5
2.2 Abbreviations .6
3 Conformance.6
4 Security requirements for home electronic systems and networks.6
4.1 General .6
4.2 Home electronic system security .7
4.3 Issues related to HES security but out of scope of this standard.11
5 Challenges .12
5.1 General .12
5.2 Always-on challenge .12
5.3 Power line challenge .12
5.4 Wireless challenge .13
5.5 Complex assortment devices challenge .13
5.6 Many and diverse user needs.13
5.7 Many and diverse applications.13
6 Security models.14
6.1 Introduction .14
6.2 Owner supported single home HES (OSS).14
6.3 Externally supported single home HES (ESS).14
6.4 Externally supported multiple homes HES (ESM) .14
7 Threat analysis.15
7.1 General .15
7.2 Unauthorized access .15
7.3 Malicious software and configuration .16
7.4 Denial of service .17
7.5 Unintended modification of data during communication .17
7.6 User errors .17
7.7 System failures .17
7.8 Security service providers .17
8 Security requirements.17
8.1 General .17
8.2 Access control.18
8.3 Data and message authentication.19
8.4 Remote access control .19
8.5 Protection of communications.19
8.6 Firewalls.20
8.7 Virus protection .20
8.8 Protection against denial of service attacks .20
8.9 Auditing.21
8.10 Recovery.21
9 Requirements on security solutions .21

24767-1 © ISO/IEC 2008(E) – 3 –
9.1 General .21
9.2 Different levels of security services for different applications in a home.21
9.3 Convenience .22
Annex A (informative) Comparison between office IT systems and home electronic
system security requirements .23
Bibliography.24

Figure 1 – A concept model of home networks.10
Figure 2 – Different considerations in different home environments .11

Table 1 – Security threats and corresponding defences .18

– 4 – 24767-1 © ISO/IEC 2008(E)
INFORMATION TECHNOLOGY –
HOME NETWORK SECURITY –
Part 1: Security requirements
FOREWORD
1) ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) form the
specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in
the development of International Standards. Their preparation is entrusted to technical committees; any ISO and
IEC member body interested in the subject dealt with may participate in this preparatory work. International
governmental and non-governmental organizations liaising with ISO and IEC also participate in this preparation.
2) In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote.
3) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC and ISO member bodies.
4) IEC, ISO and ISO/IEC publications have the form of recommendations for international use and are accepted
by IEC and ISO member bodies in that sense. While all reasonable efforts are made to ensure that the
technical content of IEC, ISO and ISO/IEC publications is accurate, IEC or ISO cannot be held responsible for
the way in which they are used or for any misinterpretation by any end user.
5) In order to promote international uniformity, IEC and ISO member bodies undertake to apply IEC, ISO and
ISO/IEC publications transparently to the maximum extent possible in their national and regional publications.
Any divergence between any ISO/IEC publication and the corresponding national or regional publication
should be clearly indicated in the latter.
6) ISO and IEC provide no marking procedure to indicate their approval and cannot be rendered responsible for
any equipment declared to be in conformity with an ISO/IEC publication.
7) All users should ensure that they have the latest edition of this publication.
8) No liability shall attach to IEC or ISO or its directors, employees, servants or agents including individual experts
and members of their technical committees and IEC or ISO member bodies for any personal injury, property
damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees)
and expenses arising out of the publication of, use of, or reliance upon, this ISO/IEC publication or any other IEC,
ISO or ISO/IEC publications.
9) Attention is drawn to the normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
10) Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
International Standard ISO/IEC 24767-1 was prepared by subcommittee 25: Interconnection
of information technology equipment, of ISO/IEC joint technical committee 1: Information
technology.
The list of all currently available parts of the ISO/IEC 24767 series, under the general title
Information technology – Home network security, can be found on the IEC web site.
This International Standard has been approved by vote of the member bodies, and the voting
results may be obtained from the address given on the second title page.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

24767-1 © ISO/IEC 2008(E) – 5 –
INFORMATION TECHNOLOGY –
HOME NETWORK SECURITY –
Part 1: Security requirements
1 Scope
This part of ISO/IEC 24767 specifies home network security requirements that may come from
inside or outside a home. It serves as a foundation for the development of security services
against threats affecting the home environment.
The discussions about security requirements in this standard are presented in a relatively
informal manner. Although many of the items discussed here are expected to guide the design
of security mechanisms applied either inside home networks or through the Internet, they are
not considered formal requirements.
Various devices are connected to the home network; see Figure 1. The devices of the “living
network”, the devices for “A/V entertainment” and the devices for “informational applications”
provide different features and performance. This standard provides means to analyse the
risks for each networked device and to define its specific “security requirements”.
2 Terms, definitions and abbreviations
2.1 Terms and definitions
For the purpose of this document the following definitions apply.
2.1.1
brown goods
A/V devices that are mainly used for entertainment, for example, television or DVD recorder
2.1.2
confidentiality
property that information is not made available or disclosed to unauthorized individuals,
entities or processes
2.1.3
data authentication
service used to ensure that the source of the data claimed by a party to a communication is
correctly verified
2.1.4
data integrity
property that data has not been altered or destroyed in an unauthorized manner
2.1.5
user authentication
service used to ensure that the identity claimed by a party to a communication is correctly
verified, whereas an authorization service ensures that the identified and authenticated party
is entitled to access a particular device or application on the home network
2.1.6
white goods
appliances that are used for daily life, for example, air conditioner, refrigerator and so on

– 6 – 24767-1 © ISO/IEC 2008(E)
2.2 Abbreviations
For the purpose of this document the following abbreviations apply.
A/V Audio / Visual
DDoS Distributed Denial of Service
DoS Denial of Service
DRM Digital Rights Management
DTV Digital TeleVision
DVD Digital Versatile Disc
ESM Externally Supported Multiple homes HES
ESS Externally Supported Single home HES
HES Home Electronic System
ICT Information and Communication Technology
IP Internet Protocol
IPSec IP Security protocol
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
IT Information Technology
MPEG Moving Picture Expert Group
OSS Owner supported single home HES
PDA Personal Digital Assistant
SSL Secure Sockets Layer
TCP Transmission Control Protocol
TLS Transport Layer Security
URL Uniform Resource Locator
VCR Video Cassette Recorder
VoIP Voice over Internet Protocol

3 Conformance
This part of ISO/IEC 24767 provides guidelines and contains no conformance requirements.
4 Security requirements for home electronic systems and networks
4.1 General
With the rapid development of the Internet and related networking technologies, computers in
offices as well as homes have been enabled to be connected to each other or to the outside
world to gain lots of resources. Today, the same technologies behind these successes are
extending their reach right into our homes to make devices as connectable as ordinary PCs.
In doing so, they will not only permit users to monitor and control their home appliances from
inside or outside the home, but also create new service development and opportunities, such
as remote controlling and maintenance of home appliances. This means that a simple home
computing environment will evolve into a home network of multiple devices for which security
will also be demanded.
A HES needs to be trusted by the inhabitants, users and owners of both the home and the
system. The purpose of security of the HES is to provide trust in the system. Since many
components of HES will be in operation 24 hours a day continuously and automatically
exchange information with the outside world, IT security is necessary in order to maintain the
confidentiality, integrity and availability of the data and the system. A well implemented
security solution implies for example that only authorized users and processes have access to

24767-1 © ISO/IEC 2008(E) – 7 –
the system and the data stored on the system or is communicated to and from the system,
and that only authorized users are able to use and modify the system.
Security requirements for HES can be described in several ways. This standard is limited to IT
security of the HES. However, information technology security needs to look beyond the
system itself, since the home shall be able to function, although with limited functionality, in
case of a break down of the IT system. There exists in an intelligent home features that are
normally supported by the HES that shall be possible to function also when the system breaks
down. In such cases one realizes that there exist security requirements that cannot be part of
the system itself, but that the system shall not prohibit the implementation of fallback
solutions.
There are several stakeholders in security. Not only inhabitants and owners of the HES have
to trust it, but also service providers and content providers. These latter have to trust that
their offered services and content are only used as authorized by them. However, one of the
foundations of the security of a system is that it has to be under the responsibility of a single
security manager. It is obvious that this has to be the responsibility of the inhabitants/owners
of the system. Whether this is done by him/herself or outsourced is irrelevant. It is still the
security manager who has the responsibility. The way service and content providers trust that
the HES and its users handle their services and content correctly is reduced to a contractual
issue. The contract may, for example, state functions, components or processes that shall be
supported by the HES.
It is not expected that a single architecture of HES can support all types of homes. Each
model might have a different set of security requirements. Three different models of designing
a HES will be described, each with a different set of security requirements.
It is obvious that some security requirements are seen as more important than others. Thus, it
can be seen that the support of some countermeasures will be optional. Furthermore,
countermeasures can be of different quality and cost. Also, the management and maintenance
efforts of these countermeasures can require different skills. This standard tries to explain the
reasons for the listed security requirements and thus allow the designer of the HES to
determine which security features a specific HES shall support. And considering quality
requirements and management and maintenance efforts, which mechanism shall be chosen
for that particular feature.
The security requirements in a home network depend both on how security and “home” are
defined and they also depend on what is envisioned as the “network” within that home. If the
network is just a link from a single PC to a printer or a cable modem, then security measures
applied to that cable and the equipment connected at either end of it could accomplish all the
network security that the home owner needs.
However, when a home contains dozens, if not hundreds, of networked devices, with some
belonging to the entire household and some belonging to individuals within the home, more
complex security measures will have to be taken into consideration.
4.2 Home electronic system security
4.2.1 Definition of HES and of system security
A home electronic system and networking can be defined as the collection of elements that
process, manage, transport and store information, enabling the connection and integration of
multiple computing, control, monitoring and communication devices in the home.
Ultimately, home electronic systems and networks will enable entertainment, information,
communication and security devices, in addition to appliances in the home, to communicate
with each other. These devices and appliances will share information and can be controlled
and monitored either within the home or remotely, and accordingly all home networks will
require some security mechanisms to safeguard their daily operations.

– 8 – 24767-1 © ISO/IEC 2008(E)
Network and information security can be understood as the ability of a network or an
information system to resist, at a given level of confidence, accidental events or malicious
actions. Such events or actions could compromise the availability, authenticity, integrity and
confidentiality of stored or transmitted data as well as related services offered via those
networks and systems.
The security incidents may be grouped as follows:
− Electronic communication can be intercepted and data copied or modified. This can cause
damage both through invasion of the privacy of individuals and through the exploitation of
data intercepted.
− Unauthorized access into computer and home computer networks is usually carried out
with malicious intent to copy, modify or destroy data and is likely to be extended to
systems and automatic equipment in the home.
− Disruptive attacks on the Internet have become quite common and in future the telephone
network may also become more vulnerable.
− Malicious software, such as viruses, can disable computers, delete or modify data or
reprogram home equipment. Some virus attacks have been extremely destructive and
costly.
− Misrepresentation of people or entities can cause substantial damages, for example
customers may download malicious software from a website masquerading as a trusted
source, contracts may be repudiated and confidential information may be sent to the
wrong persons.
− Many security incidents are due to unforeseen and unintentional events such as natural
disasters (floods, storms and earthquakes), hardware or software failures, and human
errors.
In addition to these incidents, there are other security related topics which also are important
for a home, such as the reliability of the system. Safety and physical security are outside the
scope of security information. Safety is related to the prevention of harming humans or
buildings. Physical security includes the protection of the home, the hardware of the home
electronic system by means of suitable door and window locks. These topics, although
relevant for the home, are not treated in this standard.
Since a home electronic system cannot be made completely reliable or security protected, it
shall be assumed that a failure of all or part of the system can occur. This loss of availability
shall be accounted for. There is thus the need to have recovery processes prepared in order
to be able to restart those parts of the data and system, and possibly to support fallback
technologies and procedures. A fallback solution is obviously outside the scope of the HES,
but it shall not forbid the existence of such solutions.
The security requirements of home networks not only address in-home usage, but also those
demanded by outside-home applications, all of which may have significant impact on services
ranging from residential user operations, vendor remote maintenance to multiform service-
providing applications. Once the boundaries of home networks become adjacent to the
outside world, security consideration in home networks will turn out to be similar to those
faced by the information and communications technology (ICT) department of a business. And
most of these have been widely discussed (see for example ISO/IEC 18028 series) and
Annex A.
However, there still exist some different characteristics between domestic applications and
corporate applications, home networking infrastructure and enterprise networks, residential
users’ needs and business workers’ needs. Therefore, it is necessary first to introduce some

24767-1 © ISO/IEC 2008(E) – 9 –
existing home networking models and illustrate some of their application domains, and then
look into these models to identify possible threats to home networks and, finally, detail the
security requirements.
Figure 1 shows a conceptual home networking model. A gateway is placed between a home
and the outside world: the Internet. Inside the home, there are a variety of devices possibly
falling into some categories as specified in Figure 1.

– 10 – 24767-1 © ISO/IEC 2008(E)

Living network: May comprise a washing machine, an air conditioner and an
electric rice cooker and can provide control operations of
activation/deactivation from either inside or outside.
A/V network: May comprise TVs, DVD players and other audio/video
equipment and can provide Internet connection through TV
(providing discriminative services compared with those offered
by PCs).
Versatile composite home theatre systems capable of sharing
audio/video resources between audio/video equipment and PCs.
Information equipment network:
May comprise home servers, printers, PCs, laptops, PDAs,
image phones, VoIP servers and handsets and can provide
printing out DTV screen to some printer connected with PC,
searching application data stored in PCs, PDAs or image
phones,
VoIP-based video/audio communications.
Figure 1 – A concept model of home networks
Lastly, at careful examination of the possibilities of home networks, it comes to light that the
security requirements can be divided into two parts: defence against outside threats and
defence against inside threats. Figure 2 shows different considerations in different home
environments.
24767-1 © ISO/IEC 2008(E) – 11 –
Security consideration (in home)
ill purpose unauthorized parties
Security hole of power line technology unreliablity of over-the-air technology
Security consideration (through Internet)
Internet
WWW.
Figure 2 – Different considerations in different home environments
For the inside-home issues, security problems may come from insecure networking
technologies, such as power line or wireless, and access control for different users/usages.
As for the outside-home issues, they may almost be the same as security holes over the
Internet.
4.3 Issues related to HES security but out of scope of this standard
4.3.1 DRM
Digital rights management (DRM) is concerned with the problem of illegal copying and
distribution of digital material with copyright. Typical examples are computer software, music
and movies. These may either be delivered over the network or on a device such as a CD.
It is in the interest of content providers that no illegal copying of content is made by a home
owner/inhabitant. Since this is not a threat to the home owner/inhabitant, but rather to the
content provider, it is out of scope of this standard.
4.3.2 Parental control
In many homes where children are present there can be a need for the parents to protect their
children from access to data that may cause them harm, such as films with violence and
pornography. The technology to achieve this is by means of access control. This can be in
various forms. One is to forbid access to unwanted service providers. Another is to only allow
access to a selection of permitted providers. In addition, data can be marked as not suited for
children and thus allow for an access control mechanism based on this information. This latter
method only works if the data has been appropriately marked and that this marking can be
understood by the access control method. Neither of these can, however, be guaranteed.
4.3.3 Crime reducing products and services
Criminogenic products and services is the term used for products and services with a
propensity to become the targets or the tools of crime. There are presently no standards in
this area, but one should note that in the future there might be technical requirements on the
HES in order to reduce crime on both products installed in the home as well as on services.

– 12 – 24767-1 © ISO/IEC 2008(E)
4.3.4 Consumer issues
There exist several guidelines on how to use a system. All users of the HES may be well
served by guidelines on how to use the system (e.g. electronic shopping) and how to maintain
and update a system in order to avoid vulnerabilities, such as avoiding viruses, worms, etc.
4.3.5 Service provider issues
There are security requirements on service providers in order to enable the users and owners
of HES to trust the data from them. This is true for all types of service providers, such as
those providing data for users (e.g. in the form of A/V services), those providing services for
the home (e.g. monitoring burglar alarms), and those providing services to the HES (e.g.
delivering software and firmware updates). All these service providers shall give the HES
users and owners assurance that the incoming data can be accepted, that is that the data is
coming from a trusted source and that the data is protected during the communications both
for privacy reasons and against malicious modifications.
4.3.6 Fallback issues
In any complex electronic and software system there is the possibility of things going wrong,
for example by equipment failure, software bugs, human error, lightning, flooding or malicious
damage. It is thus important to consider fallback technologies and procedures for safety
critical components of the home. As an example, door locks that depend on the HES need a
fallback mechanism so that the inhabitants will still be able to unlock and lock the doors.
4.3.7 Outsourcing issues
There is an issue on how to maintain the security of the HES when the responsibility for
support of information processing has been outsourced to another organization. The contract
shall at least address the risks, security controls and procedures. ISO/IEC 27002 gives
examples of issues that such a contract may address.
5 Challenges
5.1 General
The challenges of home networks mainly come from a complex assortment of devices, various
types of physical media and the different communications protocols used. Some security
challenges when deploying some well-known home networking infrastructure are listed below.
5.2 Always-on challenge
"Always-on" broadband connectivity makes Internet access fast and easy. Unfortunately, it
also leaves your home, office or business wide open to Internet hazards, such as hackers and
viruses.
Home devices with “always-on” connections are especially vulnerable to attacks, since they
are usually kept on-line for 24 hours a day and always connected to the Internet with the
same IP address.
5.3 Power line challenge
Issues of ensuring data stay secure arise for houses using the same power lines, especially
those in older areas. Most houses share the same “power-line subnet” with neighbouring
houses connected to the same distribution transformer. Power-line commands from one
house can easily reach devices in other near-by houses and thus interfere with the intended
controlling of those devices.
—————————
See Bibliography.
24767-1 © ISO/IEC 2008(E) – 13 –
5.4 Wireless challenge
Wireless networks pose many new security challenges as opposed to traditional wired
networks. The nature of wireless networks makes them vulnerable to various forms of attacks
such as passive eavesdropping, active interfering, leakage of secret information, data
tampering, impersonation and denial of service. Malicious users no longer need to gain
physical access to the network medium. They can simply stay within the transmission range of
a sending node to intercept that user’s transmissions.
5.5 Complex assortment devices challenge
Potential networked home appliances comprise: white goods, brown goods, telecom
equipment, computer equipment, lighting systems, house maintenance systems, alarm and
monitoring systems, health care systems, and so on. Some of them, such as white goods or
lighting systems, are constrained by limited resources and cannot offer complex computation.
But some of the information devices or A/V devices support variant applications and require
higher security strength to protect data. Security services for these variant devices need
different consideration.
5.6 Many and diverse user needs
When speaking of user needs, one recognizes that each user is an individual with specific
needs based upon his/her lifestyle, economic situation, education, and so on. Different home
models bring different security requirements, for example, security concerns coming from a
family with only a couple may differ from those of a couple with teenagers.
Most teenagers are trying to establish some degree of independence. This might include
ownership of personal networked devices and probably would include inviting friends over to
the house. What if the teenagers don’t want to share their contents in DVD with their parents?
What if those friends want to plug their own networked components into the home networks?
On the other hand, parents may want to impose some limitations on their children. For
instance, parents may want to ensure that children will not be able to access TV programs
after 7 PM on school days, or children under 12 years may not be allowed to view an R-rated
movie on the DVD-player.
For a single-person home, all the devices within the home belong to that person and there
may be no access control requirement inside the home. However, the householder may still
want to delegate some privileges to service providers for maintenance purposes, which makes
the task of securing the network from outside access necessary.
5.7 Many and diverse applications
Applications in home networks could be roughly categorized as
a) home automation: home control, home security and monitoring,
b) entertainment,
c) information and communication.
For these different applications, security requirements may not be the same.
For home automation, white goods manufacturers will include a network interface in their
products so that service providers with householders’ permission can remotely monitor the
status of equipment and consumables. In addition, steps shall be taken to ensure that control
commands can only come from approved, secure source addresses.
For entertainment, users always wish to connect their home entertainment devices together to
enable the distribution and sharing of digital video and audio throughout the house. But the

– 14 – 24767-1 © ISO/IEC 2008(E)
access control problems arise due to the convenience of connectivity. Also, device owners
may wish to make sure that the authorized users use only certain content.
For information and communication, protection of privacy has become more important than
other issues because communication may include some financial statements, bank account
and credit card information as well as personal details.
6 Security models
6.1 Introduction
Creating a complex HES that is trustworthy and managing it in order to keep it trustworthy is a
non-trivial task. This task depends on security policy enforcement methods which in turn rely
on the application of security techniques such as access control, integrity protection, etc.
Three completely different scenarios or models can be identified for the security of HES. It is
not surprising to see that all of these resemble different forms of enterprises. The threats and
security requirements in a home are, however, often weighted differently from those in an
enterprise. This standard denotes the three models as:
• the owner supported single home HES (OSS);
• the externally supported single home HES (ESS);
• the externally supported multiple homes HES (ESM).
6.2 Owner supported single home HES (OSS)
The first and simplest model consists of an isolated unit with its own HES (comprising one or
more system units), which is managed entirely by the owner or inhabitant of the house. This
corresponds roughly with the private use of a computer system with Internet connections as
seen today. Many of the threats and weaknesses of such a computer system are also to be
found in this architecture.
However, most home owners/inhabitants are generally unfamiliar with computer security and
would benefit from the availability of guidance in the form of security checklists. A better
approach might be to use professional support for the security of the HES. This leads us to
the next architecture.
6.3 Externally supported single home HES (ESS)
The second scenario also involves single homes. But instead of letting the owner/inhabitant
be responsible for the HES, and in particular for the security and trustworthiness of it, the
responsibility is outsourced to a professional IT service provider. This is very similar to the
way most small enterprises, too small to possess an own IT department, are set up. The
service provider can ensure that appropriate security solutions are selected, correctly
installed and maintained. The advantage with this scheme is that security and trust, which can
be difficult and time-consuming to install, maintain and keep up to date, is under responsibility
of professional expertise.
One can, however, go a step further and let the HES be held, run and handled by a
professional service provider. This leads us to the third model.
6.4 Externally supported multiple homes HES (ESM)
The third model is where a service provider serves a number of homes. These can be non-
localized homes spread out over a large area. But it can also be an apartment house or a
group of townhouses, where all apartments in the house or the townhouses in the area are
served by a local service department. One of the major differences between the first two
models and this one is that in the former the communications to and from the house are direct
whereas in the latter the communications are through the ESM.

24767-1 © ISO/IEC 2008(E) – 15 –
In this scenario, the home owner/inhabitants have a similar role as an employer or department
in a large organisation with a professional IT department. This would certainly be the most
convenient and secure solution for most home owners and inhabitants. If this architecture
were the most common one, its success would certainly depend on the monthly cost these
services would charge. These charges might be counterbalanced if insurance companies
reduced the premiums for those clients adopting these services.
7 Threat analysis
7.1 General
In a threat analysis one looks at possible damages for home owner/inhabitant caused by
actions on the HES, the home network or any pieces of information in the system.
Threats to home system and networks are similar to those to enterprise system and networks.
However, various threats differ in significance for domestic, rather than commercial, network
configurations and applications. For instance, while repudiation (denying that a transaction
took place) is obviously a serious issue for a bank or brokerage firm, it is of less concern for
the home, where the transaction is likely to be entirely private and non-commercial.
Conversely, businesses have little to gain by concealing which hours of the day their networks
are busiest, whereas residential users may very well wish to conceal traffic that indicates
whether or not they are at home.
Home users may feel less vulnerable because their network devices aren’t mission-critical
corporate systems holding vital company information and will not very likely become the target
of attacks, but such a view is outdated. Home network devices may not be the final target to
hack, but a launching point to attack other devices targeted by intruders.
Because it is not usually possible to determine the motive while you are under attack, home
users need to be sufficiently aware of the threats and know what solutions are available.
The following threats to the home system and network have been identified.
7.2 Unauthorized access
It is obvious that home users care about “which things are authorized to do what actions or
access what data on each device?” For example, in the case of a VCR player and its
controller, only the VCR controller corresponding to the VCR player can access the VCR
player. In other words, the VCR controller owned or operated by the non-family member, such
as a guest visiting the home, a neighbour or a user accessing through the Internet, may not
be allowed to access the VCR player owned by a particular family. There is thus a need to
protect the HES from unauthorized users and from events triggered by unauthorized systems
in and/or outside the home.
An unauthorized intruder may, for example, be an automated system that is programmed to
search for vulnerable messages, or a person who has wiretapped or otherwise violated the
integrity of the communications channel.
The access may be passive or active. A passive interception amounts to eavesdropping, in
effect, reading someone else’s traffic. An active interception may involve changing the
contents of the message, deleting or rearranging part of the communication, or changing its
protocol control information, particularly the header (including the destination or source
address).
Most threatening is an active (local or remote) intruder who is able to manipulate the HES,
install a Trojan horse or perform services on behalf of the house owner/inhabitant. A Trojan
horse can allow unauthorized users and processes access to the data and the system thus
violating confidentiality and integrity and potentially also the availability of data and system.

– 16 – 24767-1 © ISO/IEC 2008(E)
A form of unauthorized access is when an imposter pretends to be a legitimate user, such as
the home owner. This is called masquerade. The imposter could also pretend to be a service
provider that has contracted with the home owner.
Another way an imposter may trick the home system into thinking it is an authorized user is
for the imposter to capture a legitimate message and resend it at a later time. This is called a
replay attack. For example, if the imposter can intercept a message to the home’s burglar
alarm system, telling it to turn off, a replay of that same message at a later time may achieve
an undesired result.
A passive intruder who is only able to read data can also be a threat. Data can be sensitive
either from a privacy point of view or can indicate if the house is empty. The former can reveal
personal data and an example of the latter is that the reading of the heating settings can be
very informative for a potential burglar. These threats exist for all three models. It is thus
important to ensure that only authorized users have access to the HES and its data and that
alien systems cann
...