ISO/IEC 15045-3-1:2024

ISO/IEC 15045-3-1
Edition 1.0 2024-12
INTERNATIONAL
STANDARD
colour
inside
Information technology – Home Electronic System (HES) gateway –
Part 3-1: Privacy, security, and safety – Introduction

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about ISO/IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.

IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.

Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need

further assistance, please contact the Customer Service
Centre: sales@iec.ch.
ISO/IEC 15045-3-1
Edition 1.0 2024-12
INTERNATIONAL
STANDARD
colour
inside
Information technology – Home Electronic System (HES) gateway –

Part 3-1: Privacy, security, and safety – Introduction

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.200; 35.240.99 ISBN 978-2-8327-0002-0

– 2 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
0.1 Overview. 6
0.2 Relation to existing work . 6
0.3 Relevant affected stakeholder categories . 7
1 Scope . 9
2 Normative references . 9
3 Terms, definitions and abbreviated terms . 9
3.1 Terms and definitions . 9
3.2 Abbreviated terms . 11
4 Conformance . 11
5 Protection of privacy, security, and safety . 11
5.1 Privacy, security and safety concepts and principles in the HES gateway . 11
5.2 Structural protections provided by the HES gateway system . 11
5.3 Interface and application services protections . 12
5.3.1 Key concepts, principles and practices . 12
5.3.2 HES concept. 12
5.3.3 HES gateway concept . 12
5.3.4 Interface module concept . 13
5.3.5 Service module concept . 13
5.3.6 Application platform concept . 13
5.3.7 Internal communication bus concept . 13
5.3.8 DSS principle and practice. 13
5.4 Operational protections . 14
5.5 Risk management . 14
5.5.1 Overview . 14
5.5.2 Risk assessment . 14
5.5.3 Risk treatment . 27
5.6 Privacy, security, and safety guidelines and requirements . 28
5.6.1 Privacy-by-design approach . 28
5.6.2 External services non-reliance principle and practice . 28
5.6.3 Use of wireless or shared media principle and practice . 28
5.6.4 Privacy best practice . 29
5.6.5 Privacy next best practice . 29
5.6.6 Online update vulnerability principle . 29
5.6.7 Online OS update vulnerability principle . 29
5.6.8 "Social engineering" vulnerability principle . 29
5.6.9 Privacy-by-design principle and practice . 29
5.6.10 User priority principle . 29
5.6.11 Fail-safe principle . 30
5.6.12 Precautionary principle . 30
5.6.13 Normal accident principle . 30
5.6.14 Privacy principles . 30
5.6.15 Watchdog practice . 30
5.6.16 Redundancy principle . 30
6 Common services . 30

6.1 Common services . 30
6.2 Binding map . 31
6.3 HES gateway unique ID service module . 31
6.4 Cryptographic services . 31
6.5 Authorization and authentication service . 31
6.6 Time service . 32
Annex A (informative) Privacy protection principles and sources . 33
A.1 Privacy protection principles . 33
A.2 Sources . 33
Annex B (informative) Guidance to developers . 35
B.1 General protection . 35
B.2 Privacy protection . 35
B.3 Security protection . 36
B.4 Safety protection . 36
Bibliography . 38

Figure 1 – ISO/IEC 15045-3-1 within the core interoperability and
HES gateway standards . 8
Figure 2 – HES gateway generalized architecture . 12
Figure 3 – Risk assessment diagram . 15
Figure 4 – HAN masquerade and replay . 16
Figure 5 – WAN masquerade and replay . 17
Figure 6 – HAN interception: eavesdropping and modification . 18
Figure 7 – WAN interception: eavesdropping and modification . 20
Figure 8 – HAN denial-of-service and resource-exhaustion attack . 21
Figure 9 – WAN denial-of-service and resource-exhaustion attack . 22
Figure 10 – Worm, virus or Trojan horse . 23
Figure 11 – Risk level for HAN: example . 26
Figure 12 – Risk level of data inside user objects: example . 27
Figure 13 – Risk treatment and risk assessment flow . 28
Figure A.1 – Primary sources for privacy protection principles . 34

– 4 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
INFORMATION TECHNOLOGY –
HOME ELECTRONIC SYSTEM (HES) GATEWAY –

Part 3-1: Privacy, security, and safety – Introduction

FOREWORD
1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,
in liaison with ISO and IEC, also take part in the work.
2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC and ISO National bodies.
3) IEC and ISO documents have the form of recommendations for international use and are accepted by IEC and
ISO National bodies in that sense. While all reasonable efforts are made to ensure that the technical content of
IEC and ISO documents is accurate, IEC and ISO cannot be held responsible for the way in which they are used
or for any misinterpretation by any end user.
4) In order to promote international uniformity, IEC and ISO National bodies undertake to apply IEC and ISO
documents transparently to the maximum extent possible in their national and regional publications. Any
divergence between any IEC and ISO document and the corresponding national or regional publication shall be
clearly indicated in the latter.
5) IEC and ISO do not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC and ISO marks of conformity. IEC and ISO are not
responsible for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this document.
7) No liability shall attach to IEC and ISO or their directors, employees, servants or agents including individual
experts and members of its technical committees and IEC and ISO National bodies for any personal injury,
property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including
legal fees) and expenses arising out of the publication, use of, or reliance upon, this ISO/IEC document or any
other IEC and ISO documents.
8) Attention is drawn to the Normative references cited in this document. Use of the referenced publications is
indispensable for the correct application of this document.
9) IEC and ISO draw attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). IEC and ISO take no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, IEC and ISO had not received notice of
(a) patent(s), which may be required to implement this document. However, implementers are cautioned that this
may not represent the latest information, which may be obtained from the patent database available at
https://patents.iec.ch and www.iso.org/patents. IEC and ISO shall not be held responsible for identifying any or
all such patent rights.
ISO/IEC 15045-3-1 has been prepared by subcommittee 25: Interconnection of information
technology equipment, of ISO/IEC joint technical committee 1: Information technology. It is an
International Standard.
The text of this International Standard is based on the following documents:
Draft Report on voting
JTC1-SC25/3189/CDV JTC1-SC25/3260/RVC

Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.

This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1, and the ISO/IEC Directives, JTC 1 Supplement
available at www.iec.ch/members_experts/refdocs and www.iso.org/directives.
A list of all parts in the ISO/IEC 15045 series, published under the general title Information
technology – Home Electronic System (HES) gateway, can be found on the IEC and
ISO websites.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

– 6 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
INTRODUCTION
0.1 Overview
The Home Electronic System (HES) is a set of standards that supports communications, control,
and monitoring applications for homes and buildings. However, homes and buildings present a
heterogeneous and evolving networked environment, where many of these networks and
applications (including some that are based on HES standards) are not directly interoperable
with each other. HES standards achieve interoperability through the ISO/IEC 15045 series,
which relies on the ISO/IEC 18012 series to support functional interworking among the
dissimilar home devices, applications, protocols, and networks found in this environment. The
ISO/IEC 15045 series and ISO/IEC 18012 series were created to render all protocols
interoperable.
The HES gateway enables an open and adaptable market for incompatible products by
specifying a standardized modular system intended to provide interoperability among the
diversity of networks found in homes and buildings. The HES interoperability process does not
require modification of the various networks, applications, or protocols that use it. Appropriate
interworking functions translate network messages through interface modules to a common
lexicon expression that is then exchanged using a private internal network bus protocol.
A protected application platform using a bus protocol supports an expanding array of services
for both the application and the network.
In summary, the ISO/IEC 15045 series specifies a standardized modular dedicated private
internal network system that includes:
– interfaces (i.e. interface modules) for communication and semantic translation among
dissimilar home area networks (HANs), and between a HAN and external wide area
networks (WANs),
– a platform for supporting a variety of application services (i.e. service modules), and
– a secure communication path among these modular elements with access restricted to the
appropriate elements in order to protect data, safety and privacy.
0.2 Relation to existing work
ISO/IEC 15045-1 identifies a range of threats relating to privacy, security, and safety in general
terms. ISO/IEC 15045-2 specifies the underlying architecture for the HES gateway. However,
neither part provides specific privacy, security and safety requirements for HES gateway
conformance. ISO/IEC 15045-3-1 (this document) introduces the privacy, security, and safety
standards and requirements that are applicable to the HES gateway in order to protect the
interest of consumers within the home and small office environments. This document also
describes the inter-relationships among the overlapping topics of privacy, security, and safety.
This document anticipates and introduces the series of additional Part 3 subparts dealing with
specific aspects of privacy (ISO/IEC 15045-3-2), security (ISO/IEC 15045-3-3), and
safety (ISO/IEC 15045-3-4).
The purpose of the ISO/IEC 15045-3 series requirements is to specify methods for protecting
home and building systems from both internal and external threats, intrusions, or unintended
observation of data and unsafe conditions that can result from network functions.
The ISO/IEC 15045-3 series specifies a set of basic and advanced requirements for gateway
monitoring and control of both inbound and outbound traffic, including switching, routing,
addressing, encryption, intrusion detection and prevention, and other "firewall" functions.
The ISO/IEC 15045-3 series requirements specify the following functions:
a) prevention of active inbound attacks and unsafe commands;
b) discovery and classification of outbound traffic;
c) management of privacy and security mechanisms;

d) blocking unauthorized HAN and WAN services and devices from communicating with
internal networks and with each other;
e) enabling and managing authorized HAN and WAN services and devices including
certification and other similar processes;
f) provision for a management and reporting dashboard for use by a non-technical end-user.
Devices or other entities communicating with each other but not on the same HAN use the HES
gateway.
0.3 Relevant affected stakeholder categories
Manufacturers and vendors of smart home devices and other electrical or electronic products
and appliances in the home and building systems market will be able to make and offer
interoperable products with the benefit of a private, secure, and safe HES environment.
Conformity with HES gateway interoperability, privacy, security, and safety requirements can
create significant market synergy, expand the available range of applications, and serve the
interests of consumers, manufacturers, vendors, and society as a whole. Specifically, this
document, together with other parts in the ISO/IEC 15045-3 series, will ensure the privacy,
security, and safety of personal and premises information in the emerging economy of devices
connected to online services.
Figure 1 shows the core interoperability and HES gateway series of standards and where this
document fits into the HES gateway series.

– 8 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024

Figure 1 – ISO/IEC 15045-3-1 within the core interoperability
and HES gateway standards
INFORMATION TECHNOLOGY –
HOME ELECTRONIC SYSTEM (HES) GATEWAY –

Part 3-1: Privacy, security, and safety – Introduction

1 Scope
This document specifies the architectures for the HES gateway related to protection of privacy,
security and safety of communications between different networks. It also offers guidelines for
HES gateway implementations, interfaces, and application services regarding privacy, security
and safety. Such HES gateway guidelines include suggested approaches, choices, or
recommended practices. Further, it identifies some areas of vulnerability to be addressed and
offers relevant categories or use cases.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
ISO/IEC 15944-8:2012, Information technology – Business Operational View – Identification of
privacy protection requirements as external constraints on business transactions
ISO/IEC 29100, Information technology – Security techniques – Privacy framework
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following
addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
3.1.1
home area network
HAN
network serving nodes, devices, components and functions within a premises protected area
3.1.2
home electronic system
HES
control and sensing system for homes and buildings based on home electronic system (HES)
ISO/IEC standards
Note 1 to entry: The referenced ISO/IEC standards normally include HES in the title of each standard.

– 10 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
3.1.3
HES gateway
electronic device that transfers messages among WANs and HANs providing interoperability,
privacy, security and safety in accordance with the requirements of the ISO/IEC 15045 series
and ISO/IEC 18012 series of standards
Note 1 to entry: For an HES gateway, a WAN is a network outside the protected area and a HAN is a network inside
the protected area.
3.1.4
local
logically situated within the premises
3.1.5
privacy
freedom from being observed or disturbed
3.1.6
remote
logically situated outside the premises
3.1.7
risk
probability and magnitude of a harmful or damaging event or condition
3.1.8
safety
protection from, or unlikelihood of causing, danger or injury
3.1.9
security
freedom from danger or threat
Note 1 to entry: Security as used in this document is often referenced as "cybersecurity" to protect data.
3.1.10
user
natural person
3.1.11
vulnerability
weakness that can be exploited
3.1.12
wide area network
WAN
network that connects communication devices in the environment external to the premises
protected area
3.2 Abbreviated terms
DSS distributed secure systems
HAN home area network
HES home electronic system
HES-CLDPE common language direct protocol data unit exchange
HES-CLIP common language internal protocol
HES-CLME common language message exchange protocol
ID identifier
OS operating system
WAN wide area network
4 Conformance
An HES gateway system (including service modules and interface modules) conforming to this
document shall implement those features (as appropriate to the services being implemented)
required to cover the following clauses:
– 5.3.7 (internal communication bus concept); and
– 5.3.8 (DSS principle and practice); and
– 5.4 (operational protections); and
– 5.5 (risk management) requirements; and
– 5.6 (privacy, security, and safety guidelines and requirements); and
– Clause 6 (common services) requirements.
5 Protection of privacy, security, and safety
5.1 Privacy, security and safety concepts and principles in the HES gateway
The purpose of the HES gateway is to:
a) provide communications and interoperability among premises networks, services, and
devices, and also between premises networks, services, devices, and wide area (external)
networks and services,
b) provide a platform for management of premises network application services, and
c) provide protection for premises users, networks and devices from risks to privacy, security,
and safety.
The HES gateway is a system with an internal architecture composed of a set of HES gateway
modules as described in 5.2 and 5.3.
5.2 Structural protections provided by the HES gateway system
Figure 2 shows how the HES gateway system operates within the premises and shows the
coverage of the HES gateway standards (ISO/IEC 15045 and ISO/IEC 18012 series).

– 12 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024

Figure 2 – HES gateway generalized architecture
HAN or WAN interface modules translate messages from or to their native HAN or WAN protocol
from or to the HES gateway internal bus, called HES common language message exchange
(HES-CLME). Within the gateway bus, HAN or WAN interface modules communicate with their
appropriate service modules depending on the nature of the specific service they are intended
to perform. HAN or WAN interface modules shall not communicate directly with other HAN or
WAN interface modules, except through a service module. Service modules can communicate
with appropriate interface modules or other service modules.
5.3 Interface and application services protections
5.3.1 Key concepts, principles and practices
5.3.2 to 5.3.8 describe the key HES gateway concepts, principles, and practices that shall be
incorporated into the modular architecture and functionality of the HES gateway where relevant.
These concepts, built upon ISO/IEC 15045-2, relate to privacy, security and safety.
5.3.2 HES concept
The Home Electronic System (HES) is a set of standards representing a specific coherent
communication, control, and monitoring environment (standardizing networks, devices,
applications, and a gateway) for homes and buildings.
5.3.3 HES gateway concept
A communications gateway is defined as an interface between dissimilar networks. The HES
gateway is a specific standardized modular gateway for interfacing among multiple dissimilar
networks or home area networks, and also providing an application platform. It anticipates and
supports certification of conformance to a standard encouraging an open market in compatible
and interoperable products.
5.3.4 Interface module concept
An interface module is defined as an interface between a specific external (to the premises) or
in-premises network and the HES gateway internal network. In the context of the HES gateway,
interface modules connect and translate between the internal HES-CLME (home electronic
system common language message exchange protocol) network protocol and language, and
the various networks external to the HES gateway that can either reside in the premises
(i.e. home area networks (HANs)) or external to the home (i.e. wide area networks (WANs)) as
users choose to install. This concept allows application services to operate on an expandable
range of networks from different manufacturers without changes to each network. The
translation and processing of HAN messaging to another HAN or WAN will be consistent from
gateway to gateway regardless of the manufacturer.
5.3.5 Service module concept
A service module is defined as a software service agent residing within the HES gateway that
supports specific gateway or application services via HES-CLME communications. Such service
agents are essentially plug-ins for whatever service or application product the user chooses to
have operating or installed in their home. Some service modules facilitate gateway system
services (time, authorization and authentication, identification, etc.). Other service modules
facilitate application-related services such as energy management, energy measurement, and
audio.
5.3.6 Application platform concept
An application platform is defined as a set of software service agents residing within the HES
gateway in the form of a type of service module called application service module that supports
a specific user application service via HES-CLME communications. These service agents are
essentially plug-ins for whatever applications and features users choose to have operating or
installed in their homes, such as energy management, lighting control, etc.
5.3.7 Internal communication bus concept
The HES gateway employs an internal communication bus that enables interface modules to
communicate with service modules in a consistent and interoperable manner. This internal
communication bus utilizes the HES-CLME protocol (home electronic system common language
message exchange protocol).
The internal bus shall be implemented with one of the following two techniques that results in
the same overall operation:
a) HES-CLIP (common language internal protocol) uses Ethernet network technology
functioning as a private Internet (local network), see IETF RFC 1918. This method can be
supported by many manufacturers supplying independent and interoperable modular
products.
b) HES-CLDPE (common language direct protocol data unit exchange) provides a family of
protocols and signalling that supports operation between modular logical elements within a
product, typically from one manufacturer.
5.3.8 DSS principle and practice
The HES gateway shall apply the DSS principle (distributed secure systems). The distributed
modular HES gateway architecture provides structural separation isolating each interface and
application so that information can only flow from one machine (i.e. processor, kernel, app) to
another along known and constrained communication paths. The HES gateway is essentially a
network of tiny computers talking to each other on a private wired communication bus. The main
aspects that support this principle are as follows.
a) HES gateway elements: service module; interface module; internal gateway bus (HES-
CLIP).
– 14 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
b) Communication is allowed only between service modules and interface modules; no
communication is allowed directly between interface modules.
c) Service modules optionally include:
1) application controller – determines the means and the purpose of the intended data
processing service (e.g. setup and configuration);
2) application processor – performs the relevant data manipulation and processing for the
application (e.g. real time operation).
d) A single and mandatory identification service module shall be required for each HES
gateway service (e.g. a distributed gateway is considered one gateway) to provide one place
for identification:
1) a unique public ID that is anonymous and publicly accessible;
2) a "digital fingerprint" for internal uses that is not revealed.
5.4 Operational protections
The operation requirements of the HES gateway shall include the following structural and
operational elements and principles that are important to privacy, security and safety:
– decentralized control (no single point of failure, no "gateway controller" or central operating
system);
– interoperability of products achieved through translation into common internal language and
protocol;
– separation and isolation of functional responsibility (allocation of operations to established
and defined objects) by delegation to a service agent for each task or service (for example,
operations dealing with authorization are handled by the authorization and authentication
service, while operations dealing with identity of the HES gateway are handled by the
identification service object);
– physical and logical partition or segmentation or functionality of elements, tasks, or risks.
5.5 Risk management
5.5.1 Overview
The risk management of an HES gateway system shall comprise two main aspects: risk
assessment and risk treatment.
– Risk assessment estimates, identifies and prioritizes security risks.
– Risk treatment selects and implements measures to minimize risk.
5.5.2 Risk assessment
5.5.2.1 Overview of risk assessment
Risk assessment is performed for the HES gateway system using Figure 3. Manufacturers shall
implement the standardized indicators as described within this risk assessment section. It the
responsibility of system integrators to perform the risk assessment based upon these
standardized indicators before releasing the operational HES gateway system to the customer.

Figure 3 – Risk assessment diagram
Threats to the HES gateway system can originate from a range of sources, which can result in
specific actions that affect the system. For example, some organizations or individuals outside
the premises intentionally attempt to infiltrate the premises. Accidental threats such as power
outages can inadvertently cause issues on the system or configuration. These threats are varied
in the likelihood of occurring and varied in the likelihood of exploiting the vulnerabilities of the
system.
Vulnerabilities of the system include potential hardware and software flaws in the individual
modules that comprise the HES gateway system, and potential issues with the interconnection
processes of the underlying HES-CLME messaging.
Predisposing conditions for the HES gateway system include the complex modular class in
which different products are integrated together to form the complete operational system, and
that can result in gaps or overlaps in the underlying system.
A range of security controls are included in the HES gateway system including extensive
standardized risk data for all modules. Additional privacy, security and safety measures are
implemented for WAN systems which are outside the protected on-premises.
The threats can have adverse impacts (i.e. unfavourable, but not necessarily damaging) on the
system and on the local user with a degree of severity because of the vulnerabilities of the HES
gateway system including the predisposing conditions, and the effect of the security controls.
The overall risk assessment is measured by the likelihood of the threats occurring and level of
adverse impacts that result.
5.5.2.2 Threats
5.5.2.2.1 Overview of threats
Threats, a key part of risk assessment, are specific instances (threat events) caused by a variety
of threat sources. These sources include the following types:
– adversarial (individual, group, organization, nation state);
– accidental;
– structural (e.g. equipment failure);
– environmental (e.g. disasters, telecommunications infrastructure outages or failures).

– 16 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
In 5.5.2.2.2 to 5.5.2.2.12 are some examples of specific threats, as described in
ISO/IEC 15045-1, applicable to the HES gateway system . Threats are frequently evolving with
new previously unknown threats arising. For example, in recent years, fileless attacks that
occur in memory have emerged; such attacks can be introduced through malicious network
packets and can be difficult to detect.
5.5.2.2.2 HAN masquerade and replay
Perhaps the most obvious threat to the home is unauthorized access to HAN devices or the
HES gateway. As shown in Figure 4, a "masquerade user" arises when an impostor pretends
to be a legitimate residential user, such as the homeowner.

Figure 4 – HAN masquerade and replay
A masquerade can be effected by defeating the authentication mechanism, for example,
guessing a password or stealing a token. Another way an impostor can trick the home network
into assuming the impostor is an authorized user is for the impostor to capture a legitimate
message, and to resend it at a later time. For example, if the impostor can intercept a message
to the home's burglar alarm system, telling it to turn off, the same message can be replayed
later to achieve the same result.
To minimize the risk, the HES gateway system shall implement several precautionary measures
to contribute to the security controls as shown in Figure 3.
Local users shall be registered in a service module inside the HES gateway system supporting
the authorization service domain. The objects in the authorization service domain contain the
user name, level of authorization and password, all in protected memory and approved by the
system owner. Only authorized users are allowed to access the configuration functions of the
HES gateway.
The key operator shall be informed when any users are added, substituted or modified in any
manner, so that this triggers a cautionary message when the masquerade user attempts to
impose.
User access to system management functions within the premises via the HAN is protected.
This limits the opportunity for masquerading.
___________
Initial threats for the HES Gateway System are described in ISO/IEC 15045-1:2004, Annex C, Clause C.2.
Fileless attacks are written directly to RAM and difficult to find since they do not leave traditional traces of their
existence in files on disks.
The HES gateway system supports a wide range of HANs that can have varying security
features. The HES gateway system ensures that standardized information about the HANs is
available to the user and system integrator so that more secure HANs can be identified and
given preferential treatment. For example, some HANs use encryption techniques that further
reduce the risk, and information about this strength will be available throughout the HES
gateway system and can be used to inform the user, further encouraging the use of those higher
quality HANs.
Insecure HANs are highlighted and caution provided to the key operator that such HANs can
be susceptible to masquerading.
The standardized HAN information can also be used for the development of specialized
application services focused on supporting enhanced security.
5.5.2.2.3 WAN masquerade and replay
Another obvious threat to the home is unauthorized access through the WAN connections to
HES gateway system. As shown in Figure 5, a "masquerade remote user" arises when an
impostor pretends to be a legitimate remote user or service.

Figure 5 – WAN masquerade and replay
A masquerade can be effected by defeating the authentication mechanism, for example,
guessing a password or stealing a token. Another way an impostor can trick the HES gateway
into thinking it is an authorized remote user or remote service is for the impostor to capture a
legitimate external message, and to resend it at a later time. For example, if the impostor can
intercept a message to the home, the same message can be replayed later to achieve the same
result.
To minimize the risk, the HES gateway system implements several additional precautionary
WAN measures to contribute to the security controls as shown in Figure 3.
Remote users are registered in the authorization service module inside the HES gateway
system. Each HES gateway system has a unique hidden identification code held within its
identification service module, called "digitalFingerprint". This code is used in the initial setup of
authorizing remote users to form an encrypted one-to-one link to remote users and services
that cannot easily be duplicated.
The authorization service module contains the remote user name, level of authorization and
password, all in protected memory and approved by the key operator. Only authorized remote
users are allowed to access the certain authorized functions of the HES gateway.

– 18 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
The system owner is informed when any remote users are added, substituted or modified in any
manner, so that this triggers a cautionary message when the masquerade remote user attempts
to impose.
The HES gateway system supports a wide range of WANs that can have varying security
features. The system ensures that standardized information about the WANs is available to the
user and system integrator so that more secure WANs can be identified and given preferential
treatment. For example, some WANs use encryption techniques that further reduce the risk,
and information about this strength will be available throughout the HES gateway system and
can be used to inform the user, further encouraging the use of those higher quality WANs.
Insecure WANs are highlighted and caution provided to the key operator that such WANs can
be susceptible to masquerading.
The standardized WAN information can also be used for the development of specialized
application services focused on supporting enhanced security.
5.5.2.2.4 HAN interception: eavesdropping and modification
A HAN interception occurs when an unauthorized party gains access to a message passing
over a HAN between the HES gateway and a local user, service or device, as shown in Figure 6.

Figure 6 – HAN interception: eavesdropping and modification
The intruder can be an automated system that is programmed to search for vulnerable
messages, or it can be a person who has wiretapped or otherwise violated the inte
...