Z-wave is a wireless communication protocol that is mostly used in home automation systems. Wireless communication protocol is simply a set of rules, standards, an application or program that follow in order to communicate wirelessly. It is just like how the human being communicates in one common language like we are delivering the information in an English language and are able to understand it because we are using the same communication protocol. So the z-wave protocol allows multiple wireless devices to communicate with each other in an affordable and reliable way and are easy to use.
Z-wave was first developed by a start-up company name zen sys which was founded by two Danish engineers. These two engineers were trying to something for their home which later on turns out to be the protocol implemented by many companies all over the world. Later in 2008, it was acquired by Sigma designs after seeing the potential of this technology different companies decided to join their alliance which is formally known as G wave alliance which currently has more than 300 companies with more than 1500 devices that support 40 million applications worldwide. Z-wave operates under source routed mis-architecture. In this scenario if one device or node want to communicate to other node at the end and it is not directly reachable it talks to the nearest node and the nearest node pass the message to the next node and that will send the message to the destination and vice versa. The nodes are added to the mass network by the method of peering and can be removed using the same method. A Z-wave network can have up to two hundred thirty two nodes. It operates 908.4 MHz in the US and Canada. 921.4 MHz in Australia and New Zealand but it uses other frequencies in other countries depending on the regulations.
- The available data rates include 9600 bits/sec
- Output power 1 mW
- Range 30 meters free space
- Frequency 921.4 MHz
Since Z-wave can primarily focus on home automation it is known specifically for control monitoring status reading applications in the residential light commercial environment. The beauty of the Z-wave is that it can be added to almost anything electronic even the thing that might not strike us as an intelligent devices such as appliances like refrigerators or washing machines, thermostats, door locks and several other application that can be found in our home status of this items their current setting can be observed and updated via our smart phones without the user having to be in the contact with other devices. Any suspicious activities and users are provided with an alert. Z-web technology is mature proven and broadly deployed with over 15 million products sold worldwide. It has been extensively used in residential systems throughout numerous business spectrums.
Now we will discuss how z-wave works and how to use it in the home automation system. It creates a mesh network in which we have a controller. The controller can be a handheld device or alarm system that has z-wave chip built into it or a standalone z-wave controller. We can switch different devices with the help of controller. The controller will send a signal to the first switch which is going to receive that signal process it and retransmit it to the next and then so on until our lights turn on. It creates a web of networks for each device that repeats that signal and communicates the next device in that line. Now all z-wave devices will do this except for battery power as UA devices such as locks or thermostats. They used technology called gaming and that used to reserve battery power and also for encryption and security purposes.
Pros and Cons of Z-wave:
Z-wave has 100 feet line of sight. It communicates on radio frequency 908.42 MHz which is large wavelength. The purpose of this frequency is supposed to be able to go through walls better; but it is also limited at a certain distance. Now a good rule of thumb is probably 10 to 20 feet per device to repeat that signal. Sometimes it also goes through 30 feet. If we have another device that uses radio frequency that 900 MHz range there are possibilities of causing interference. We need to check which wireless device we are using.
The z-wave works at home usually less than 3000 square feet but once we get above 3000 square feet or above a certain amount of nodes. Now what can happen sometimes the end node will receive the command and each time a device receives that signal and processes that signal this process is called a hop so the switch tells the next switch to turn on. Now the z-wave is limited to four hops so if we have a light on another side of the house and it exceeds that amount of hops then the light switch will not get that signal. So keep in mind that we have limited to four hops. It works really well for homes under 3000 square feet but it can cause a lot of problems with homes above 3000 square feet. In lightning, it causes popcorn effect. This popcorn effect bothers some people.
The Z-wave is regulated with the Z-wave alliance and the z-wave alliance over 200 manufactures to produce devices with z-wave chip built inside. So having so many different manufactures it raises the competition which in return is going to low its prices and it is also really cool because as it has a variety of equipment like locks, thermostats or different types of switches. Due to wireless technology it really makes easy for automation. So instead of running wires to every device
Connection of Z-wave devices:
The z-waves connect devices through hub rather connecting the devices to each other and once we get connected with the hub we can control different devices through that hub or through a smartphone app.
Z-Wave VS ZigBee:
Both the z-wave and zigbee use lower power they are intended to utilize very low power, low latency, low delay and low bandwidth as compared to something like WiFi. They are both supposed to be mesh networks so that means we can have multiple devices in our home acting as a repeater or a device that can communicate directly with end devices and then they all come back to one hub essentially after that they both utilize 128 bit AES encryption. Both has a large user base or a large product base out there and both of them having heavy certification requirements or relatively rigorous certification requirement so no matter what if a product bares the symbol z-wave or zigbee then it is going through a rigorous certification process.
The products of both are relatively very close 2400 products are given us by the z-wave alliance with a hundred million devices worldwide whereas zigbee has 2500 devices are just slightly more in terms of certified products but 300 million devices worldwide. In terms of membership there are over 700 in the z-wave alliance so it is massive alliance with a lot of big companies as well as small companies that are just members to create products. In zigbee there are about 300 members they range anywhere from companies like amazon and Samsung. In terms of standards each of these follows:
This is a bit of interesting path zigbee was started in the 1990s and the standard on which it is based on is called 802.15.4 and that standard is IEEE standard which provides the physical or the mac layers to the standard. Now from there zigbee picks up and provides the network and the application layers and that make it especially that application layer a highly standardized standard protocol to go out and use. It is open standard which is actually owned by the z-wave alliance. On the other side z-wave is basically built up from ground up by a company Zen sys and they were essential trying to make a light control system as they did that they were actually able to actually sell off z-wave and the derivative work from their original system. Z-wave tools are much easier for the developer to go out and start programming because it is highly standardized to a specific chipset.
Which companies make Z-Wave products?
Companies which produce Z-Wave compatible devices include:
- American Standard
- Samsung SmartThings
Types of Z-Wave devices:
- Garage door controllers
- Security sensors
- Fan controllers
- Window blinds/coverings
- Plugs and outlets
- Sirens and alarms
Z wave devices can also be control through smart speakers, like Amazon Alexa and Google Assistant. Z-Wave devices can be directly connected with Alexa.
Z-Wave accommodates three basic types of devices:
Controllers – Z-Wave network can manage security and control of the devices on that network with the help of controller.
Routers – These are continuously powered devices like light bulbs that can act as relays for control signals to more distant devices on the network
Slaves – These are typically battery powered devices like wireless sensors which need to be able to last long periods on small batteries alone. They send and receive data as required, but don’t act as relays to conserve battery life.
Z wave home automation system:
The simple z wave home automation allows us to control most aspect of the functionalities including from lightning, to access control, various sensors in our home, CCTV, HVAC system or even the most recently the appliances that are capable of connecting to the smartphones sending alerts for the instance like a smart fridge which will send a list of items that we are going to buy. These system are gaining popularity. According to the vendor statistics 5 million home automation devices going to be shifted this year and we will look into the system components and how the different components talk to each other. We have basically two types of the system:
One type system is based on the wireless communication and can be used with four different wireless protocols. The most popular and dominant are zigbee and z wave protocol. So in the US market the z wave is the dominant protocol. We also have the poll system based on power lines in the building which are used as to communicate with each other. The most famous one is the extent protocol which is very old protocol still we can find these home automation system especially in the US.
Also we have dual band systems which are used to choose between power lines and wireless media for communication. The important thing about power line system is that they do not have security because the assumption was that if some attackers want to gain access to home control system. He would need first to gain access to the power lines which will is assumed to be difficult. So most of the systems right now are based on the wireless communication; as the interface of the system we have control panels. In the old days the control panels was in the form of wall mounted panel. Now the control panel is your smart phone from which we can control different appliances in our home like encrypted door locks, motion sensors, sirens and security related devices. Each of these devices has a small radio chip inside them which will allow the device to communicate with other devices as well as the control panel so that it can receive the commands from the control panel or send notification or alerts to other devices. We can pair two devices motion sensor with siren and by doing this we can trigger alarm when someone enter to home.
In US about 80% of security system is based on the z wave protocol and the interesting thing about this protocol is that as it proprietary protocol the specification is not out and the security researcher could not easily audited to find bugs. There was no public research to gather all available public information on this protocol. This protocol consists of five different layers:
- Physical layer
- Security layer
The physical layer is radio layer it communicates in Hertz and it is capable of communicating up to 200 Kilobits. So the first step is to build a radio device that capture these signals and analyse it. We found the very good and cheap transceiver is Texas instrument radio transceiver which operated in the giga hertz frequency it support the z wave configuration that we needed and it is possible to connect to connect it to laptop through serial port. It has good signal analyser tool called smart RF. We will configure it to the required frequency and wrote a tool net called z force which capture the z wave packet over the air so this was the first public tool develop to intercept and analyse the packets. It is also capable of injecting z wave packets into the network. So we can use it as fuzzing tool. Z wave also provides encryption chip which can support various security services. The program is running inside the chip which will find the details of the security implementation.