A Secure Internet of Things Smart Home Network: Design and Configuration

Many home IoT devices are joining IoT networks by gaining access to some home gateway that configures smart, multimedia, and home networks. To enable secure IoT-based home networking services, (1) an IoT network should be effectively designed and configured with a IoT server, (2) a messaging protocol is required to exchange information between the IoT server and IoT devices, and (3) the home gateway should monitor all safety aspects in both inbound and outbound traffic of the home network. However, not all home network users put in consideration the need for an adequate security posture. Instead, many users still rely on the minimum home network security by setting an easiest-to-guess password to restrict unauthorized access to their home gateway. In this paper, we propose a network design and configuration that enables secure IoT services with MQTT messaging protocol for home networks. With the proposed network design, a home network is interconnected to external networks through a home gateway. To separate the IoT-subnet from other parts of home network, the home gateway subdivides a home network into an inside-subnet and an IoT-subnet with a private IP address using subnet masking. The IoT server, located in the IoT-subnet can be implemented with either a general HTTP server or a security server that acts as an MQTT broker. The secure communications among network entities are governed by a home gateway operating a well-configured extended access control. The effectiveness of the proposed design and configuration is verified through a simulation by showing that it does not impose any significant performance degradation for reinforced security. We expect the proposed configuration to help facilitate interconnection among heterogeneous network entities.