@MASTERSTHESIS\{IMM2017-07048, author = "M. Messell", title = "Secure policy-based communication for IoT devices on {LAN,} as implemented by Trifork", year = "2017", school = "Technical University of Denmark, Department of Applied Mathematics and Computer Science", address = "Richard Petersens Plads, Building 324, {DK-}2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk", type = "", note = "{DTU} supervisor: Christian D. Jensen, cdje@dtu.dk, {DTU} Compute", url = "http://www.compute.dtu.dk/english", abstract = "The goal of this thesis is to establish a secure line of communication for IoT devices. The IoT devices are CPEs, as used by Trifork for their Secure Device Grid. A {CPE} device is placed in customers’ homes and acts as a control unit for a home automation system. By connecting CPEs, different home automation systems would be able to communicate. This would give customers the opportunity to make automation processes across multiple home automation systems, instead of them only working within their own home automation system. The thesis investigates state of the art cryptographic techniques, and the existing system of Trifork, to gain knowledge of the techniques required to design and implement a secure line of communication. Protocol requirements are defined based on Trifork’s security goals and the Dolev-Yao attack model. Two proto-cols are considered to facilitate secure communication between home automation systems: the {ISO}/{IEC} 11770-2 Key Establishment Mechanism 6 (ISO-6), relying on symmetric encryption; and the Station-to-Station protocol, relying on asymmetric encryption. Eÿciency tests results in the selection of {ISO-}6 for the secure protocol. A prototype using the {ISO-}6 protocol is created, where the Networking and Cryptography library (NaCl) is used for cryptographic computations. Finally the implemented version of the {ISO-}6 protocol is tested using the {OFMC} model checker. {OFMC} doesn’t find any attacks for the implemented version of the {ISO-}6 protocol." }