*4.3. Security*

The main requirement mandated by the LIPSHOK framework is the need for the data transmission process to implement a previously defined encryption layer. This is to prevent malicious users from acquiring sensible data that are easily usable through a man in the middle (MITM) attack [38]. Therefore, the suggested implementation is based on the advanced encryption standard (AES) algorithm. Thus, each message transmitted within the architecture must comply with the packet structure illustrated in Figure 6. Since the AES-128 master key is generated only one time, it is then stored securely in the central unit and in each module included in the kit. Moreover, to reduce the threats of potential packet interception, a unique AES initialization vector (IV) is generated for each new message.

**Figure 6.** The structure of a message packet in the LIPSHOK architecture.

While AES is a powerful ye<sup>t</sup> efficient encryption algorithm, some modules included in the kit, such as BLE-based devices (e.g., the wristband), limit the size reserved for the body of the message to 20 bytes, making them not suitable with AES encryption. To cope with such a problem, we therefore sugges<sup>t</sup> using the PRESENT algorithm [39] since it is a lightweight block cipher encryption method advertised to be 2.5 times more cost-effective than AES (https://nieuws.kuleuven.be/en/content/2012/ultra-lightweight-encryptionmethod-becomes-international-standard accessed on 22 February 2022). The PRESENT algorithm uses an 8 byte block cipher. In that sense, as data transmitted by BLE-based devices within the architecture are 20 bytes long, the encryption algorithm is applied three times using the following bytes: [0, 8], [6, 14] and [12, <sup>20</sup>]. A total of four bytes need to be overlapped to fit the algorithm. However, this overlap has no impact, since the decryption operation is applied in reverse order.

### **5. Why Use Lipshok?**

From our point of view, the LIPSHOK SHiB kit detailed in this paper should benefit all stakeholders concerned with the use and development of intelligent environments. Inspired by the early proposal of ref. [5], the kit has also been designed to be easy to install in either new or already existing homes regardless of the available setup, for a very low price. For instance, Table 6 provides an evaluation of the cost for each module included in the LIPSHOK kit and the infrastructure costs. Furthermore, Table 7 offers a costs comparison of LIPSHOK with related SHiB solutions (i.e., CASAS [1] and SPHERE in a Box [11]) when deployed in a one-bedroom apartment. However, it must be noted that quoted prices for the LIPSHOK kit represent the costs for the production of the proofs of concept. Large-scale manufacturing of the different modules is expected to reduce significantly these costs.


**Table 6.** Summary of the cost for every module included in the LIPSHOK SHiB kit and for the hardware required to implement the architecture.


**Table 7.** Cost comparison of two related SHiB kits, CASAS [1] and SPHERE in a Box [11], with LIPSHOK.

When compared to existing SHiB kits, such as CASAS and SPHERE in a Box, LIPSHOK is the most affordable when taking into account the number of sensors it provides out of the box. Furthermore, since the architecture has been made to allow integrating sensors and actuators based on various technologies and thus working at several data rates, the kit features better extensibility than SPHERE in a Box by default. In addition, having the entire LIPSHOK infrastructure (i.e., hardware blueprints and the firmware and algorithms) distributed under an open-source license also ensures enhanced extensibility, as it allows developers and researchers to easily upgrade the core features of the kit to best suit their needs.

Finally, LIPSHOK includes everything required from sensors to client applications enabling a fully operational smart home within a couple of hours of installation and configuration. Figure 7 shows the sensors-state-monitoring client application also provided as part of the kit (provisioned on the central unit by default). Additionally, it is important to note that the architecture may also be scaled-up to further meet high-availability requirements in order to improve fault tolerance in the same way as defined by refs. [8,10].

**Figure 7.** The sensors-state-monitoring application interface included with the LIPSHOK SHib kit.
