SerCHo Home Security System

Competence Center: Security
ContactProf. Dr. Sahin Albayrak, Dipl.-Inf. Arik Messerman, Dipl.-Inf. Leonid Batyuk
Funded by: BMWi


The Internet not only offers useful services and content. It is as well a source of risks for its users and the devices connected to it. Some of these dangers are malware (viruses, worms and Trojans), intrusion-attempts into computers or the eavesdropping on communication. To protect users and the Home Services Platform (HSP) infrastructure, SerCHo provides a Home Security System (HSS). The HSS combines various security-mechanisms to guarantee the protection of services, devices and individual-related information.

The establishment of secure communication channels between HSP and Service Provider Platform (SPP), a firewall between HSP and Internet as well as anti-virus-software, a system for user-management and the authorization of service-utilization are belonging to the area of classical security mechanisms. All these techniques of the HSS require only minimal interactions and interventions with the user. An example is the core of the HSS, the Home Intrusion Prevention System (HIPS). The HIPS learns the behaviour of users, services and devices by using machine-learning and artificial intelligence methods and needs no extensive configuration.

Furthermore, unlike the firewalls and signature based anti-virus software, HIPS is able to detect new and unknown attacks. To detect these attacks, HIPS analyzes the measurements of different sensors. To these sensors belong amongst others: RFID-sensors, temperature-sensors and power-consumption-sensors. By analyzing the data provided by the sensors a relationship between network-events, device-events and the entire SerCHo-environment can be established. The obtained context for events on computers and in the network enables a better detection of attacks. The following example clarifies this functionality.<

For example the HIPS learned that using a chat-application means that the computer-monitor is consuming energy that RFID-sensors are locating a known individual close to the computer that keys are being pressed on the computer-keyboard and the mouse is being moved

When an action like the usage of the chat-application arises without the previously learned constraints, this will be interpreted as an anomaly.

Another anomaly might also come from the home-environment, like utilization of the computer by an unknown person. This might be an attempt of this person to steal data from the computer. These implications trigger multiple reactions. First, the user will be informed about the anomaly, for example by sending an SMS. Second - in the first case - the communication of the chat-application will be cut-off by an automatic update of the firewall-rules. Finally, HIPS decides if the SPP should be informed about the anomaly that has been found. The provider of the SPP could provide assistance to the customer, for example eliminating a detected Trojan.

Hence HIPS and the entire HSS – in cooperation with other HSP-Services – ensure a global protection against attacks, without overstraining the user with the configuration and administration of security-mechanisms. Furthermore, cooperation between HIPS and SPP prevents the spreading of malware and protects the SPP and other not affected HSPs.

The SerCHo-project is being sponsored within the next generation media – programme by the Bundesministerium für Wirtschaft und Technologie (BMWi).