Thread Protocol: Enabling Secure Mesh Networks For Smart Home Devices

About a year ago (July last year), Nest, along with several other companies, joined together to form the Thread Group consortium, in an effort to bring a more secure low-power networking protocol for IoT devices.

The founding members included Yale Security, Silicon Labs, Samsung Electronics, Nest Labs, Freescale Semiconductor, Big Ass Fans and ARM, but now the group contains over 120 new members.

Thread mesh networks could be used in a smart connected home for appliances, access control, climate control, energy management, lighting, safety or security. The protocol has many advantages including being low-power as well as it's an open protocol, resilient, IPv6-based and secure by default. It's also designed to provide a fast time to market for interested IoT device makers.

The Thread mesh networks will be built on top of 802.15.4 hardware, which is already on the market in some Nest devices and is what Zigbee, a previously competing wireless protocol for home automation, used as well. However, Zigbee will also be built on top of Thread at the application layer, so in the future it should become more of a complementary product than a competitor.

Thread uses the 6LoWPAN protocol, on top of which it builds the mesh network. The 6LoWPAN acronym stands for "IPv6 over Low-power Wireless Personal Area Networks." That means the Thread networks are IP-based, and the devices can also connect directly to the Internet, not just to each other. This is an advantage the protocol has over other wireless protocols such as Bluetooth and Zigbee. It's also likely the main reason why Zigbee will be built on top of Thread in the future.

Compared to competitors, a Thread mesh network is also more resilient and can extend the range of a home network of smart devices. If one node fails to connect to the network, other devices in the network will still be able to connect to each other. This is the advantage of a mesh network over more centralized approaches.

Bluetooth, for instance, has an effective range of 50 meters, and the devices can only connect in pairs of two. This limits the usefulness of Bluetooth in smart homes because it makes managing multiple smart devices much more difficult. On the other hand, a Thread mesh network requires no maintenance after the initial setup for the new devices that join it.

Over 250 devices can be connected to each other in a Thread mesh network as long as any two of those devices have a reasonable range between them. Therefore, a Thread network could easily cover a large house or property without any signal loss. Where two Thread nodes are too far away from each other, the range can be extended with "Thread routers."

The Thread networks will have a bandwidth of about 250 Kbps, which isn't enough to transfer large files between the devices, but it can still enable the type of communications sensors can have with each other. The low bandwidth is a compromise that had to be made to keep the Thread-enabled devices low-power and last not days, but years, on small batteries. The latency is less than 100ms for typical interactions.

Many security experts worry that IoT (nicknamed the "Internet of Threats" by Kaspersky Lab's founder) is going to make hacking exponentially more common once many people begin buying insecure smart devices for their homes. That's why Thread comes with built-in security that's enabled by default and mandatory for all devices.

Users will have to authorize any Thread-enabled devices before they are allowed on their home networks. To communicate with each other, the devices will also have to recognize each others' MAC addresses, which should make it harder for other unauthorized devices to access the network. The communications between authorized devices will be encrypted with DTLS (Datagram Transport Layer Security), an encryption protocol designed to prevent tampering and message forgery.

The Thread Group has recently finished the Thread protocol specification, and it will begin certifying products this fall. The first Thread-enabled devices for connected homes are expected to come out next year. As original founders, Google's Nest and Samsung, helped by its recent SmartThings acquisition, could be among the first companies to ship Thread-enabled products for smart homes.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Kewlx25
    I hope someone who is designing they encryption knows what they're doing. We've had some serious issues with standard protocols in the past few years and many security bugs in the software libraries. I hope they're going to use something like boringSSL or libreSSL, and disable all features that are not needed.

    On top of that, well vetted public key and cypher block modes.