TUM Logo

Security Analysis of Consumer IoT Devices based on EN 303 645

Security Analysis of Consumer IoT Devices based on EN 303 645

Supervisor(s): Dr. Mykolai Protsenko, Albert Stark
Status: finished
Topic: Others
Author: Janin Chaib
Submission: 2022-09-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


With the increasing number of IoT devices, security and privacy concerns are
also growing. European policymakers responded accordingly by providing
fundamental requirements for improving the security of these products, such
as the EN 303 645, a standard providing provisions for the secure
development of consumer IoT.

In this thesis, we analyze the provisions given by the standard on the
Philips Hue Bridge 2.1, the key component of the market-dominating Philips
Hue light system. In addition to analyzing the provisions, we further
perform a hardware and software analysis of the device. We additionally
evaluate and criticize the standard for attempting to bring together the
wide variety of consumer IoT devices and, in some cases, setting unsuitable
provisions for the respective product. According to the EN 303 645, we
cannot define the Philips Hue Bridge 2.1 as secure as it only fulfills
slightly more than half of the provisions. However, we conclude that the
conventional use of the Philips Hue Bridge 2.1 does not raise significant
concerns regarding consumer IoT security.