Considerations of Z-Wave Intrusion Detection Systems
Given the proliferation of Z-Wave devices in the security and automation market, it’s well worth taking a closer look at the nature of this technology, its capabilities and security profile.
Z-WAVE was invented by Danish-American tech house Zensys in 1999 – Zensys was acquired by Sigma Technologies in 2008 – and the technology is built around wireless mesh network chips with a low power mode which means they can be active just 0.1 per cent of the time, making them perfect for battery-powered devices. .
The importance of Z-Wave to the electronic security and home automation markets can hardly be overstated. The protocol was designed to support simple and reliable home automation and there are now around 325 companies licensed to manufacture products with Z-Wave chips. Many serious security manufacturers are including Z-Wave transmitters in their control panels.
This move is a double-edged sword. If installers buy only Z-Wave devices, security manufacturers will miss out on sales of 433MHz or hardwired alarm sensors. But the concept of device agnosticism is so compelling in terms of increasing the market size for alarm automation panels, it’s hard to avoid its gravity.
Will Z-Wave devices become the gold standard for electronic security devices? Personally, I think that space belongs to hard wired intrusion detection devices manufactured by a handful of quality sensor makers. Will Z-wave push out 433MHz? If manufacturers of quality intrusion sensors offer both 433MHz and Z-Wave, then in the future, yes. However, something to bear in mind is that Z-Wave alarm sensors are generally very cheap PIRs that happen to have Z-Wave comms and which sell for far more than excellent quality hardwired dual technology alarm sensors. It’s a weird state of affairs.
In terms of its technical specifications, Z-Wave operates around 900MHz on a single frequency using frequency-shift keying (FSK) radio and has a slim data rate of around 100Kbps, which is ideal for sensor comms. Range is around 100m in the open, somewhat less indoors, depending on building construction. Our experience suggests internal range can be surprisingly good.There are advantages to working at 900MHz. Devices in this frequency aren’t bullied by the endless static and mobile Wi-Fi and Bluetooth devices, which saturate and pollute the 2.4GHz bandwidth.
In operational terms, every Z-Wave network governed by a single controller has the potential to incorporate up to 232 nodes. Each network comprises 2 sets of nodes – being controllers and slaves. These nodes can be configured to retransmit signals – that’s the mesh capability of the network and it makes Z-Wave very dependable. Signals have the ability to hop between nodes 4 times, which is loads of coverage, even for commercial premises.
To launch a Z-Wave mesh, all that’s required in a controller and a device. You can include or pair up controllers and devices at any time, making expansion of Z-Wave systems extremely simple. Pairing up requires the activation of buttons on controller and device, after which the device is always recognised by the controller. It’s silly easy – the boys from QSS gave me a demo at the office the other week with a GoControl panel.
Something that does need to be taken into account is that the controller takes note of signal strength between devices when pairing of devices takes place so you need to take the controller to the device during the process of enrolment then reconnect it to mains power afterwards. As a source-routed static network, Z-Wave assumes that all devices in the network remain in their original detected position. Mobile devices, such as remote controls, are excluded from routing.
A Z-Wave network is identified by a specific Network ID called a Home ID, and each device in the network is further identified by a Node ID. The Network ID is the common identification of all nodes belonging to one logical Z-Wave network. It has a length of 32 bits and is assigned to each device by the primary controller during pairing. Importantly, nodes with different Network IDs can’t communicate. Meanwhile, the Node ID is the address of a single node in the network and has an 8-bit length.
For Z-Wave units to route messages from another device they cannot be in sleep mode. For this reason, battery-operated Z-Wave devices are not repeater units. But ordinary Z-Wave wall switches designated as repeaters and sharing the same home network extend the range of a Z-Wave mesh considerably. It’s a nice piece of design. Every Z-Wave system has a cluster of wall switches associated with it to power things like lamps and they expand the diameter of the network.
The Z-Wave mesh is source-routed and a network will have a primary controller and can have secondary controllers for routing and security. Devices can communicate with the controller via 4 other nodes in order to find a route around nulls, environmental shields or interference. For instance, Node 1 will be able to reach Node 3 even if they cannot communicate directly, as long as both can communicate with Node 2.
Operationally, a node will initially attempt to communicate directly with the controller or with nodes in its preferred route to the controller. If its preferred path is unavailable, the node will try other routes and this introducing slight latency that’s no issue with event reporting but can be noticeable when driving output devices from a keypad or mobile app.
There are more than 1350 products available that conform to the Z-Wave protocol and interoperability standard, covering everything from security, lighting, HVAC and access control, as well as home automation functions like swimming pool and spa control, and home theatre. There’s also a new protocol and interoperability certification program called Z-Wave Plus, which offers new features and higher interoperability standards that applies to the 500 series system-on-a-chip (SoC). The first Z-Wave Plus product was certified in 2014.
When it comes to security, Z-Wave is a proprietary standard that has become global through acceptance by a huge number of manufacturers. The chips themselves are supplied by Sigma and under license by Mitsumi. Risks relate to intercepting and analysing Z-Wave stack layers using wireless packet capture and then propagating signals to imitate legitimate signals in a network.
Z-Wave allows AES 128-bit encryption of signals, making devices potentially much more secure than 433MHz signals. There has been a report of black hatters in the U.S. intercepting and then impersonating and disabling devices on a Z-Wave security network. It’s an undertaking that’s beyond most criminals and though this issue was a global one that might apply to all Z-Wave devices, it was also an issue that might be resolved by a global fix.
In any case, the biggest threats to Z-Wave systems, and any wireless security solution, are local jamming, cutting of phone lines in systems that don’t have secondary comms paths, and slow or no response to alarm events. Should security installers look at Z-Wave intrusion detection devices? Our advice is that techs should look at the detection component of all electronic security devices quite independently of the comms path.
In the case of PIRS, look for dual edge or quad sensing zones and look-down zones, as well as more than one sensing range and the greatest possible number of discrete zones. Look for surge and low voltage protection, as well as RFI suppression, adjustments letting you alter range or mask zones and LED-supported latching. Look for walk-test and a plug-in test meter.
Look for anti-masking (a low-power active infrared transceiver), tantallum capacitor-based RFI and EMI protection, a high signal-to-noise ratio, trouble log capability, auto self-test capability and a temperature range that exceeds -10C to +50C. You also want temperature compensation so catch rate does not fall as ambient temperature rises.
Look for multi-facted reflectors, low voltage signal draw, enhanced processing or design characteristics that allow sensitivity to be linked to rate and rise of threshold, duration of zone disturbance and intruder presence in all elements; a tamper contact, site-adjustable sensitivity and first-to-alarm memory. Many Z-Wave PIRs are single or dual pyro and have relatively crude circuit and lens designs, reducing sensitivity and making them vulnerable to false alarms.
If you’re serious about security you should only buy Z-Wave security sensors from serious alarm sensor manufacturers, or buy alarm panels with Z-Wave automation components that support quality hardwired or wireless intrusion devices. Installers should apply similarly rigorous selection standards to all security devices they install for customers – think security performance and reliability first and all other things being equal, local comms path second. ♦
By John Adams