OberonHAP - don't read

…if you are into pointless Apple versus Microsoft mudslinging :naughty:

But if you are interested in state-of-the-art security for the Consumer IoT, then our work on [em]HomeKit[/em] security might be tangentially interesting ::slight_smile:




Very cool work done on an absolutely critical bit of tech!

I’m disappointed with Apple for the type of hoops you have to jump through (Credit report?) just to read their specs. That’s not meant to be Apple-bashing - it’s just that firewalling specs like that gets in the way of critical review and is really effective at locking out any kind of community involvement.

Scaling down hard crypto like this is great work and I hope a lot of manuf’s pick it up. Kudos to Oberon.

Very interesting article to read. I guess the only issue with HomeKit is a requirement to use Apple’s MFi authentication chip. The last time I have checked it was extremely expensive to join Apple’s MFi program. If it is not under NDA, can you share with us how much did it cost you to join that program?

I’m disappointed with Apple for the type of hoops you have to jump through (Credit report?) just to read their specs.[/quote]
Indeed. That’s a fully justified disappointment…

I think this has changed. Actually I don’t think we paid anything beyond the $100 or so per year to be a registered developer. It’s more the hoops you need to jump through, like the credit check that Martin has mentioned. Here some information:

Note that HomeKit is a layer on top of standard Bluetooth Low Energy, BUT comes with its own security protocol and thus creates its own ecosystem / walled garden. You have to register with the MFi program to play the HomeKit game.

In contrast, you do [em]not[/em] need to register with MFi if you only want to use the standard BLE stuff with an iOS device, without HomeKit. This is what we did three years ago for our BLE advent wreath (http://www.oberon.ch/ble/ ).

@ Cuno - Please check your hyperlink. It includes a couple of unwanted characters.

Thanks! Better now?

1 Like

Now we’ve added a second video, demonstrating the use of the light bulb profile. Direct link to video also here:


Very nice. Voice activation is great too.

I want a few of those MFi chips :whistle:

great work :slight_smile:

i’m wondering what the traffic looks like from wireshark view? can you share some insight on this?


[quote=“Jay Jay”]

i’m wondering what the traffic looks like from wireshark view? can you share some insight on this?[/quote]
Like normal BLE traffic. HomeKit uses standard GATT messages, but their content is encrypted.

@ Jay Jay -



LOL , Sounds like Star Wars fever has started already, ok Mr JEDI Bill… :).

may the force be with us all :slight_smile:

Now with a dedicated Web site: http://oberonhap.com/

1st of May is exciting, but for us June 8 (Apple WWDC) even more so 8)

And of course, tomorrow Microsoft’s BUILD starts…


… and now with some cool new videos…


@ Cuno - very nice videos. Conveys the concept very well.

I suppose this out of hobbyists reach ? Mfi could be expensive ?

@ Cuno - Is there any possibility of dual-licensing this for non-commercial use, or is that out of your hands because MFI is required to make any use of it at all?

Also, is there any coherent story to be told around HomeKit-to-AllJoyn gateways?

I can imagine that it would make sense for silicon vendors to provide HomeKit SDKs for free - after all, they want to sell their chips.

MFi license is free. But you need to be registered with Apple’s Developer Program, which is $99 per year.

It’s pretty much bound to the HomeKit Accessory Protocol (HAP) as defined by Apple, which falls under the MFi license.

I’m not an expert on HomeKit bridges, but their functionality must be extremely limited due to the radical end-to-end security approach of HomeKit. A bridge/gateway is an end point for encryption and authentication, and basically considered as not being secure. Only relatively uncritical stuff might be attached to a bridge, such as environment sensors - definitely not something like a door lock. They really want the sensors and actuators at the “outermost edge” to be the security end points.

I like the simplicity and no-compromise attitude of HAP regarding security. It would be great if it were an open specification, though.