OberonHAP - don't read

Cuno · April 15, 2015, 1:59pm

…if you are into pointless Apple versus Microsoft mudslinging :naughty:

But if you are interested in state-of-the-art security for the Consumer IoT, then our work on [em]HomeKit[/em] security might be tangentially interesting :

http://www.limmat.co/2015/04/15/homekit-for-ble-and-cortex-m

Cuno

mcalsyn · April 15, 2015, 10:56pm

Very cool work done on an absolutely critical bit of tech!

I’m disappointed with Apple for the type of hoops you have to jump through (Credit report?) just to read their specs. That’s not meant to be Apple-bashing - it’s just that firewalling specs like that gets in the way of critical review and is really effective at locking out any kind of community involvement.

Scaling down hard crypto like this is great work and I hope a lot of manuf’s pick it up. Kudos to Oberon.

iamin · April 16, 2015, 2:07am

Very interesting article to read. I guess the only issue with HomeKit is a requirement to use Apple’s MFi authentication chip. The last time I have checked it was extremely expensive to join Apple’s MFi program. If it is not under NDA, can you share with us how much did it cost you to join that program?

Cuno · April 16, 2015, 3:30am

[quote=“mcalsyn”]
I’m disappointed with Apple for the type of hoops you have to jump through (Credit report?) just to read their specs.[/quote]
Indeed. That’s a fully justified disappointment…

Cuno · April 16, 2015, 3:46am

I think this has changed. Actually I don’t think we paid anything beyond the $100 or so per year to be a registered developer. It’s more the hoops you need to jump through, like the credit check that Martin has mentioned. Here some information:

Note that HomeKit is a layer on top of standard Bluetooth Low Energy, BUT comes with its own security protocol and thus creates its own ecosystem / walled garden. You have to register with the MFi program to play the HomeKit game.

In contrast, you do [em]not[/em] need to register with MFi if you only want to use the standard BLE stuff with an iOS device, without HomeKit. This is what we did three years ago for our BLE advent wreath (http://www.oberon.ch/ble/ ).

Jason · April 16, 2015, 3:57am

@ Cuno - Please check your hyperlink. It includes a couple of unwanted characters.

Cuno · April 16, 2015, 4:21am

Thanks! Better now?

Cuno · April 16, 2015, 9:53am

Now we’ve added a second video, demonstrating the use of the light bulb profile. Direct link to video also here:

Jason · April 16, 2015, 9:58am

Very nice. Voice activation is great too.

iamin · April 16, 2015, 10:18am

I want a few of those MFi chips :whistle:

Jay_Jay · April 17, 2015, 4:16am

great work

i’m wondering what the traffic looks like from wireshark view? can you share some insight on this?

Jay.

Cuno · April 17, 2015, 5:52am

[quote=“Jay Jay”]

[quote=“Cuno”]
i’m wondering what the traffic looks like from wireshark view? can you share some insight on this?[/quote]
Like normal BLE traffic. HomeKit uses standard GATT messages, but their content is encrypted.

Tim_Cook · April 17, 2015, 6:08am

@ Jay Jay -

01010101011100110110010100100000011101000110100001100101001000000100011001101111011100100110001101100101001000000100101001100001011110010010111000101110001011100110100101110100001000000110100101110011001000000111100101101111011101010111001000100000011011110110111001101100011110010010000001101000011011110111000001100101001000000011101000101001

Jay_Jay · April 17, 2015, 3:29pm

LOL , Sounds like Star Wars fever has started already, ok Mr JEDI Bill… :).

may the force be with us all

Cuno · April 28, 2015, 11:07am

Now with a dedicated Web site: http://oberonhap.com/

1st of May is exciting, but for us June 8 (Apple WWDC) even more so 8)

And of course, tomorrow Microsoft’s BUILD starts…

Cuno · June 16, 2015, 5:39am

… and now with some cool new videos…

Designer · June 16, 2015, 7:27am

@ Cuno - very nice videos. Conveys the concept very well.

I suppose this out of hobbyists reach ? Mfi could be expensive ?

mcalsyn · June 16, 2015, 7:57am

@ Cuno - Is there any possibility of dual-licensing this for non-commercial use, or is that out of your hands because MFI is required to make any use of it at all?

Also, is there any coherent story to be told around HomeKit-to-AllJoyn gateways?

Cuno · June 16, 2015, 8:49am

I can imagine that it would make sense for silicon vendors to provide HomeKit SDKs for free - after all, they want to sell their chips.

MFi license is free. But you need to be registered with Apple’s Developer Program, which is $99 per year.

Cuno · June 16, 2015, 9:05am

It’s pretty much bound to the HomeKit Accessory Protocol (HAP) as defined by Apple, which falls under the MFi license.

I’m not an expert on HomeKit bridges, but their functionality must be extremely limited due to the radical end-to-end security approach of HomeKit. A bridge/gateway is an end point for encryption and authentication, and basically considered as not being secure. Only relatively uncritical stuff might be attached to a bridge, such as environment sensors - definitely not something like a door lock. They really want the sensors and actuators at the “outermost edge” to be the security end points.

I like the simplicity and no-compromise attitude of HAP regarding security. It would be great if it were an open specification, though.