In this post, I'll not talk about Limmat, but about another ongoing project at our company Oberon microsystems. Unlike Limmat, this project has nothing to do with the Industrial Internet of Things, but with the Consumer Internet of Things. It has to do with Apple's attempt at cracking the home automation market.
About 15 years ago, a manager at a company that produces thermostats for commercial buildings told me that, according to market researchers, the take-off for the home automation market is predicted to happen in five years. And had been predicted to happen in five years, for many years. He wasn't optimistic that this would change anytime soon. Indeed, the expected explosive growth of the home automation market (beyond enthusiasts and makers) has remained five years in the future.
This might finally change. If anyone appears able to put all the necessary ducks in a row (user experience, technology, "systems thinking", ecosystem, marketing power), then it is Apple. About a
year ago Apple announced its HomeKit initiative, which is aimed at creating an Apple ecosystem for home automation.
Today, you cannot buy any HomeKit-compliant devices yet, but various prototypes have been shown at this year's CES. From start-ups to established companies such as Philips, interest in
HomeKit appears to be rising quickly.
We got into HomeKit by accident. As you may know, we have been doing Internet of Things projects for longer than the term even exists. For a broader adoption of IoT, security
concerns are arguably the main hurdle. Thus, security for embedded systems has always been of great interest for us, and we've been monitoring what was going on in the crypto community
over a long time. Several years ago, we became particularly interested in a high-quality library for elliptic curve cryptography called NaCl (prononounced "salt"), developed by Dan Bernstein,
Tanja Lange and Peter Schwabe. It has excellent cryptographic properties and seemed promising for microcontrollers, even though originally designed for much faster microprocessors.
We ported a public domain implementation of NaCl to single-chip microcontrollers (STM32F4 chips with Cortex-M4F cores). The result was reasonably fast, but we saw a way to greatly
optimize performance even further, by applying suitable algorithmic transformations and by reimplementing critical parts in assembly language. We then made experiments with these optimizations
and found a speed-up of up to a factor 30, depending e.g. on the length of the encrypted messages.
We've used our fast NaCl library for implementing a secure firmware update mechanism for Limmat, where firmware images are encrypted and signed. Distribution of the images can
happen in any way, e.g. using Microsoft Azure table storage or even USB sticks sent via snail mail.
Then at WWDC 2014 Apple announced HomeKit. And guess what? Apple uses a variation of NaCl as the crypto suite for the HomeKit Accessory Protocol (HAP). HAP is highly
interesting in that it provides end-to-end security even all the way to inexpensive sensors (not just to gateways), bidirectional authentication and perfect forward secrecy. (Compare this to
industrial infrastructures, where sending plaintext passwords is all too often still considered state-of-the-art...)
So we studied the HAP protocol, talked to a number of chip vendors about their interest in HomeKit, and then decided to modify our crypto library according to the Apple specifications.
We added the missing algorithms and implemented the actual protocol itself.
An introduction to HomeKit can be found on Apple's HomeKit developer site. A description of the security aspects of HomeKit is given in the iOS Security Guide. For the detailed specifications, you need to register with Apple's MFi program.
Today we have implementations for ARM Cortex-M3, M4, M4F and even the much lower-performance M0/M0+ cores. Some key performance numbers that we achieved are given in the following table:
at 16 MHz
at 72 MHz
at 168 MHz
at 168 MHz
Opening a session
256 byte message
4096 byte message
Some of these numbers have been measured on actual hardware, some of them have been obtained by running the code in the Keil simulator. All numbers assume zero wait states. The numbers are only
for the cryptographic parts; the time spent in a communication stack is not included.
While the exact numbers depend on the core and the chosen space/time tradeoffs, our OberonHAP library generally uses less than 32 KB of code and less than 24 KB
Apple defines HAP variants for both Internet Protocols (IP) and Bluetooth Smart (BLE). While our OberonHAP implementation is suitable and attractive for both variants, its high speed is
particularly interesting for BLE accessories, as these are usually slower (because lower-cost, but also because drawing less battery power). Everyone else in the industry seems to have focused on
HAP over WiFi, while our focus was to make HAP practical even over BLE.
To demonstrate OberonHAP, we have created a proof-of-concept using a Segger board that contains a Nordic nRF51 chip, which integrates a 16 MHz Cortex-M0
core with a BLE radio. This is about the lowest-end processor core with which HomeKit can realistically be used. In addition to our OberonHAP library, the demo required the
interfacing of the library to Nordic's BLE stack, to flash memory for storing keys, and to Apple's MFi authentication chip - and of course the main program that implements one of Apple's
predefined HomeKit profiles. As you can see, an iPod Touch is used to control a door lock via HomeKit and BLE.
The above high-definition video has no sound, but you can still see how we use Siri to open and close the door lock through speech commands.
The following video - with sound - shows a demonstration of the light bulb profile, using a simple app we've written for this purpose:
OberonHAP is now ready for licensing. We license the library to vendors of BLE or WiFi chips and modules, to BLE stack vendors, and to consumer electronics companies who want to have
full control over their HomeKit software. If you are interested in such a license, you can contact me at email@example.com.
If you need a HomeKit implementation for a microcontroller not based on a Cortex-M core, we can offer to port our code to your microcontroller's instruction set architecture.
If you are interested in higher-level libraries, tool support, development of custom HomeKit accessories or bridges, we can offer suitable engineering services.
The strong security properties of HomeKit could also show the way towards better wireless security for the Industrial Internet of Things. HAP is a relatively simple and
efficient protocol, yet there would still be room for performance improvements and a footprint reduction, by making some design decisions better suited for microcontrollers. Maybe someone is
interested in developing a protocol similar to HAP, but for industrial use cases? If so, please let me know.
Cuno Pfister, Oberon microsystems AG
There is now an official home page for OberonHAP: http://oberonhap.com.