Background

Apple HomeKit

About 15 years ago, a manager at a company that produces thermostats for commercial buildings told me that, according to market researchers, the take-off for the home automation market is predicted to happen in five years. And had been predicted to happen in five years, for many years. He wasn’t optimistic that this would change anytime soon. Indeed, the expected explosive growth of the home automation market (beyond enthusiasts and makers) has remained five years in the future.

This might finally change. If anyone appears able to put all the necessary ducks in a row (user experience, technology, “systems thinking”, ecosystem, interoperability, quality control, marketing), then it is Apple. In June 2014 Apple announced its HomeKit initiative, which is aimed at creating an Apple ecosystem for home automation. HomeKit is a set of specifications published by Apple; implemented by Apple in iOS; and to be implemented on the device side by accessory makers or their suppliers, i.e. semiconductor companies.

In June 2015, the first HomeKit-compliant products have become available on the market. Most of them are based on WiFi. Products based on Bluetooth Smart (aka Bluetooth Low Energy or BLE) have been slower in arriving. The reason is that BLE hardware is often lower cost and consumes less power compared to WiFi, but also provides less memory and slower processing. The exceedingly strong security required by Apple makes it tough to support HomeKit for WiFi hardware, but even more so for typical BLE hardware – which is the key for the mass-market adoption of HomeKit.

In early 2016, a second wave of HomeKit products have arrived, among them a HomeKit-capable bridge by Philips for their popular Hue lighting system. In late 2016, iOS 10 will arrive with a Home app bundled. This can be regarded as the actual end-user launch of HomeKit.

Oberon at WWDC
Apple’s Craig Federighi presenting the HomeKit partner ecosystem during the WWDC 2016 keynote

Market forecasts are like reading tea leaves: nevertheless, here the first forecast for HomeKit accessories that I have seen.

From NaCl to HomeKit

Our company Oberon microsystems got into HomeKit through serendipity. We have been doing industrial Internet of Things projects for longer than the term exists. Over time, we’ve seen security becoming an increasingly important concern for the acceptance of IoT projects. Thus, security for resource-constrained embedded systems has become one of our key interests, and we’ve been monitoring what was going on in the crypto community for quite a while. Years ago, we became particularly interested in a high-quality library for elliptic curve cryptography called NaCl (pronounced “salt”), developed by Dan Bernstein, Tanja Lange and Peter Schwabe. It has excellent cryptographic properties and seemed promising for microcontrollers, even though originally designed for much faster microprocessors.

We ported a public domain implementation of NaCl to single-chip microcontrollers (STM32F4 chips with Cortex-M4F cores). The result was reasonably fast, but we saw a way to greatly optimize performance even further, by applying novel algorithmic transformations and by re-implementing critical parts in assembly language. We then made experiments with these optimizations and found a speed-up of up to a factor 30, depending e.g. on the length of the encrypted messages.

We’ve used our fast NaCl library for implementing a secure firmware update mechanism for industrial devices, where firmware images are encrypted and signed. Distribution of the images can happen in any way, e.g. using Microsoft Azure table storage or even USB sticks sent via snail mail.

Then at WWDC 2014 Apple announced HomeKit. And guess what? Apple uses a variation of NaCl as the crypto suite for the HomeKit Accessory Protocol (HAP). HAP is highly interesting in that it provides end-to-end security even all the way to inexpensive sensors (not just to gateways) and perfect forward secrecy. An introduction to HomeKit can be found on Apple’s HomeKit developer site. A description of some security aspects of HomeKit is given in the iOS Security Guide. For the detailed specifications, you need to register with Apple’s MFi program.

OberonHAP

We studied the HAP protocol, talked to a number of chip vendors about their interest in HomeKit, and then decided to modify our crypto library according to the Apple specifications. We added some missing algorithms and implemented the actual protocol itself, based on Apple’s HAP specification. Today we have optimized HAP implementations for different ARM cores and even for cores with other instruction sets, in addition to a portable C implementation. You can find some key performance numbers on the OberonHAP home page.

For first demonstrations, we’ve focused on the more challenging BLE accessories, selecting a Cortex-M0 microcontroller as our first target hardware. We found that even on such a low-cost single-chip microcontroller, HomeKit runs acceptably fast. Newer chips with e.g. Cortex-M4 cores are much faster, yet still consume far less power than your typical WiFi module.

OberonHAP BLE Architecture
OberonHAP BLE Architecture

With OberonHAP 2.0, we also support IP (WiFi, Ethernet) and provide a high-level server API that vastly simplifies the development of HomeKit IP accessory firmware. This release also runs on Linux and enables the implementation of HomeKit bridges.

OberonHAP IP Architecture
OberonHAP IP Architecture

Is It For Me?

OberonHAP is not a complete protocol stack – it does not do BLE or WiFi or TCP/IP. Nor is it a software development kit (SDK) – it is shipped as key part of a HomeKit SDK, along with sample code, documentation and some tools. OberonHAP is a library, to be called by the accessory logic that implements one or more HomeKit profiles, along with device drivers for the hardware (e.g. a random number generator) and a BLE or IP communication stack.

We can license our source code to you, and optionally help you create a complete HomeKit SDK for you or your customers – and we can help you gain the necessary Apple certification.

For more information, please contact me at pfister@oberon.ch.

Cuno Pfister

Managing director of Oberon microsystems.