Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Interviews Jacob Fahrenkrug on Building a Secure Platform for the Smart Home

Jacob Fahrenkrug on Building a Secure Platform for the Smart Home


1. Hi I’m Ralph Winzinger, I am software architect and editor for InfoQ and I’m here at Go To Berlin 2014 and I’m with Jacob Fahrenkrug. So Jacob, would you please introduce yourself to our readers and to our watchers and tell them what’s all about you are doing and what your company is doing.

Thanks for having me today, my name is Jacob, I am the CTO at Yetu AG. Yetu is a Berlin based startup, we are building open smart home platform. So what does that mean? It means that we are building a platform that is meant to enhance people’s life at home and not only focusing on home automation, but as well as other things that you are currently doing at home like listen to music, watching TV, cooking and also exploring the different areas of industries of healthcare, ambient living, so it’s a very wide spread area, we are trying to develop a platform that in the end opens those kinds of things and areas to developers and individuals to explore in that new services that we are currently not all aware of, and helpfully will be in the future.


2. Maybe let’s jump into this topics smart home. Currently we see a lot of home automation but it’s just like some stuff that can be done with the help of devices. I can lower my window blinds by pushing a button, but I don’t consider this to be very smart, so what’s the point with smart home? What’s the difference to home automation?

So what I see there, what we all can see in this particular market is that I think history is repeating there, so if you look back to what happened in the smart phone and mobile space is that there was a big hype and there was a lot of money when acquiring those UMTS bandwidths and it took us like 8 years to actually find out what “mobile on the go” and “mobile internet” really meant. Right now we are on the same edge in the smart home fields. So there will be a revolution and it’s now emerging because the industry and the sensors and actors that actually can do stuff in your home now become affordable for a more middle class financial range. So it’s like you get the sensors for opening a window and you can operate a heating ventilation system and your window blinds and smart switches and Philips Hue lights. So a lot of hardware developers and companies actually go into it and decrease the prices so people get more interested. But on the other side we don’t have yet discovered the services that will create this explosion like we have on the smart phone. So what we think we need there is an open platform that just connects all those things and opens up to the developer community so that they can built the services that none of us has yet though about. And so for that you need an open platform to actually leverage this like we had with Android as the big smart phone and mobile internet opener like 8 years ago.


3. This open platform - how do I have to imagine it? Is it some kind of API or some kind of common language between devices or is it just about delivering events and data that might be processed in some way or another?

It’s all of those. The problem that we are facing on smart home is that with mobile internet it was all integrated in one device and the device is a personal device that it’s just owned by yourself. But if you now explore the very similarities or parallels in the smart home, this problem is unequally more complex, because it’s a lot of distributed devices so you don’t have them integrated in one piece of hardware and it’s shared between people. So it’s not individually owned by one person but it’s a community of people living in a home and sharing all those devices, sharing the TV screen, sharing the thermostat on your heater, sharing the window that is open or closed. So it’s more complex and for that reason harder to solve. For that you need a platform that is not an operating system because it’s not bound to one device or one sensor but it works across all those things and there is no standard out there for communication yet. And there might even be different situations where different standards make more sense. So what you need is a platform that works across screens and operating systems and makes the smart gadgets that you buy and install in your home available on a higher level. So you need the standards for communication - so this was true - and then you need a platform to leverage all the knowledge and the skills that we build up in the last couple of years for the mobile internet and develop systems that largely scale and can provide services to the end customers. For that you cannot go down to the level of communication but you have to bring those up into the internet and create an API. So what we are doing is we are putting a rest API where one household is representing as kind of like a resource and then you can in a hypermedia kind of style browse through a household and see who’s living in there, what kind of gadgets are installed, what are the functions of the gadgets, what are the functions of one particular gadget and then you can on top of that start to create rules combine stuff and make your home actually more smart. On top of that there is a messaging system where you can send an event to another one so that use cases get possible like, if you have a door bell, you ring the door bell, there is a front door camera that takes a picture in this very moment and depending of what kind of device you are currently working with, either a smart phone, your tablet or your TV, it just pops up, brings up the picture of the person standing in front of your door. You can decide whether you want to open it, you just have the context right away. And even if you are on the go, if you are not there, you get the message that somebody just was ringing your bell. That’s the way we think stuff should work there, and that’s actually really possible, this is a use case already.


4. [...] We have distributed intelligence there?

Ralph's full question: This device communication it’s much like some kind of messaging system in between - I think HiveMQ is something that’s really often used in telematics for example. I just push a message or an event to this bus and well, if there is some other device that thinks “ok, this is now interesting because it was a door bell event”, it will react to it. We have distributed intelligence there?

The way that we design that system is that you have one central control point in your home. This one thing actually creates the connection to the internet, so you have this one piece of hardware already in your home. And this could also be used as a dispatcher connecting all the things, so you have this translation layer that - from the Cloud or any device - receives events and then finds out who actually is interested in this event and then just translates it into the given protocol. Might be Z-Wave, might be ZigBee, might be KNX whatever you have installed. Might be all three of them. It just finds out what actually the device that you want to talk to and that was interested in this event, speaks, translates it and then pushes it. We are using Eclipse Smart Home for that as an OpenSource framework that actually can enable this.


5. Ok, so there is something going into the Cloud I heard. Do we have some kind of security issues here?

For sure we have. And it’s often when I speak to people about that, they really get scared because they are like what happens if somebody actually hacks my system and then suddenly can start to control my coffee machine? For sure that’s a new threat, we didn’t have before but on the other hand this is all from a technology point of view, not the biggest issue because we have the different layers on top of that, so you have technical solutions that can prevent people from directly accessing your gateway in the home which controls the devices, but I simply not opening any port with the outside world. That can be done by always having the gateway to initiate the connection to the Cloud. And on the Cloud itself you can always encrypt channels with TLS with self signed certificates so that it’s very hard to intercept this kind of connection.

So we have a bunch of technical solutions already out there that we just have to use there. For me the much bigger threat that we are currently not addressing in the right way out there in the industries is that we just give all those information and all the data out to people without having any sense of privacy anymore. We just trust the platform provider, that they work with our data in an ethical right way. There is no technical system that actually prevents the operators of platforms from accessing the data and giving it to whoever - government, institutions, terrorists - who wants to have this information. So this is something that we believe needs to be changed and we are going to change it with a technical solution where we do the encryption of any kind of data already on the gateway in the home. We have this crypto chip, it’s called TPM, Trusted Platform Module, where you can actually store keys on. During the setup of the gateway a random key is generated and with this key sensor data is already encrypted on the gateway and only then sent to the Cloud. Whenever somebody want access to this information you need again the key to the gateway to decrypt the data again. It’s all going back to giving the choice of who accesses the data that you actually own and that belongs to you, the user, and this is the paradigm shift because we don’t have this right now.

Ralph: So the idea is that, even if some Cloud provider gets compromised, that the data stored or the data that is leaking then is anonymous or encrypted or whatever, so my personal data is safe.

The way we are doing it is first we are separating the data into different kind of servers and layers in our architecture so there is for example no personal data is stored in any public Cloud system, so we have a separation of systems there. There is only a VPN connection between those systems so the attacking surface from the web means that once you brake into the system you are only on the servers that run on the Cloud and you actually have to know over which direction you can get into the private Cloud and this is only via VPN. So it’s very hard to get in there. Even if you would manage that, then the system where we store information are running again on different technologies and database servers, so you have to make sure that you know all those different servers and how they are actually working together. And even if you know this relation, the relation between information is encrypted again and to decrypt it you need a gateway. So even if somebody is so good and so smart and hacking our system and would get right down to the bare physical hardware that we are using, he could make any sense of those information without having each and every installed gateway out there to relate information between the user and the sensor data. So this is also a huge risks that you always have while operating the system is that some internal operator, or guy that works for your company, actually gets information and sells it to someone else. And we also prevent this because he would need together all the keys for all the gateways to make sense of the information. So we actively prevent ourselves from having the data.


6. [...] Is there something like this possible in your platform too?

Ralph's full question: Is there a possibility to make some parts of my data really public? I’m thinking of stuff like swarm intelligence where it’s necessary to survey a larger area of homes to derive what information ever. I know it from telematics for example, where driving data is collected from all the drivers, it’s anonymous but it helps to find out what situations or what places are dangerous and to push out warnings to cars as soon as I enter that location and behave in a way that might lead to an accident. Is there something like this possible in your platform too?

Absolutely. So what you still want is crowd sourcing all those information. We have that. If we would encrypt all the data points already in the gateway we would create a lot of overhead. We would have this constant loop of flowing information back and forth for encryption and decryption, so you don’t want that also from a broadband point of view. So what we do is that we actually anonymize the information by just encrypting the relation between the user information and the pure sensor data. So what we have is a huge database with pure sensor information that is anonymized upfront already on the gateway so that we are still able to do this crowd sourcing of information, but can really not make a connection between the individual and the data point that we are having.


7. Are users are actually ready for this new technology? Ok, there is this security point of view, we could say ok, we have the technology, we can secure the data. But do users really want to use smart homes?

I think we are on a curve right now where people start getting more interested. Most of them are still kind of reluctant and afraid what’s going on there. But again I would like to go to the parallel with smart phones that I also mentioned at beginning. So when you look back a couple of years ago with the smart phones, service number one that people were using in the smart phone was still voice. So there were like a couple of other services, like email, browsing the internet, but service number one still was voice. So what we will see I think is that people will get those smart phone capabilities anyway because like Apple is introducing it, Amazon just today announce there new kit for the smart home.

So you will eventually have it at home anyway. You will start with services that you already have at home, watching TV, streaming music, and then step by step because also your landlord is interested in getting more assistance, because your flat might be humid and he wants you to open your windows on a regular basis. Or your insurers want you to find out that you have a leaking washing machine. So you get all those devices with bundles from different industries and for that people will be getting those smart gadgets anyway over time. Once they have that system in their home that actually protects their needs, it helps them in the end. So I don’t think the market is ready yet, it’s just emerging but it will get very fast in the next couple of years, maybe 2 to 5 years.


8. This leads to my next question, I still wonder why you said that technology is now very much cheaper and it’s no problem, it’s minimized, it’s no problem to embed some kind of smartness into devices, but on the other hand we have a lot of really expensive devices out there that seem to be rather stupid. Why is it adapted slow?

I think this so slow because the different industries tend to think in their old paths, so what we see now when we enter the smart home, there is all those different industries who so far had exclusiveness in the home with their particular parts. So insurers were there to insure the stuff that you have, energy providers are there bring electricity in your home, telcos are there to bring you the fixed line phone and internet. Some of them are already bringing like television and so they already switched kind of field. And what we are now seeing is that now all those industries have the same kind of attacking surface so to say to the end customers. This is kind of new, a whole new market and new dynamics are currently created, and there is no key strategy for those different industries on how to attack it and they all like “I have to build my particular niche of some market what I’m good at” and they’re focusing on that. That’s why we have all those siloed systems that we are currently seeing. This will eventually open up, hopefully with the platform that we are providing, but in the end might be any other open platform. There will be an open platform anyway that’s my core believe.


9. It’s just the means of communication that’s missing right now?

I think this is, from a technical point of view, there is just no platform that actually provides this right now and there is also from a mindset point of view that those big industries have to be ready to jump on this new area and find out how actually the market and dynamics works in this particular field.


10. Do you have information or do you have a sense for the large brands, do they adopt this technology, do they create some API’s already for exchanging sensor data for example, for exchanging information?

There are those different consortiums out there, so we have older standards like New Wave or ZigBee where people try to standardize the wireless protocols out there with technologies and then some overarching technologies like AllSeen and AllJoyn or recently announced the …, so that are ways to actually standardize the communication between the different kind of smart things. But this is still a very … there is a lot of movement but it’s still not sure in which direction actually the standards will saddle I think in the end there will be like 2 or 3 standards that will be supported by the different big guys, like LG, Samsung, Microsoft.


11. [...] Will the technologies actually vanish for us, will they just be there and work for us?

Ralph's full question: So do we have some kind of vision for the next five years, will we arrive at that point where we can, we all can use this? I mean we are techies, we love to have some pain from time to time. If you look at the normal customers, at families, at children, will they be able to benefit in the next years from all those technologies? Will the technologies actually vanish for us, will they just be there and work for us?

That’s my wish. I want technology to be much less complicated zhan it is right now. I don’t want to have like 20 different bridges to play music in my home. I just want one device and net speakers in my room, so for sure my vision in 5 years … I will hate me in 5 years for saying that probably … but I think that will just be either just one device or no control device anywhere in the home, so maybe the mobile might be hub or the tablet, and so whereever you are or you wear wearables and everything is connected. Not only the gadgets in the home but everything else. I think also the car will be there, public transport, so I think in 5 years there will be the Internet of Things really in terms of a platform that consistently works across screens and operating systems that brings services to the people and helps them, enriches their life, especially in areas that we are exploring right now like energy consumption, water consumption and healthcare and ambient living, so this will be areas that will much faster come to life and enhance our life than we think right now.

Ralph: Ok and very much looking forward to it, so it was great fun to speak to you, thanks for having the time!

Thanks for having me!

Jan 23, 2015