Programming paradigm?

IT's not an either/or situation. Keep in mind that the logic isn't necessarily the raw commands to the devices. In a system like CQC, the logic behind a button in a user interface is there in the button. But that's not the actual commands. Those are commands to the server to carry out the activities desired, and only after providing proper credentials to the server to prove you have the right to do so. And it also requires the same sort of credentials in order to modify any configuration of the system.
 
Putting both of those things in a phone is probably not good from a security standpoint. Once someone has the phone, your system is open. In a scheme like I describe above, they can't get physically to your server to crack the security. In the phone scenario, they do have the device and if they physically have the device, security doesn't mean much. If being able to run the automation app and send any commands you want only depends on being able to log into the phone, then any means to crack the phone means direct access to your devices.
 
But of course some folks coming along now, who are enamored of the 'internet of things' and how everything is going to automagically become part of the automation system without human intervention and all that, are probably not going to put security first. And some of those systems are going to be neon signs to hackers. And many will almost certainly tend to take a 'the phone is the system' approach as well, since that's how a lot of people think these days.
 
BaduFamily said:
I would like my home automation logic to remain at home while I am being nomadic.
Click to expand...
 
I would favour separation of code and user data for control, since it might be well worth getting new functionality from an on-line repository. May be we will see a revival of ASP, using local control data. This however would need encryption. Downloading code could be an alternative, if reverse engineering is prevented. For the time being there are too many architectures out there, to go ahead without checking them. Seems that wireless is introducing more problems, because some embedded devices only run one stack at a time. 
 
Dean Roddey said:
IT's not an either/or situation. Keep in mind that the logic isn't necessarily the raw commands to the devices. In a system like CQC, the logic behind a button in a user interface is there in the button. But that's not the actual commands. Those are commands to the server to carry out the activities desired, and only after providing proper credentials to the server to prove you have the right to do so. And it also requires the same sort of credentials in order to modify any configuration of the system.
 
Putting both of those things in a phone is probably not good from a security standpoint. Once someone has the phone, your system is open. In a scheme like I describe above, they can't get physically to your server to crack the security. In the phone scenario, they do have the device and if they physically have the device, security doesn't mean much. If being able to run the automation app and send any commands you want only depends on being able to log into the phone, then any means to crack the phone means direct access to your devices.
 
But of course some folks coming along now, who are enamored of the 'internet of things' and how everything is going to automagically become part of the automation system without human intervention and all that, are probably not going to put security first. And some of those systems are going to be neon signs to hackers. And many will almost certainly tend to take a 'the phone is the system' approach as well, since that's how a lot of people think these days.
Click to expand...
 
exactly, I only see appification with most market appearances and no solutions for open secure systems.
 
You must log in or register to reply here.

Similar threads

pete_c
DIY Espurna firmware upgrade to ITead S20 Smart Socket switch
Replies
0
Views
1K
pete_c
pete_c
StarTrekDoors
PC Access 3.17.0.843 Update Release Notes
Replies
0
Views
4K
StarTrekDoors
StarTrekDoors
S
Bewildered! Need Help With New Security System - Qolsys vs. 2Gig vs Honeywell Lyric
Replies
4
Views
4K
SterlingDonnelly
S
pete_c
Don't Buy Anyone an Echo
2 3
Replies
35
Views
3K
pete_c
pete_c
D
Premise [download] HomeSeer HS3 Connector Module
Replies
0
Views
2K
doczaius
D
Back
Top