A secured gateway to home-brewed HA

IOT is still in early stages. And the ONE thing that I despise is the security. There are no industry standards that promises the security of that home-brewed smart device connected to the world, sitting in your living room.

Although there are workarounds. And I'm sure, we'll have a good solution soon. But meanwhile, here is a quick layering solution using Particle Photon!

The Web API calls to this board are secured and based on the 32 bit keys unique to the particle.io account. The board is connected to the same network wirelessly where the unsecured nodes are connected. I have a subnet dedicated solely to unsecured devices with an internal 192.168.60.x range. My internal network looks like this.

This is where the arduino-like code for particle photon comes handy. The ease with which the Particle board can be configured to make HTTP requests to ESP nodes is totally worth this workaround:

// Make request to ESP board sprintf(publishString,"IP: %d.%d.%d.%d",ESP_SERVER_IP[0],ESP_SERVER_IP[1],ESP_SERVER_IP[2],ESP_SERVER_IP[3]); Particle.publish("Attempting connection to server",publishString); // Retry in case of a failure while (!client.connect(ESP_SERVER_IP, ESP_SERVER_TCP_PORT) && (connectRetries++ <= MAX_CONNECT_RETRIES) ){ delay(500); }

Now that I can make secured web based calls to control my internal unsecured ESP boards, devices like Google Home and Amazon Alexa can now control bunch of my internal devices via IFTTT (another web automation service I have come to appreciate a lot).

A block diagram of how everything is put together:

A JAVA udp client periodically broadcasts a 'system status' request to All the ESP nodes that receive this and are able to respond with their nodeId and current IP address.

Sequence of Events (ESP node):

  • Whenever a node is powered on, it announces it's nodeId and IP address (along other system information) to the UDP client/server.
  • The UDP client/server applet updates the database with this information.

Sequence of Events (Request):

  • A request is issued to particle photon with nodeId and the state request
  • The particle photon, upon receiving this request, makes request to the server to fetch the IP address
  • The particle photon board sends the request to this IP address

Related but unrelated: