I need to clear out my doubts regarding my Home Automation project.
I am working on project based on IoT Home Automation project. There are three entities in this project:
- Web Server
- Embedded Client
- Android App
Android App will send data to Web server to ON/OFF switch on Embedded Client. Server Receive data and decide to send to which client. Server send data to appropriate client and get feedback and send back to the Android APP.
Multiple Embedded Client can be controlled by Single Application.
Now I have decided to use the Websocket Protocol, As using WS I can make server-Client communication realtime and Avoid polling/Long polling.
But as I have studied about WS more, I found it is not secure and easy to hack.
Please guide me which technology should I use for this project, and what should be server and client requirements to fulfill the objective of the project.
Best Answer
I recently did a similar design for fun with an iphone sending http requests to a webserver running on a MSP430. I also looked a little at security. I think if you want to make your project "more secure and not easy to hack" then you should look into encrypting whatever communication channel you are using. I'm sure you could encrypt the payload you send from the android phone, and decrypt on your endpoint.
The problem I hit was the code to support something like https key negotiating was way too big for my little device. I ended up going with their built in AES encryption engine, and just sharing the keys between the devices ahead of time.
In any event that's where I would start, once you can encrypt your payload, your transport mechanism starts to matter less and less.