Using Home Assistant to control your home (and more)

If you’re looking for an home automation software, you will find a lot of projects. There is a huge interest in this area and a lot of developers working on different projects. Many focus on the visualisation. While it is important to have a good user interface, the main focus of an automation system should be it’s backend.
One project I really like is Home Assistant. It uses a very clean backend/frontend separation.You can easily add your own user interface by just using its web API. It is written in Python. That makes it easier for me to add missing functionalities.

An architecture based on Home assistant could look like this:

ha-architecture

KNX isn’t supported out-of-the box in the current Home Assistant release (June 2016). However, I already did some programming and will work on integrating it into the official Home Assistant release.

How secure is KNX?

Looking at modern home automation communication technologies (like Z-Wave or Zigbee), it seems that most of them have some security issues. These may or may not been fixed in the future. If these modern architectures already show a lot of problems, what about KNX? Let’s make it quick: from an computer security point of view, KNX is not just insecure, but the worst kind of protocol. All devices communicate on a shared medium, there is no encryption, no authentication, no authorisation. If you have access to the KNX bus, you can do everything.

Luckily, there is one good thing about KNX: You need access to the bus. If somebody has physical access to your bus, he can do crazy things. But this means, this person is already in your flat. Even without home automation, a person that has physical access to a light switch can turn it on and off. This means that for a residential installation, cabled KNX installations are perfectly fine, if they are running standalone. However, modern installations aren’t standalone. Nobody wants to install an home automation system anymore that is not somehow connected to a network.

Here are some tips how to make sure this system is still secure.

  1. Don’t simply connect your KNX network to your home LAN (that might be even allow guest WLAN access).
    KNX/IP interfaces are cool products and you will need one. However, be clear that these do not have any security built in. That means everybody that has access to your network can do everything on your home automation installation. This might not be the best idea. I would recommend some gateway that makes sure only authorised system can access your KNX bus.
  2. If you use any commercial product to connect your KNX bus to your LAN, (there are a lot of products available) make sure, the supplier provides regular updates and reacts on security incidents. If the last firmware you can find is 17 months old, the supplier most likely doesn’t do a good job. Most of these gateways are Linux based and you will need regular updates for it.
  3. If you implement some kind of gateway/firewall by yourself, make sure it is designed with security in mind and you also update it regularly.

Remark 1: The concept of physical security can be very critical in environments where multiple parties share a KNX installation. This can be a problem not only in office buildings, but also apartment complexes. If you live in an apartment with some kind of “smart” technology, have a look how it is implemented and who might be able to access it.

Remark 2: With ETS 5.5 the KNX association now supports some kind of encryption. I haven’t looked into it. Why? Because all old devices do not have any idea about it. It might become more popular in the future, but in today’s practical KNX installations, it is usually not supported by the devices that are already in place.

Interfacing a KNX bus with Python

If you are looking for frameworks that allow you to interface a KNX bus using an IP interface, you will find a lot of tools. Many people still use eibd. However, looking at the eibd page you will see that eibd is no longer maintained.

If you read the KNX specification, you will notice that KNX packets are quite small with a simple structure. No XML stuff with namespaces as often used in modern APIs. So why not implementing the communication in a small script? Unfortunately it is a bit more complicated than just sending a packet to the KNX/IP interface an wait for the answer.

While KNX itself is connectionless, the KNX/IP interface isn’t. This means you first have to initialise a control connection to the KNX/IP interface and use this for data transmissions. Also you have to acknowledge every packet, otherwise the KNX/IP interface will drop the connection. Does this seem complicated? It isn’t.

A simple version of a KNX/IP communications stack (with very limited functionality) can be implemented in less than 400 lines of code. This even implements caching. This means the daemon actively listens to the KNX bus and stored the state of every object internally. Just reading the value of an object than does not need any KNX communication when the value has been seen on the bus already.

Using this simple interface, it is very easy to exchange messages with KNX group addresses:

from knx.ip import KNXIPTunnel
import time
import logging

def main():
    logging.basicConfig(format='%(levelname)s:%(message)s', level=logging.DEBUG)

    tunnel = KNXIPTunnel("192.168.1.128",3671)
    tunnel.connect()
    
    while (True):
        # Toggle the value of group address 0/0/1
        tunnel.group_toggle(1)
        
        # display the values of group addresses 0/0/1 to 0/0/5
        for i in range(1,6):
            v=tunnel.group_read(i)
            print("{} = {}".format(i,v))

        # delay
        time.sleep(12)
        
if __name__ == '__main__':
    main()

References:

A minimal KNX setup

If you are an experienced electronics hacker and you want to do some tests with KNX, you need to invest a bit. However, a minimal KNX setup for initial tests doesn’t have to be very expensive:

  • a 29V power supply that supplies at least 300mA
    Most bench power supplies will do the job. For a test you don’t have to buy an expensive KNX power supply.
  • a KNX choke
    You can’t connect KNX devices directly to the power supply. A choke is essential. Without it, no communication on the bus will be possible. Standalone chokes starts at around 35€.
    Another option is using a 47-Ohm resistor in between the power supply and your KNX bus line. While it might not work, it is worth a try as it will cost you only a few cent.
  • a KNX sensor
    If you have some push buttons laying around, a cheap KNX bus coupler from eBay might be the cheapest option. You can get these for less than 30€
  • a KNX actuator
    Some KNX sensors (like wall-mounted push buttons) have status LEDs that can be controlled from the KNX bus. In this case, you do not need a separate actuator. Otherwise have a look on eBay for old binary outputs. You should be able to find something for less than 30€
  • USB or Ethernet interface
    USB interfaces are usually a bit cheaper. You might find used USB interfaces in the range of 50-80€. However, I would still recommend to spend a bit more money and buy an Ethernet/KNX interface. You are more flexible with these as multiple devices can access it simultaneously. You might not be able to save a lot of money on a used one, but new Ethernet interfaces are available from 150€

This means, a minimal KNX setup will cost you between 200€ and 300€. This isn’t really cheap, but still less expensive than many people might think. The good thing: The most expensive component is the Ethernet interface. If you decide not to go on with a full KNX installation, you can still sell it for a good price. Otherwise, you can use this in your house installation.

The minimal installation looks like this:

Minimal KNX installation