Security features

[RaHoni]

Wir sollten einen Ende zu Ende Verschlüsselung für jedes Gerät (Anmeldung nicht Hardware abhängig)

• Für Aktoren (alles nicht Endnutzer) Per-shared-Secrets jeder Befehl dahin/davon wird verschlüsselt
• Für Endnutzer Session-Based-key erhält Zugriff Genehmigung durch Nutzername und Passwort (SSL und zusätzliche damit andere keinen Zugriff auf entsprechende Befehle haben.

[maximiliani]

translation of the former commit

### SECURITY FEATURES

We should use a end-to-end-encryption for each device. (The login isn't hardware dependent.)

• For devices which are not the user (light bulbs, smart plugs, heatings ...) pre-shared-keys are used. So every command which is sent and received by this device is with a specific key for each device encrypted. This is good, because a hacker can't decrypt all the traffic by getting one key. He or she had to get all keys, which isn't easy.
• For the UI's session-based-keys are necessary. The user has to use SSL and has to login in the app or on the Web-interface (username and password). So nobody else should control the smart home ...