Help needed regarding controlling atmega328p behind CGNAT

Log in or register to post comments
Go To Last Post
10 posts / 0 new
Author
Message
SHARANYADAS
SHARANYADAS's picture
Level: Hangaround
Joined: Sun. Mar 2, 2014
Posts: 284 View posts
#1
Posted by SHARANYADAS: Fri. Nov 9, 2018 - 10:17 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi all

 

I have developed a Bluetooth & IR based Home automation system in which the atmega328p is the main MCU.Now I want to control the atmega328p over the Internet.So i want to know,which is the right approach.I have come up with two  Ideas with their own problems.

 

1)Attaching a ESP8266(programmed in Arduino IDE) to the main board over UART but the problem is I am behind CGNAT/DoubleNat from my ISP so port forwarding is simply not working.

 

2)Involve a Raspberry PI that will run service like NGROK/Similar & connect to my main board using UART/Bluetooth UART but the problem is NGROK generates unique id every time.So each time I have to change the login credentials.

 

Please give your suggestions(For ex - regarding any other Method/Adding Hardware/Other Cloud/Tunnelling services etc etc).Any kind of suggestion is highly appreciated....

 

Tags:

Learning and Information, General Electronics, WebSocket, ESP8266, TLS, Bluetooth, VPS, ATmega328P, ATECC608A
Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 23001 View posts
Location: Melbourne,Australia
Posted by Kartman: Fri. Nov 9, 2018 - 10:48 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Get a free Amazon ec2 instance. If you’re using mqtt as a protocol, you can run mosquitto as the broker. Then anyone can get access from anywhere.

Top
gchapman
gchapman's picture
Level: 10k+ Postman
Joined: Tue. Jan 9, 2007
Posts: 11478 View posts
Location: Arlington, Texas, u.S.A.
Posted by gchapman: Sat. Nov 10, 2018 - 12:02 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

SHARANYADAS wrote:
... any other Method ...
WebSocket server, WebSocket client is one of several recent web browsers; WebSockets are persistent.

To see if a WebSocket can make it through the router, do a WebSocket echo from a recent web browser on the LAN.

A WebSocket server can run on a Raspberry Pi; if concerned about Raspberry Pi's power consumption then there are a few WebSocket servers on ESP8266.

Advantage Raspberry Pi as it has zero price TLS; am uncertain TLS is in ESP8266's SDK.

Consider application-level crypto as TLS isn't enough; mega328P can do some software crypto or be attached to an ATECC608A (that has a crypto engine)

SHARANYADAS wrote:
... Adding Hardware/Other Cloud/Tunnelling ...
Serial port tunneling is in Lantronix device servers and device gateways.

Wouldn't be surprised if serial port tunneling is in OpenWrt or DD-WRT.

Terminal servers exist to connect UARTs to a LAN.

 

P.S.

SHARANYADAS wrote:
I have developed a Bluetooth & IR based Home automation system ...
Some Bluetooth modules can have 6LoWPAN on Bluetooth with a router that converts to IPv6; the Bluetooth modules have a SDK so can extend the functionality (port the application from one MCU to the Bluetooth modules' MCU)

 

websocket.org Echo Test - Powered by Kaazing

GitHub - chilipeppr/serial-port-json-server: Serial Port JSON Server is a websocket server for your serial devices. It compiles to a binary for Windows, Mac, Linux, Raspberry Pi, or BeagleBone Black that lets you communicate with your serial port from a web application. This enables web apps to be written that can communicate with your local serial device such as an Arduino, CNC controller, or any device that communicates over the serial port.

Embedded WebSocket Server (on some 32b MCU, with TLS) (ESP8266)

GitHub - Links2004/arduinoWebSockets: arduinoWebSockets (WebSocket server and client, includes ESP8266)

above with thanks to andrew99 and Looking for IoT advice. | AVR Freaks

11 Myths About TLS | Electronic Design

by Dave Hughes (HCC Embedded CEO)

Nov 07, 2018

...

 

4. TLS and network security are all about cryptography.

Most recent network security failures have been caused by either the leak of key information by humans, badly written code, or poor integration of the security layer. While some cryptographic algorithms have been weakened in lab conditions, practical attacks rarely exploit these weaknesses.

 

...

ATECC608A - Crypto Authentication - Security

https://www.lantronix.com/all-products/?connectivity%5B%5D=4193&class%5B%5D=125&submit_filter= (Lantronix, Bluetooth)

nRF5 SDK for IoT / Bluetooth Low Energy / Products / Home - Ultra Low Power Wireless Solutions from NORDIC SEMICONDUCTOR

 

"Dare to be naïve." - Buckminster Fuller

Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 23001 View posts
Location: Melbourne,Australia
Posted by Kartman: Sat. Nov 10, 2018 - 12:37 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The basic issue is that you can make a connection to the outside world, but the outside world can’t make a connection to you. This is good for security and especially good if you’re connected via mobile. So having a common point of connection that is internet facing solves the problem. Thus the amazon instance - its free and can be deployed in minutes. Fire up ubuntu. Sudo apt-get mosquitto. Gives you the broker and open up the required ports in your ec2 console.

Top
SHARANYADAS
SHARANYADAS's picture
Level: Hangaround
Joined: Sun. Mar 2, 2014
Posts: 284 View posts
Posted by SHARANYADAS: Sat. Nov 10, 2018 - 06:35 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ok...this is preety hard for me as i have very less knowledge in networking part!I came across a service that is called Dataplicity.I think this will fullfill my purpose.(Using Raspberry pi).

 

Addition:

 

I did some more digging & found that I can do it using ESP8266 programmed in Arduino IDE (Adafruit MQTT Library) that will communicate to Adafruit IO services using MQTT.Also the amazing thing is that I can use Google Assistant to communicate to IFTTT that will further communicate to Adafruit IO services & further to the ESP8266 using MQTT.So the relays can be controlled using Voice commands!

 

But

 

Now i want to know,How secure is this whole process using MQTT??

Last Edited: Sat. Nov 10, 2018 - 07:58 PM
Top
gchapman
gchapman's picture
Level: 10k+ Postman
Joined: Tue. Jan 9, 2007
Posts: 11478 View posts
Location: Arlington, Texas, u.S.A.
Posted by gchapman: Sat. Nov 10, 2018 - 08:07 PM (Reply to #5)
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Dataplicity, Terms & Conditions, notes :

  • No loss of ownership of your data
  • No mention of keys

Complete is data and keys (your data, your keys)

Dataplicity's price and value seem good; can reduce the price by Virtual Private Server (VPS) (a server isn't difficult)

A server on the IP WAN does meet Kartman's assertion.

 

Alternates to client-server are peer-to-peer :

  • torrent
  • mesh network
  • instant messaging (IM)
  • blockchain

BitTorrent is extremely popular.

Tox may be of interest for IM.

One use case for blockchains is ledgering; ledgers are data and might be considered as files.

 

Terms | Dataplicity

Low End Box - Cheap VPS Hosting Providers Listing & Reviews due to How to run your own secure IoT cloud server for $8/year | Embedded

https://prism-break.org/en/all/#mesh-networks

A New Kind of Instant Messaging (Tox) via https://prism-break.org/en/all/#instant-messaging

 

"Dare to be naïve." - Buckminster Fuller

Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 23001 View posts
Location: Melbourne,Australia
Posted by Kartman: Sat. Nov 10, 2018 - 09:37 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

If you use ssl/tls, then mqtt is as secure as anything else at the network level. Then you need certificates. Atmel has some nice crypto chips for this: atecc608.

Top
gchapman
gchapman's picture
Level: 10k+ Postman
Joined: Tue. Jan 9, 2007
Posts: 11478 View posts
Location: Arlington, Texas, u.S.A.
Posted by gchapman: Sat. Nov 10, 2018 - 10:18 PM (Reply to #7)
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

ATECC608A or ATECC508 on

Security Module for Raspberry Pi | ZYMBIT

Certificates from

Let's Encrypt - Free SSL/TLS Certificates

 

"Dare to be naïve." - Buckminster Fuller

Top
SHARANYADAS
SHARANYADAS's picture
Level: Hangaround
Joined: Sun. Mar 2, 2014
Posts: 284 View posts
Posted by SHARANYADAS: Mon. Nov 12, 2018 - 07:58 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

As per Adafruit,they added SSL/TLS security functionality to their ESP8266 MQTT library.Please take a look at this link if it is sufficient as per security is concerned!!

Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 23001 View posts
Location: Melbourne,Australia
Posted by Kartman: Mon. Nov 12, 2018 - 08:09 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

We have no idea of your requirements, so we can’t tell you. Since the ESP doesn’t have secure boot, your system is insecure by design.

Top