IoT Security with SSL/TLS in MicroPython

I’m on vacation in San Francisco this week with my family and looking out over the bay at Alcatraz Island. For those who aren’t familiar with this island, it housed a maximum high-security prison 1.25 miles off the San Francisco coast for 54 years. While thinking about the high security that Alcatraz offered in the past, it makes me think about the digital security of today.

Alcatraz Island

Specifically, as it relates to the Internet of Things(IoT) and considerations that must be taken with connected devices. If you have been reading my previous IoT related blog posts, you’ll recall that I’ve been using a NodeMCU ESP8266 device with MicroPython for much of my work.

I enjoy my family and want to enjoy my vacation. Therefore I opted to not bring my IoT devices with me. In this post then, I’d like to cover some of the aspects of security that IoT connected devices face. So sit back and put your breadboards away as we take a look at some concepts.

Networking Overview

When we talk about networking we are discussing ways in which devices communicate with each other. The devices can certainly be IoT devices. But it goes beyond the physical device as the how is often as important as the device itself. In today’s world, for example, the popular how is via Ethernet or WiFi and TCP/IP. Let’s have a brief look at some networking models and see how security is implemented in them.

Network Protocol models

At one point I was very involved with networking. In the process of studying for various networking certifications from Cisco and Microsoft, there is a lot of discussion on the Open Systems Interconnection, or OSI, model of networks. There is also a more streamlined TCP/IP model that is popular as well.

OSI Networking Model

These models divide networking into various layers, starting at an Application and working down to the physical cables for a network to function. Conceptually, the OSI Model can be represented like this:

OSI Network Model
OSI Network Model
TCP/IP Networking Model

There are several “layers” there, so to simplify things, let’s take a look at the TCP/IP representation of the network model.

TCP/IP Network Model
TCP/IP Network Model

There are many different ways in which to secure a network. Some are more flexible than others. If you want a very secure network, you don’t connect it to the outside world and build it a hardened physical location with limited access. Secure, yes. Extremely user-friendly, no. Therefore, methods have been developed to provide security at higher layers of the network model which allows for privacy and data integrity between two communicating applications.

TLS/SSL Protocol Model

The software industry has used cryptographic protocols to provide network communication security for a long time. For IoT devices, it is common to utilize TLS When we start talking about network security protocols such as Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), where do those fit in though to our Networking Models?

TLS Protocol in Network Model
Networking Model with TLS Protocol

We see that there is quite a bit going on there with TLS and that it is occurring at high levels of the network model. This is, typically, great as it allows us, as developers, to have useful access to the protocol. Further, since it is a commonly used protocol, our access to it is, generally speaking, pretty straight forward.

TLS

Websites use TLS, and previously SSL, to provide secure communication between browsers and web servers. IoT devices can take advantage of TLS as well. Some of the benefits of using TLS include:

  • private connection is established through symmetric cryptography.
  • Identities can be authenticated using public-key cryptography.
  • Communication integrity via a message authentication code.

TLS builds upon the SSL standards and, as the above image indicates, there are two layers. Within TLS there are two embedded protocols, a handshake protocol, and a record protocol. The handshake is used to establish the format of the exchange of information. The record is what encapsulates the data itself.

This is an oversimplification of the process. There are many steps to the handshake, and a TLS record includes multiple types of information, beyond what is passed from an application itself. Both internal protocols handle, to differing degrees, the cipher security features.

With all of this going on internally in TLS, there are obviously a lot of “moving parts” to this whole thing. I stated that having these security features on a high level in the networking stack can make a developer’s life easier. Fortunately, in a MicroPython based IoT world, it is fairly simple to utilize and implement TLS.

MicroPython

MicroPython includes a standard SSL/TLS module. This provides access to TLS on both the client and server sides of our applications. MicroPython includes the ssl.wrap_socket() function, which wraps a stream in an SSL context. Depending on the particular IoT device and the way the module is implemented, some functionality of wrap_socket() may not be entirely supported.

Wrap up

In this brief discussion, I’ve shown how TLS/SSL security fits into the networking model. I would highly encourage the use of the SSL/TLS module when building your MicroPython projects. In this day and age of cyber attacks, it is important to secure all communications between devices big and small.


Follow me on Twitter @kenwalger to get the latest updates on my postings on MicroPython and IoT and let me know what you are building with MicroPython.

Facebooktwitterredditlinkedinmail

MicroPython Temperature Sensor

I’ve shown an example of the “Hello World” in IoT, a blinking light, in this post. Blinking lights are great and make for a nice visual experience, but what if we want to do something with an IoT device, such as a NodeMCU ESP8266 that goes beyond the visual? Let’s take our NodeMCU and add a temperature sensor. Then, with MicroPython, we’ll get our readings.

Needed Equipment

To get started on this project you’ll need the following equipment:

I have found this kit of basic electronic components to be pretty good for starting one’s IoT device journey. It doesn’t include things like the TMP36 temperature sensor, but it has a wide variety of other pieces that are ultimately useful.

TMP36 Specs

Since this project will be using the TMP36, let’s discuss it briefly.

TMP36 Temperature Sensor

This temperature sensor is a low voltage sensor, requiring 2.7 V to 5.5 VDC input. It returns a Celsius temperature reading from the Vout pin in an operating range of -40°C to +125°C. It is reasonably accurate, especially for hobby/demo situations with a ±2°C accuracy. You can download the specs for the TMP36 here.

Temperature Sensor Project

Hardware Configuration

Make sure the NodeMCU is disconnected from USB when making connections.

Temperature Sensor schematic

  1. To add the TMP36 sensor to the NodeMCU we need to make sure that it is properly oriented. The flat side of the temperature sensor should be facing the bottom of the board.
  2. Connect the rightmost lead, in position a8 to the negative rail on the board.
  3. The negative rail then is connected to the GND pin (pin a29)on the NodeMCU.
  4. Connect the leftmost lead (a10) of the TMP36 to the positive rail.
  5. Connect the 3v3 pin (a30) on the NodeMCU to the positive rail.
  6. Finally, connect a jumper wire from the center lead (c9) to the A0 pin on the NodecMCU (j16).

Temperature Sensor bread board

The A0 pin on the NodeMCU is the analog-to-digital conversion (ADC) pin.

Code

With the hardware side of things built, let’s see what we can do in MicroPython to get a temperature! Fortunately, MicroPython’s machine library makes this pretty simple for us.

I’ll be working in the console REPL.  The code should work the same, however, if you are working in the WebREPL environment.

Our first step is to handle our imports

from machine import ADC

That brings in our necessary ADC connections, and we can assign a variable to pin 0 for that

adc = ADC(0)

We can print out the value from the TMP36 now with adc.read() which returns the Celsius temperature, well almost. The value it returns is ten times the temperature. Let’s write a function that will handle that conversion for us.

def temp(value):
    return value/10

While we’re at it, let’s write a function to convert to Fahrenheit as well.

def fahrenheit(celsius):
    return (celsius * (9/5)) + 32

With those in place, we can get, and display our readings.

reading = adc.read()

celsius_temp = temp(reading)

fahrenheit_temp = fahrenheit(celsius_temp)

print("TMP36 reading {}\nDegrees Celsius {}\nDegrees Fahrenheit {}".format(reading, celsius_temp, fahrenheit_temp))

After executing our print statement we should get back our readings. MicroPython certainly has made things easy for us with the ADC methods.

Temperature Sensor REPL

For your convenience I have included the code is available as a Gist on GitHub as well.

Wrap Up

In this post, I have shown how to get temperature readings from an analog temperature sensor, such as the TMP36. In just a few lines of MicroPython code, we are able to get quite a bit of functionality. This is one of the many great things about MicroPython, the direct access to hardware is generally pretty easy.

I think the next step in exploring MicroPython and the NodeMCU will be to take these temperature readings and see if we can connect them to a service such as Losant and generate some visualizations of our temperatures.


Follow me on Twitter @kenwalger to get the latest updates on my postings on MicroPython and IoT and let me know what you are building with MicroPython.

Facebooktwitterredditlinkedinmail