ESP32 is comming

Espressif announced on 05/11/2015 the upcoming ESP32 chip:esp32ann

 

While the specs are impressive a lot of questions a rise :

  • Support – Espressif is a small company as far as we knew – would they be able to support both chips in the long term?
  • Compatibility with esp8266?  – The new ESP32 will use the RTOS based SDK and most APIs are said to be compatible with the esp8266 SDK.
  • Price – The price will be higher than esp8266  but not much higher.

Beta testing program is coming soon.

ESP8266 Secure CA Verification

While working on a secure cloud for the gang of the esp8266 based devices we are developing we need SSL – real and secure.

And this August is the month of the SSL issues , it seems , but thankful to the Espressifs’ quick support they are on the way out.

SSL Memory Leak

The latest SDK v1.3.0 introduced a bug that simply didn’t call the disconnect callback of esp connections under some circumstances and that in turn leaked memory.  It’s not clarified but the case was when you had a tcp listener and ssl connection after the ssl connection is over, your tcp listener connections did receive disconnect callbacks anymore.  You can get the fix from bbs.espressif.cn

Server Certificate Verification

Recent memory optimizations gave enough memory to turn on server certificate validation. But hit the next bug – it fails

Still in progress but you can watch the development of the resolving on the forum: SSL CA Issue

Current state is that if you do not provide the two level chain, i.e. certificate and issuer certificate the connections is established ok.

 

IOT DESIGN MANIFESTO

Hi,

I have signed the IoT Design Manifesto – if you are into IoT. You should too.

Here is the link Sign The Manifesto.

These are the highlights of it:

  1. We do not belive the hype!
  2. We design useful things!
  3. We aim for the win-win-win!
  4. We keep everyone and everything secure!
  5. We build and promote a culture of privacy!
  6. We are deliberate of what data we collect!
  7. We make the parties associated with an IoT product Explicit!
  8. We empower users to be masters of their own domain!
  9. We design things for their lifetime!
  10. In the End We Are Human beings!

 

73!

 

IoT Security

Engineering Internet Of Things Secure network  for our upcoming IoT service.

Goals:

  • Security
  • Redundancy
  • End to End Security
  • Secure Firmware Upgrades

Threats:

  • DoS Attacks
  • DDoS Attacks
  • DNS spoofing /don’t even think of DynDNS/
  • Sniffing
  • man in the middle

Security:

  • Using a VPN -> takes the problem away and requires extra settup. Not user friendly. The only pro is that it can use an existing infrastructure if present. A Big NO
  • SSL -> expired certificates , heavy overhead, often exploited. Closed source library, may already be hacked. NO
  • AES all the Way. A big YES
  • DoS/DDoS prevention – redundant MQTT brokers, with dns/firmware fallback

So Why AES?

  • Can provide end to end encryption
  • Is openly developed standard – no hidden treasures
  • Suitable for encrypting messages – MQTT messages
  • Fast on modern processors and fast enough on the esp8266
  • AES can run on smaller chips too.
  • One big con is that the mqtt user name and password can be sniffed and used to connect to the cloud. But that’s easy solvable, if they don’t speak right, disconnect them and force password change.

Secure Firmware upgrades

Only local and only user initiated, user must see and check the result of the upgrade – Any other option introduces big risk for the system and the user.

Data – What to protect and what not?

It’s well know that all encryption is value versus time. So do you really want to hide what was the temperature at your house 5 minutes ago? – May be, if you are paranoid, but you definitely want to lock the access to your internet enabled door locks.

So all the actuators must be crypto protected – they do things. While sensors can be divided into two types – sensitive and non-sensitive. For example – house alarm state is sensitive, just like house human presence . But the outdoor temperature is not sensitive, you can get it N+1 ways.

 

 

Olimex ESP8266 module – MOD-WIFI-ESP8266-DEV

I need a bigger flash and a breadboard friendly board. Quick research lead to the following variants, beside soldering a bigger flash on the ESP-XX series modules.

  1. NodeMCU board’s that have bigger flash and fit on a breadboard but have regulators and usb 2 serial on them.
  2. ESP-XX module with adapter,  don’t like .
  3. MOD-WIFI-ESP8266-DEV

And the winner is Olimex’s – MOD-WIFI-ESP8266-DEV .

i got some of them:

oli6

Cardboard boxes and the modules within packed in real anti static bags.

antistatic-web

 

I’ve soldered the headers, with chip on top – looked natural. But the GPIO  silkscreen markings got hidden at the bottom of the module – i think it’s better for development to have them on top, shorted out text is OK.

oli3 oli4

There are  two rows left on both sides of the the breadboard.

oli1

So, let’s see what the extra flash is good for.

SSL – Is SSL the right solution for #IoT?

FOTA  – What about the FOTA upgrades security?

Going down the rabbit hole it seems that the MOST important and hard part of a IoT implementation is to get the security right. So the extra flash will present an opportunity to test to some ideas on how to do it. And we need it for the service we are building – it’s just vital to have and to have it right.

ESP8266 – The Little Beast!

esp8266ex

The esp8266 chip is made by Espressif Systems.

ESP8266 is a highly integrated chip designed for the needs of a new connected world. It offers a complete and self-contained Wi-Fi networking solution, allowing it to either host the application or to offload all Wi-Fi networking functions from another application processor.

The chip have both certifications FCC and CE. You can sell your products to the mass market.

  • The FCC identifier : 2AC7Z-ESP8266EX
  • The CE opinion number : TCF-1933CC14

Internet of things survey from an year ago at Wi-Fi.org shows very big numbers for smart enabled devices.

Why WiFi for the Internet of Things A.K.A Smart Devices?

Two words – security and availability.

While WiFi is know to be at the edge of the secure protocols it offers much more protection than regular 315/433Mhz devices. 2.4GHz keyboards were hacked recently too.

There are two main types of data that the IoT  devices process:

  1. Sensor Data – It may be sensitive or not but can only be used for analysis. Can cause trouble but only indirectly.
  2. Actuators Control –  If hijacked can make a real mess – what if you use a wireless door lock?

WiFi and the esp8266 chip provide enough security with the TKIP and AES engines built in /is there ever completely secure system? / to control your appliances.

So let’s get started and build some devices:

Appliance Control Goals

  1. Control devices – turn on/off your oven/dishwasher/washing machine/coffee maker/whatever at predefined schedule or at your will.
  2. Collect usage data from your  appliances
  3. … ?

Environment Control Goals

  1. Monitor environment parameters
  2. Monitor presence
  3. Control environmental devices – lights,  blinds
  4. …. ?

It’s an open ended post which will get updated for sure.

But let’s put that little beast to work!

IoT

Current focus is on the Internet Of Things hype.

Why call it a hype?

A lot of people were doing it for the past decades – just like anything that gets conquered by the internet.

So now is time to connect it.

What to connect:

  • Your Door Bell
  • Your presence at every room
  • Your fridge
  • Your car
  • Your house
  • Your appliances
  • Your …. dog ?