Thursday, November 16, 2017

Arduino Project One: Moving right along

I have a lot to report this time. Good things have been happening.

No Corona app yet: More Arduino programming

I didn't write the app on yet. I thought I'd better characterize the Arduino hardware stack a little more.

First, I wrote a little relay demo that turns the relay on and off every second. I needed to find out how easy it was. It's ridiculously easy.

Then I wrote a webserver for the Arduino/ESP8266. I let the thing run open-loop. I tried to access the Arduino's webpage from both my phone and my PC. I was only successful part of the time. I read some online reviews of the ESP8266 shield, and some people complained that it worked once, and never again. Others complained that it didn't have the advertised range. I took two different approaches to this problem.

  1. I modified the SparkFun ESP8266 libraries to print out more information about the clients it was connecting with. I need to know the client's IP address, because other than my own phone and maybe a JavaScript TCP client on my website, nobody should be monkeying with this IoT gadget. I know that full-PC webservers always snoop clients' IP addresses. So I had the Arduino send a command AT+CIPSTATUS to the ESP8266 every time it got a client request, and  log the text of the client request on its serial output.

    After I was finished testing the webserver using the browsers on my phone and my PC, I left the logger running while I did other stuff. HOLY COW! I think that the passthrough is enabled by default on my router. My little Arduino was fielding requests from all over the world. I never did see any IP addresses, but good grief, there's a bunch of nosy machines out there. I couldn't tell if they were humans, spiders, or bad guys. I'll definitely need to use a proprietary port number on my webserver, and I'll definitely need to put restrictions on the passthrough.
  2. I dug up a Coredy E300 repeater/AP/router I've had sitting around for a year or longer, and configured it as a repeater. I plugged it into a wall outlet in the bedroom, almost exactly six feet above the garage door opener. Bonus! This also gives me better Wifi reception in the bedroom and the loft.

Don't give up on the Electric Imp yet

I should mention that this week I got an automated email from SparkFun asking me how I liked my Electric Imp purchase, and reminding me that they were available for tech support and troubleshooting. If I didn't know it was automated, I would have thought they were reading my mind. Or my blog. I will follow up with them on the Electric Imp. It would be cool to get it working.

HTTP vs. TCP

I noticed a lot of dropped bytes in the Arduino's webserver log. I don't know whether they were dropped between the client and the ESP8266, the ESP8266 and the Arduino, or the Arduino's serial port and my PC's Arduino terminal window. I should try using puTTY for my serial I/O and see if it has the same problem.

In the meantime, that got me to thinking: maybe I don't need a full-blown webserver on this project. I mean, Rick S. wrote an awesome webserver for RLE's products, and I learned a lot from working on those projects, but if the user interface is going to reside on an app or on a protected page at my own website, then all I'll need between the Arduino and the client are as follows:

From the client:
  • connection request
  • response to the Arduino's security challenge
  • garage door status query
  • button push
  • response to the watchdog signal ("Yes, I'm still here")
From the Arduino:
  • security challenge in response to connection request
  • garage door status, either in response to a query or initiated by the Arduino
  • acknowledgement of button push
  • a watchdog signal ("Are you still there?")
I don't need HTTP for that. TCP will work just fine.

Security

I am paranoid about a hacker getting into the Arduino, figuring out what it's doing, and using it to burgle my house. I thought of somehow incorporating a public/private key into the interface, but I don't know if the Arduino supports that. So I'll be taking these other security measures:
  • Using a proprietary port number. There's only 65,535 to choose from.
  • Using TCP instead of HTTP, making for shorter messages which will be unintelligible to anyone else.
  • Only accepting client requests from specified devices, and not from the world at large.
  • Tuning the router settings so that it only passes through requests using that port, and from those devices.
  • Incorporating a challenge-and-response feature. When a socket is opened and the client's authorization is verified, the server sends the client a randomly-generated numeric sequence. The client uses the numeric sequence to compute and send the server a numeric sequence in response. If the client's response isn't what the server expected, then the server closes the socket.
The challenge-and-response feature isn't very sophisticated, and it may not even be necessary, given all the other precautions. We'll see.

The system will still be vulnerable to DDoS attacks. There's not much I can do about that. Everything connected to the Internet is vulnerable to DDoS attacks.

A short hardware update

This week I stopped at Home Depot and bought 20 feet of shielded, round, 28 gauge 4-conductor cable, suitable for this project and others. The final installation of the Hall effect sensor will only need 10 feet.

I'm considering what kind of enclosure to get (or make) for the Arduino stack. It will need to be plastic, or at least transparent to Wifi signals. I'd like to have some status LEDs visible through it. 

Red-on-black LCD display from Sparkfun
Red-on-black LCD display from Sparkfun

I got a wild-hair idea this evening, that it would be good to have a small LCD or LED display on the enclosure, always displaying short status messages. I can start without it, and it's not really necessary, but it would be a nice touch.


To read the other postings about this project, click here and scroll to the end.

No comments: