Skip to content

Bachelor thesis that aims to implement a mutual authentication paradigm between a cloud platform and IoT devices such as ESP8266 and ESP32

Notifications You must be signed in to change notification settings

SamueleMeta/iot-mutual-authentication

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

IoT Mutual Authentication

Università degli Studi Firenze

Overview

The purpose of this bachelor thesis is to implement a mutual authentication paradigm between the Snap4City cloud platform, developed by Università degli Studi di Firenze, and different IoT clients, such as the ESP32 based Snap4City IoT button or the ESP8266 based Arduino Uno. This work aims to highlight the requirements to the realization of such a model, its implementation and the considerable benefits that can derive from it. Particular emphasis is placed on the discussion of security, a theme as central as ever in the IoT world.

IoT hardware

Two certificates have been generated to allow mutual authentication:

  • The server-side certificate has been generated using a 2048-bit key. In the scenario under consideration, 4096-bit keys would have been superfluous, since they would have entailed a significant load on the CPU and a slowdown in the handshake phase;

  • The client-side certificate has been generated using a 1024-bit key. To understand the motivations of such a choice, we must keep in mind that the design has taken place in an embedded context, where memory requirements are particularly stringent.

TLS handshake

Image from "Bulletproof SSL and TLS" by Ivan Ristić


Once the devices were configured to support mutual authentication with the server, two proofs of concept were developed:

  1. The Arduino Uno + ESP8266 setup was extended with a DHT22 sensor, which could provide temperature and pressure values. From these data it was possible to build a server-side real-time dashboard, displaying the atmospheric conditions of the room in which the device was placed.

  2. The IoT button has been programmed to respond to three different types of pressure (short, medium and long) for each key, for a total of 6 combinations. These different signals, recorded by the server, could trigger different actions, mimicking the Amazon Dash Button.

ESP8266

ESP8266 schema

  • If the user presses the button for a long time, the device will create an Access Point. This mode allows the user to configure the device by providing an interface where you can specify certificates and keys, connect to possibly multiple WiFi networks and reset the device to factory settings. During this phase the led will be white.

  • If the user presses the button for a short time, the sensor will read temperature and pressure and the device will send these data to the cloud. During this phase the led will be blue while sending and green/red immediately after, according to the result of the operation.

  • Although it is possible to take measurements on demand, the device will autonomously generate new data every time the 20-second timer expires.

ESP32

ESP32 state machine

  • The first time the system is started, it enters the reset state, where it remains until any button press is detected. After a pressure, for four minutes, the Access Point will be activated and exposed. As before, during this phase it is possible to provide a complete configuration of the device. After the first start, it is possible to return to this state by pressing both keys together for a long time.

  • Any other of the six possible key combinations will result in sending the corresponding message to the server. In the following three seconds the device will be in a short sleep mode, waiting for the answer of the correct reception from the server through a green blink.

  • In any other moment, the device will be in a deep sleep state to preserve battery power.

Resources

This repository consists in:

  • arduino.ino and esp8266.ino files, where the logic of the Arduino Uno + ESP8266 WiFi shield is implemented

  • esp32.ino file, where the logic of the Snap4City IoT button is implemented

  • the pdf of the thesis (in italian), where all the work and relative considerations are discussed in detail

  • the pdf of the presentation, which summarizes the main aspects of the project

References

This thesis is part of a larger project carried out by the DISIT Lab of Università degli Studi di Firenze. It is possible to contextualize my work within the general framework by visiting their Github profile.

About

Bachelor thesis that aims to implement a mutual authentication paradigm between a cloud platform and IoT devices such as ESP8266 and ESP32

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages