There is a Java server and many Arduino devices, and they are connected via TCP connection. Board that we can use: Arduino Uno or Arduino Mega 2560
Each Arduino device is actually reporter (say, it takes data from water meter and transmits data to the server) or some kind of remote control for some appliances.
Currently, this connection isn't secure. I need to make it secure, i.e. implement VPN.
I'm completely new in this field of knowledge, and I'm trying to figure out the way should I use.
I really hope that I can find existing implementation of some protocol, and build it into this system.
But which protocol?
I already found out that I can't use IPSec, since TCP/IP stack is hardware-implemented in these Arduino devices, so, we can't modify it.
Therefore, I need to use some protocol higher than TCP, and I need implementation in C (for client devices) and in Java (for server).
I'm trying to find implementations of SSL, or PPTP, or L2TP, or something else which I still don't know about.
If anyone have experience in this field, I would be glad to see your suggestions.
Response to your follow up question got too long...
VPN usually creates a "tunnel" into an infrastructure- say, the University computer system. That is, the VPN concentrator "sits st the perimeter" of the university network, and when you connect to it, you create a "pass through" into the system behind the firewall - any protocols, any IP addresses inside the firewall become accessible. Key is that anyone observing the flow of traffic from your computer to the concentrator (also called "VPN gateway") only sees you talking to the concentrator - they don't know what IP addresses inside the firewall you are talking to, with what protocol, or what data. By contrast if you don't need to hide all that stuff you just have to encrypt your data itself; a simple encryption algorithm is easy to implement, especially if you don't need to worry about people stealing your devices and getting the code. How complex the encryption needs to be will depend on your application- there is a trade off between speed, memory use, and security.
Goog. le "Arduino encryption library" for some examples; pick a key, then encrypt your data, and just POST it...
Let us know how you make out!
I very much agree with #Floris. To add some ideas to that:
What about HTTPs? If your communication is one-way (Arduino -> PC) then it should be sufficient for your needs. This issue is discussed in this post, with references to this discussion. HHTPs on Arduino is not easy, but it may have been done.
Apparently, XXTEA is another alternative, and there are several stackoverflow questions on this topic as well.
If you go the -build-it-yourself route, check out this post on electronics.SE: apparently there is a cryptography library for AVR, and also useful list of attacks to consider in the electronics.SE post: are you worried only about MitM attack? What if someone rips your device open the reads the keys, is that a problem?
Here is described an implementation of the [CHAP] (en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol) for Arduino/AVR devices.
And here is described a similar implementation of [HMAC] (en.wikipedia.org/wiki/Hash-based_message_authentication_code) and [SHA256] (en.wikipedia.org/wiki/SHA-2) for Arduino/AVR.
[Cryptosuite] (github.com/wgoulet/Cryptosuite) is an implementation of HMAC-SHA-256 for Arduino.
Finally, [here] (github.com/arpitchauhan/cryptographic-protocols-arduino-and-PC) are demonstrated some cryptographic procolos for Arduino, including key exchange using RSA.
So it is definitely possible to secure communication between Arduino and a server.
Related
sorry if my english isn't perfect.
I'm trying to make an app and I need to exchange information between more devices.
I thought that could be a solution connect the devices on a server but I really don't have the idea where start.
What language I need to study to make this? There is a better solution?
This highly depends on what you are trying to achieve in the first place. It would be helpful if you could tell what you are trying to do, but I will still outline some general aspects:
You need to decide, what information is going to be exchanged and how this should happen
What information: Figure out, what exactly needs to be sent and received. Generic text messages? Images? Byte Streams?
How should this be done: Generally spoken, there are two approaches of getting information as a client: Polling and subscribing.
Polling: This approach means to periodically check an endpoint for new data. For example, HTTP uses this way: A web browser or any other client (REST-Client for example) periodically requests information from a HTTP-Server, using a connection just for this single request.
Subscribing / Sync / Notification: In some way or another, the client tells the server that it is interested in the information and wants to get notified when there is something new. The connection is initiated at the beginning and held open for further usage. The benefit of this approach is that changes are received immediately, but on the other hand a permanent connection needs to be maintained.
Things to study
At the beginning, get a good understanding of the TCP/IP Protocol, how Sockets work, how common Protocols do their job (e.g. HTTP, WebSockets)
Take a look at specific Protocols working on top of the basic ones
Tip: REST: Most common WebServices Protocol, providing a common way to exchange stateless data. Uses Polling.
WebSockets: Socket connection using Web Browsers. Commonly used to update information without needing to poll.
There is no specific language to learn for connections. It's more about understanding what the difficulties are and what ways have been invented to address this. Once you get to this point and know what you want to do, it's possible in every language.
Recommendation: As you seem to use Java/Android, I would try to use REST. A really great client-side library for REST on Android is Retrofit. For the server side use what fits for you .. common Java way would be to use Jersey, but you are free to choose from a lot of choices. If using Jersey is too hard for the beginning, maybe take a look at the JS/NodeJS world, those guys invented Express, which allows you to create a REST service out of just a database, wihtout having to code a lot.
First you need to decide if you want to go for an Android or an iOS application. There are other various mobile operating systems as well, but these are widely used . If you want to go for android which is most widely used in my opinion, then you need to learn Java. If you want to go for iOS application, then you need to learn swift or objectiveC. These languages provide the API to connect with various types of services such as Facebook, Firebase and Amazon etc. If you want to connect to some other local server who’s IP is known to you, then you can use socket programming to send messages.
There could be many ways you can implement this. One way will be using Web services. Of course REST might be a better option, if you follow this approach. You can implement Your service(server side code) with any language. I will recommend you use java since you are already using android.
Aside from this You might need to go through the basics of REST, its specifications and
some reference implementations for language of your preference.
I am coding a program that necessitates having two machines talk to each other via TCP.
I have a (very) basic familiarity with the java.net Socket classes and related things. I am worried about routers/firewalls blocking the connection. All I need to do is get a port open in order to use the Java STL Socket classes.
I was told to look into using upnp by a friend, and another stackoverflow question regarding upnp suggested using Cling. As a network programming novice, Cling seems like overkill for this (and I am not advanced enough to fully understand the manual).
I am sorry if I am asking the wrong question, looking in the wrong place, etc. All I want to do is connect two machines to send some floats back and forth without having to manually go into my router and forward ports.
Is there anything in the STL that does this automatically, or any simple libs?
First thing first: there's no such thing as "STL" in Java. You're probably referring to the basic Java SDK.
Second, you are asking for "simple means" to perform an operation that is, from a networking point of view, not trivial at all. Look at the most basic task that one of your programs (program A) will have to do: denoting the network location of its "target" (program B). If program B is behind a router, what do you know about program B's network location? nothing. All you know is the router's address.
Same with firewalls. You're concerned about firewalls blocking your connection? well, if your firewalls are any good, then you want them to block all connections except for pre-approved ones.
For programs separated by a NAT, the only sensible method to go about doing what you're looking for is to use UPnP. If Cling is an overkill, try something like weupnp.
There's no free lunch, though.
If there is no network "masking" device (such as a router) between program A and program B, then very simple TCP/IP programming using the Java SDK should just work. If there are networking devices along the ways, you'll have to cope with them by means of configuring your devices, or using UPnP.
I would take a long look at the following tutorial: http://www.giantflyingsaucer.com/blog/?p=224
The idea here is that a library called xsocket creates events that trigger when new information arrives.
I'm developing a distributed application, and I need to connect a client Java based to a server C++ based. Both of them will need to send information to each other, but I need them to be able to do things while waiting for the information, and they don't know when they are gonna get new information, or send information.
How can I achieve this? Now I'm trying to implement a basic communication with Sockets, but I don't really get to communicate them. I have read that using sockets + threads is usually a good approach for client-server apps.
Could you please recommend me some web or book to read about this, or send me some example code to learn?
Do you think that i should use other approach, better than sockets? maybe a higher level library (i would need it for c++ and java) or a totally different way?
EDIT:
I will add some extra information.
What I would love to achieve is the following:
My C++ program has a main loop, where I would like to have a call like GetUpdatedDataFromRemoteDevice() where I read the new values of some numerical variables that previously got updated from the net (the socket, for example).
Eventually, the C++ program will need to send a message to the remote device, to tell him to send other kind of data, and after that, keep getting the updated values.
From the Java program (remote device) the application running is an interactive touchable screen, that cant get blocked by the network transmissions, because it must keep working for the user, so all the networking should be done in a separated thread.
That thread, should connect to the server, and when a button is pushed, start to send the data (4 changing numerical values) in a loop until another event happens.
It would be nice also to be easily re-connectable to the server.
ICE is a modern and good library for distributed applications:
many languages as C++ and Java
many platforms
GNU GPL
good performance
easy to use
First, you define the messages you want to exchange between server and client.
Then, you implement the C++ and Java source code to handle these messages.
More info at http://zeroc.com/ice.html
Have fun ;-)
EDIT: I have to use ACE in some projects. I can tell ACE is very old, maybe mature, but uses outdated C++ coding rules :-(
Therefore ACE is not as easy to use as STL or BOOST. Moreover, ACE is not really efficient... I prefer ICE ;-)
I don't know what your application is but robust client server socket programming is pretty hairy task to do properly. Hardware byte order, String encoding, Network errors, retries, duplicate messages, acks etc.. require lots of good design and careful programming. You need to get it work well as single-threaded before even thinking using multiple threads.
Unless you need instant notifications from server to client I suggest that you use HTTP as protocol between client and server. Client can poll server occasionally for new messages.
Anyway the problem has been solved multiple times already.
http://activemq.apache.org/
http://www.rabbitmq.com/devtools.html
http://www.cs.wustl.edu/~schmidt/ACE-overview.html
I did something of this sort once. In my case it was easier to connect my C++ app to a local Java app using JNI and then have the two Java apps talk to each other.
I want to communicate between two computers that aren't on the same network, i tried to use sockets, but I only found tutorials and examples for communicating in the same network.
I tried to search on stackoverflow, but I had no clear idea of what to search for.
I want to send text two-way (chat).
-edit- The thing is, it is to me vague what I have to use or do, so I can't be much clearer then to say I want to send two way text (perhaps date) for a chatapp, just to learn from.
-edit-
To communicate between two machines, they have to be on the same extended network. The only other option is to save data to external drives, e.g. USB drives, and you can attach to the second machine and up load.
You can use sockets to communicate with any other machine with an Internet connection, provided your firewall(s) and configured to allow the connection. The whole point of a firewall is to prevent unauthorised access. I suspect this is your real problem. If your firewalls prevent access, you should not be able to get around this using Java (google network hacking for alternatives ;)
Another option is to use a service such as email if the two computers cannot talk to each other directly (they still have to be connected to the same network) This is much more complex than using a direct connection but it can be done.
I suggest instead you configure your firewall(s) correctly and you will be able to use plain Sockets.
You have to get the external IPs (there are sites which while visiting give you this IP), and hope that the firewall allows communication. Typically one should use a port above 1000.
There should be peer-to-peer libraries.
Another way is via SSH on one computer (JSch is one java library for SSH).
The easiest way is email exchange: the javax.mail API is compact but not the easiest. (Especially you could easily delete all mails, as I did once.)
Can any one suggest me a packet blocking software ??
My requirement is to block packets within the LAN.(Internet does not come into picture).
Supposing CLIENT_A communicating to CLIENT_B in the same network(LAN).
I want a CLIENT_C (who is in the same network) to capture(I can use jpcap library's sniffer for this purpose) and block packets sent by CLIENT_A to CLIENT_B.
How do i block packets over LAN..?
Thank you in advance.
Regards,
Veenit Shah
This kind of thing is normally done using a separate firewall (e.g. in a router or gateway box) or firewall software running on one or both of the client machines.
This is not the sort of thing that it is sensible to implement in Java.
EDIT - in response to this followup
I am aware that such a thing is not advisable in Java..but still ill have to implement it..so is there any means to do so..?
Let us assume that you are talking about implementing a client-side firewall on a Linux machine. I can think of two approaches:
You could use Process.execute() and friends to run the Linux iptables(8) admin utility which manipulates the OS kernel's network packet filters. This is the simplest Java-based approach. But it requires that your Java app runs as root.
You could reverse engineer what iptables(8) is doing to manipulate the packet filters and code the same functionality in Java. That would be more coding work, including implementing parts of the functionality in C via JNI or JNA. And your app needs to run as root.
But a far, far simpler approach is to simply run iptables(8) from the command line, or make your changes using the fancy GUI-based admin tools.
Note that in the scenarios above, the firewall itself is not implemented in Java. All you are doing is administering the firewall from a Java application. I cannot think of ANY way to actually do the filtering / blocking in Java that is even remotely practical.
You may need some arp attack things to redirect packets from CLIENT-A to Client-C instead of CLIent-B.
I don't think this is a good idea.
If you are reading the packet on the network on Client C, Client B has already received it so it is too late to block it. If you are using switched ethernet, then Client C wouldn't even see the packet that was sent to B anyway.
The only way to do this is to have A communicate to B through C then C can decide if packets should be sent. This is called a firewall. Instead of writing one, you could use iptables on Linux to do this.
But to make use of this, you need to understand how the network works and I'm not sure you do at this point based on your question. So you will need to learn a lot about ethernet (assuming you are using ethernet) and the different networking layers. I'm not sure of a resource for this.