More Machine 2 Machine with M2Mqtt. Now with SSL/TLS and async events
- Posted: Dec 06, 2013 at 6:00AM
- 18,013 views
In today's Hardware Friday post we're revisiting the work of Paolo Patierno and his cool M2Mqtt client library, Machine 2 Machine with a MQTT .Net Library. He's continued to drive it forward, adding new features and capabilities. One of the best, IMHO, is its SSL/TLS support.
One the things that concern me about "the Internet of Things" is having all that data in the air where anyone could easily snoop it. Providing SSL/TLS encryption is a much needed step forward...
I finally got what I wanted to add some time to my Library M2Mqtt : support for the SSL / TLS protocol !
With this new feature , you can now connect to a MQTT broker also using SSL / TLS (for .NET Micro Framework only up to TLS1.0 ) to take advantage of its key features: data encryption and server authentication through an X509 certificate (client authentication is not supported) .
To leave free choice to the developer wanted to or not to include this feature in his project ,I tied everything to the compilation symbol "SSL" which must be defined to add such support. In this way, for some platforms with less memory (see Netduino or FEZ Cerberus in the case of .NET Micro Framework ), you can exclude it , remembering to remove all references to assemblies that run the SSL / TLS.
After releasing the new version of my M2Mqtt library with support for SSL / TLS with server-side authentication, the time has come to show you an example of use.
Choose and install the broker: Mosquitto
First we have to choose an MQTT broker among those available but unfortunately no one is developed using the .Net Framework . Discarding more complex solutions , especially with regard to the installation and configuration , such as IBM Websphere , we can take into account to brokers like RabbitMQ , HiveMQ or Mosquitto. In this case , my choice was Mosquitto that we can download from the official web site for various operating systems based on Linux , as well as there is a convenient installer for the Windows environment . In fact, for Windows there are two installation modes: the first uses an installer in which the broker is compiled natively while in the second case is based on the Cygwin provides a Linux-like environment for Windows. It 'obvious that the first mode is the most simple and immediate . After installation, in addition to being installed the broker itself ( mosquitto.exe ) , will be provided to two console applications that represent a publisher ( mosquitto_pub.exe ) and a subscriber ( mosquitto_sub ), very useful to test the operation of the broker . The use of Mosquitto is very well documented on the official website but what we want to know is above the SSL/ TLS related configuration. To change the default settings of the broker, the latter can be launched by specifying a configuration file ( a sample file mosquitto.conf is present in the installation folder ) . Before addressing this issue , you must generate the certificates of the CA (Certification Authority) and server / broker we're going to use in this example.
Certificates generation : CA and brokers...
Configuring and starting the broker ...
Starting a subscriber and testing of the broker ...
Installing the CA certificate ...
Develop the client and ... publish encrypted messages! ...
The MQTT protocol does not provide intrinsic security features, for which it is necessary to rely on what provides the transport layer on which the MQTT messages traveling , namely the TCP / IP . In this case , one of the most widely used protocols is SSL / TLS also provides server authentication as well as data encryption. It 'obvious that such a layer , reduces the performance of the entire system and the speed with which messages are exchanged. Another possibility would be to apply the encryption directly on the data contained in the MQTT message but this involves the use of a symmetric encryption algorithm and for which the clients have all knowledge of the key. This way, however , would eliminate the authentication of the server that should be carried out at the application level in other way. In many cases, however , the adoption of one technique over another , it depends very much on the potential of our system in the case of embedded systems may not support SSL / TLS as a matter of cost of processing and memory footprint for encryption libraries .
The development of this project began in April of this year with the objective of filling the absence of a good MQTT client for all .Net platforms. After 6 months I did not expect an interest so strong against him, probably due to the wave of the Internet of Things that is coming (or is already among us ? ) .
Many people are using the library for projects of varying complexity , they send me mails ( with reports but also with compliments ) and open the "issue" on the CodePlex site , which I promptly resolve .
This can push me to get better and better the quality of the project , now arrived at version 2.3.0 with some bug fixes but also with an interesting new feature : all the events raised by the MqttClient class ( published message , the received message , ...) are executed in a separate thread , so the user no longer has to worry about launch "long" processing in his event handler through a new thread.
Now you can find numerous online platforms that offer the service of "device to the cloud," in order to acquire data from remote devices, save and expose them to other devices: one of these is 2lemetry.
It provides a RESTful interface over HTTP and an MQTT interface that we are going to use with the M2Mqtt client library.
First you need to register online :
At the end of the registration, you can log in to your account page and view some information, including the most important one is the "domain", which will be the root of all topics on which we are going to publish or receive messages via MQTT.
At this point we can move immediately to develop a simple application by choosing between all platforms supported by the M2Mqtt library (.NET Framework, .Net Compact Framework or. Net Micro Framework). In a real case, we use the Netduino Plus board with a temperature sensor (usually the TMP102 already widely used in previous posts and where the driver can be found in uPLibrary) to send the data collected online.
First we define all the parameters necessary to 2lemetry to load the data:
In less than 10 minutes we set up a station for temperature sensing that public data online on a platform that save them for us and with its tools allows you to analyze and publish them maybe via HTTP !
Alright! You have a great deal of information and a very nice starting point for your next project. Let's see your awesome "Internet of Holiday" projects!