基于MQTT的智能宠物追踪系统

针对当前宠物频繁丢失的问题,本文设计并实现了基于MQTT协议的智能宠物追踪系统.系统的功能实现主要依托于MQTT服务器、Web服务器和基于Android平台开发的应用程序.嵌入式设备采用集成MTK2503芯片组的WZ-203CS开发板,依靠开发板内嵌的物联网卡,通过MQTT消息传输协议,将位置信息传送至Android应用程序.应用程序通过集成高德地图导航功能,利用已接收的位置信息,提供语音导航、路径规划等功能.基于该架构设计的追踪系统,并不局限于宠物追踪,通过系统预留的接口可扩展其他相关功能,实现可用性的同时具有较强的可扩展性.     

基于MQTT协议扩展的IoT设备完整性监控

随着物联网飞速发展, 设备数量呈指数级增长, 随之而来的IoT安全问题也受到了越来越多的关注. 通常IoT设备完整性认证采用软件证明方法实现设备完整性校验, 以便及时检测出设备中恶意软件执行所导致的系统完整性篡改. 但现有IoT软件证明存在海量设备同步证明性能低、通用IoT通信协议难以扩展等问题. 针对这些问题, 本文提供一种轻量级的异步完整性监控方案, 在通用MQTT协议上扩展软件证明安全认证消息, 异步推送设备完整性信息, 在保障IoT系统高安全性的同时, 提高了设备完整性证明验证效率. 我们的方案实现了以下3方面安全功能: 以内核模块方式实现设备完整性度量功能, 基于MQTT的设备身份和完整性轻量级认证扩展, 基于MQTT扩展协议的异步完整性监控. 本方案能够抵抗常见的软件证明和MQTT协议攻击, 具有轻量级异步软件证明、通用MQTT安全扩展等特点. 最后在基于MQTT的IoT认证原型系统的实验结果表明, IoT节点的完整性度量、MQTT协议连接认证、PUBLISH报文消息认证性能较高, 都能满足海量IoT设备完整性监控的应用需求.     

基于代理重加密的消息队列遥测传输协议端到端安全解决方案

针对消息队列遥测传输（MQTT）协议缺乏保护物联网（IoT）设备间通信信息的内置安全机制,以及MQTT代理在新的零信任安全理念下的可信性受到质疑的问题,提出了一种基于代理重加密实现MQTT通信中发布者与订阅者间端到端数据安全传输的解决方案。首先,使用高级加密标准（AES）对传输数据进行对称加密,以确保数据在整个传输过程中的机密性;然后,采用将MQTT代理定义为半诚实参与方的代理重加密算法来加密传输AES对称加密使用的会话密钥,从而消除对MQTT代理的隐式信任;其次,将重加密密钥生成的计算工作从客户端转移到可信第三方,使得所提方案适用于资源受限的IoT设备;最后,使用Schnorr签名算法对消息进行数字签名,以提供数据来源的真实性、完整性和不可否认性。与现有MQTT安全方案相比,所提方案用和不提供端到端安全性的轻量级方案相当的计算和通信开销获取了MQTT通信的端到端安全特性。     

Design and implementation of a cloud-based event-driven architecture for real-time data processing in wireless sensor networks

The growth of the Internet of Things (IoTs) and the number of connected devices is driven by emerging applications and business models. One common aim is to provide systems able to synchronize these devices, handle the big amount of daily generated data and meet business demands. This paper proposes a cost-effective cloud-based architecture using an event-driven backbone to process many applications’ data in real-time, called REDA. It supports the Amazon Web Service (AWS) IoT core, and it opens the door as a free software-based implementation. Measured data from several wireless sensor nodes are transmitted to the cloud running application through the lightweight publisher/subscriber messaging transport protocol, MQTT. The real-time stream processing platform, Apache Kafka, is used as a message broker to receive data from the producer and forward it to the correspondent consumer. Micro-services design patterns, as an event consumer, are implemented with Java spring and managed with Apache Maven to avoid the monolithic applications’ problem. The Apache Kafka cluster co-located with Zookeeper is deployed over three availability zones and optimized for high throughput and low latency. To guarantee no message loss and to simulate the system performances, different load tests are carried out. The proposed architecture is reliable in stress cases and can handle records goes to 8000 messages in a second with low latency in a cheap hosted and configured architecture.

     

基于OneNET云平台与物联网MQTT协议的智慧节能控制系统

面对传统节能控制系统电能耗费大、实训室管理不全面,导致节能控制效果较差的问题,提出基于OneNET云平台与物联网MQTT协议的智慧节能控制系统;选择HTML5-20工控板,支持MQTT协议,并与单片机通信;使用MLX90614型号红外温度传感器,通过探测辐射情况,实现高精度温度测量;设计HC-SR501人体红外感应模块,监控实训室设备安全使用情况,避免出现电能消耗大的情况;根据系统软件部分功能模块,通过手机app端移动设备控制教室设备,并随时监管设备运行状态;将远程智能控制接入OneNET平台,实现机构管理员管理、设备运行报表和自动检修功能;由系统测试结果可知,该系统风扇最少耗电为40 W、电灯最少耗电为0.1度,说明电能消耗较少;实训室温度和湿度均在正常监管范围内,说明实训室处于安全状态;该系统设计从节能、安全管理角度,解决实训室的智能管理问题,也为资产失窃防患提供保障.     

Design,code generation and simulation of IoT environments with mobility devices by using model-driven development: SimulateIoT-Mobile

Systems based on the Internet of Things (IoT) are continuously growing in many areas such as smart cities, home environments, buildings, agriculture, industry, etc. Device mobility is one of the key aspects of these IoT systems, but managing it could be a challenge. Mobility exposes the IoT environment or Industrial IoT (IIoT) to situations such as packet loss, increased delay or jitter, dynamism in the network topology, new security threats, etc. In addition, there is no standard for mobility management for the most commonly used IoT protocols, such as MQTT or CoAP. Consequently, managing IoT mobility is a hard, error-prone and tedious task. However, increasing the abstraction level from which the IoT systems are designed helps to tackle the underlying technology complexity. In this regard, Model-driven development approaches can help to both reduce the IoT application time to market and tackle the technological complexity to develop IoT applications. In this paper, a Domain-Specific Language based on SimulateIoT is proposed for the design, code generation and simulation of IoT systems with mobility management for the MQTT protocol. The IoT systems generated integrate the sensors, actuators, fog nodes, cloud nodes and the architecture that supports mobility, which are deployed as microservices on Docker containers and composed suitability. Finally, two case studies focused on animal tracking and a Personal mobility device (PMD) based on bicycles IoT systems are presented to show the IoT solutions deployed.     

基于MQTT协议与开源硬件的智能监控系统

实现一种采用MQTT协议、通过安卓/iOS APP对基于开源硬件-WRTnode的移动智能监控设备(如智能设备,机器人等)进行远程控制的方案.采用开源MQTT服务器框架-mosquitto作为MQTT broker,通过APP发布控制指令主题,监控设备订阅该主题并根据控制指令执行操作,监控设备发布需要上报的监控数据主题,APP订阅该主题后将接收到监控数据.通过双向的发布-订阅模式,实现多功能智能监控过程.     

基于阿里云的新能源汽车空调状况监测系统设计

本文基于阿里云提出一种新能源汽车空调状况监测系统的设计方案。系统主要包括车端监测和阿里云物联网平台,车端监测以STM32F429和ATK-M7514G通信模块为核心,利用FreeRTOS系统,基于MQTT协议实现与阿里云物联网平台的数据交互,可通过Web和移动APP等实时查看车内环境状况。系统实现了新能源汽车车内环境的监测与采集,为新能源汽车自动空调开发提供了科学的数据支持。     

AUPS: An Open Source AUthenticated Publish/Subscribe system for the Internet of Things

The arising of the Internet of Things (IoT) is enabling new service provisioning paradigms, able to leverage heterogeneous devices and communication technologies. Efficient and secure communication mechanisms represent a key enabler for the wider adoption and diffusion of IoT systems. One of the most widely employed protocols in IoT and machine-to-machine communications is the Message Queue Telemetry Transport (MQTT), a lightweight publish/subscribe messaging protocol designed for working with constrained devices. In MQTT messages are assigned to a specific topic to which users can subscribe. MQTT presents limited security support. In this paper we present a secure publish/subscribe system extending MQTT by means of a key management framework and a policy enforcement one. In this way the flow of information in MQTT-powered IoT systems can be flexibly controlled by means of flexible policies. The solution presented is released as open source under Apache v.2 license.     

基于MQTT和ILZ4压缩法的智慧能源云平台

为了适应数据规模大、响应要求快的智慧能源场景,提出了一种基于消息队列遥测传输(Message Queuing Telemetry Transport,MQTT)消息传输和(Improved Lempel-Ziv4,ILZ4)压缩法的智慧能源云平台。在物联网与云平台之间的数据通信中引入了MQTT协议,设计了基于MQTT协议的消息队列架构和消息流的上传/下载过程,利用引入的ILZ4压缩法可集成到信息存储和消息传输任务中,实现大规模监测信息流的实时压缩和传输。300万个监测数据点作为云服务器的测试数据流进行实验,实验结果表明,所提方法在吞吐量和压缩比性能上更优,从而可快速降低大规模数据的存储成本和传输开销,同时,所提平台为智慧能源应用提供一种良好、通用和可扩展的解决方案。     

Efficient data-forwarding method in delay-tolerant P2P networking for IoT services

These days Internet of Things (IoT), which consists of smart objects such as sensor nodes is the most important technology for providing intelligent services. In the IoT ecosystem, wireless sensor networks deliver collected information from IoT devices to a server via sink nodes, and IoT services are provided by peer-to-peer (P2P) networking between the server and the IoT devices. Particularly, IoT applications with wide service area requires the mobile sink nodes to cover the service area. To employ mobile sink nodes, the network adopts delay-tolerant capability by which delay-tolerant nodes try to transmit data when they connect to the mobile sink node in the application service field. However, if the connection status between a IoT device and a mobile sink node is not good, the efficiency of data forwarding will be decreased. In addition, retransmission in bad connection cause high energy consumption for data transmission. Therefore, data forwarding in the delay-tolerant based services needs to take the connection status into account. The proposed method predicts the connection status using naïve Bayesian classifier and determines whether the delay tolerant node transmits data to the mobile sink node or not. Furthermore, the efficiency of the proposed method was validated through extensive computer simulations.     

智能燃气系统中的通信加密方法

在信息技术快速发展的今天,物联网技术在各行各业中都得到了广泛的应用,其中对硬件设备信息的采集以及传输是其主要应用,但是数据传输过程中会出现严重的数据安全问题,因此本文提出了一种混合通信加密方法.本文首先从物联网设备角度出发,介绍物联网无线通信技术和CoAP传输协议以及加密方法,然后结合物联网设备资源受限制情况,采用NB-IoT技术,并在智能燃气系统中实现了上述加密方法,实验以及测试比较的结果表明,本方法具有可行性.     

IoTGuardEye:一种面向物联网服务的Web攻击检测方法

在包括物联网(Internet of Things,IoT)设备的绝大部分边缘计算应用中,基于互联网应用技术(通常被称为Web技术)开发的应用程序接口(Application Programming Interface,API)是设备与远程服务器进行信息交互的核心。相比传统的Web应用,大部分用户无法直接接触到边缘设备使用的API,使得其遭受的攻击相对较少。但随着物联网设备的普及,针对API的攻击逐渐成为热点。因此,文中提出了一种面向物联网服务的Web攻击向量检测方法,用于对物联网服务收到的Web流量进行检测,并挖掘出其中的恶意流量,从而为安全运营中心(Security Operation Center,SOC)提供安全情报。该方法在对超文本传输协议(Hypertext Transfer Protocol,HTTP)请求的文本序列进行特征抽取的基础上,针对API请求的报文格式相对固定的特点,结合双向长短期记忆网络(Bidirectional Long Short-Term Memory,BLSTM)实现对Web流量的攻击向量检测。实验结果表明,相比基于规则的Web应用防火墙(Web Application Firewall,WAF)和传统的机器学习方法,所提方法针对面向物联网服务API的攻击具有更好的识别能力。     

Efficient allocation of resources in multiple heterogeneous Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are useful for a wide range of applications, from different domains. Recently, new features and design trends have emerged in the WSN field, making those networks appealing not only to the scientific community but also to the industry. One such trend is the running different applications on heterogeneous sensor nodes deployed in multiple WSNs in order to better exploit the expensive physical network infrastructure. Another trend deals with the capability of accessing sensor generated data from the Web, fitting WSNs in novel paradigms of Internet of Things (IoT) and Web of Things (WoT). Using well-known and broadly accepted Web standards and protocols enables the interoperation of heterogeneous WSNs and the integration of their data with other Web resources, in order to provide the final user with value-added information and applications. Such emergent scenarios where multiple networks and applications interoperate to meet high level requirements of the user will pose several changes in the design and execution of WSN systems. One of these challenges regards the fact that applications will probably compete for the resources offered by the underlying sensor nodes through the Web. Thus, it is crucial to design mechanisms that effectively and dynamically coordinate the sharing of the available resources to optimize resource utilization while meeting application requirements. However, it is likely that Quality of Service (QoS) requirements of different applications cannot be simultaneously met, while efficiently sharing the scarce networks resources, thus bringing the need of managing an inherent tradeoff. In this paper, we argue that a middleware platform is required to manage heterogeneous WSNs and efficiently share their resources while satisfying user needs in the emergent scenarios of WoT. Such middleware should provide several services to control running application as well as to distribute and coordinate nodes in the execution of submitted sensing tasks in an energy-efficient and QoS-enabled way. As part of the middleware provided services we present the Resource Allocation in Heterogeneous WSNs (SACHSEN) algorithm. SACHSEN is a new resource allocation heuristic for systems composed of heterogeneous WSNs that effectively deals with the tradeoff between possibly conflicting QoS requirements and exploits heterogeneity of multiple WSNs.     

物联网环境下移动节点可信接入认证协议

无线传感器网络（WSN）中的移动节点缺乏可信性验证,提出一种物联网（IoT）环境下移动节点可信接入认证协议。传感器网络中移动汇聚节点（Sink节点）同传感器节点在进行认证时,传感器节点和移动节点之间完成相互身份验证和密钥协商。传感器节点同时完成对移动节点的平台可信性验证。认证机制基于可信计算技术,给出了接入认证的具体步骤,整个过程中无需基站的参与。在认证时利用移动节点的预存的假名和对应公私钥实现移动节点的匿名性,并在CK（Canetti-Krawczyk）模型下给出了安全证明。在计算开销方面与同类移动节点认证接入方案相比,该协议快速认证的特点更适合物联网环境。     

智能家居无线网络通讯协议

基于ARM微控制器技术,提出了智能家居的远程监控系统的有效方法.实际应用中该方法以Web浏览器作为操作界面,实现远程数据通信监控操作.利用nRF24L01射频模块为智能家居终端设备构建了无线数据通讯平台,其中nRF24L01射频模块有32个字节的数据载荷长度.通过对载荷数据帧格式的定义,完成了无线通讯协议的设计,统一了...     

物联网无线协议安全综述

近些年来,随着物联网的快速发展,其应用场景涵盖智慧家庭、智慧城市、智慧医疗、智慧工业以及智慧农业.相比于传统的以太网,物联网能够将各种传感设备与网络结合起来,实现人、电脑和物体的互联互通.形式多样的物联网协议是实现物联网设备互联互通的关键,物联网协议拥有不同的协议栈,这使得物联网协议往往能表现出不同的特性.目前应用较广...     

Design of peer-to-peer protocol with sensible and secure IoT communication for future internet architecture

In recent times, Internet connected technologies and applications have seen tremendous growth as everyone is inclined to enjoy the benefits offered by them. An upcoming technology called Internet of Things (IoT) has increased the capacity of internet to take in numerous computing devices. With respect to the prevailing IP-based Security Protocol (SecP) suites, which rely on the conventions of Network Topology (NT) and device and network (n/w) abilities to decide on the designs of the employed Security Mechanisms (SecM). In this work, we address by putting forth a unified IoT framework model dependent on the Mobile Security IP IoT Architecture (MSIP-IoT-A) which exclusively concentrates on supporting Sec for the IoT. The model suggested by us, brings together local IoT systems with the global Internet with no loss in its usage, ability of cross operation and protecting the Sec. An Internet of Things (IOT) – Name Determination Check (NDC) is proposed as the main part of the middleware layer by us in this article and we also generate a We propose an IoT-NDC as a core component of the, and develop a not so heavy but light keying protocol capable of establishing a trust amid an IoT device and the IoT-NDC. Moreover, we attempt of identify and fix this issue by suggesting a peer-to-peer SecP for fulfilling a range of environment. We have applied safe communication (comm.) upon an open sourced platform for the IoT. Ultimately, with assessment and studies with the help of models and data from the SecPlogic, we conclude that the suggested methodology is effective to fulfill the mentioned objective and can be used for the platform.     

基于树莓派的智能家居设计与实现

随着生活水平的提高和物联网的发展,社会对家居的智能化需求越来越迫切,本文阐述了基于树莓派的智能家居系统的设计与实现,通过采用树莓派为主要模块,搭建一款满足大众需要的智能家居系统.本系统以树莓派为主要开发平台,并基于Ubuntu操作系统进行开发的一种智能家居解决方案,其包含了语音合成、语音识别、图像识别、数据采集、AI对话、视频监控、语音控制、语音日志等功能.可通过语音、手机微信、APP与机器人和传感器进行交互,并能登录Web界面查看相应底层数据并对传感器进行相应控制.系统传感器部分采用ZigBee通信协议,与服务器通信采用MQTT通信协议,两种通讯协议低成本,低功耗,节约网络资源.     

新型养老环境下的药品投送机器人系统

针对室内医疗系统信息化程度低、远程监控不足、药品投递研究偏少和当前系统设备无法满足实际需求等不足,提出了基于云技术与物联网药品投递智能系统框架;采用多核嵌入式系统、RFID、IEEE 802.11通信协议、开放云平台等构建了新型室内医疗系统与药品投送机器人系统;设计了远程移动端和PC端管理系统;构建相关试验环境,对系统与设备的相关性能进行测试,验证系统的合理性与可行性.实验结果表明：网络节点最快的控制周期为48 s/次,平均周期48.3 s/次,系统配送一颗药物平均花费时间4.19 s.系统上传云端数据最快上传储存时间为2.1 s,平均花费5.21 s,通信成功率大于90%.