An Ode to Security

Let's be honest, not everyone gives the appropriate thought to IoT security, a quick browse of the news shows that. Given that my favourite hat is of the tinfoil variety, I shall be going against the tide for this project.

My main concern was with development boards being connected to my home network permanently (even if I did write the firmware myself). This is mostly due to their intrinsic lack of RAM and flash memory. A consequence of this lack of any real computing power is that implementing encrypted wireless communication becomes a real faff. I know of people that have (semi-successfully) implemented it, however I decided that it would be easier to isolate the devices to their own network. 

Raspberry Pi Access Point

As we want to create an isolated network for our nodes, it makes sense to use the hub itself as the wireless access point (AP). If you have a WiFi enabled Pi this will be trivial. 

In order to set up the Pi I first flashed the SD card with a clean version of Raspbian Lite (no GUI required). Once this was completed I booted it up and connected it to my home network (you will have to connect the Pi to internet for the initial setup and any updates). 

With this done I followed the linked tutorial:

https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md

Once the Pi was set up as an AP, I realised one crucial issue with the Pi being on a stand-alone network with no internet access: it will not keep time if it reboots. This is due to the Pi having no Real Time Clock (RTC). Thankfully there are various cheap RTC modules that are designed for the Pi and an equal number of tutorials to get these set up. 

I used the the DS3231 RTC module and set it up using the following tutorial:

https://thepihut.com/blogs/raspberry-pi-tutorials/17209332-adding-a-real-time-clock-to-your-raspberry-pi

FINALLY we are ready to actually set up MQTT on the Pi to allow it to become the hub.

The Fun Part (well, the actual point of this post)

To set up the MQTT broker, we want to install 'Mosquitto' onto the Pi using the below command:

sudo apt install mosquitto

Once this has installed (it may take ages) the MQTT daemon will begin immediately on port 1883 (as long as you didn't change any default settings). As it stands, you now have a working MQTT broker on the Pi that will be accessible from any device attached to the Pi's access point.

The Mosquitto installation can be tested from the command line of any connected device using 'Mosquitto-clients' (see below for installation).

sudo apt install mosquitto-clients

Once the installation was working, I needed to secure it using a username and password. This can be set using the 'mosquitto-passwd' command from the terminal. 

Voila, you now have a Raspberry Pi running as an access point with a working (and password protected, but un-encrypted) MQTT broker.  

Tune in next time for more ramblings of how I created the logic code that will run on the Pi.