IOT security based on node-red for secure room monitoring

Abstract

Nowadays, the emergence of Internet of Things (IoT) for a secure room monitoring system with an external cloud server for a user notification on the Internet has been a significant role and data security concern. This research project is to develop a secure room monitoring system in such a server room compositing components as follows. (1) A Node-RED Edge System (NRES) equipped with Raspberry Pi (RPi) and a set of environmental sensors such as Pi camera, PIR, and DHT22 is an edge monitoring system. (2) Digital Ocean Cloud Server (DOCS) as a web portal interface service for receiving encrypted notification messages via Rivest–Shamir–Adleman (RSA) from the NRES and forwarding the messages to the system users. (3) Pinata is an InterPlanetary File System (IPFS) for sharing camera image files from an NRES to users. (4) LINE System is for displaying a notification message from DOCS when an unauthorized NRES is detected besides an anomaly environmental status. And (5) Email is used for users to access more notification descriptions. Security mechanisms in this research are deployed as follows. Besides strong authentication, authorization, and account access of each NRES member, the MAC address from each NRES member recorded on the DOCS is used for the verification to protect any rouge Node-RED system. Each MQTT payload between Node-RED system is encrypted by using RSA to mitigate a man-in-the-middle attack. Furthermore, the NRES sends an encrypted Pinata’s CID URL for a sharing camera image file to the user’s email. The DOCS provides the web UI for authenticating users in order to copy and paste the encrypted CID URL obtained from the email. Finally, LINE is applied to notify users of an anomaly event and to forward more event descriptions to user’s email address as multi-factor authentication. IMPLICATION OF THE THEMATIC PAPER: According to the implementations and results of the study, suggestions for further research are as follows. 1. The payload encryption in Node-RED is considered Node-to-Node encryption rather than End-to-End encryption because the message will be decrypted by Node-RED before sending to clients. As a result, additional notification systems such as message forwarding to user’s email address can be implemented to enhance the security and privacy of data. 2. Since the connection speed of Cloud services is intermittent, the performance evaluation should be done in multiple sessions, for instance, once in the morning and the other in the evening.