IoT over XMPP
Just over a year ago, Tigase presented a talk about IoT over XMPP at FOSDEM 2017. Our idea was to use an XMPP server as a go-between the user and the controlled device, eliminating direct access to devices from the internet. At the conference, we had a small robot that could interpret commands from an XMPP chat program, and a video demonstration of smart-home components. Although demonstrative, there were no plans to put these products into tester and developer hands at the time. Since then we have improved the platform considerably and are getting ready to show off our improvements.
As the Internet of Things becomes more prevalent, there has been an ever growing number of internet connected devices. This influx of new devices and features however, has led to a number of problems. Firstly, each device itself is exposed to the internet directly, with little more than a username and password providing security. As many users are reluctant to change the default username and password, they remain extremely vulnerable. Worse, the more devices there are on the network, the less likely it is that separate usernames and passwords are maintained. These devices now sit open at the mercy of hackers and malicious software. Not only can somebody access the devices themselves, they can be hijacked for other nefarious purposes. This reality was brought into focus in October of 2016 when a massive DDOS attack was made using these devices. The Dyn cyberattack was the largest of its kind, creating botnets from unsecured IOT devices to disrupt over 150 major websites and severely impacting internet connectivity over most of the United States and areas of Europe. This style of individual devices being open to the internet can be dangerous, and could require a significant effort of individual users to secure – that is if they remember.
So how to fix this problem of unreliable users and exposed hardware? Tigase has created a way using the XMPP protocol to not only remove devices direct access to the internet, but allow the use of a single access point to control multiple devices. XMPP servers provide a stable, quick system of real-time communications. Messages are sent from a user or a device to a server and then onto other servers or the destination, rather than directly. This system provides separation of any devices and the internet, and will only pass properly formatted, or expected messages. This immediately resolves the possibility of malicious code going to the device, as they can be filtered out or rejected as invalid commands and messages. The XMPP server, or in our case the IoT hub serves as a single point of access. Multiple devices connect locally to the hub, and can be controlled from a single device, also connected to the hub. With a single username and password to manage, it’s far easier for the end user to keep on top of. XMPP servers can also be secured with a variety of authentication types including SASL SCRAM SHA+ and Active Directory. XMPP also acts wonderfully for NAT transition, allowing ease of installation in most home networking setups without complicated explicit traffic rules. Consider these issues resolved.
We at Tigase believe that XMPP can be used as the protocol for the Internet of Things, and we have been working hard over the last year to make this vision a reality. As an open source software company, we want to share the fruits of our labor, and make it well known how good XMPP can be for this use case. With this in mind, we have been working on a deployable IoT framework that could be installed on a raspberry pi computer, and connected to all sorts of devices and sensors using the GPIO pins. This in turn can be controlled by a client device on a LAN sending and receiving commands over the XMPP protocol through an XMPP server hub. Once the hub and framework is setup, devices can be added or removed without the need for coding -- simply add and remove from the client for instant access.
As we get closer to release more details will be revealed – we do intend for a portion of this to be available to the community as a toolkit. We are excited to bring this to you soon, and see what you create with it. Stay Tuned!