Jump to content
dotma

Home automation. Remote access to CC3000, like the Wemo

Recommended Posts

I have been trying to make a F5229 Launchpad and CC3000 work like a Belkin Wemo, in the sense that I could use it to switch appliances such as heaters and lights in my house on and off from a remote web site (or iPhone/Android) without the need for a server within my house.  My whole project would use about 20 devices.

 

The problem one immediately faces is getting past the NAT in a domestic router.  I have studied subjects such as STUN, TURN & ICE and uPnP and spent rather more time than I should have on failed attempts at UDP Hole punching.

 

This is clearly possible, since the Wemo can do it (I believe it uses STUN).  The questions are how secure and reliable it would be and how to do it.

 

My current thoughts are that it may be simpler and more secure to have a small "relay server" in ones home network using port forwarding to allow the outside world to have access to it.  It could then relay messages to one or more CC3000 based devices behind the router, but this is a clunky solution.

 

Another solution would be to allow the devices to poll an external web server for instructions, but this would generate a heap of network traffic and be very inelegant.

 

If all else fails, one could set up static addresses and use port forwarding but, again, a compromise.

 

I appreciate that the CC3000 is still relatively new, but if anyone has any ideas/thoughts/libraries I would be very interested.

 

 

 

 

Share this post


Link to post
Share on other sites

Yes, the WeMo apparently does use STUN. See Vulnerability Note VU#656302.

 

As that report suggests, there are a huge number of security issues (including information leakage) that are part of the IoT, many of which aren't of great interest to the companies commercializing the products or end users who aren't used to security analysis. Some of the threat vectors are obscure, but no less real for that. (I consider myself just knowledgeable enough to know there are risks I'd need to work with experts to identify and solve.)

 

I'd pass on adding this capability myself; if I did do it, I would choose the path of using a local Linux box that did identification/authentication/authorization before relaying to the devices, rather than try to make the devices directly accessible through NAT. The CC3000 isn't a very robust device and has no real security infrastructure beyond WPA2 which doesn't carry over once the traffic gets off the WAN. (It's also not particularly new; I first mucked about with the things in June 2012, and there are a lot of bugs in the firmware and host driver.)

 

If exosite has a facility to cache commands in the cloud for delivery when the client checks in (a standard solution to this problem, as you note), that might be a better approach with less infrastructure development on your part.

Share this post


Link to post
Share on other sites

Thanks for useful replies.  I agree that a local box for identification/authentication may well be the answer, and not overly complex or expensive.  I will also look further at the Exosite.

 

Incidentally, so far I have found the CC3000 + MRP430F5229 relatively straightforward and reliable, but then I have just spent a whole lot of time trying to use the Roving Networks Wifly, which I found expensive, difficult to set up and very unreliable.  (I have also tried zWave, which struggled to communicate from one room to another).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×