"Bid benefits from hardware manufacturers and cellular service providers, cellular technology is increasingly favored by the choice provided by the Internet of Things connection. Although the availability of the honeycomb hardware module continues to improve, due to the development personnel need to deal with low-level handshake Agreement and higher level of service agreements, and at the same time ensure security implementation, the Internet development is still facing serious delays.
This paper briefly reviews the factors rise after cellular technology as an effective connection option for the Internet of Things, and discusses the challenges of its implementation. Then introduce a ready-made cellular development platform provided by STMicRoelectronics and show how it is used to solve the actual connection problem, including advanced communication and security of the Internet access.
Wireless selection of the Internet of Things
Wireless connection has become the basic requirements for many Internet applications. Despite various available wireless technologies, the choice of technology is usually mainly dependent on data rate and transmission range (Figure 1).
Although Bluetooth, ZigBee and Wi-Fi continue to dominate in short-range communications, many physical distances that need to be achieved are far from these technologies. For these applications, emerging low-power WAN (LPWAN) technology (such as Lorawan, SIGFOX, etc.) can meet the scope requirements, but usually cannot support higher data rates.
Faced LTE
Commercial cellular providers quickly entered the Internet of Things fields by expanding the LTE network, providing bandwidth and scope far exceeding other common wireless connection options. They also have the advantage of using the license band, which is not easy to interfere. With the narrowband LTE service defined in the third generation partner program (3GPP) LTE version 13 becomes available, even for power-limited devices, cellular has become a feasible selection.
More familiar LTE services meet the growing demand for high-bandwidth networks required for video streams, including LTE Cat M1 and narrowband Internet (NB-IOT), narrowband LTE services for bandwidth and functionality More moderate. These simpler requirements can enable the LTE transceiver manufacturer to build a corresponding solution to meet the needs of the Internet of Things designers to be more likely to integrate in resource-restricted design.
The LTE transceiver manufacturer provides a more effective solution, while the CaC M1 and NB-IOT services of the cellular provider achieve a wider geographic coverage, which combines the cellular connection to become an Internet of Things designer. Feasible choice. In fact, developers can use narrowband LTE modules choose more and more, such as U-Blox's SARA-R410M or LINK LABS LL-LTE-M-VZN-SE, which has been certified by operators. Networking equipment and other connection applications rapidly develop cellular connections. These CAT M1 and NB-IOT modules combine the embedded processor with the transceiver and the full RF signal path, including output power amplifier (PA), input amplifiers, switches, and filters (Fig. 2).
For developers, these highly integrated devices are integrated into custom designs, and they are relatively simple in hardware and software levels. These modules typically support one or more standard serial interfaces and support GPIO, antenna detection, and SIM card interfaces. Therefore, developers only need to add a suitable antenna and connect the module to the SPI or I2C bus of the primary, or use basic UART control to quickly complete the hardware integration.
The software control requirements of these modules are also simple. As with most transceiver modules, starting from the most early computer modem, narrowband LTE modules can respond to the same type AT command sequence protocol used. However, the functionality of these LTE modules has been significantly improved, allowing developers to perform more complex operations using a single AT command. Using U-Blox's SARA-R410M module, developers can send AT + USOCO = 0, "8.8.8.8.8.8", 1111 commands from the host to establish a peer-to-peer connection to the remote server. In this case, the module will complete the transaction sequence required to connect to the remote host 8.8.8.8 and the remote host 8.8.8.8, and automatically perform the handshake negotiation of the TCP connection.
Although the hardware and command interface is very simple in the basic level, it is much more complicated when using them in a higher level of communication protocol. Internet of Things developers may find that it is difficult to implement the advanced protocols and services required for many applications. However, using STMicroelectronics's P-L496G-CELL02 development kit and related software, developers can deploy cellular connections more quickly in the Internet of Things devices.
Honeycomb development platform
The P-L496G-Cell02 kit provides a complete honeycomb network development platform, including the MCU motherboard, LTE module expansion board, antenna, and SIM card. As a member of the StMicro's Discovery Development Board, the motherboard is built based on the STMicro STM32L496AGI6P MCU and provides a board debugger and a microphone, the LED, and a button used as the basic user interface.
Although the developer is relatively simple, STM32L496 MCU provides a wide range of functions. The MCU is based on the ARM® Cortex®-M4 32-bit core of the floating point unit (FPU), integrated with 1 MB flash memory and 320 kb SRAM. This provides a sufficient capacity for a code image, even for multiple code images that are often used during firmware updates. A series of typical IoT application requirements such as integrated simulation and digital peripheral support data acquisition, motor control.
In order to meet the requirements that the MCU itself cannot be provided, the developer can use the main board's Arduino interface to enhance the host board through various available Arduino Shields. One of the emerging applications of the honeycomb connection in the Internet of Things application is to connect the small network of the local Internet access to the cloud. For this type of use, developers can use the P-L496G-Cell02 kit as a gateway, connect to the cloud through the cellular service, and connected to the local device through the short-range wireless connection option provided by the Arduino Shield.
For example, developers can support Wi-Fi and Bluetooth connections by adding INVENTEK SYSTEMS to support Wi-Fi and Bluetooth connections, or by adding DFROBOT's DFR0015 XBEE adapter shield and Digi International with integrated antennas to support ZigBee. connect.
Of course, the key part of such a honeycomb gateway is a honeycomb connection. With STMicro's P-L496G-CELL02 kit, developers can use the LTE Cat M1 or LTE NB-IOT operator service to support cellular connections using the LTE Cat M1 or LTE NB-IOT operator service using the LTE module expansion board into the STMOD + connector. In order to supplement this honeycomb hardware platform, StMicro provides a wide range of software environments, can show cellular connections and become the basis for building custom applications.
Software Environment
STMicro's software environment is based on its STM32Cube software architecture, which provides application software support based on middleware components, including real-time operating systems, USB support, file system services, and more. The middle part layer is located on the hardware abstraction layer (HAL) that enables portability across different STMicro MCU series. During development, developers can specify configurations using the Graphic Wizard in STMicro's STM32Cubemx tool that automatically generates C language initialization code.
Developers can further add extension packages on the basis of the STM32Cube environment base, providing the required library and software example to support specific functional areas. It is worth mentioning that for the Internet of Things developers, the functions supported by the two STM32Cube expansion packs are important to any networking applications: STMicro X-Cube-CLD-GEN Internet of Thunder cloud software extensions and STMicro X- Cube-SBSFU (Safety Boot and Security Firmware Update) software extension.
To support communication, the X-Cube-CLD-GEN package adds a full range of middleware components, including the MQTT service of the Eclipse Paho project, Mbed TLS, and LWIP TCP / IP stack (Figure 3). The expansion package also provides sample applications that demonstrate how to connect to the Internet cloud platform using MQTT and HTTP protocols, including Eclipse Mosquitto, Litmus Automation, and Ubidots.
The MQTT Sample Application included in the X-Cube-CLD-GEN releaseGenericMqttxcubesample.c provides a detailed example of implementing the code required for the MQTT-based cloud connection. In addition to the various auxiliary functions, the module also demonstrates the software design pattern that opens the MQTT connection, builds messages, and releases messages to the MQTT server.
STMicro makes setting MQTT-based base networks easier. The P-L496G-CELL02 kit is equipped with an Emnify cellular SIM card, and you can order an Emnify network for three months. With this SIM card, developers can connect Cell02 kits to virtual private networks (VPNs) connected to the application server via the Emnify network. Here, a VPN gateway running on a public network host in a laboratory computer in a development environment can be used, and data exchange directly between networking devices and application servers via the OpenVPN tunnel (Fig. 4). By configuring the VPN gateway to redirect traffic, these connections can be done directly between application servers and devices without network address conversion (NAT).
X-Cube-CLD-GEN extension solves the basic requirements of cloud connection in the Internet of Things equipment, while X-Cube-SBSFU software expansion can reduce common source threats related to the cloud connection. The STMicro X-Cube-SBSFU extension provides the required security firmware update and security boot feature to prevent attacks that use the damaged code to replace the firmware firmware, which allows the Internet of Things equipment to further attack the Internet of Things and applications. tool.
In addition to the sample application, the X-Cube-SBSFU package extends the STM32Cube environment by two additional middleware components (security engines and encryption libraries) (Figure 5). Security engine components provide services that process protected code and data, while encryption libraries provide software-based asymmetric and symmetric encryption mechanisms for firmware verification and decryption.
In most systems, software-based encryption may provide an attack surface to hackers that can penetrate the underlying mechanism. Therefore, security experts typically recommend using hardware-based mechanisms to improve security. However, for STMicro X-Cube-SBSFU software packages, software-based mechanisms are protected by hardware basic security features built into MCU hardware.
The STM32L496 MCU has a variety of hardware-based memory protection mechanisms, including memory protection units (MPUs), allowing developers to specify different access rights for different flash memory and SRAM regions. For example, the SBSFU code configures the MPU to ensure that the code from other memory areas is not executed when the SBSFU code is executed. For example, after executing the code for firmware verification or security boot load, the SBSFU extension reconfigures the MPU to allow normal execution of user applications.
In addition to the MPU function, STM32L496 MCU also provides a write protection mechanism to protect trusted code from external or internal sources of modifications, including accidental or deliberate running code. In addition, the STM32L496 MCU's proprietary code reading protection (PCRP) mechanism allows developers to define flash locations as "execution". The PCRP mechanism ensures that this "implementation" code area cannot be accessed through normal read and write operations.
As a further safety measure, the STM32L496 MCU includes an internal firewall mechanism that protects trusted code and data from any access from the firewall. The protected area through the firewall can only be performed by a single call door, which is a single entry point located at the second word of the code segment base. The call door mechanism provides a unique way to access protected code and data, and an attempt to access protected memories other than the calling door will cause the system to reset.
SBSFU extension uses these hardware mechanisms to secure software-based middleware that reliably ensures firmware verification and security boot. For example, to load the key required for the encryption authentication mechanism, the SBSFU code opens the firewall using the call gate function and runs only the code protected by the PCRP, which moves the key from the flash to the protected SRAM area, for the library Encryption algorithm is used (Figure 6).
Developers use the SBSFU Secure Engine (SE) Applying Programming Interface (API) to activate these hardware-based security mechanisms to access protected code and data. The SE interface is essentially a wrapper of this calling door mechanism, providing a relatively simple mechanism to implement security functions in the application. To access protected flash, the user application calls the SE interface, which ensures the correct operation order for using the call gate, access the security engine, cleanup stack, and restoring the firewall (Figure 7). The only responsibility of developers is to ensure that interrupts have been disabled before entering this protected space and re-enable interrupts when exiting.
Developers can check the X-Cube-SBSFU documentation and source code to find critical design patterns, including useCall the basic method of the door mechanism. All calls to protected memory areas begin with the SE interface set_callgate () function, which sets the pointer to the CallGate function and then calls SE_ENTERSECUREMODE () to disable the system interrupt. From this point, subsequent calls for the SE interface use the calling door pointer to access protected code and data. Finally, the sequence is called to end with the call to SE_EXITSECUREMODE (), where at least the system interrupt is enabled.
In addition to these low-level mechanisms, the X-Cube-SBSFU also contains a higher level of functionality to simplify the implementation of security firmware updates and security boots. Developers can use these identical code patterns to implement custom authentication and encryption feature using SE API functions (such as SE_CRYPTO_ENCRYPT_INIT, SE_CRYPTO_DECRYPT_INIT, SE_CRYPTO_DECRYPT_INIT and SE_CRYPTO_AUTHENTICATEFW_INIT and related functions).
Summarize
LTE cellular technology is rapidly growing as a preferred solution for long distance, high availability. Although the advanced LTE module simplifies hardware design, it is still a challenge for achieving higher levels. Developers can quickly use narrowband LTE connectivity applications using ST P-L496G-CELL02 LTE cellular development kits and included software.
Be
Be
Article source network "
Our other product: