SecMQ

During last years I was working in the cryptocurrencies world learning a lot from this but on the other hand, I’m still intrigued by IoT solutions and platforms and after 9 years long experience I’m still playing with my automation devices.

Many solutions and ICOs try to connect this two worlds but unfortunately, I saw a lot of not working solution, dream platform that doesn’t scale well and some (almost one) crypto with big issues on security due to a naive cryptographic approach.

In this depressive scenario, I decided to create my service and some examples just to try and show how this two worlds can collaborate.

I want a scalable solution able to integrate Internet of Things technologies and non-financial application of blockchain like timestamping. I’m not really interested to create a platform for replacing current IoT standards, I’m more interested in shows how some well know protocols can cooperate with some blockchain applications in order to improve data safety.

In first MQTT, every message receives a timestamp using the OpenTimestamps protocol based on the Bitcoin blockchain (optionally this timestamp can be created from the board, but this is material for another article).

I start using the protocol MQTT, every message received is timestamped using the OpenTimestamps protocol based on the Bitcoin blockchain (optionally this timestamp can be created from the board, but this is material for another article). Then the broker can create a GPG signature of the message and timestamp this content as well. A message with all this information is created and sent to another MQTT queue.

I decided to call this project SecMQ.

The secmq.com website

What SecMQ can do for me?

I start using the protocol MQTT, every message received 
Do you use MQTT or other message protocols? Are you afraid of privacy of your data? Do you want to avoid Man-in-the-Middle attacks and be sure about the delivery of your messages?

SecMQ can solve many of your problems with our libraries and our transparent message broker, just use this broker instead of your normal MQTT broker and your messages will be signed and timestamped.

Technicalities

I decided to use only most advanced protocols and software and we prefer Open Standard and Open Source solutions.

  • MQTT (Message Queue Telemetry Transport) — the standard lightweight communication protocol for the modern IoT solutions. I will use the Mosquitto broker with the mysql authentication plugin.
  • JSON ( JavaScript Object Notation) — all messages shared are encoded using the JSON standard.
  • GPG (GnuPrivacyGuard) — all messages are signed using our private key on GPG.

Supported platforms

SecMQ is platform agnostic, choose your favorite platform and we will make the magic.

Examples are actually provided for ESP8266/ESP32 and others embedded platforms will be added.

Security

For embedded boards, I shows how to use the XXTEA crypto library in order to encode and decode messages. I plan to add other examples with other well know protocols.

In order to sign messages, we use the primitives provided by the GPG tools collection.

The time-stamping of messages is made using the powerful OpenTimestamps protocol (working on bitcoin blockchain).

Start work with SecMQ

Write an email at info(at)secmq.com and ask for an account and follow the following points:

  • Waiting for the response email with your account ID and password
  • Clone an example code from GitHub and insert your account ID and password
  • Use the queue secmq/account ID/client ID/board ID/queue/in for send messages to the broker
  • Use the queue secmq/account ID/client ID/board ID/queue/out for receive the messages signed and timestamped from the broker

Enjoy!

Usage examples

One minute example

  • Connect to the secmq broker using test like account ID and password, choose test_client like client id.
  • Subscribe to the queue secmqtest/test/test_client/test_device/test_queue/out
  • Send the message XxxYyyyZzz (or your favourite message) on the queue secmqtest/test/test_client/test_device/test_queue/in
  • On the queue secmq/test/test_client/test_device/test_queue/out you will receive a JSON message with the following format:
{
“data”: “XxxYyyyZzz”,
“ots”: “…”,
“signature”: “…”,
“sigots”: “…”
}

The test account is limited to some messages per minute and all messages are public.

ESP8266/ESP32 integration

Some examples that shows how to send and receive message from the SecMQ broker are present in the GitHub page at address https://github.com/valerio-vaccaro/secmq-examples