- Email: [email protected]
Secure Remote Data Collection System Using Data Encryption
Available online at www.sciencedirect.com
ScienceDirect IFAC PapersOnLine 52-27 (2019) 400–405
Secure Remote Data Collection System Using Data Encryption Secure Remote Data Collection System Using Data Encryption Secure Remote Data Collection System Using Data Encryption Secure Remote Data Collection System Using Data Bruno Alberto Jorge Bernardino***, Secure Remote Data Collection System Using Data Encryption Encryption Bruno Rodrigues*, Rodrigues*, Alberto Cardoso**, Cardoso**, Jorge Bernardino***,
Bruno Rodrigues*, Alberto Cardoso**, Jorge Bernardino***, Bruno Alberto Jorge Nuno Simões****, José Marques**** Bruno Rodrigues*, Rodrigues*, Alberto Cardoso**, Cardoso**, Jorge Bernardino***, Bernardino***, Nuno Simões****, José Marques**** Nuno Nuno Simões****, Simões****, José José Marques**** Marques**** José Nuno Simões****, Marques**** *Polytechnic of Coimbra Coimbra, Portugal -- ISEC, *Polytechnic of Coimbra Coimbra, Portugal - ISEC, *Polytechnic of Coimbra ISEC, Coimbra, Portugal (e-mail: [email protected]) *Polytechnic of Coimbra -- ISEC, Coimbra, Portugal (e-mail: [email protected]) *Polytechnic of Coimbra ISEC, Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, UniversityPortugal of Coimbra, Portugal (e-mail: [email protected]) ***Polytechnic of Coimbra ISEC, Coimbra, (e-mail: [email protected]) ***Polytechnic of Coimbra - ISEC, Coimbra, Portugal (e-mail: [email protected]) ***Polytechnic of Coimbra Coimbra ISEC, Coimbra,ofPortugal Portugal CISUC, Centre of Informatics and Systems of University Coimbra, Portugal ***Polytechnic of -- ISEC, Coimbra, CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal ***Polytechnic of Coimbra ISEC, Coimbra, Portugal CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal (e-mail: [email protected]) CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal (e-mail: [email protected]) CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal (e-mail: [email protected]) ****INESC -- Coimbra, Department of Civil Engineering, University of Coimbra, Portugal (e-mail: [email protected]) ****INESC Coimbra, Department of Civil Engineering, University of Coimbra, Portugal (e-mail: [email protected]) ****INESC Coimbra, Department of Civil Engineering, University of Coimbra, Portugal (e-mail: [email protected], [email protected]) ****INESC - Coimbra,(e-mail: Department of Civil Engineering, University of Coimbra, Portugal [email protected], [email protected]) ****INESC - Coimbra,(e-mail: Department of Civil Engineering, University of Coimbra, Portugal [email protected], [email protected]) (e-mail: (e-mail: [email protected], [email protected], [email protected]) [email protected]) Abstract: Nowadays, getting data remotely in a secure way, becomes critical critical and and of of utmost utmost importance. importance. Abstract: Nowadays, getting data remotely in aa secure way, becomes Abstract: Nowadays, getting data remotely in secure way, becomes critical and of utmost importance. The simple task of data transfer can be a problem in remote environments, where the network Abstract: Nowadays, getting data remotely in secure way, becomes critical of utmost importance. The simple task of data transfer can be in remote environments, where the network Abstract: Nowadays, getting databe remotely inaa aaproblem secure way, becomes criticalInand and ofpaper utmost importance. The simple task of data transfer can be problem in remote environments, where the network connectivity is unstable and can unavailable for some period of times. this is proposed aa The simple task of data transfer can be a problem in remote environments, where the network connectivity is unstable and can be unavailable for some period of times. In this paper is proposed The simple task of data transfer can be aencryption, problem in remote environments, where isthe network connectivity is unstable and can be unavailable for some period of times. In this paper proposed aa secure remote monitoring system with data which collects data from diverse sensors and connectivity is monitoring unstable and can bewith unavailable for somewhich periodcollects of times. Infrom this paper is sensors proposed secure remote system data encryption, data diverse and connectivity istomonitoring unstable and can bewith unavailable forinsome periodcollects of times. Infrom this paper is sensors proposed a secure remote system data encryption, which data diverse and display them authenticated users, through charts a website, with the option of exporting data using secure remote monitoring system with data encryption, which collects data from diverse sensors and display them to authenticated users, through charts in aa website, with the option of exporting data using secure remote monitoring system with data encryption, which collects data from diverse sensors and display them to authenticated users, through charts in website, with the option of exporting data using an Excel file format. The system created was tested aa hydraulic laboratory setup, where data is display them to authenticated users, through charts in aawith website, with option of exporting data using an Excel file format. The system tested with laboratory where is display them to authenticated users,created throughwas charts inserver website, with the the option of setup, exporting datadata using an Excel file format. The system created was tested with aa hydraulic hydraulic laboratory setup, where data is collected by a remote Data Logger, transmitted to a and stored in a non-relational database by an an Excel file format. The system created was tested with hydraulic laboratory setup, where data is collected by a remote Data Logger, transmitted to a server and stored in a non-relational database by an an Excel by file format. The system created wasintegrity. tested with a results hydraulic laboratory setup, where data is collected a remote Data Logger, transmitted to a server and stored in a non-relational database by an encrypted data transmission that protects its The obtained with the developed tests, collected by a remote Data Logger, transmitted to a server and stored in a non-relational database by an encrypted data transmission that protects its integrity. The results obtained with the developed tests, collected by asuccess remote Data Logger, transmitted to a server and stored inusability a non-relational database by an encrypted data transmission that protects its integrity. The results obtained with the developed tests, regarding the in data transmission, give good perspectives for its at a larger scale. encrypted data transmission that its The obtained with developed tests, regarding the in data transmission, good perspectives for its usability at aathe larger scale. encrypted datasuccess transmission that protects protects give its integrity. integrity. The results results obtained with the developed tests, regarding the success in data transmission, give good perspectives for its usability at larger scale. regarding the success in data transmission, give good perspectives for its usability at a larger scale. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. regarding the success in data transmission, give good perspectives for its usability at a larger scale. © 2019, IFAC (International Federation of Automatic Control) systems, Hosting by Elsevier Ltd. All rights reserved. Keywords: Data acquisition, sensors, security, transmission data encryption. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. by an encrypted data transmission that protects protects all the data by an encrypted data transmission that all the data by an encrypted data transmission that protects all the data 1. INTRODUCTION and its integrity. by an encrypted data transmission that protects all the 1. INTRODUCTION and its integrity. the data data 1. INTRODUCTION by an encrypted data transmission that protects all and its integrity. 1. INTRODUCTION and its integrity. Scientific data is one of the most valuable and essential 1. INTRODUCTION The main contributions of this paper are the following: and its integrity. Scientific data is one of the most valuable and essential The main main contributions contributions of of this this paper paper are are the the following: following: Scientific data is of the and essential resources for research activities. Scientific data is one oneand of development the most most valuable valuable andNowadays, essential The The main contributions of this paper are the following: resources for research and development activities. Nowadays, Scientific data is one of the most valuable and essential The main contributions of this paper are the following: remote resources for research and development activities. Nowadays, Propose a secure communication between with the the advances advances in emerging emerging technologies and the the Internet resources for research and development activities. Nowadays, Propose Propose aa secure secure communication communication between between aaa remote remote with in technologies and Internet resources for research and development activities. Nowadays, with the advances in emerging technologies and the Internet environment and a server; of Things Things (IoT), data data is often often collected collected from and remote systems Propose aa secure communication between aa remote with the advances in emerging technologies the Internet environment and a server; of (IoT), is from remote systems Propose secure communication between remote with the advances in emerging technologies and the systems Internet environment and aa server; of Things (IoT), data is often collected from remote using different formats. environment and server; of Things (IoT), data is often collected from remote systems using different formats. environment and a server; Protect the integrity of data using an encryption of Things (IoT), data is often collected from remote systems using different formats. Protect the the integrity integrity of of data data using using an an encryption encryption using different formats. Protect algorithm; Remote laboratories represent an an important important source source of of using different formats. Protect the integrity of data using an encryption algorithm; Remote laboratories represent Protect the integrity of data using an encryption algorithm; Remote laboratories represent an important source of scientific data generated by experimental setups. A frequently algorithm; Remote laboratories represent an important source of scientific data generated by experimental setups. A frequently algorithm; Recover from data transmission failures in the Remote laboratories represent an important source of scientific generated experimental setups. A employeddata method for by data acquisition considers aa local Recover Recover from from data data transmission transmission failures failures in in the the scientific data generated by experimental setups. A frequently frequently employed method for data acquisition considers local communication channel; scientific data generated by experimental setups. A frequently employed for data acquisition considers local device as as aamethod data logger logger that acquires, acquires, stores and can canaaexport export Recover from data transmission failures in the communication channel; employed method for data acquisition considers local device data that stores and Recover from data transmission failures in the communication channel; employed method for data acquisition considers aremote local device as a data logger that acquires, stores and can export data to external applications, which send data to a communication channel; device as a data logger that acquires, stores and can export data to external applications, which send data to a remote communication channel; Use of a NoSQL database that enables to scale out device asexternal a data applications, logger that acquires, storesdata andtocan export data to which send a remote Use of of aa NoSQL NoSQL database database that that enables to to scale out out system. data to Use system. and it secure; data to external external applications, applications, which which send send data data to to aa remote remote Use ofis amore NoSQL database that enables enables to scale scale out system. and it is more secure; Use of a NoSQL database that enables to scale out system. and it is more secure; To ensure ensure quality quality and and integrity integrity of of data data received received and and stored stored system. and it is more secure; To and it is more secure; Consideration of an authentication system to obtain To ensure and integrity of data received and stored Consideration of of an an authentication system system to obtain obtain remotely, itquality is important important to consider aa secure communication To ensure quality and integrity of data received and stored Consideration remotely, is to consider secure communication data privacy. To ensureit quality and integrity ofthe data received and stored Consideration of an authentication authentication system to to obtain remotely, it is important to consider a secure communication data privacy. subsystem. In terms of success in transmission, data can remotely, it is important to aa secure communication data Consideration of an authentication system to obtain privacy. subsystem. terms of success in the transmission, data can remotely, it In isusing important to consider consider secure communication data privacy. subsystem. In terms of success in the transmission, data can be delivered a combination of sequence numbers and The rest of this paper is structured as follows. Section subsystem. In terms of success in the transmission, data can data privacy. be delivered aa of combination of sequence numbers The rest rest of of this this paper paper is is structured structured as as follows. follows. Section Section 222 subsystem. Inusing terms success the transmission, data and can be delivered using combination of sequence and acknowledge messages, whichin ensure ensure data numbers recovery by The presents a brief review of the state of the art in remote data be delivered using a combination of sequence numbers and acknowledge messages, which data recovery by The rest this paper is structured Section presents brief review of the state of of as thefollows. art in in remote remote data2 be delivered a combination of sequence and acknowledge messages, which ensure data recovery by The rest aaof ofbrief thisreview paperSection is the structured as follows. Section 2 resending theusing message upon the detection detection of aanumbers fault in the presents of state the art data collection systems. 3 describes the physical acknowledge messages, which ensure data recovery by resending the message upon the of fault in the presents a brief review of the state of the art in remote data collection systems. Section 3 describes the physical acknowledge messages, which ensure data recovery by resending the message upon the detection of a fault in the presents a brief review of the state of the art in remote data communication process. For security reasons, an encryptioncollection systems. Section 3 describes the physical architecture of the main system proposed of remote data resending the upon the of aa fault in the communication process. For security reasons, encryptioncollection systems. Section describes physical architecture of the the main main system3 proposed of aaathe remote data resending the message message upon the detection detection of an fault indata the architecture communication process. For security an encryptioncollection system systems. Section 3proposed describes the physical based approach approach can be be considered considered to reasons, transmit remotely of system of remote data collection with a distributed architecture and Section communication process. For security reasons, an encryptionbased can to transmit remotely data architecture of the main system proposed of a remote data collection system with a distributed architecture and Section communication process. For security reasons, an encryptionbased approach can be considered to transmit remotely data from the the local source source until it is is stored stored in the database database system, ofa the main system proposed ofcommunication a remote data collection system with aa approach distributed architecture and Section 4architecture considers secure for the based approach can be considered to transmit remotely data from local until it in the system, collection system with distributed architecture and Section 4 considers considers a secure secure approach for the communication communication based approach can be considered to in transmit remotely data 4collection from the local source until it is stored the database system, system with a approach distributed architecture andwith Section guaranteeing a certain level of security. a for the subsystem. Section 5 presents the results obtained the from the local source until it is stored in the database system, guaranteeing certain level 4 considersSection a secure approach for theobtained communication subsystem. 55 presents the results with the from the localaa source until itof issecurity. stored in the database system, subsystem. guaranteeing certain level of security. 4 considersSection a secure approach for theobtained communication presents the results with the application of the proposed approach to a hydraulic guaranteeing a certain level of security. subsystem. Section 5 presents the results obtained with application of the proposed approach to a hydraulic In this paper is proposed a secure data transmission for a guaranteeing aiscertain level aofsecure security. subsystem.system. Section 5 proposed presents the results obtained with the the application of the approach to a hydraulic In this paper proposed data transmission for a laboratory Finally, Section 6 presents the conclusions application of proposed hydraulic In this paper is proposed secure data transmission for aa laboratory system. Finally, Sectionapproach presentsto theaaconclusions conclusions remote monitoring system,aa that that collects data from from water water application of the the proposed approach tothe hydraulic In this is secure data for system. Finally, Section 66 presents remote monitoring system, collects data and future work. In this paper paper is proposed proposed a that secure data transmission transmission for a laboratory laboratory system. Finally, Section 6 presents the conclusions remote monitoring system, collects data from water and future work. sensors. The data is collected by a remote data logger, and laboratory system. Finally, Section 6 presents the conclusions remote monitoring system, that collects data from water and future work. sensors. The data is collected by a remote data logger, and remote monitoring that from water and future work. sensors. The data collected by aacollects remote data logger, and then transmitted transmitted tois asystem, server and and stored in aa data NoSQL database sensors. The data is collected by remote data logger, and then to a server stored in NoSQL database sensors. The data is collected by a remote data logger, and and future work. then transmitted to a server and stored in a NoSQL database then to and in database then transmitted transmitted to aa server server and stored stored in aa NoSQL NoSQL database 2405-8963 © 2019, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Peer review under responsibility of International Federation of Automatic Control. 10.1016/j.ifacol.2019.12.693
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
2. STATE OF THE ART In the past, many projects have been created to remotely collect data from an equipment for monitoring purposes. Some projects can provide data accurately and in real time as in (Mwemezi et al., 2019), others propose an architecture considering low-cost devices, as in (Sousa et al., 2015). Mostefaoui et al., 2017), and others even propose an Android-based remote monitoring and control system, as in (Chuah et al., 2019), but none of them guarantees the integrity and confidentiality of data. In the most basic remote data collection systems, four modules are almost always required: (1) Data acquisition; (2) Network module; (3) Database; (4) Data presentation. The four modules have the proposes described in the following paragraphs. Data acquisition is usually a microcontroller that collects data from one or more sensors and is normally connected to the Network module, where all data is transmitted to the database server, to be stored and saved. Sometimes the database does not exist, and data is provided but not saved. To provide data to users, it is necessary to create a Data presentation module, such as websites and applications. This module presents in a simpler and interactive way for users the data through different customizable queries and graphical representations, as proposed in (Moreno et al., 2019). When the remote monitoring systems are more complex, they may have an alarm system, allowing the user to know when there are different values than expected, preventing possible future problems, as a remote temperature sensor monitoring system, that whenever the temperature is above or below certain limits, an alarm sounds, as in (Li et al., 2017). However, in many cases, the evolution of this type of systems allows a series of threats for which they are usually unprepared, as stated in (Canto et al., 2015). Threats such as the visualization of data in plain text, through packet sniffing by a Man-in-the-Middle attack, because there is no encryption in the communication channels, which leads to the need for a secure transmission. Secure transmission refers to the transfer of data such as confidential or proprietary information over a secure channel (Virmani et al., 2018). Many secure transmission methods require a type of encryption. In order to overcome the problems indicated, the system proposed in this paper is implemented with an encryption algorithm, which allows to obtain a secure and reliable transmission of data and an authentication system to obtain data privacy. 3. SYSTEM ARCHITECTURE The architecture of the main system proposed in this work has seven physical elements, as shown in Fig. 1: (1) Server; (2) No-relational Database; (3) Connector computer; (4) Cache, (5) Data Logger; (6) Sensors; (7) Terminals. Each element is fundamental to the operation of the system, where the server (1) is used to manage all data, the non-relational Database (2) is used to store all users and sensors data, the Connector computer (3) is used to collect data from the Data
401
Logger’s memory and transmit it to the server, the Cache (4) is used to prevent data failures that have occurred in data transmission, the Data Logger (5) is used as data acquisition to collect the sensors data, the sensors (6) are the source of data to be managed, and the terminals (7) are the endpoints for users to interact with the system. The main system is divided into two subsystems, which represent the function of each subsystem: Data Collection Subsystem (DCS); Data Management Subsystem (DMS). These subsystems will be explained in the following subsections.
Fig. 1. Main system physical architecture. 3.1 Data collection subsystem The Data collection subsystem consists of a Data Logger, a computer and several sensors. The Data Logger every time it is turned on, it collects data automatically, to its memory. The computer (Connector computer) is a “bridge” that connects the Data Logger to the Server and has a copy of the data. Inside the Connector computer, there is a program that, first inserts the header, which includes a timestamp, a record number (unique id for each data reading), and then the variables of each sensor, at the beginning of the file, in the format shown in Table 1. Table 1. Header in the Cache file. Timestamp name Timestamp units Timestamp extras
Record name Record units Record extras
Sensor 1 name Sensor 1 units Sensor 1 extras
Sensor 2 name Sensor 2 units Sensor 2 extras
… … …
Sensor n name Sensor n units Sensor n extras
After the header is inserted, the program collects data from the Data Logger’s memory and appends it to a text file (Cache file), in the order indicated in the header, which can include data from several different sensors. The Cache file has horizontal scalability, which allows to add more sensors to the system. The Cache file also allows to have a recovery mode for the system, which acts as a second database to protect all missing data in the original database. 3.1.1 Process of sending data to the server To be able to send data to the server it is necessary to have another program on the Connector computer that has this functionality.
402
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
The flowchart shown in Fig. 2, represents the program process implemented in the Connector computer, whose function is to send the data stored in the Cache file to the server, which will be described next.
transmission more secure. After the packet is sent, the thread waits for an acknowledgement from the server. If the time set in the timer passes, the thread will try to send the data again, but with the new data. If the thread does not receive the acknowledgement a certain number of consecutive times (configurable value), the program will be aborted, and the error will be presented to the administrator through a log file in the Connector computer. If no error occurs and the transmissions do not fail, the program only stops sending the data when requested by the user or when there is no new data in the Cache file for a certain time (configurable value). 3.2 Data management subsystem The Data management subsystem is the core of the system, where data is stored and displayed to authenticated users through a data presentation system such as a website or an application. This subsystem consists of a server with an integrated database. When there is a connection from the Connector computer to the server, the administrator can perform the experiments and all data will be transmitted to the server, to be stored in the Non-relational database. When data already exists in the database, the data can be viewed. In addition to the database, the server has a multi-module subsystem (Server subsystem) that makes the administrator’s job easier, as shown in Fig. 3.
Fig. 2. Flowchart of sending data to the server from the Connector computer. After the computer is connected to the server, the thread in the program waits a certain time (configurable value) for server request to start sending data. The thread decrypts the packet, previously encrypted by the server, and if the server request indicates to start the sending process, the thread initializes the timer for a certain frequency (configurable value of the server side), which comes in the packet, and begins to read the data from the Cache file, if the server request indicates to terminate the program, the thread stops the process in progress, if it exists, and the program terminates. The thread is prepared to create a packet with a variable number of concatenated lines from the file to send to the server, within the indicated periodicity. The string-type packet formed by the thread is encrypted in order to make the
Fig. 3. Server Subsystem modules architecture. Beginning with data collection, the Gateway Handler module connects the server’s network gateway to the Connection module. This module has a thread that sends encrypted requests to the computer for new experiments, decrypts the packets, previously encrypted by the Connector computer, and sends them to the Connection module. If an error occurs, the module has a system of logs that inserts the error, with time and date, into a text file (Fault log) for the administrator to know. This process will be described in more detail in the next subsection. After the packets are decrypted, they are sent to the Connection module, where data will be unpacked and processed to be stored in the database. This module will be explained in the next subsection.
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
To access the data, the user must be authenticated or be an administrator. In this case it is necessary an authentication mechanism, integrated in the website or in the display platform, preventing any user from viewing data publicly, creating a secure data visualization environment. Like the other modules, the authentication mechanism also has a system of logs (Data Log) for errors in failed authentications. For data visualization, the system has an Interaction module that can be a website or another visualization system. In this case the Interaction module is composed of a website and a RESTful API that allows users to make specific requests. 3.2.1 Process of receiving and storing data In order to be able to receive and forward the data for storage, the server needs to have a program to satisfy this problem. The flowchart shown in Fig. 4, represents the program implemented in the server, to receive the packets, decrypt them and store the data, which will be described next. Once the encrypted request has been sent to the Connector computer, the program will listen for packets coming from the Connector computer.
403
transmission will be interrupted with a warning signal to the user. 3.2.2 Connection module The Connection module connects the database to the rest of the system, where there is a thread that handles with the storage of data coming from the other modules, where user data and sensors data can be stored, modified or deleted. When there is data in the Storage queue, the Storage thread is activated and begins to store the data, that is in the Storage queue, in Data collection that is directly connected to the database driver. The data will only be removed from the Storage queue if the store operation does not fail. Whenever any data is modified, deleted from the database or there is a storage failure, a record of that event will be done in the DB log, which includes the type of event (modification, elimination or failure) along with the data, time and date. 3.3 Secure data transmission The entire connection between the server gateway and the Connector computer gateway is made by a full duplex connection through sockets with no protection. All data can be read in plain text by a person that is sniffing all the packets in the transmission, as a Man-in-the-Middle attack. For the system to have some security in data transmission, the AES-256 symmetric key algorithm, explained in (Ako, 2017), has been implemented that is available royalty-free and can be implemented easily on a wide range of platforms without reducing bandwidth in a significant way, as it is referred in (Daemen et al., 2013). Whenever the server or Connector computer sends a packet with a request, acknowledgement or data, the packet is properly encrypted or decrypted when it is received at its destination. In addition to data encryption, the system also has an error recovery system in case of failure to deliver the data to the server. The error recovery system makes use of the existing Cache file on the computer, to be able to protect the data until it is confirmed, through an acknowledgement packet sent by the server, that where successfully delivered to be stored in the Non-relational database. 4. CASE STUDY
Fig. 4. Flowchart of data collection on the server. All packets received by the program will be decrypted and prepared to be stored in the database. Immediately, after the decryption, the server tries to send an acknowledgement to the Connector computer, so that it knows if the data was successfully received by the server. The server tries to send the acknowledgement several times (configurable value). If the server cannot send the acknowledgements, all such failures will be written to the Fault log file and the
We tested the proposed approach using a real hydraulic laboratory system. In this section, it will be demonstrated the whole system built in the laboratory work through the architecture explained in the previous section. 4.1 Experimental installation of the Data collection subsystem Fig. 5 shows the facilities of the hydraulic laboratory system. The laboratorial work was performed using the resources presented in Fig. 5: (1) Data Logger, (2) Computer, (3) duct with sensors. The hydraulic laboratory system has a black cast iron duct (3), where pressure sensors are inserted.
404
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
Fig. 7. Connector computer architecture. Fig. 5. Hydraulic laboratory. The water is drained into the duct (3) by a pump which supplies the water from a reservoir. The circulating water in the duct (3) can be controlled by a butterfly valve. All data of the pressure sensors are collected constantly by a Data Logger (1) connected to a computer (2). The data acquisition process of the hydraulic laboratory system will be described in the following subsections. 4.1.1 Local acquisition system (Data Logger)
4.2 Experimental installation of the Data management subsystem For the Data management subsystem, was used a server with the 64-bit operating system CentOS 7. Fig. 8 shows the architecture of the Gateway handler module that is used to send requests, receive packets, encrypt and decrypt packets, and send data to store. For the Gateway handler module, a program was created that has several threads that allow the administration of the data.
The Data Logger used in the system is provided by Quantific (Quantific, 2019), which configures and programs the device to receive data from sensors and save it to the computer. The Data Logger is configured to read the data from the sensors and save it with a frequency of 10Hz, i.e., ten scans per second. For the data to be saved on the Connector computer, a program, called LoggerNET, allows to store the data in a text file (Cache file), in the format indicated in Table 1 and Table 2, as shown in Fig. 6. Fig. 8. Gateway handler module architecture.
Fig. 6. Example of Cache file data. 4.1.2 Connector computer system The Connector computer is a normal computer that has a 32bit Windows 7 operating system. In order to be able to send the data to the database, we create an application program that contains a thread (Thread SendData), which connects the computer to the server, as shown in Fig. 7. The thread prepares the existing data in the Cache file to encrypt and sends it through a certain port (in this case, port 9003 is used) that is opened in the server’s firewall, via TCP protocol, which already has an error checking system in the sent packets. In order to synchronize the data recording of the LoggerNET program with reading and sending of the data of the thread SendData, the thread prepares the packet with ten lines (default value) of data of the Cache file and sends them with a frequency of one second (default value), for the visualization of the data be approximately in real time.
After the Connector computer connects to the server, the user can start the experiment by sending a request to the Connector computer. The request can be modified previously, indicating the fields of the request, such as the frequency with which the data is sent to the server and the amount of data sent at one time. In this case the default values in the Connector computer program were used in the requests, to try to achieve a real-time view of the data. 4.3 Data manipulation format and Database The Non-relational database MongoDB, integrated in the server, was used because it combines the ability to scale out with features such as secondary indexes, range queries, sorting, aggregations, and geospatial indexes, as it is referred in (Chodorow, 2013), allowing to execute and visualize results of experiments with simplicity and speed. In this platform it is necessary to move structured data from one place to another. Therefore, JavaScript Object Notation (JSON) is used, which is a model of information transmission in text format, human readable format, frequently used in web services, outpacing XML in many domains, as it is referred in (Rischpater, 2015). JSON allows to develop the program faster and easier when it comes to data manipulation and data storage in the MongoDB database.
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
4.4 Graphical User Interface For the Graphical User Interface, a website was created for the visualization of the data. Data visualization requests can be made quickly through a Uniform Resource Locator (URL) request or in a more interactive way, through a request regarding the interaction interface, where a menu is presented, that allows the user to choose which system or experience want to monitor or perform. An authenticated user has permission to view the data stored in the database, through charts and tables, and the option of exporting all or only some experimental data to an Excel file with charts created through the exported data. In addition to authenticated user interaction with the system, there is an administration mechanism (BackOffice), which allows the administrator to configure remote monitoring, observe Fault Logs, Data Logs and DB Logs, accept user registrations and manage the database. 5. RESULTS Through the hydraulic laboratory system indicated in section 4, several tests were performed, with several types of sensors. The tests performed allow to validate the success of data transmission, failure recovery and data encryption in transmission. Fig. 9 represents a chart with a range of values of the pressure sensors used in a test named “data_pressure”, where all data has been successfully transmitted and stored in the database.
405
paper, such as the creation of more tools for data analysis and for data visualization. REFERENCES Ako, M. A. (2017) ‘Advanced Encryption Standard (AES) Algorithm to Encrypt and Decrypt Data’, Cryptography and Network Security, (June). Available at: https://www.researchgate.net/publication/317615794. Canto, C. J. D. et al. (2015) ‘Remote Laboratory for Cybersecurity of Industrial Control Systems’, IFACPapersOnLine, 48(29), pp. 13–18. doi: 10.1016/j.ifacol.2015.11.206. Chodorow, K. (2013) MongoDB: the definitive guide. ” O’Reilly Media, Inc.”. Chuah, Y. D. et al. (2019) ‘Implementation of smart monitoring system in vertical farming’, IOP Conference Series: Earth and Environmental Science, 268, p. 012083. doi: 10.1088/1755-1315/268/1/012083. Daemen, J. and Rijmen, V. (2013) The Design of Rijndael: AES - The Advanced Encryption Standard, Springer Science & Business Media. doi: 10.1007/978-3-66204722-4. Li, B., Li, Z. and Wei, L. (2017) ‘The design of remote temperature monitoring system’, AIP Conference Proceedings, 1864(August 2017), pp. 1–5. doi: 10.1063/1.4992939. Moreno, C. et al. (2019) ‘Rivercore: IoT device for river water level monitoring over cellular communications’, Sensors (Switzerland), 19(1). doi: 10.3390/s19010127. Mostefaoui, H., Benachenhou, A. and Benattia, A. A. (2017) ‘Design of a Low Cost Remote Electronic Laboratory Suitable for Low Bandwidth Connection’, pp. 480–488. doi: 10.1002/cae.21815.
Fig. 9. Chart of the values of the sensors in a test performed. After all the tests, it was concluded that the results were confident since all data were successfully transmitted and stored in the database. Although there is encryption in data transmission, the data was not affected and was transmitted at the requested frequency in the requests of the server. Although there is synchronization between programs in the computer, the data that is ready to be viewed is not displayed in real time due to the time spent on data processing. 6. CONCLUSIONS AND FUTURE WORK Through the tests performed, the system proposed in this paper proves its good usability in real experiences, providing a secure data transmission, which ensures the integrity of the data. In addition, the system is scalable to a higher number of sensors, providing a NoSQL database and an interactive and simple user interface. In the future, additional features may be developed to increases the potentialities of the system propose in this
Mwemezi, K. and Sam, A. (2019) ‘Development of Innovative Secured Remote Sensor Water Quality Monitoring & Management System: Case of Pangani Water Basin’, International Journal of Engineering and Manufacturing, 9(1), pp. 47–63. doi: 10.5815/ijem.2019.01.05. Quantific (2019) Quantific. http://www.quantific.pt/eng/.
Available
at:
Rischpater, R. (2015) JavaScript JSON Cookbook. doi: 10.1017/CBO9781107415324.004. Sousa, V. and Cardoso, A. (2015) Platform for the supervision of remote systems using low cost devices, Master's thesis, University of Coimbra. Virmani, D. D. et al. (2018) ‘Enhanced Tiny Encryption Algorithm with Embedding (ETEA)’, International Journal of Computers & Technology, 7(1), pp. 493–499. doi: 10.24297/ijct.v7i1.3479.
ScienceDirect IFAC PapersOnLine 52-27 (2019) 400–405
Secure Remote Data Collection System Using Data Encryption Secure Remote Data Collection System Using Data Encryption Secure Remote Data Collection System Using Data Encryption Secure Remote Data Collection System Using Data Bruno Alberto Jorge Bernardino***, Secure Remote Data Collection System Using Data Encryption Encryption Bruno Rodrigues*, Rodrigues*, Alberto Cardoso**, Cardoso**, Jorge Bernardino***,
Bruno Rodrigues*, Alberto Cardoso**, Jorge Bernardino***, Bruno Alberto Jorge Nuno Simões****, José Marques**** Bruno Rodrigues*, Rodrigues*, Alberto Cardoso**, Cardoso**, Jorge Bernardino***, Bernardino***, Nuno Simões****, José Marques**** Nuno Nuno Simões****, Simões****, José José Marques**** Marques**** José Nuno Simões****, Marques**** *Polytechnic of Coimbra Coimbra, Portugal -- ISEC, *Polytechnic of Coimbra Coimbra, Portugal - ISEC, *Polytechnic of Coimbra ISEC, Coimbra, Portugal (e-mail: [email protected]) *Polytechnic of Coimbra -- ISEC, Coimbra, Portugal (e-mail: [email protected]) *Polytechnic of Coimbra ISEC, Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, University of Coimbra, Portugal (e-mail: [email protected]) **CISUC, Department of Informatic Engineering, UniversityPortugal of Coimbra, Portugal (e-mail: [email protected]) ***Polytechnic of Coimbra ISEC, Coimbra, (e-mail: [email protected]) ***Polytechnic of Coimbra - ISEC, Coimbra, Portugal (e-mail: [email protected]) ***Polytechnic of Coimbra Coimbra ISEC, Coimbra,ofPortugal Portugal CISUC, Centre of Informatics and Systems of University Coimbra, Portugal ***Polytechnic of -- ISEC, Coimbra, CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal ***Polytechnic of Coimbra ISEC, Coimbra, Portugal CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal (e-mail: [email protected]) CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal (e-mail: [email protected]) CISUC, Centre of Informatics and Systems of University of Coimbra, Portugal (e-mail: [email protected]) ****INESC -- Coimbra, Department of Civil Engineering, University of Coimbra, Portugal (e-mail: [email protected]) ****INESC Coimbra, Department of Civil Engineering, University of Coimbra, Portugal (e-mail: [email protected]) ****INESC Coimbra, Department of Civil Engineering, University of Coimbra, Portugal (e-mail: [email protected], [email protected]) ****INESC - Coimbra,(e-mail: Department of Civil Engineering, University of Coimbra, Portugal [email protected], [email protected]) ****INESC - Coimbra,(e-mail: Department of Civil Engineering, University of Coimbra, Portugal [email protected], [email protected]) (e-mail: (e-mail: [email protected], [email protected], [email protected]) [email protected]) Abstract: Nowadays, getting data remotely in a secure way, becomes critical critical and and of of utmost utmost importance. importance. Abstract: Nowadays, getting data remotely in aa secure way, becomes Abstract: Nowadays, getting data remotely in secure way, becomes critical and of utmost importance. The simple task of data transfer can be a problem in remote environments, where the network Abstract: Nowadays, getting data remotely in secure way, becomes critical of utmost importance. The simple task of data transfer can be in remote environments, where the network Abstract: Nowadays, getting databe remotely inaa aaproblem secure way, becomes criticalInand and ofpaper utmost importance. The simple task of data transfer can be problem in remote environments, where the network connectivity is unstable and can unavailable for some period of times. this is proposed aa The simple task of data transfer can be a problem in remote environments, where the network connectivity is unstable and can be unavailable for some period of times. In this paper is proposed The simple task of data transfer can be aencryption, problem in remote environments, where isthe network connectivity is unstable and can be unavailable for some period of times. In this paper proposed aa secure remote monitoring system with data which collects data from diverse sensors and connectivity is monitoring unstable and can bewith unavailable for somewhich periodcollects of times. Infrom this paper is sensors proposed secure remote system data encryption, data diverse and connectivity istomonitoring unstable and can bewith unavailable forinsome periodcollects of times. Infrom this paper is sensors proposed a secure remote system data encryption, which data diverse and display them authenticated users, through charts a website, with the option of exporting data using secure remote monitoring system with data encryption, which collects data from diverse sensors and display them to authenticated users, through charts in aa website, with the option of exporting data using secure remote monitoring system with data encryption, which collects data from diverse sensors and display them to authenticated users, through charts in website, with the option of exporting data using an Excel file format. The system created was tested aa hydraulic laboratory setup, where data is display them to authenticated users, through charts in aawith website, with option of exporting data using an Excel file format. The system tested with laboratory where is display them to authenticated users,created throughwas charts inserver website, with the the option of setup, exporting datadata using an Excel file format. The system created was tested with aa hydraulic hydraulic laboratory setup, where data is collected by a remote Data Logger, transmitted to a and stored in a non-relational database by an an Excel file format. The system created was tested with hydraulic laboratory setup, where data is collected by a remote Data Logger, transmitted to a server and stored in a non-relational database by an an Excel by file format. The system created wasintegrity. tested with a results hydraulic laboratory setup, where data is collected a remote Data Logger, transmitted to a server and stored in a non-relational database by an encrypted data transmission that protects its The obtained with the developed tests, collected by a remote Data Logger, transmitted to a server and stored in a non-relational database by an encrypted data transmission that protects its integrity. The results obtained with the developed tests, collected by asuccess remote Data Logger, transmitted to a server and stored inusability a non-relational database by an encrypted data transmission that protects its integrity. The results obtained with the developed tests, regarding the in data transmission, give good perspectives for its at a larger scale. encrypted data transmission that its The obtained with developed tests, regarding the in data transmission, good perspectives for its usability at aathe larger scale. encrypted datasuccess transmission that protects protects give its integrity. integrity. The results results obtained with the developed tests, regarding the success in data transmission, give good perspectives for its usability at larger scale. regarding the success in data transmission, give good perspectives for its usability at a larger scale. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. regarding the success in data transmission, give good perspectives for its usability at a larger scale. © 2019, IFAC (International Federation of Automatic Control) systems, Hosting by Elsevier Ltd. All rights reserved. Keywords: Data acquisition, sensors, security, transmission data encryption. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. Keywords: Data acquisition, sensors, security, transmission systems, data encryption. by an encrypted data transmission that protects protects all the data by an encrypted data transmission that all the data by an encrypted data transmission that protects all the data 1. INTRODUCTION and its integrity. by an encrypted data transmission that protects all the 1. INTRODUCTION and its integrity. the data data 1. INTRODUCTION by an encrypted data transmission that protects all and its integrity. 1. INTRODUCTION and its integrity. Scientific data is one of the most valuable and essential 1. INTRODUCTION The main contributions of this paper are the following: and its integrity. Scientific data is one of the most valuable and essential The main main contributions contributions of of this this paper paper are are the the following: following: Scientific data is of the and essential resources for research activities. Scientific data is one oneand of development the most most valuable valuable andNowadays, essential The The main contributions of this paper are the following: resources for research and development activities. Nowadays, Scientific data is one of the most valuable and essential The main contributions of this paper are the following: remote resources for research and development activities. Nowadays, Propose a secure communication between with the the advances advances in emerging emerging technologies and the the Internet resources for research and development activities. Nowadays, Propose Propose aa secure secure communication communication between between aaa remote remote with in technologies and Internet resources for research and development activities. Nowadays, with the advances in emerging technologies and the Internet environment and a server; of Things Things (IoT), data data is often often collected collected from and remote systems Propose aa secure communication between aa remote with the advances in emerging technologies the Internet environment and a server; of (IoT), is from remote systems Propose secure communication between remote with the advances in emerging technologies and the systems Internet environment and aa server; of Things (IoT), data is often collected from remote using different formats. environment and server; of Things (IoT), data is often collected from remote systems using different formats. environment and a server; Protect the integrity of data using an encryption of Things (IoT), data is often collected from remote systems using different formats. Protect the the integrity integrity of of data data using using an an encryption encryption using different formats. Protect algorithm; Remote laboratories represent an an important important source source of of using different formats. Protect the integrity of data using an encryption algorithm; Remote laboratories represent Protect the integrity of data using an encryption algorithm; Remote laboratories represent an important source of scientific data generated by experimental setups. A frequently algorithm; Remote laboratories represent an important source of scientific data generated by experimental setups. A frequently algorithm; Recover from data transmission failures in the Remote laboratories represent an important source of scientific generated experimental setups. A employeddata method for by data acquisition considers aa local Recover Recover from from data data transmission transmission failures failures in in the the scientific data generated by experimental setups. A frequently frequently employed method for data acquisition considers local communication channel; scientific data generated by experimental setups. A frequently employed for data acquisition considers local device as as aamethod data logger logger that acquires, acquires, stores and can canaaexport export Recover from data transmission failures in the communication channel; employed method for data acquisition considers local device data that stores and Recover from data transmission failures in the communication channel; employed method for data acquisition considers aremote local device as a data logger that acquires, stores and can export data to external applications, which send data to a communication channel; device as a data logger that acquires, stores and can export data to external applications, which send data to a remote communication channel; Use of a NoSQL database that enables to scale out device asexternal a data applications, logger that acquires, storesdata andtocan export data to which send a remote Use of of aa NoSQL NoSQL database database that that enables to to scale out out system. data to Use system. and it secure; data to external external applications, applications, which which send send data data to to aa remote remote Use ofis amore NoSQL database that enables enables to scale scale out system. and it is more secure; Use of a NoSQL database that enables to scale out system. and it is more secure; To ensure ensure quality quality and and integrity integrity of of data data received received and and stored stored system. and it is more secure; To and it is more secure; Consideration of an authentication system to obtain To ensure and integrity of data received and stored Consideration of of an an authentication system system to obtain obtain remotely, itquality is important important to consider aa secure communication To ensure quality and integrity of data received and stored Consideration remotely, is to consider secure communication data privacy. To ensureit quality and integrity ofthe data received and stored Consideration of an authentication authentication system to to obtain remotely, it is important to consider a secure communication data privacy. subsystem. In terms of success in transmission, data can remotely, it is important to aa secure communication data Consideration of an authentication system to obtain privacy. subsystem. terms of success in the transmission, data can remotely, it In isusing important to consider consider secure communication data privacy. subsystem. In terms of success in the transmission, data can be delivered a combination of sequence numbers and The rest of this paper is structured as follows. Section subsystem. In terms of success in the transmission, data can data privacy. be delivered aa of combination of sequence numbers The rest rest of of this this paper paper is is structured structured as as follows. follows. Section Section 222 subsystem. Inusing terms success the transmission, data and can be delivered using combination of sequence and acknowledge messages, whichin ensure ensure data numbers recovery by The presents a brief review of the state of the art in remote data be delivered using a combination of sequence numbers and acknowledge messages, which data recovery by The rest this paper is structured Section presents brief review of the state of of as thefollows. art in in remote remote data2 be delivered a combination of sequence and acknowledge messages, which ensure data recovery by The rest aaof ofbrief thisreview paperSection is the structured as follows. Section 2 resending theusing message upon the detection detection of aanumbers fault in the presents of state the art data collection systems. 3 describes the physical acknowledge messages, which ensure data recovery by resending the message upon the of fault in the presents a brief review of the state of the art in remote data collection systems. Section 3 describes the physical acknowledge messages, which ensure data recovery by resending the message upon the detection of a fault in the presents a brief review of the state of the art in remote data communication process. For security reasons, an encryptioncollection systems. Section 3 describes the physical architecture of the main system proposed of remote data resending the upon the of aa fault in the communication process. For security reasons, encryptioncollection systems. Section describes physical architecture of the the main main system3 proposed of aaathe remote data resending the message message upon the detection detection of an fault indata the architecture communication process. For security an encryptioncollection system systems. Section 3proposed describes the physical based approach approach can be be considered considered to reasons, transmit remotely of system of remote data collection with a distributed architecture and Section communication process. For security reasons, an encryptionbased can to transmit remotely data architecture of the main system proposed of a remote data collection system with a distributed architecture and Section communication process. For security reasons, an encryptionbased approach can be considered to transmit remotely data from the the local source source until it is is stored stored in the database database system, ofa the main system proposed ofcommunication a remote data collection system with aa approach distributed architecture and Section 4architecture considers secure for the based approach can be considered to transmit remotely data from local until it in the system, collection system with distributed architecture and Section 4 considers considers a secure secure approach for the communication communication based approach can be considered to in transmit remotely data 4collection from the local source until it is stored the database system, system with a approach distributed architecture andwith Section guaranteeing a certain level of security. a for the subsystem. Section 5 presents the results obtained the from the local source until it is stored in the database system, guaranteeing certain level 4 considersSection a secure approach for theobtained communication subsystem. 55 presents the results with the from the localaa source until itof issecurity. stored in the database system, subsystem. guaranteeing certain level of security. 4 considersSection a secure approach for theobtained communication presents the results with the application of the proposed approach to a hydraulic guaranteeing a certain level of security. subsystem. Section 5 presents the results obtained with application of the proposed approach to a hydraulic In this paper is proposed a secure data transmission for a guaranteeing aiscertain level aofsecure security. subsystem.system. Section 5 proposed presents the results obtained with the the application of the approach to a hydraulic In this paper proposed data transmission for a laboratory Finally, Section 6 presents the conclusions application of proposed hydraulic In this paper is proposed secure data transmission for aa laboratory system. Finally, Sectionapproach presentsto theaaconclusions conclusions remote monitoring system,aa that that collects data from from water water application of the the proposed approach tothe hydraulic In this is secure data for system. Finally, Section 66 presents remote monitoring system, collects data and future work. In this paper paper is proposed proposed a that secure data transmission transmission for a laboratory laboratory system. Finally, Section 6 presents the conclusions remote monitoring system, collects data from water and future work. sensors. The data is collected by a remote data logger, and laboratory system. Finally, Section 6 presents the conclusions remote monitoring system, that collects data from water and future work. sensors. The data is collected by a remote data logger, and remote monitoring that from water and future work. sensors. The data collected by aacollects remote data logger, and then transmitted transmitted tois asystem, server and and stored in aa data NoSQL database sensors. The data is collected by remote data logger, and then to a server stored in NoSQL database sensors. The data is collected by a remote data logger, and and future work. then transmitted to a server and stored in a NoSQL database then to and in database then transmitted transmitted to aa server server and stored stored in aa NoSQL NoSQL database 2405-8963 © 2019, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Peer review under responsibility of International Federation of Automatic Control. 10.1016/j.ifacol.2019.12.693
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
2. STATE OF THE ART In the past, many projects have been created to remotely collect data from an equipment for monitoring purposes. Some projects can provide data accurately and in real time as in (Mwemezi et al., 2019), others propose an architecture considering low-cost devices, as in (Sousa et al., 2015). Mostefaoui et al., 2017), and others even propose an Android-based remote monitoring and control system, as in (Chuah et al., 2019), but none of them guarantees the integrity and confidentiality of data. In the most basic remote data collection systems, four modules are almost always required: (1) Data acquisition; (2) Network module; (3) Database; (4) Data presentation. The four modules have the proposes described in the following paragraphs. Data acquisition is usually a microcontroller that collects data from one or more sensors and is normally connected to the Network module, where all data is transmitted to the database server, to be stored and saved. Sometimes the database does not exist, and data is provided but not saved. To provide data to users, it is necessary to create a Data presentation module, such as websites and applications. This module presents in a simpler and interactive way for users the data through different customizable queries and graphical representations, as proposed in (Moreno et al., 2019). When the remote monitoring systems are more complex, they may have an alarm system, allowing the user to know when there are different values than expected, preventing possible future problems, as a remote temperature sensor monitoring system, that whenever the temperature is above or below certain limits, an alarm sounds, as in (Li et al., 2017). However, in many cases, the evolution of this type of systems allows a series of threats for which they are usually unprepared, as stated in (Canto et al., 2015). Threats such as the visualization of data in plain text, through packet sniffing by a Man-in-the-Middle attack, because there is no encryption in the communication channels, which leads to the need for a secure transmission. Secure transmission refers to the transfer of data such as confidential or proprietary information over a secure channel (Virmani et al., 2018). Many secure transmission methods require a type of encryption. In order to overcome the problems indicated, the system proposed in this paper is implemented with an encryption algorithm, which allows to obtain a secure and reliable transmission of data and an authentication system to obtain data privacy. 3. SYSTEM ARCHITECTURE The architecture of the main system proposed in this work has seven physical elements, as shown in Fig. 1: (1) Server; (2) No-relational Database; (3) Connector computer; (4) Cache, (5) Data Logger; (6) Sensors; (7) Terminals. Each element is fundamental to the operation of the system, where the server (1) is used to manage all data, the non-relational Database (2) is used to store all users and sensors data, the Connector computer (3) is used to collect data from the Data
401
Logger’s memory and transmit it to the server, the Cache (4) is used to prevent data failures that have occurred in data transmission, the Data Logger (5) is used as data acquisition to collect the sensors data, the sensors (6) are the source of data to be managed, and the terminals (7) are the endpoints for users to interact with the system. The main system is divided into two subsystems, which represent the function of each subsystem: Data Collection Subsystem (DCS); Data Management Subsystem (DMS). These subsystems will be explained in the following subsections.
Fig. 1. Main system physical architecture. 3.1 Data collection subsystem The Data collection subsystem consists of a Data Logger, a computer and several sensors. The Data Logger every time it is turned on, it collects data automatically, to its memory. The computer (Connector computer) is a “bridge” that connects the Data Logger to the Server and has a copy of the data. Inside the Connector computer, there is a program that, first inserts the header, which includes a timestamp, a record number (unique id for each data reading), and then the variables of each sensor, at the beginning of the file, in the format shown in Table 1. Table 1. Header in the Cache file. Timestamp name Timestamp units Timestamp extras
Record name Record units Record extras
Sensor 1 name Sensor 1 units Sensor 1 extras
Sensor 2 name Sensor 2 units Sensor 2 extras
… … …
Sensor n name Sensor n units Sensor n extras
After the header is inserted, the program collects data from the Data Logger’s memory and appends it to a text file (Cache file), in the order indicated in the header, which can include data from several different sensors. The Cache file has horizontal scalability, which allows to add more sensors to the system. The Cache file also allows to have a recovery mode for the system, which acts as a second database to protect all missing data in the original database. 3.1.1 Process of sending data to the server To be able to send data to the server it is necessary to have another program on the Connector computer that has this functionality.
402
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
The flowchart shown in Fig. 2, represents the program process implemented in the Connector computer, whose function is to send the data stored in the Cache file to the server, which will be described next.
transmission more secure. After the packet is sent, the thread waits for an acknowledgement from the server. If the time set in the timer passes, the thread will try to send the data again, but with the new data. If the thread does not receive the acknowledgement a certain number of consecutive times (configurable value), the program will be aborted, and the error will be presented to the administrator through a log file in the Connector computer. If no error occurs and the transmissions do not fail, the program only stops sending the data when requested by the user or when there is no new data in the Cache file for a certain time (configurable value). 3.2 Data management subsystem The Data management subsystem is the core of the system, where data is stored and displayed to authenticated users through a data presentation system such as a website or an application. This subsystem consists of a server with an integrated database. When there is a connection from the Connector computer to the server, the administrator can perform the experiments and all data will be transmitted to the server, to be stored in the Non-relational database. When data already exists in the database, the data can be viewed. In addition to the database, the server has a multi-module subsystem (Server subsystem) that makes the administrator’s job easier, as shown in Fig. 3.
Fig. 2. Flowchart of sending data to the server from the Connector computer. After the computer is connected to the server, the thread in the program waits a certain time (configurable value) for server request to start sending data. The thread decrypts the packet, previously encrypted by the server, and if the server request indicates to start the sending process, the thread initializes the timer for a certain frequency (configurable value of the server side), which comes in the packet, and begins to read the data from the Cache file, if the server request indicates to terminate the program, the thread stops the process in progress, if it exists, and the program terminates. The thread is prepared to create a packet with a variable number of concatenated lines from the file to send to the server, within the indicated periodicity. The string-type packet formed by the thread is encrypted in order to make the
Fig. 3. Server Subsystem modules architecture. Beginning with data collection, the Gateway Handler module connects the server’s network gateway to the Connection module. This module has a thread that sends encrypted requests to the computer for new experiments, decrypts the packets, previously encrypted by the Connector computer, and sends them to the Connection module. If an error occurs, the module has a system of logs that inserts the error, with time and date, into a text file (Fault log) for the administrator to know. This process will be described in more detail in the next subsection. After the packets are decrypted, they are sent to the Connection module, where data will be unpacked and processed to be stored in the database. This module will be explained in the next subsection.
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
To access the data, the user must be authenticated or be an administrator. In this case it is necessary an authentication mechanism, integrated in the website or in the display platform, preventing any user from viewing data publicly, creating a secure data visualization environment. Like the other modules, the authentication mechanism also has a system of logs (Data Log) for errors in failed authentications. For data visualization, the system has an Interaction module that can be a website or another visualization system. In this case the Interaction module is composed of a website and a RESTful API that allows users to make specific requests. 3.2.1 Process of receiving and storing data In order to be able to receive and forward the data for storage, the server needs to have a program to satisfy this problem. The flowchart shown in Fig. 4, represents the program implemented in the server, to receive the packets, decrypt them and store the data, which will be described next. Once the encrypted request has been sent to the Connector computer, the program will listen for packets coming from the Connector computer.
403
transmission will be interrupted with a warning signal to the user. 3.2.2 Connection module The Connection module connects the database to the rest of the system, where there is a thread that handles with the storage of data coming from the other modules, where user data and sensors data can be stored, modified or deleted. When there is data in the Storage queue, the Storage thread is activated and begins to store the data, that is in the Storage queue, in Data collection that is directly connected to the database driver. The data will only be removed from the Storage queue if the store operation does not fail. Whenever any data is modified, deleted from the database or there is a storage failure, a record of that event will be done in the DB log, which includes the type of event (modification, elimination or failure) along with the data, time and date. 3.3 Secure data transmission The entire connection between the server gateway and the Connector computer gateway is made by a full duplex connection through sockets with no protection. All data can be read in plain text by a person that is sniffing all the packets in the transmission, as a Man-in-the-Middle attack. For the system to have some security in data transmission, the AES-256 symmetric key algorithm, explained in (Ako, 2017), has been implemented that is available royalty-free and can be implemented easily on a wide range of platforms without reducing bandwidth in a significant way, as it is referred in (Daemen et al., 2013). Whenever the server or Connector computer sends a packet with a request, acknowledgement or data, the packet is properly encrypted or decrypted when it is received at its destination. In addition to data encryption, the system also has an error recovery system in case of failure to deliver the data to the server. The error recovery system makes use of the existing Cache file on the computer, to be able to protect the data until it is confirmed, through an acknowledgement packet sent by the server, that where successfully delivered to be stored in the Non-relational database. 4. CASE STUDY
Fig. 4. Flowchart of data collection on the server. All packets received by the program will be decrypted and prepared to be stored in the database. Immediately, after the decryption, the server tries to send an acknowledgement to the Connector computer, so that it knows if the data was successfully received by the server. The server tries to send the acknowledgement several times (configurable value). If the server cannot send the acknowledgements, all such failures will be written to the Fault log file and the
We tested the proposed approach using a real hydraulic laboratory system. In this section, it will be demonstrated the whole system built in the laboratory work through the architecture explained in the previous section. 4.1 Experimental installation of the Data collection subsystem Fig. 5 shows the facilities of the hydraulic laboratory system. The laboratorial work was performed using the resources presented in Fig. 5: (1) Data Logger, (2) Computer, (3) duct with sensors. The hydraulic laboratory system has a black cast iron duct (3), where pressure sensors are inserted.
404
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
Fig. 7. Connector computer architecture. Fig. 5. Hydraulic laboratory. The water is drained into the duct (3) by a pump which supplies the water from a reservoir. The circulating water in the duct (3) can be controlled by a butterfly valve. All data of the pressure sensors are collected constantly by a Data Logger (1) connected to a computer (2). The data acquisition process of the hydraulic laboratory system will be described in the following subsections. 4.1.1 Local acquisition system (Data Logger)
4.2 Experimental installation of the Data management subsystem For the Data management subsystem, was used a server with the 64-bit operating system CentOS 7. Fig. 8 shows the architecture of the Gateway handler module that is used to send requests, receive packets, encrypt and decrypt packets, and send data to store. For the Gateway handler module, a program was created that has several threads that allow the administration of the data.
The Data Logger used in the system is provided by Quantific (Quantific, 2019), which configures and programs the device to receive data from sensors and save it to the computer. The Data Logger is configured to read the data from the sensors and save it with a frequency of 10Hz, i.e., ten scans per second. For the data to be saved on the Connector computer, a program, called LoggerNET, allows to store the data in a text file (Cache file), in the format indicated in Table 1 and Table 2, as shown in Fig. 6. Fig. 8. Gateway handler module architecture.
Fig. 6. Example of Cache file data. 4.1.2 Connector computer system The Connector computer is a normal computer that has a 32bit Windows 7 operating system. In order to be able to send the data to the database, we create an application program that contains a thread (Thread SendData), which connects the computer to the server, as shown in Fig. 7. The thread prepares the existing data in the Cache file to encrypt and sends it through a certain port (in this case, port 9003 is used) that is opened in the server’s firewall, via TCP protocol, which already has an error checking system in the sent packets. In order to synchronize the data recording of the LoggerNET program with reading and sending of the data of the thread SendData, the thread prepares the packet with ten lines (default value) of data of the Cache file and sends them with a frequency of one second (default value), for the visualization of the data be approximately in real time.
After the Connector computer connects to the server, the user can start the experiment by sending a request to the Connector computer. The request can be modified previously, indicating the fields of the request, such as the frequency with which the data is sent to the server and the amount of data sent at one time. In this case the default values in the Connector computer program were used in the requests, to try to achieve a real-time view of the data. 4.3 Data manipulation format and Database The Non-relational database MongoDB, integrated in the server, was used because it combines the ability to scale out with features such as secondary indexes, range queries, sorting, aggregations, and geospatial indexes, as it is referred in (Chodorow, 2013), allowing to execute and visualize results of experiments with simplicity and speed. In this platform it is necessary to move structured data from one place to another. Therefore, JavaScript Object Notation (JSON) is used, which is a model of information transmission in text format, human readable format, frequently used in web services, outpacing XML in many domains, as it is referred in (Rischpater, 2015). JSON allows to develop the program faster and easier when it comes to data manipulation and data storage in the MongoDB database.
Bruno Rodrigues et al. / IFAC PapersOnLine 52-27 (2019) 400–405
4.4 Graphical User Interface For the Graphical User Interface, a website was created for the visualization of the data. Data visualization requests can be made quickly through a Uniform Resource Locator (URL) request or in a more interactive way, through a request regarding the interaction interface, where a menu is presented, that allows the user to choose which system or experience want to monitor or perform. An authenticated user has permission to view the data stored in the database, through charts and tables, and the option of exporting all or only some experimental data to an Excel file with charts created through the exported data. In addition to authenticated user interaction with the system, there is an administration mechanism (BackOffice), which allows the administrator to configure remote monitoring, observe Fault Logs, Data Logs and DB Logs, accept user registrations and manage the database. 5. RESULTS Through the hydraulic laboratory system indicated in section 4, several tests were performed, with several types of sensors. The tests performed allow to validate the success of data transmission, failure recovery and data encryption in transmission. Fig. 9 represents a chart with a range of values of the pressure sensors used in a test named “data_pressure”, where all data has been successfully transmitted and stored in the database.
405
paper, such as the creation of more tools for data analysis and for data visualization. REFERENCES Ako, M. A. (2017) ‘Advanced Encryption Standard (AES) Algorithm to Encrypt and Decrypt Data’, Cryptography and Network Security, (June). Available at: https://www.researchgate.net/publication/317615794. Canto, C. J. D. et al. (2015) ‘Remote Laboratory for Cybersecurity of Industrial Control Systems’, IFACPapersOnLine, 48(29), pp. 13–18. doi: 10.1016/j.ifacol.2015.11.206. Chodorow, K. (2013) MongoDB: the definitive guide. ” O’Reilly Media, Inc.”. Chuah, Y. D. et al. (2019) ‘Implementation of smart monitoring system in vertical farming’, IOP Conference Series: Earth and Environmental Science, 268, p. 012083. doi: 10.1088/1755-1315/268/1/012083. Daemen, J. and Rijmen, V. (2013) The Design of Rijndael: AES - The Advanced Encryption Standard, Springer Science & Business Media. doi: 10.1007/978-3-66204722-4. Li, B., Li, Z. and Wei, L. (2017) ‘The design of remote temperature monitoring system’, AIP Conference Proceedings, 1864(August 2017), pp. 1–5. doi: 10.1063/1.4992939. Moreno, C. et al. (2019) ‘Rivercore: IoT device for river water level monitoring over cellular communications’, Sensors (Switzerland), 19(1). doi: 10.3390/s19010127. Mostefaoui, H., Benachenhou, A. and Benattia, A. A. (2017) ‘Design of a Low Cost Remote Electronic Laboratory Suitable for Low Bandwidth Connection’, pp. 480–488. doi: 10.1002/cae.21815.
Fig. 9. Chart of the values of the sensors in a test performed. After all the tests, it was concluded that the results were confident since all data were successfully transmitted and stored in the database. Although there is encryption in data transmission, the data was not affected and was transmitted at the requested frequency in the requests of the server. Although there is synchronization between programs in the computer, the data that is ready to be viewed is not displayed in real time due to the time spent on data processing. 6. CONCLUSIONS AND FUTURE WORK Through the tests performed, the system proposed in this paper proves its good usability in real experiences, providing a secure data transmission, which ensures the integrity of the data. In addition, the system is scalable to a higher number of sensors, providing a NoSQL database and an interactive and simple user interface. In the future, additional features may be developed to increases the potentialities of the system propose in this
Mwemezi, K. and Sam, A. (2019) ‘Development of Innovative Secured Remote Sensor Water Quality Monitoring & Management System: Case of Pangani Water Basin’, International Journal of Engineering and Manufacturing, 9(1), pp. 47–63. doi: 10.5815/ijem.2019.01.05. Quantific (2019) Quantific. http://www.quantific.pt/eng/.
Available
at:
Rischpater, R. (2015) JavaScript JSON Cookbook. doi: 10.1017/CBO9781107415324.004. Sousa, V. and Cardoso, A. (2015) Platform for the supervision of remote systems using low cost devices, Master's thesis, University of Coimbra. Virmani, D. D. et al. (2018) ‘Enhanced Tiny Encryption Algorithm with Embedding (ETEA)’, International Journal of Computers & Technology, 7(1), pp. 493–499. doi: 10.24297/ijct.v7i1.3479.