Implementation of Embedded Web server using TEA algorithm

Transcription

1 Implementation of Embedded Web server using TEA algorithm Arunkumar G 1, Dr. T.C. Manjunath 2, Harish H.M 3, Jayaprakasha.H 4 1 Department of E&C, S.T.J.I.T, Ranebennur 2 Principal, HKBKCE, Bangalore 3,4 Department of E&C, GEC, Haveri 1 arunkumar.stjit@gmail.com 2 manjuiitb@yahoo.com 3 hmharish@gmail.com 4 harshitajp@gmail.com Abstract- IP network has been evolving significantly during the last two decades, many computers and devices have been attached to the IP network and many applications were developed over it. Powerful microcontrollers are used as part of most home and office appliances of today. Integrating web servers to these intelligent devices will aid in controlling such devices over the Internet and also creating user interfaces for them in the form of web pages. Assigning multiple functionalities to a single button helps manufacturers to economize user interfaces but, this makes design more complicated. One of the interesting applications is building embedded control system which has connectivity to Internet. This work explains implementation of embedded web server with security support with an example of control application over IP network. A security algorithm, called Tiny Encryption Algorithm [4], is implemented in a microcontroller system together with TCP/IP stack. The microcontroller system is of ARM family which serves as a web server. The encryption algorithm is processed both on server and client. Therefore, in clients it needs a plug-in to run encryption mechanism so that they can access the embedded web server safely. Since the cost of web based interfaces is considerably low, they can be used to provide the infrastructure for the design of simple, user-friendly interfaces for household appliances. Also, a web page based interface is much easier to change as compared to a hardware interface. The approach used to develop our prototype system is lightweight design and utilization of widely available network components such as Common Gateway Interface [1]. Keywords- Internet Protocol (IP), Tiny Encryption Algorithm (TEA), Transmission Control Protocol/Internet Protocol (TCP/IP), Advanced RISC Machine (ARM). I. INTRODUCTION Now a day s Internet is the largest information or data exchange media, which can be used as media for remote monitoring and controlling. TCP/IP protocol, standard protocol of Internet, supports to develop these functions by adding an application in the top application layer. As most of the Internet users are familiar with application layer, such as web browser, the communication between client and server can be added in that monitoring and controlling function. With this consideration, an embedded web server based on ARM microcontroller is implemented. The open source groups like Picoweb group built embedded web server with AT90S8515 and Web51 group built web servers based on AT89C8252. These two systems were lacking in security support. They try to implement TCP/IP stack in microcontroller. They used assembly language that match with certain microcontrollers. Here an attempt is made to build better embedded web server which overcome these drawbacks of embedded web servers. This model makes use of high level language which is compatible with most of the microcontrollers. To solve security problems a security protocol was developed, which is known as Secure Socket Layer (SSL). It has ability to authenticate and communicate personally. Secure protocol SSL is developed over asymmetric cryptography algorithm RSA but its implementation requires large code memory. To handle this problem here Tiny Encryption Algorithm (TEA) is selected which needs less memory to replace RSA algorithm. Although the use of C language is considered inefficient in code memory, it can be implemented for many microcontroller types. This embedded web server is an early step to build internet based embedded control system. This project depicts a simple control structure with ON-OFF controller as illustrated in Fig.1 [1]. 381

2 II. International Journal of Emerging Technology and Advanced Engineering Fig.1 Simple Control Structure of Embedded Web Server [1]. PREVIOUS WORK Several books were referred to understand the concepts of Networks and Protocols. The following are few of the papers, which are referred to realize the basic ideas about working of embedded web server. The design concept is proposed to accomplish a full function web server on a strictly limited resource space [1]. Through this embedded web server user can access their equipments remotely. The equipment mentioned here could be home appliances and factory devices. A key goal of this present paper is to provide an effective approach of access to traditional equipments that have no Internet interface and a reduction policy of TCP/IP protocol suite [1]. The work on developing an efficient and lightweight embedded web server for Web-based network element management have propose the architecture of an embedded Web server that can provide a simple but powerful for network element management, then the design and implementation of embedded web server, which is an embedded Web server that have developed for Web-based network element management. Finally, the result of embedded web server s performance and embedded web server optimization methods is presented. There are many commercial embedded web server products on the market for Web appliances and the work is a good example of making an efficient and lightweight embedded web server suitable for Web-based network element management [2]. 382 The development of three industrial devices, which utilizes Ethernet interface. The first two are designed to allow connection of already existing systems to the LAN. Both systems assume that the connected system is already equipped with serial port and implements some type of communication protocol. The first one creates virtual serial port, so already existing software can be utilized. The second system works as a specialized web server. It implements a universal script language, which allows sending and receiving data through serial interface and dynamically creating web content. The third device is a data logger equipped with number of universal analog and digital inputs. The collected data are recorded in the memory of the data logger and accessible using embedded web and FTP server [3]. III. DESIGN AND IMPLEMENTATION OF EMBEDDED WEB SERVER Implementation of TEA aims to support security aspect of embedded web server [4]. The embedded web server is designed to operate with a hierarchy of system access consisting of an administrator and a guest. Administrator has the highest privilege so that it has full access to this embedded web server. First, an administrator has authority to make control commands to I/O ports both of digital I/O and serial port. Second, an administrator can make a change in setting function of each digital I/O pins. Third, an administrator also can monitor all status of I/O ports. This monitoring ability shows input status from each I/O ports. Fig3. Decryption Process Based on the administrator privileges, web page which will be sent to the administrator containing control of digital I/O pins and serial I/O, monitoring I/O, and setting of embedded web server. A guest has the lowest privilege in hierarchy. A guest only gets information about monitoring process of I/O ports and cannot make any changes. Authentication process in this embedded web server consists of three input references: ID, password and a key so that the embedded web server recognizes what type of user is accessing to the system. The first process which embedded web server does when there is a request from client is parsing process, is to translate the URL coding which is received from client.

3 The Server will detect the type of the request and then will continue the process with method related to type of request. If type of request is GET, the server directly send index.html file to client. If the type is POST, the server will continue to detect what the next code. Fig.2 Encryption process [1] The next step is to detect I/O condition which located in HTML form when user push 'GO' button. This information located in message body of URL coding. Form of message body which will be sent is: name input 1 = input value1 & name input2 = input value2 & name. Inputs are got from button, text box, password and hidden input. All these input values are initially saved in memory for next use[1]. Fig.3 Decryption Process [1] Fig.4 Dataflow Diagram of Client Side [1] After parsing process, the server will handle ciphertext description (password client) and authentication. The Password ciphertext will be detected and used to determine user privilege. The result of privilege, which is a web page with user privilege, will be sent back to client with a POST response. The web page has three element user interfaces. There are three textboxes for ID information, password, key and a hidden input as sign of the end of URL coding. The user gives input such as text in three textboxes. The server will parse to this URL coding and save input value to each user interface provided in memory location. Information about password still in ciphertext form needs to be encrypted by client before send to server. Information about name, password and key will be used to determine the privilege of that user [1]. 383

4 In the beginning of authentication process, the description of ciphertext password sent by the client is compared with database in server. If match is found, the server will store this information in "privilege memory". Then server will send the related web page. If there is no match, server once again sends the authentication page. The TEA algorithm plays an important role in encryption and decryption process of user and password information. The TEA algorithm is implemented in C language. Data for encryption and decryption is limited to 8 characters, but the key has 16 characters. Keys are defined both in client and server [1]. A. User Authentication and Identification In addition to domain-based security, most HTTP servers also support a more complicated method of security known as user authentication. When configured for user authentication, specified files or directories are set up to allow access only by certain users. A user attempting to open the URLs associated with these files is prompted for a name and password. The user name and password is checked by the server and if found legitimate, the user is allowed access. In addition to allowing the user access to the protected file, the server also maintains the user's name and passes it to any subsequent CGI programs that are called. The server passes the user name in the REMOTE_USER environment variable. A CGI script can therefore use server authentication information to identify users. This is not what user authentication was meant for, but if the information is available, it can come in mighty handy. Here is a snippet of code that illustrates what you can do with the REMOTE_USER environment variable: The HTTP_FROM environment variable also carries information that can be used to identify a user-generally, the user's address. However, this variable depends on the browser to make it available, and few browsers do, so HTTP_FROM is of limited use. Server authentication does not provide complete security. Since the user name and password are sent unencrypted over the network, it is possible for a "snoop" to look at this data. the request to the server. This query string can then be accessed by using the environment variable QUERY_STRING. The main advantage of GET is that you can access the CGI program with a query without using a form. The main advantage to the POST method is that query length can be unlimited. To get data sent by the POST method, the CGI program reads from standard input. C. Status Codes Status codes are used by the HTTP protocol to communicate the status of a request. For example, if a document does not exist, the server returns a "404" status code to the browser. If a document has been moved, a "301" status code is returned. CGI programs can send status information as part of a virtual document. Here is an arbitrary example that returns success if the remote host name is bu.edu and failure otherwise: The Status header consists of a three-digit numerical status code, followed by a string representing the code. A status value of 200 indicates success, while a value of 400 constitutes a bad request. In addition to these two, there are numerous other status codes you can use for a variety of situations, ranging from an unauthorized or forbidden request to internal system errors. D. Accessing Form Input The Web browser allows the user to select or type in information, and then sends it to the server when the Submit button is pressed. B. GET and POST method There are two methods for sending form data: GET and POST. The main difference between these methods is the way in which the form data is passed to the CGI program. If the GET method is used, the query string is simply appended to the URL of the program when the client issues Fig.5 FORM Interaction with CGI 384

5 E. Decoding Process In order to access the information contained within the form, a decoding protocol must be applied to the data. First, the program must determine how the data is passed by the client. This can be done by examining the value in the environment variable REQUEST_METHOD. If the value indicates a GET request, either the query string or the extra path information must be obtained from the environment variables. On the other hand, if it is a POST request, the number of bytes specified by the CONTENT_LENGTH environment variable must be read from standard input. The algorithm for decoding FORM data is as follows: 1. Determine request protocol (either GET or POST) by checking the REQUEST_METHOD environment variable. 2. If the protocol is GET, read the query string from QUERY_STRING and/or the extra path information from PATH_INFO. 3. If the protocol is POST, determine the size of the request using CONTENT_LENGTH and read that amount of data from the standard input. 4. Split the query string on the "&" character, which separates key-value pairs (the format is key=value & key=value). 5. Decode the hexadecimal and "+" characters in each key-value pair. 6. Create a key-value table with the key as the index. Say you have a form that sends a POST request, and a program that decodes both GET and POST requests. Suppose you know that there are three fields: user, age, and pass. You can fill out the form, and the client will send the information as a POST request. IV. RESULTS The embedded web server is made to run on the LAN, and then the results of this project are observed. The provision is made for two users namely Administrator and guest. The administrator has all rights to change the status of different home appliances. The guest can only view the status of different home appliances and he has no rights to change the status. If an unauthorized user tries to access the page, it will throw a webpage with a status message as unauthorized user. The URL address of this server is When we enter different URL address, it will throw the web page as the requested URL/google.com was not found at this server. V. CONCLUSION Web Services present a way to interconnect applications through Internet among computational systems. The general design concept of the mini embedded web server is to allow easy access to remote equipment. In this project, a potential solution for low-cost secure Embedded Web Server based on TEA encryption is proposed. This embedded web server is a good media device to Internet. Many applications can be developed using this system concept, primarily in field of remote monitoring and controlling. This system is simple to install and cost effective. Finally, ARM Linux installed the system kernel is configured and then Root File System is created. These things are downloaded on to ARM Processor to make it as an Embedded Web Server [1]. REFERENCES [1] First Step Toward Internet Based Embedded Control System, Eka Suwartadi, Candra Gunawan, Ary Setijadi P, Carmadi Machbub,1999. [2] An Efficient Embedded Web Server for Web-based Network Element Management, Mi-Joung Choi, Hong-TaekJu, Hyun-Jun Cha, IEEE [3] Ethernet Interface In Application Case Study, Cach Petr, Fiedler Petr, Department of Control and Instrumentation, Brno University of Technology. [4] D.Wheeler, R. Needham, TEA, a Tiny Encryption Algorithm, Computer Laboratory, Cambridge University, England, November [5] Adolfo Rodriguez and John Gatrell, TCP/IP Tutorial and Technical Overview (IBM, August 2001). [6] Douglas E.Comer, Internetworking with TCP/IP Volume I, fourth edition, Pearson Education Asia. [7] J.Breckling, Ed., The Analysis of Directional Time Series: Applications to Wind Speed and Direction, ser. Lecture Notes in Statistics. Berlin, Germany: Springer, 1989, vol. 61. [8] Alberto Leon Garcia, Communication Networks Fundamental Concepts and Key Architectures, Tata McGraw-Hill Edition [9] Andrew S.Tanenbaum, Computer Network, Third Edition, Pearson Education Asia. [10] An Embedded Web Server for Equipments, Tao Lin Hai Zhao Jiyong Wang Guangjie Han Jindong Wang, COMPUTER SOCIETY, IEEE [11] William Stallings, Cryptography and Network Security, Third Edition, Pearson Education Asia. 385