Field Server Gateway: Gateway Box for Field Monitoring Servers Takuji Kiura Data mining Lab., National Agricultural Research Center, 3-1-1, Kannonda, Tsukuba, Ibaraki, 305-8666, Japam Mail:
[email protected]
Tokihiro Fukatsu and Masayuki Hirafuji Modeling Lab., Dept. of Information Science and Technology, National Agricultural Research Center, 3-1-1, Kannonda, Tsukuba, Ibaraki, 305-8666, Japam Abstract: The Field Monitoring Server (FieldServer, http://yummy.narc.affrc.go.jp/FieldServer) can provide us a massively distributed field-monitoring system for ubiquitous sensing, networking, and/or computing. FieldServer consists of tiny web sever, Analog-Digital and Digital-Analog converter, wireless Local Area Network (LAN) and sensors and camera. But FiledServer dose not have any large size storage device, dose not provide other internet service. For connecting FieldServer to the Internet and making it secure, we are developing Field Server Gateway that is a small Linux box with a HDD and a wireless LAN card or a Dialup connection. We can approach to many of problems of FieldServer using Field Server Gateway. But, the local security issues are still unsolved. Keywords: Field Monitoring System, Network Security, Virtual Private Network
Introduction FieldServer was developed by us to monitor the real-time data of agricultural field and provide the ubiquitous computing environment in the country area. FieldServer uses wireless LAN, because it is difficult to build wired LAN in the agricultural field. Therefore, FieldServer system has network security problems, i.e. Insertion Attacks, Interception and monitoring wireless traffic, Misconfiguration, Jamming, and Client to client attacks, etc. described in Wireless LAN Security FAQ.1) Some of these problems is not issue of our Field Monitoring System. But we should make the FieldServer secure. We design FieldServer as main parts of massively distributed field monitoring system. Unfortunately, we don’ t have sufficient budget, we should abandon to use the storage device. So we need some small and cheep box for store the field data form Table.1 Field Server Gateway Hardware Specification FieldServers.
Hardware Specification The hardware of Field Server Gateway is OpenBlockSS (OBSS), a small Linux box shi pped from Plathome at Akihabara, Japan. List.1 shows hardware specification of prototype. But hardware of OBSS is slightly different from those of Power Macintosh PCs. OBSS has two Ethernet interface and no graphic chip. It seems that OBBS is suitable for network router or gateway server. OBSS can have a PCMCIA (PC card) expansion slot or two USB1.1 sockets optionally. We can use those options for many purposes, web cam, .storage, connect to sensor, wireless LAN, etc. 410
CPU
IBM PowerPC 405GP at 200MHz
Memory
64MB SDRAM
Flash ROM
8MB (For Disk less System)
LAN
100Base-TX port x 2
Serial port
1
HDD
40GB 2.5inch 4200rpm
Micro PCI
x1
Option
USB1.1x2, PCMCIAx1
Operating System (OS) Table 2 Difference between 2 types of Field Server Gateway Type A
Type B
Vine Linux
plathome kernel
with kernel patch
Linux Kernel
2.4.10
2.4.19
serial_cs module
supported
not supported
Webmin
supported
supported
OpenVPN
not supported
supported
HTun
not supported
supported
PPTP
not supported
supported
FreeS/WAN
may be supported
planned
Apache
supported
supported
J2RE 1.3.1
supported
supported
The OS comes with OBSS hardware has Linux kernel. The kernel version of this Linux OS, distributed by Plathome, is 2.4.10, relatively old. But that is a Linux, we can get kernel sources and patches for OBSS in the Internet. We install another Linux distribution, Vine Linux 2.5 for Power PC (FTP version) on OBSS. Vine Linux 2.5 can provide extremely good Japanese environment and plenty of good software.
Data collect, Storage, Publish Filed Server is a tiny web server. You can access Field Server by using Web Browser such as Internet Explorer and Netscape. Java has java.net.httpUrlConnection class and application program written in Java is executable on many platform. Programs for collecting data from FieldServer are described in Java. Linux PPC version of Java 2 Software Developer Kit is freely available from www.blackdown.org. For data publishing, Apache, a most famous free web server comes with almost all Linux distribution. Using Tomcat, we can build a 100% pure Java Web Service environment.Getting 4 real numbers at every 10 minutes from a FieldServer and storeing in a database requires about 100MB for one year. We also store the image files, so we select 40GB class Hard Disk Drive (HDD).
Internet Connection FieldServer, usually exist in private network, dose not support dial-up connection or xDSL itself. To connect FieldServer from the host, that has a global IP address, we should provide other host. The data collecting host can push all the data to the host in the Internet using a gateway such as a broad band router. A Field Server Gateway is a Linux box. We can set up it as a router or a gateway, supports Network Address Translation (NAT), Reverse NAT, IP Masquerade. Using it we can access to the web pages on FieldServer and get data. Field Server Gateway also works as a server of Dynamic Host Configuration Protocol (DHCP). Everyone can connets his mobile computer to wireless LAN without any difficulty.
Security FiledServer dose not have any access control mechanism. Anyone can access to its web pages. If FieldServer has a switch of motor of water supply, anyone can open the Watergate and makes serious damage on plants in a green houses. Field Server Gateway can control the connection request from web browser using Reverse HTTP Proxy technique or other similar one. Field Server Gateway also protect farmer’ s in-house LAN from malicious users of hot spots in the wireless LAN provided by FieldServers as 411
a firewall. Some Field Server Gateway supports Pint to Point Tunneling Protocol (PPTP). Farmers can access their in-house LAN in the secure way to get past data and input current data using their windows machines in their fields. To control Field Server Gateway it is a OpenVPN client, and make a secure Virtual Private Network between the maintainer’ s host machine. The maintainer can use a web-based server management tool such as webmin. HTun is convenient tunneling VPN tool, because we can cerate private IP connection through a HTTP Proxy. It is one of firewall friendly VPN.
Software used in Field Server Gateway Differences of application programs between Field Server Gateway Type A and B are listed in Table. 2. Type A is has a serial PCMCIA card. It is designed for who did not have a broad band network connection such as FTTH, xDSL. Type B is designed for users who has a FTTH or xDSL environment. These programs are freely available in the Internet. The kernel of type A FieldServer is version 2.4.10 from Platform. It support dose not support OpenVPN, but `AirH” `, (Compact Flash type PHS modem) and wireless LAN PCMCIA card. Type B kernel, that was compiled in Vine Linusx on OOBS, dose not support `AirH” `, but OpenVPN and other PCMCIA card. Type A is under testing at Kagome in Nasu Tochigi, Japan. Type B is under testing Memuro Hokaido, Japan.
Results and Discussions
Fig.1 Field Server Gateway Type A (Left), 2.5inch HDD (Upper Right), and CPU Board (Lower Right)
Field Server Gateway can provide plenty of functions to secure FieldServer and make the wireless LAN more convenient one. It is a small, compact, multi purpose Linux box, has two network interfaces, a 40GB HDD, 200MHz PPC, and 64MB main memory (Fig. 1). It costs only 70,000 Japanese Yen. It is use full for farmers who are using FieldServers. But it can not protect FieldServer from attacks within the wireless LAN. For example, anyone can place high power access point of wireless LAN, route all of the packets to malicious servers, and make serious damage to the users of wireless LAN and the Field Monitoring Server System. Users of wireless LAN provided by FieldServers must protect their own system from malicious attacks using VPN, personal firewall products. FiledServer should have a access control mechanism in it to prevent them selves from attacker.
412
Internet
HU
Field
Server
Access P
Field
FieldServe
Geo
Fig. 2 Typical Usage of Field Server Gateway with FieldServers in the Field Fig. 2 shows you a sample typical usage of Field Server Gateway with Field Servers. URLs: Wireless LAN Security FAQ: http://www.iss.net/wireless/WLAN_FAQ.php Wireless LAN Security: http://documents.iss.net/whitepapers/wireless_LAN_security.pdf OpenBlockSS: http://online.plathome.co.jp/products/openblocks/openblockss/kihon.phtml OpenVPN: http://openvpn.sourceforge.net/ HTun: Providing IP Service over an HTTP Proxy: http://runslinux.net/projects/htun/htun_abstract.pdf PPTP: How to establish VPN using PPTP (in Japanese): http://www.zdnet.co.jp/help/howto/linux/vpn/ How to install Vine 2.5 to OpenBlockSS (in Japanese): http://homepage2.nifty.com/yhirano/oobsvine.htm J2RE for PPC: http://www.blackdown.org/
413
