Master's thesis project on the use of an Ethereum Blockchain to manage Authentication and Access Control when querying data from an Edge IoT Network.
First of all create a network called iot
for your containers
docker network create iot
Then start the mysql
container with this command (it will create a database called iot
). The iotdataprovider container will take care of applying migrations when it starts.
docker run --name mysql --network iot -p 3306:3306 -e MYSQL_ROOT_PASSWORD=admin -e MYSQL_DATABASE=iot -d mysql:latest
You will need to configure access to a web3 provider (for example through infura, or a local web3 provider like geth
or ganache
).
You can do so by editing all instances of the ConnectionStrings__Chain
environment variable in the docker-compose.yml
file.
Finally run the build script
./run.bat
or on Linux
chmod +x run.sh
./run.sh
Now access http://localhost:4000
and http://localhost:4001
and you will see two instances of the web-based client that you can use to impersonate the owner and the signer.
You can use the premade wallets admin.json
and signer.json
on the Kovan testchain (the password is password
) that are provided inside the client's container. To refill them you can use this free faucet.
After deploying a contract, you can add some policies, for example
Resource: temperature/latest
Location: https://raw.githubusercontent.com/davidetestoni/BlockchainAuthIoT.Policies/688ac97c92aa749205f13d0c8ed4924e1c07a05f/temperature.json
Resource: humidity/latest
Location: https://raw.githubusercontent.com/davidetestoni/BlockchainAuthIoT.Policies/688ac97c92aa749205f13d0c8ed4924e1c07a05f/humidity.json
Resource: temperatureRT
Location: https://raw.githubusercontent.com/davidetestoni/BlockchainAuthIoT.Policies/aebc7f8957606fd26a6ffdf4e75054e1b623587c/temperatureRT.json
Resource: humidityRT
Location: https://raw.githubusercontent.com/davidetestoni/BlockchainAuthIoT.Policies/aebc7f8957606fd26a6ffdf4e75054e1b623587c/humidityRT.json
Alternatively, just load a premade contract on the Kovan testchain at 0x66c9886b18fe944078fe3eb3c60315a4474796f1
.
After the contract has been initialized and signed, the user appointed by the signer (for the premade contract it's the signer itself) can send a query to one of the test endpoints to see the data.
http://dataprovider:3000/temperature/latest?count=10&deviceNames=Sensor_1,Sensor_2
http://dataprovider:3000/humidity/latest?count=10&deviceNames=Sensor_1
In the realtime tab of the client, the signer can require connection to a realtime resource. By default, the server will be running on the host dataprovider
on port 6390 (UDP). In addition, the client must provide the name of the desired resource, for example temperatureRT
or humidityRT
as configured above.
If you need to clear the redis cache for any reason, you can sh
into the container and then type
redis-cli
flushall
CTRL+D twice to exit the redis-cli
program and the sh
shell.