First Step Toward Internet Based Embedded Control System

Eka Suwartadi, Candra Gunawan, Ary Setijadi P, Carmadi Machbub

Laboratory for Control and Computer Systems
Department Of Electrical Engineering
Bandung Institute Of Technology, Indonesia
e-mail: eka98@dsp.itb.ac.id
candra_g@students.ee.itb.ac.id
asetijadi@ee.itb.ac.id
carmadi@lskk.ee.itb.ac.id
Abstract
IP network has been evolving significantly in last decade.
Many computers and devices have been attached to the IP
network and many applications were taken place over it.
One of interesting applications is building embedded
control system which has connectivity to Internet. This
paper explains an implementation of embedded web server
with security support which becomes an example of control
application over IP network. A security algorithm, TEA
(Tiny Encryption Algorithm), has been implemented in a
microprocessor system together with TCP/IP stack. The
microprocessor system is based on 8051 family
microcontroller which serves as web server. The encryption
algorithm is processed both on server and client. Therefore
in clients need a plug in, which run encryption mechanism,
so that they can access the embedded web server safely.
1 Introduction
Internet is the biggest place that information or data
exchange happens in nowadays. Its big network make
possible to develop it as media of remote monitoring and
controlling. TCP/IP protocol, standard protocol of Internet,
supports to develop that functions by adding an application
in the top application layer. Because most of Internet user
familiar with application layer, such as web browser, the
communication between client and server can be acted in
that monitoring and controlling function. With this
consideration then we build an embedded web server based
on 8051 family microcontroller.
Implementation of TCP/IP stack in 8 bit microcontroller
(8051 family) is a big challenge. Several open source
groups have develops this project. Picoweb group build
embedded web server with AT90S8515 and Web51 group
also build web server based on AT89C8252. Both of those
groups build embedded server without security supporting.
They only try to implement TCP/IP stack in
microcontroller. Portability aspect is not considered in their
design. They use assembly language that match only with
certain microcontrollers. Due to those lacks, we built better
embedded web server and design by high level language
which compatible with various microcontrollers. Not only
with 8 bit microcontrollers but also with 16 bit
microcontrollers or other microcontroller systems.
To solve security problems which attack web, a security
protocol was developed which known as Secure Socket
Layer (SSL) whose ability to authenticate and communicate
personally. Secure protocol SSL is developed over
asymmetric cryptography algorithm RSA (Rivest, Shamir,
Adleman) but the implementation requires large code space.
Of course this will become a problem to be implemented in
embedded system which has limited code space. To handle
this problem we choose symmetric cryptography algorithm
TEA (Tiny Encryption Algorithm) which needs fewer
spaces in ROM and RAM to replace RSA algorithm.
In the following we describe the implementation of TCP/IP
stack and TEA algorithm with C programming language in
microcontroller system. Although the use of C language is
considered inefficient in code space, but it can be
implemented for many microcontroller types. Besides that
we also make a generic web browser plug in to implement
TEA algorithm in client side. This embedded web server is
an early step to build internet based embedded control
system. In this paper we show a simple control structure
with ON-OFF controller as illustrated in Figure 1.
Client
IP Network
Client
Controller +
Embedded
Web Server
Device or
Control
Plant
Figure 1: Simple control structure of embedded web server.
2 TCP/IP
TCP/IP is the standard protocol used in Internet. In RFC
1180, TCP/IP follow seven layers in OSI which adopted
into four layers (see Figure 2).
Data Link
Layer
Network
Layer
Transport
Layer
Session
Layer
Physical
Layer
Presentation
Layer
Application
Layer
Network
Interface
Layer
Internet
Layer
Host-to-Host
Transport
Layer
Application
Layer
OSI Model
Layer
TCP/IP
Protocol
Architecture
Layers
Figure 2: TCP/IP protocol architecture layers.
From the bottom of TCP/IP, network layer is the definition
type of physical network media. Such as Ethernet, frame
relay, ATM, and Token Ring. In Internet layer there are
protocols: IP, ARP, IGMP, and ICMP. In embedded web
server we built, we implemented IP, ARP, and ICMP.
IGMP was not implemented, because we assumed that
routing process conducted in routing table at local server.
Then in Host-to-Host Transport Layer there are two
protocols namely, TCP and UDP. We only implemented
TCP, because web server or HTTP server only need TCP.
To become a web server TCP only working on port 80 and
ignore if receive other ports. Port 80 means application
layer related to HTTP. This HTTP was made to send
HTML file.
3 Tiny Encryption Algorithm (TEA)
TEA cryptography algorithm is one of symmetric
algorithm. This algorithm need delta constant (delta =
31
2 * ) 1 5 ( ) and number of iteration (n) in calculation
process. One iteration will produce 64 data bit with 128 key
bit which also result 64 ciphertext. In this case data is in
array v[ ], key is in array k[ ], and result of encryption will
be saved in array v[ ] which replace data position which
formerly in array v[ ].
3.1 Encoding and Decoding Process
Flowchart in Figure 3 shows that there is n iteration
process. Sign << tell that number of shift left of the number,
>> is vice-versa. Sign ^ means XOR operation among the
operand.
Example:
y = y + (( z << 4 )+ k[0] ) ^ (z + sum)^(( z >> 5 )+k[1] )
Y variabel is total of y variabel before with z variabel which
shift left 4 bit, added with k[0] then XOR-ed with total of z
and sum and finally XOR again with z which has shifted
right 5 bit and added with k[1].
S T A R T
E N D
v [ 0- 1 ] =d a t a 1 ( 6 4 bi t )
k [ 0 - 3 ] =k u n c i 1 ( 1 2 8b i t )
n >0 ?
n =n -1
s u m =s um +de l t a
y =y +( (z <<4 ) +k [ 0 ] ) ^( z +s um ) ^( (z >>5 ) +k [ 1 ] )
z =z +( (y <<4 ) +k [ 2 ] ) ^( y +s um ) ^( (y >>5 ) +k [ 3 ] )
v [ 0 ] =y
v [ 1 ] =z
n o
y e s
d e l t a = 0 x 9e 3 7 7 9 b 9
n = 3 2
s um = 0
y = v [ 0 ]
z = v [ 1 ]
Figure 3: Encoding process
Encryption result (ciphertext) which in array v[ ] will
become data for decoding process, after running n iteration.
Result from decoding process (plaintext) will return in array
v[ ] (see Figure 4).
START
END
v[ 0-1] =dat a1(64bit )
k[ 0-3] =kunci1(128bit )
n>0?
n=n-1
z=z-((y<<4)+k[ 2] )^(y+sum)^((y>>5)+k[ 3] )
y=y-((z<<4)+k[ 0] )^(z+sum)^((z>>5)+k[ 1] )
sum=sum-delt a
v[ 0] =y
v[ 1] =z
no
yes
delt a = 0x9e3779b9
n = 32
sum = delt a<<5
y = v[ 0]
z = v[ 1]
Figure 4: Decoding process
From both encoding and decoding flowcharts we see that
cryptography algorithm TEA is very simple so that easy to
be implemented in any kind of programming language
including assembly language. This algorithm emphasizes
number of iteration and length of the key that produces a
secure ciphertext. The longer of key the more iteration so
the algorithm becomes more secure.
4 Design & Implementation
4.1 Hardware Design
The hardware architecture we designed here is a
microprocessor based system. We choose a 8051 family
microcontroller, AT89C55, which has 20 KB ROM and 256
bytes RAM. AT89C55 is interfaced to NE-2000 Ethernet
controller by ISA bus. The whole hardware architecture is
shown in Figure 5.
Figure 5: Hardware architecture
4.2 TCP/IP Stack Implementation
As we know that a microcontroller based system design
implies high complexity to debugging for TCP/IP stack
implementation. To reduce the implementation time
significantly, we realize the embedded web server by
residing the program written in C language in ROM and
RAM of microcontroller.
Functions of embedded web server are limited for:
Serving request with one page from one to five clients;
Content of web page shows status from several
variables in RAM of microcontroller;
From user interface at web page, condition of RAM
variable can be changed;
Only served ICMP, ARP, HTTP request. Besides those
protocols all packets are ignored.
Due to the limit of memory space in microcontroller (20
KB ROM, 256 byte RAM) there is minimization code in
TCP/IP stack implementation.
From C file which implements TCP/IP we need C compiler
for 8051 microcontroller to convert to hexadecimal file that
will be downloaded to the microcontroller. There are
SDCC, Keil, PV31 (Franklin), etc. We use a free software
SDCC and the result takes 75 bytes of RAM and 6564 bytes
of ROM.
start
initiation
any new packet
?
EtherType =
0x800 (IP) ?
Protocol = 1
( ICMP ?)
EtherType =
0x806 (ARP) ?
Type = 8 (Echo
Request) ?
do Echo Reply,
initiation of sending
packet
Protocol = 6
(TCP) ?
Port = 80
(HTTP) ?
implementation of
TCP state
machine
Tipe = 01
(ARP request)?
target IP address match
with this address web
server ?
do ARP Reply,
initiation of sending
packet
yes
no
no
yes
no
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
Figure 6: TCP/IP stack implementation.
4.3 Design and Implementation TEA
Implementation of TEA aims to support security aspect of
embedded web server. As realized in UNIX operation
system, our embedded web server is design with a hierarchy
of system access consisting of administrator or super user
(root in UNIX), operator (group user), and guest.
Administrator has the highest privilege so that it has full
access to this embedded web server. First, an administrator
has authority to make control commands to I/O ports both
of digital I/O and serial port. Second, an administrator can
make a change in setting function of each digital I/O pins.
Third, an administrator also can monitor all status of I/O
ports. This monitoring ability shows input status from each
I/O ports. Based on those administrator privileges, web
page which will be send to the administrator containing
control of digital I/O pins and serial I/O, monitoring I/O,
and setting of embedded web server.
8051
microcontroller
family
+5V DC
Regulator
16 KB
Serial I2C
EEPROM
NE-2000
Ethernet
Controller
10base T
Interface
MAXIM
RS-232
XCXR
9-24
VDC
Ethernet
Digital I/O
RS-232
Operator is one level below administrator. An operator has
authority to make commands to I/O ports which mean it can
change output status of digital I/O (ON or OFF) and change
output value from serial port I/O. An operator also has
authority to get information about monitoring result from
input ports. Based on these authorities, an operator will get
a web page contains control part of digital I/O and serial I/O
with full access to make changes to them.
Guest is the lower level in privilege hierarchy. A guest
only get information about monitoring process of I/O ports
and can not make any changes.
Authentication process in this embedded web server
consists of two input references: ID and password so that
the embedded web server recognises what type of user is
accessing to the system.
First process which embedded web server do when there is
a request from client is parsing process. This process
translates URL coding which is received from client. Server
will detect what type of the request and then will continue
the process with method related to type of request. If type
of request is GET, server directly send index.html file to
client. If the type is POST, server will continue to detect
what the code next.
The next step is to detect I/O condition which located in
html form when user push GO button. This information
located in Message Body of URL coding. Form of Message
Body which will be sent is:
nameinput1=inputvalue1&nameinput2=inputvalue2&&x
= . Inputs are got from radio button, text box, password and
hidden input. All these input values are firstly saved in
memory for next use.
Figure 7: Authentification process.
After finishing parsing process, server will handle
chipertext description (password client) and
authentification. Password chipertext will be described and
used to determine user privilege. Result of privilege, which
is web page with user privilege, will be sent back to client
with a POST response. See Figure 7.
Figure 8: Encryption and decryption process.
Web page has three elements user interface. There are two
textbox for ID information, password, and a hidden input as
sign of the end of URL coding. User gives input such as
text in two textbox. Then that information will be sent to
server in URL form like this:
T1=name&T2=password&x=
Server will parse to this URL coding and save input value
to each user interface provided in memory location.
Information about password still in chipertext form needs to
be encrypted by client before send to server. Information
about name and password will be used to determine the
privilege of that user.
In the beginning of authentification process the description
of chipertext password that send by client is compared with
user database in server. If those information are match,
server will store user privilege information in privilege
memory (1= Administrator, 2=Operator, 3= Guest) then
server will send web page which related to that user
privilege. If information is not match server will send again
authentification page.
TEA algorithm plays important rule in encryption and
decryption process of user and password information. See
Figure 8. TEA algorithm is implemented in C language as
given bellow. Data for encryption and decryption is limited
only 8 characters, but the key 16 characters. Keys which is
GET
request
?
START
Send GET
response,
build
Post
request
?
END
Description
ciphertext,
Authentication
Send POST
response,
build
N
Y
Y
N
Send
START
RETURN
Decryption
Build HTML
Find Privilege
Send HTML
Post Array
Make TCP
Segment
Close
Connection
Encryption
START
RETURN
used have defined both in client and server, so that it
doesnt need distribution of the key.
Encryption:
void encipher(const unsigned long *const v,unsigned long *const
w, const unsigned long *const k)
{
register unsigned long
y=v[0],z=v[1],sum=0,delta=0x9E3779B9,
a=k[0],b=k[1],c=k[2],d=k[3],n=32;
while(n-->0)
{
sum += delta;
y += (z << 4)+a ^ z+sum ^ (z >> 5)+b;
z += (y << 4)+c ^ y+sum ^ (y >> 5)+d;
}
w[0]=y; w[1]=z;
}
Decryption:
void decipher(const unsigned long *const v,unsigned long *const
w, const unsigned long *const k)
{
register unsigned long y=v[0],z=v[1],sum=0xC6EF3720,
delta=0x9E3779B9,a=k[0],b=k[1],
c=k[2],d=k[3],n=32;
/* sum = delta<<5, in general sum = delta * n */
while(n-->0)
{
z -= (y << 4)+c ^ y+sum ^ (y >> 5)+d;
y -= (z << 4)+a ^ z+sum ^ (z >> 5)+b;
sum -= delta;
}
w[0]=y; w[1]=z;
}
Client for this embedded web server needs special plug in
to access the web page. Formerly, we built dedicated web
browser for the client as indicated in Figure 9.
Figure 9: Dedicated web browser for clients.
We built this web browser with security protocol to encrypt
user password information. This protocol begins working
after user inputing its name and password (each maximum 8
characters). Then user will give guidance whether using
secure or non secure communication. If user wants to use
secure communication, user need to push secure button
before pushing GO button. Process that happens when
secure pushed is encryption process. When secure button
pushed, information about password is taken from input
textbox HTML, encrypted, and returned to the place before.
After that, if user push GO button then information will be
sent is ID and password which have been encrypted.
Implementation this secure protocol with base on
cryptography TEA algorithm in client side are realized with
Visual Basic programming. TEA algorithm in client side
has function to call subroutine encryption and decryption
similar to cryptography process in server side.
5 Debugging and Testing
To debug TCP/IP stack in microcontroller, we connect
serial port to Hyperterminal program in PC. Here we can
see all process in microcontroller, for example when
microcontroller detects Ethernet card connection.
PC for Debugging
Embedded
Web Server
Serial Port
Users
Internet
Figure 10: Debugging configuration
Figure 11: Number address of Ethernet card.
Figure 11 shows number address of Ethernet card. To check
if TCP/IP runs properly, we sent ICMP packet to server by
PING command in client. Server can reply the ICMP
packet. We can also check it by browsing the IP address of
embedded web server, it will show authentication page.
To check security protocol, we can input any string to
textbox HTML. Only valid couple of name and password
will be processed.
6 Conclusion
This embedded web server is a good media to attach device
to Internet. Many applications can be developed by this
system primarily in field of remote monitoring and
controlling. For example remote monitoring of Weather
Station, Oil Storage, Home Automation, etc. We can build
this system with low cost and easy to install.
References
[1] Adolfo R., et al, TCP/IP Tutorial and Technical
Overview (IBM, August 2001)
[2] D., Comer, Internetworking with TCP/IP Volume I
(Prentice-Hall, 1995)
[3] D.C. Plummer, An Ethernet Address Resolution
Protocol, RFC 826, Internet Engineering Task Force,
June 1999
[4] D. Wheeler, R. Needham, TEA, a Tiny Encryption
Algorithm, Computer Laboratory, Cambridge
University, England, November 1994
[5] J Postel, Control Protocol. RFC 793, Internet
Engineering Task Force, September 1981
[6] J. Postel, Internet Control Message Protocol, RFC 792,
Internet Engineering Task Force, September 1981
[7] R. Braden, Requirement for Internet Host-
Communication Layer, RFC 1122, Internet
Engineering Task Force, October 1989
[8] R. Fielding et al, HTTP / 1.1 , RFC 2616, Internet
Engineering Task Force, June 1999