Hardware components | ||||||
 |
| × | 1 | |||
 |
| × | 1 | |||
| × | 1 | ||||
| × | 1 | ||||
| × | 1 | ||||
Software apps and online services | ||||||
 |
| |||||
 |
| |||||
Note: This tutorial could be outdated, please go here for a more current version.
IntroductionCloud IoT Core is a fully managed service that allows you to easily and securely connect, manage, and ingest data from millions of globally dispersed devices. Cloud IoT Core, in combination with other services on Cloud IoT platform, provides a complete solution for collecting, processing, analyzing, and visualizing IoT data in real time to support improved operational efficiency.
Devices can connect to GCP IoT Core using HTTP or MQTT. This tutorial will walk you through how to connect an Arduino MKR GSM 1400 board securely to GCP IoT Core using an MQTT client. MQTT (Message Queuing Telemetry Transport) is a M2M (machine-to-machine) connectivity protocol which provides a messaging subscription and publish transport.
Devices must use JSON Web Tokens (JWTs) for authentication, more information on JWTs can be found in RFC 7519. GCP IoT Core supports both RSA and Elliptic Curve algorithms to verify JSON Web Signatures (JWS). More information on JWS can be found in RFC 7515.
Every Arduino MKR board with on-board connectivity, including the MKR GSM 1400, is equipped with a Microchip ATECC508A or ATECC608A crypto element. This crypto element can be used to securely generate and store a 256-bit ECC (Elliptic Curve Cryptography) key. We'll be using a private key stored inside the crypto element to sign the JWT.
Software and Hardware SetupIf you don't have the Arduino IDE installed on your computer, download and install it.
Once it is installed, make sure you have the latest "Arduino SAMD Boards" package installed. You can check by opening the Arduino IDE, and opening the Tools -> Board: "..." -> Board Manager... menu entry, and searching for "Arduno SAMD". At the time of writing 1.6.20 was the latest version.
Next you'll need to install the Arduino libraries that will be used, using the Arduino IDE's library manager. Open the Sketch -> Include Library -> Manage Libraries... menu, search for and individually install each of the following libraries:
- MKRGSM
- Arduino_JSON
- ArduinoECCX08 (version 1.3.0 or later)
- ArduinoMqttClient (version 0.1.3 or later)
- Arduino Cloud Provider Examples (version 1.2.0 or later)
Now insert the micro SIM card in the slot on the bottom of the MKR GSM 1400 board, connect the antenna, and attach the 3.7V Lipo battery to the JST connector. Then plug in the MKR GSM 1400 with the micro USB cable to your computer, select the serial port in the Arduino IDE using the Tools -> Port "..." menu and also select Arduino MKR GSM 1400 in the Tools -> Board "..." menu.
As mentioned above, GCP IoT Core requires devices that connect using the MQTT protocol to use JWT for authentication. We'll use a sketch to generate a private and public key on the board, then add the PEM value of the public key to the GCP IoT Core console.
The private and public can be generated using an example sketch from the ArduinoECCX08 library. Open the sketch in the Arduino IDE using the File -> Examples -> ArduinoECCX08 -> Tools -> ECCX08JWSPublicKey. Click the "Upload" button to build and upload the sketch to your board, then open the Serial Monitor. Make sure the line ending configuration is set to "Both NL & CR."
This sketch will prompt you to permanently configure your ATECC508A to ECC608A crypto element if it is not configured and locked. NOTE: This locking process is permanent and irreversible, but is needed to use the the crypto element - the configuration the sketch sets allowsyou to use 5 private key slots with any cloud provider(orserver) and a private keycan be regenerated any time for anyofthe5privatekey slots (0 - 4). When the board is shipped from the factory, the crypto element is in an unconfigured and unlocked state.
After this, you will be prompted for what slot to use. For this tutorial we'll be using slot 0 to generate and store the private key used for a public key (slots 1 to 4 can be used to generate and store additional private keys if needed). Note: Since the private key is generated inside the crypto element it never leaves the device and is stored securely and cannot be read.
Copy the generated public key value, in this screenshot the value is:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFl4+DXufU84AhDGib7aMwmYwUVAp9coRdC9jOdzR
e2kqGWFEb+QP4V4YUK9Zy7PsmRABi1sWgxiAoEhg1FEQgg==
-----END PUBLIC KEY-----
We will use it in a later step when adding the device to GCP IoT Core.
Now that we have a PEM public key, we need to login into the GCP IoT Core console and create a new device for it.
1) Open a web browser and go to https://cloud.google.com/ and click the "Sign In" link to login with your Google ID.
2) Once you are logged in, click the "GO TO CONSOLE" button. Then you will see the main dashboard.
3) Click the "CREATE" link to create a new project.
4) You will be prompted for a project name, we'll be using "MKR GCP Tutorial" for the name. Click the "CREATE" button to continue.
5) After the project has been create you will be presented a dashboard view of it.
6) Now click the menu icon in the top left hand side, and scroll to the "BIG DATA" heading and click the "IoT Core" link.
7) You will be prompted to enable the API, click the "Enable API" button.
8) Once the API is enabled, you will be prompted to create a device registry. Click the "Create a device registry" button to proceed.
9) You will then be presented with a form. Fill in the "Registry ID", select a region. In the screenshot below "MKR_GCP_Tutorial" was entered for the registry ID and "us-central1" was selected as the region. After the form has been filled in, click the "Create" button.
10) You will be then presented with details of the registry.
11) To add a new device, click "Devices" link on the navigation bar on the left hand side.
12) Then click "+ CREATE A DEVICE" in the heading at the top of the page.
13) Enter the device name, in the screenshot below "MyMKRGSM1400" was used. "ES256" must be selected as the "Public key format". Paste the PEM public key generated on the board earlier into the "Public key value" text area. Then click the "Create" button.
1) Open the GCP IoT Core GSM sketch in the Arduino IDE using File -> Examples ->Arduino Cloud Provider Examples -> GoogleCloudPlatformIoTCore-> GCP_IoT_Core_GSM.
2) In the arduino_secrets.h tab, fill in the pin (if required) for the SIM card, as well as the GPRS APN, username and password for the cellular carrier you are using.
// GSM settings
#define SECRET_PINNUMBER ""
#define SECRET_GPRS_APN "GPRS_APN" // replace your GPRS APN
#define SECRET_GPRS_LOGIN "login" // replace with your GPRS login
#define SECRET_GPRS_PASSWORD "password" // replace with your GPRS password
4) Then update the project id, cloud region, registry id and device id values.
// Fill in your Google Cloud Platform - IoT Core info
#define SECRET_PROJECT_ID ""
#define SECRET_CLOUD_REGION ""
#define SECRET_REGISTRY_ID ""
#define SECRET_DEVICE_ID ""
The project id value can be found by clicking the menu bar at the top of the GCP console. For the steps above the values are:
#define SECRET_PROJECT_ID "mkr-gcp-tutorial"
#define SECRET_CLOUD_REGION "us-central1"
#define SECRET_REGISTRY_ID "MKR_GCP_Tutorial"
#define SECRET_DEVICE_ID "MyMKRGSM1400"
5) Upload the sketch to your board and open the serial monitor. The board will attempt to connect to the cellular network and if successful try to connect to GCP IoT Core using MQTT.
Now that your board has successfully connected to GCP IoT Core, we can use the GCP IoT Core console to interact with it. The sketch sends a message to the /devices/{deviceId}/state topic every 5 seconds and listens for messages on both /devices/{deviceId}/config topic and /devices/{deviceId}/commands/# topics.
In the device page in GCP IoT Core console, click the "SEND COMMAND" button.
A modal dialog will appear, where you can enter a message to send. In the screenshot below "Hello There!" was entered. Click the "SEND COMMAND" button to send the message.
Once the board receives the message it will print it on the Serial Monitor.
To view the messages the board is sending, click "Configuration & state history" tab.
The messages will appear in Base64 encoded format, to view the value click and entry in the list and select the "Text" radio button.
In the screenshot above, the board was sending a "hello 464488" value, the 464488 value is the result of the millis() function on the board.
ConclusionIn this tutorial, we covered how to securely use an Arduino MKR GSM 1400 board with GCP IoT Core. A signed JWT was used to authenticate with GCP IoT Core using the MQTT protocol with the ATECC508A or ATECC608A storing the private key used to sign the JWT. MQTT messages were sent to and from the board.
This is just the beginning, you can use GCP IoT Core with many of the other services GCP provides!
Comments