IOTA Wi-Fi Hotspot for Urban Space

The Internet has become a fundamental part of our lives. For people that enjoy traveling around the world, apps such as Google Maps and Airbnb are essential to organize and carry out a holiday in another country or even continent. But what happens when you go to a foreign country where your smartphone does not provide roaming services? How do you find your way? Well, there are several options, but none of them address this issue properly. You might want to pay a monthly international mobile roaming service, but is it essential to pay an expensive service for more days than you need? Probably not, since the majority travel relying on the free Wi-Fi areas that they can find from local businesses. But can you always rely on such a method? Imagine you travel to a place on the other side of the world without knowledge of the local language, and let's say the locals do not speak English. Would you still comfortable traveling without a backup plan to get Internet?

For such scenarios, I purpose the IOTA Wi-Fi Hotspot for Urban Spaces. How is this outdoor Wi-Fi Hotspot different from others, you might ask? Well, with the IOTA Hotspot, you only pay what you need instead of some monthly service that may charge more than you require. But what is IOTA? IOTA is the digital money for the Internet of Things. As opposed to Bitcoin, IOTA is a non-blockchain based technology which means that transactions with IOTA are entirely fee-free. So, in fact, YOU ONLY PAY WANT YOU NEED!

1. Hardware and Connections

• Raspberry Pi 3B.
• SIM7600E 4G/LTE HAT from Waveshare. The USB interface must be connected to a Raspberry Pi USB port to enable access to the Internet through the cellular network. Also, the 4G antenna should be connected to the MAIN ufl connector. The SIM7600E -H was used in this project since it is the one compatible with the European 4G network infrastructure.
• USB Li-Ion Power Bank to feed the Raspberry Pi 3B.

2. Project Diagram and Description

The Raspberry Pi Wi-Fi interface was configured as an access point to provide users with a wireless network for Internet connectivity. When a new client connects to the IOTA Hotspot network, he/she has no access to the Internet until paying for the desired amount of data, which charged as 1 MIOTA (Mi) per 5 Mbytes. A Captive Portal running locally on the Raspberry Pi blocks access to any website except for the IOTA Web Wallet. Since users do not have Internet to make the payment, the Hotspot allows access to the IOTA Web Wallet. The validation web page, splash.html, also provides the IOTA address of the Hotspot to facilitate the transfer of the IOTA tokens.

The method implemented to validate the user's payment was the Optional IOTA message that can be sent within the transfer. Once the client has made the payment, it can proceed to enter the message in the splash.html page. In this context, the message is treated as a password. The IOTA Hotspot then gets a list of transactions to obtain the IOTA message send in the last transfer. Access to the Internet is only granted if the message passed by the user matches the one obtained from the transfer.

The IOTA Hotspot does not check the balance of the address to determine how many tokens the client has left; instead, an independent process is created per user which monitors the data consumption (download/upload) and removes the client from the network once he/she has exceeded their limit. As a result, it was possible to support multiple users at the same time with a single IOTA address.

3. Raspberry Pi OS

As for any other Raspberry Pi project, the first step is to install an operating system (OS). This project was developed and tested with Raspbian Stretch image version October 2018, which can be downloaded here as raspbian-2018-10-11/.

After downloading the bootable image, use win32diskimager for writing the image to a micro SD card (at least 8 Gb, class 10 recommended for better performance). For the rest of this tutorial, you will need a USB keyboard, an HDMI monitor, and an Ethernet connection to your home router for access to the Internet.

Insert the micro SD card into your Raspberry Pi and power it up. Then, make sure you are running up to date software by executing the following commands.

sudo apt-get update
sudo apt-get upgrade

4. Download the Project

This project is comprised of several drivers/daemons, tools, and scripts. Some of these components were modified to customize the application according to the IOTA Hotspot. To ease the burden during setup, I have added in a GitHub repository all the modified files, in addition to some essential python scripts to run IOTA.

First, install GitHub, if you do not have it already, and then clone the IOTA Hotspot repository in your home directory.

sudo apt-get install git
cd ~
git clone https://github.com/rodruizronald/IOTA-Hotspot

From this point, any access to ~/IOTA-Hotspot/ refers to the files downloaded from GitHub.

5. Wi-Fi Access Point Setup

To allow users to connect to the IOTA Hotspot, the Raspberry Pi Wi-Fi interface was configured as a Soft Access Point (SoftAP). The SoftAP acts as a DHCP server which assigns IPv4 addresses to the Raspberry Pi and any device that joins the wireless network. Two packages are required for this the hostapd and dnsmasq.

To install these packages run the following command:

sudo apt-get install hostapd dnsmasq

Before configuring hostapd and dnsmasq. It necessary to disable the Dynamic Host Configuration Protocol daemon (dhcpcd) for the wlan0 interface, the Wi-Fi interface of the Raspberry Pi, and manually configure an IPv4 address for wlan0.

1. Update dhcpcd to ignore the wlan0:

a. Open the dhcpcd.conf file.

sudo nano /etc/dhcpcd.conf

b. Add the following line to the end of the file.

denyinterfaces wlan0

2. Configure a static IPv4 addresses on the wlan0 interface:

a. Move the wlan0 configuration file to the network directory.

sudo mv ~/IOTA-Hotspot/softAP/wlan0 /etc/network/interfaces.d

If you open this file you will see that the IPv4 address of the IOTA Hotspot network is 192.168.1.0 and the address assigned the Raspberry Pi is 192.168.1.2.

Once the wlan0 has an static IPv4 address, the next step is to configure hostapd.

1. Move the hostapd.conf file to the hostapd directory:

sudo mv ~/IOTA-Hotspot/softAP/hostapd.conf /etc/hostapd

In this file you can find the configuration applied to the SoftAP, including the name of the network (ssid) and passphrase (wpa_passphrase).

2. Set hostapd.conf as the default daemon:

a. Open the default configuration file.

sudo nano /etc/default/hostapd

b. Enable the DAEMON_CONF parameter and point it to the new hostapd configuration file.

DAEMON_CONF="/etc/hostapd/hostapd.conf"

3. Bootstrap the hostapd daemon automatically upon reboot:

a. Move the hostapd service to the system and service manager directory.

sudo mv ~/IOTA-Hotspot/softAP/hostapd.service /etc/systemd/system

b. Unmask, in case it is masked, enable and start the hostapd service.

sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd

If you did not change the ssid in the hostapd.conf, at this point you should be able to see from your computer the IOTA-Hotspot wireless network, though without Internet connectivity.

Lastly, dnsmasq has to be configured.

1. Stop the dnsmasq service:

sudo systemctl stop dnsmasq

2. Remove the default dnsmasq configuration file, and move the one in your project directory to the /etc directory:

sudo rm -rf /etc/dnsmasq.conf
sudo mv ~/IOTA-Hotspot/softAP/dnsmasq.conf /etc

3. Start the dnsmasq service

sudo systemctl start dnsmasq

The dnsmasq.conf file specifies the DNS server and the IPv4 address pool to be used for the clients. One important aspect of this file is that the listen-address must match the IPv4 address of the Raspberry Pi (192.168.1.2).

4. Reboot the Raspberry Pi

sudo reboot

After completing the Wi-Fi Access Point Setup, you should be able to see the IOTA-Hotspot network from your computer or phone, and when connected to it, your device should be given an IPv4 address.

6. 4G/LTE HAT Setup

Now that you have successfully built a SoftAP with the Raspberry Pi, it is time to forward the traffic from the wlan0 interface to another interface with Internet connectivity to provide the clients with this service. To achieve this in an open area, the 4G/LTE HAT from Waveshare was used. Before starting this part of the tutorial, attach your HAT on top of the Raspberry Pi, and connect the antenna to the MAIN ufl connector and the USB ONLY connector to one of the Raspberry Pi USB ports.

Then, follow the steps presented below.

1. Install the software support packages:

sudo apt-get install libqmi-utils udhcpc

This installs two main utilities (qmi-cli tool and qmi-network helper script) these are used for interaction with the 4G/LTE modem and udhcp package (which supports raw-ip mode) and makes configuring the OS networking post connection easier.

2. Move the qmi-network-raw shell script from the project directory to the /usr/local/bin directory to execute it from the command line.

sudo mv ~/IOTA-Hotspot/4GHat/qmi-network-raw /usr/local/bin

This script forms part of the QMI interface library (libqmi-utils), but was modified to match the operation requirements of the Waveshare HAT and some aspects of the project in general.

3. Bootstrap the cellular network automatically upon reboot:

a. Move the wwan0 configuration file to the network directory.

sudo mv ~/IOTA-Hotspot/4GHat/wwan0 /etc/network/interfaces.d

wwan0 is the name of the interface provided by the 4G/LTE modem through the USB connection. It is created automatically by QMI kernel driver, but it has be configured to enable Internet connectivity. The wwan0 file added in the network directory is responsible for connecting/disconnecting the modem to and from the mobile service provider.

IMPORTANT: Some SIM Cards may require a specific Access Point Name (APN). In my case, I did not have to specify one, but if the modem fails to connect without an APN, then you should type your APN in the wwan0 configuration file as shown in the next line. It will be passed to the script as part of the command line arguments.

pre-up /usr/local/bin/qmi-network-raw /dev/cdc-wdm0 start <TYPE_YOUR_APN_HERE>

4. Forward the network traffic from wlan0 to wwan0:

a. Enable IPv4 forwarding.

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

b. To ensure IPv4 forwarding remains enabled after reboot, open the sysctl.conf file,

sudo nano /etc/sysctl.conf

and uncomment the IPv4 forwarding parameter and ensure it's set to 1.

net.ipv4.ip_forward=1

5. Configure Network Address Translation (NAT) with iptables

a. Enable NAT

sudo iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE

and configure FILTER between the wlan0 (Wi-Fi) and wwan0 (Wireless wide area network) interfaces.

sudo iptables -A FORWARD -i wwan0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o wwan0 -j ACCEPT

6. Apply these NAT rules automatically upon reboot:

a. Save the rules in the /etc directory and open the rc.local file

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
sudo nano /etc/rc.local

b. Add the following at the end of the file, before the exit 0 line

iptables-restore < /etc/iptables.ipv4.nat

7. Reboot your Raspberry Pi

sudo reboot

After completing the 4G HAT setup, if connected to the IOTA-Hotspot network, you should be able to access the Internet without restrictions. Be careful though, you are using your mobile data.

Troubleshooting

• If the NET led is blinking, but you cannot access the Internet, then try to add your APN. To find it, google the APN and the name of your mobile company.
• If the NET led is not blinking, something went clearly wrong. To obtain more information, remove or disable the wwan0 configuration file and instead execute manually the pre-up commands (with sudo instead of pre-up). This will allow you to see the error message.

7. IOTA Web Wallet

In this section, I will demonstrate how to generate a Seed and Address for your IOTA-Hotspot using the Web Wallet, but you can also use the Trinity Mobile and Desktop Wallets.

To see how to create an account in Trinity, go to https://docs.iota.org/docs/wallets/0.1/trinity/how-to-guides/create-an-account

To get started with the IOTA Web Wallet, go to https://iotawebwallet.com and follow the next set of instructions.

1. Click on "create new one" to open the settings view.

2. Scroll down and click on the button that says, "Create new wallet". Then, click on "Continue with this seed" or change it if you want. IOTA employs this seed to generate the addresses used to send and receive transfers. Because of this, it is very important that you backup this seed, so that you can later access all the transfers made by the clients to the IOTA-Hotspot.

3. Give it a name and password to your wallet, and then click on "Import wallet". You will need this password to access the wallet.

4. To load the wallet, go to the upper-right corner and select it. Then, enter the password and go to "Summary" to get an address associated with IOTA-Hotspot wallet.

5. Click on the wallet address available. It will open TheTangle.org; here you can see all the transfers made to the wallet. Copy the address and save it in a file for later.

In order to test the IOTA-Hotspot you will also need a personal wallet. To buy IOTA tokens for your personal wallet, I recommend checking these links:

• How to buy IOTA
• How to get your IOTA receiving address

8. PYOTA

Pyota is the official Python library for the IOTA Core. It was used to implement a python scripts that validates the payments made by the clients. The python version used for pyota was the 2.7, which is already installed in Raspbian Stretch. To install pyota on your Raspberry Pi follow the steps below.

1. Install the pip package manager:

sudo apt-get install python-pip

2. To avoid errors with building wheel for cryptography, install this:

sudo apt-get install libffi-dev

3. Use pip to install pyota:

sudo pip install pyota
sudo pip install pyota[ccurl]

Setupthe validator.py

Open the validator.py located in ~/IOTA-Hotspot/pyota and type the seed and address obtained in the previous section for your IOTA-Hotspot.

api = Iota('https://nodes.thetangle.org:443', '<TYPE_THE_IOTA_HOTSPOT_SEED_HERE>')
iota_addr=Address(b'<TYPE_THE_IOTA_HOTSPOT_ADDRESS_HERE>')

After the client has transferred the IOTA tokens, and he/she presses the Enter button in the authentication web page, the validator.py runs. As shown in the in the fragment code below, this python script gets the user transfer, which comprise of a list of transactions, and obtains the message and amount of tokens sent in that transfer. The massage is compared with the one passed by the user to validate the payment.

The validator.py and client.py should remain in ~/IOTA-Hotspot/pyota. If you move them to another directory, you must also modify the wap_auth.sh as it uses this path to execute both scripts.

# Decode the signature message framgment 
for each transationfor transaction in transactions:        
    # Find the transation that contains the optional string message        
    if transaction.value > 0:                
        message = str(transaction.signature_message_fragment.decode())                           
        if message != '':                    
            value = transaction.value                    
            iota_msg = message                    
            # Convert from i to Mi tokens                    
            Mi = (value / 1000000)                    
            # 1 Mi equal to 5 MBytes                        
            mbytes_requested=(Mi*5)

9. Captive Portal Setup

A Captive Portal is essentially a web page displayed to the users connected to a Wi-Fi Access Point before they are granted access to the network resources. Nodogsplash is a small footprint Captive Portal aimed for embedded operating systems. It runs a lightweight web server locally via uHTTPd. This Captive Portal was used to authenticate/deauthenticate clients to allow or restrict access to the Internet. Also, some additional tools provided by nodogsplash were used to track data usage (download/upload) per client.

To install and configure nodogsplash, follow the instructions.

1. Install the libmicrohttpd-dev package (required for nodogsplash compilation) and clone the nodogsplash repository in your home directory:

cd ~
sudo apt-get install libmicrohttpd-devcd 
git clone https://github.com/nodogsplash/nodogsplash.git

2. Compile and install nodogsplash:

cd ~/nodogsplash
make
sudo make install

3. Remove the default nodogsplash directory and replace it for the one in the project directory:

sudo rm -rf /etc/nodogsplash
sudo mv -r ~/IOTA-Hotspot/nodogsplash /etc

The nodogsplash directory contains the following components.

a. nodogsplash.conf: This file customizes several aspects of the Captive Portal from the Gateway address and name to the Firewall rules and authentication methods. Some important aspects to consider are:

• The GatewayAddress must be the same as the one assigned manually to the Raspberry Pi wlan0 interface.

GatewayAddress 192.168.1.2

• For preauthenticated-users (users that have not yet been fully authenticated), it is only possible to access the IOTA Web Wallet and IOTA nodes to process the transactions.

FirewallRuleSet preauthenticated-users 
{        
    # iotawebwallet.com        
    FirewallRule allow tcp port 443 to 104.31.80.165        
    # nodes.thetangle.org        
    FirewallRule allow tcp port 443 to 35.187.163.51        
    # pool.iota.dance        
    FirewallRule allow tcp port 443 to 3.86.168.228
}

• Users are authenticated through a shell script (wap_auth.sh). This script is called by nodogsplash every time a users press the Enter button on the authentication web page, splash.html.

BinAuth /etc/nodogsplash/wap_auth.sh

b. htdocs: This is the directory that the nodogsplash web server looks for files to serve on Raspberry Pi domain by default (192.168.1.2). Here you will find the splash.html page for client authentication via the IOTA Web Wallet and the monitor.html page for demonstration purposes only.

In the splash.html file, you need to type the address of your IOTA Hotspot. This function is used in the web page to copy the address from a button.

function copy_address()
{
    var tmp_input = document.createElement("input");
    tmp_input.style = "position: absolute; left: -1000px; top: -1000px";
    tmp_input.value = "<TYPE_THE_IOTA_HOTSPOT_ADDRESS_HERE>";    
    document.body.appendChild(tmp_input);
    tmp_input.select();
    document.execCommand("copy");
    document.body.removeChild(tmp_input);
}

c. wap_auth.sh: This shell script is the third and last component in the nodogspalsh directory. It was modified to execute the pyota scripts that validate the IOTA message passed by the user and monitor the client.

# Validate if the IOTA message passed by the user matches# the one obtained from the latest list of transactions (bundle)
python /home/pi/IOTA-Hotspot/pyota/validator.py 
$IOTA_MSGIS_MSG_VALID= $(cat /tmp/is-msg-valid.out)

# If the message is valid, then the client is authenticated
if [ $IS_MSG_VALID == "1" ]; then
    # Allow client to access the Internet for one hour (3600 seconds)
    # Further values are upload and download limits in bytes. 0 for no limit.
    echo 3600 0 0
    # Run a client.py script in the background for each client
    # This script keeps track of data usage and deals with deauthentication
    nohup python /home/pi/IOTA-Hotspot/pyota/client.py &>/dev/null &
    exit 0
else
    # Deny client to access the Internet.
    exit 1
fi

4. Start nodogsplash:

sudo nodogsplash

5. Bootstrap nodogsplash automatically upon reboot:

a. Open the rc.local file.

sudo nano /etc/rc.local

b. Add the following at the end of the file, before the exit 0 line.

sudo nodogsplash

5. Reboot your Raspberry Pi:

sudo reboot

After completing the Captive Portal setup, if connected to the IOTA-Hotspot network, the splash.html web page should be displayed automatically, and you should not be able to access any website except the IOTA Web Wallet.

10. Demonstration

Validating the IOTA message takes a couple of seconds. Also, noticed that to import your wallet in the IOTA Web Wallet, you must type your seed. I did not include this in the video for obvious reasons.

11. Conclusion and Further Work

After completing my first ever IOTA project, I can see the real potential of IOTA in the Global IoT market. I pitched my project for travelers who needed an Internet connection to find there way around an unknown city, but in reality, there are no limits for the IOTA Hotspot. I can be placed in camping areas, or even installed in a renting car fleet. Another idea could be putting it in open sport areas so that clients can connect their smartwatches to the IOTA Hotspot and use fitness apps that require access to the Internet.

To further improve this project, I would like to enable the usage of the Trinity Wallet. It would make the IOTA Hotspot a more robust and practical solution. As I mentioned before, there is a list of IPv4 addresses available to access which already include the IOTA Web Wallet and the IOTA nodes. So to make the Trinity Wallet works, it should be only required to add the IPv4 address that Trinity uses to fetch the account information. To find this IP address, you could either use a network traffic analyzer or ask the IOTA support team.