Skip to content

t04glovern/traffic-cop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
api
api
 
 
aws
aws
 
 
circuit
circuit
 
 
db_tools
db_tools
 
 
esp8266-gps
esp8266-gps
 
 
esp8266-sniffer
esp8266-sniffer
 
 
frontend
frontend
 
 
img
img
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Traffic Cop

http://traffic-cop.s3-website-us-east-1.amazonaws.com/

WiFi Beacon & Client sniffing pipeline for analysing the movements of Human Traffickers.

img/web-demo.png

Authors

Proof of Concept

img/poc-circuit.jpg

Circuit Diagram

circuit/circuit-diagram_bb.jpg

BOM

Architecture

img/aws-architecture.png

Deploying CF

IoT Vending Machine

Deploys a IoT Vending machine instances that can be used to generate certificates for new devices

aws cloudformation create-stack --stack-name "TrafficCop-IoT-Vending-Machine" \
--template-body file://aws/Iot-Certificate-Vending-Machine.json \
--parameters file://aws/Iot-Certificate-Vending-Machine-Params.json \
--capabilities CAPABILITY_IAM

Create Device

Check the outputs from your cloudformation stack and retrieve the RequestUrlExample, It'll look like the following:

https://<api-gateway-id>.execute-api.us-east-1.amazonaws.com/LATEST/getcert?serialNumber=value1&deviceToken=value2

Create a new item in the DynamoDB instance that was created by the previous CloudFormation script (the DB is called deviceInfo)

img/dynamodb-deviceInfo.png

  • serialNumber: This should be something unique and will be the identifier for the IoT device you are onboarding (e.g. gps-glover-01)
  • deviceToken: This should be a private hash/secret that you will use to generate certificates for your new device securely (e.g. 572589798725)

Substitute these two into your API Gateway query

https://<api-gateway-id>.execute-api.us-east-1.amazonaws.com/LATEST/getcert?serialNumber=gps-glover-01&deviceToken=572589798725

You'll be returned a json response:

{
    "certificateArn": "arn:aws:iot:us-east-1:<account-id>:cert/009ff6ee0.........",
    "certificateId": "009ff6ee092e......",
    "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDWTCCAkGgAwIBAgIUZiIgLi......-----END CERTIFICATE-----\n",
    "keyPair": {
        "PublicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAO.......-----END PUBLIC KEY-----\n",
        "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQ........-----END RSA PRIVATE KEY-----\n"
    },
    "RootCA": "-----BEGIN CERTIFICATE-----\r\nMIIE0zCCA7ugAwIBAgIQGNrRniZ96Lt........-----END CERTIFICATE-----"
}

Place the outputs for each of the three fields below into new files in esp8266-gps/certs

  • esp8266-gps/certs/certificate.pem.crt: certificatePem
  • esp8266-gps/certs/private.pem.key: keyPair.PrivateKey
  • esp8266-gps/certs/root-CA.pem: RootCA

Follow the instructions in esp8266-gps/README.md on how to convert and upload these certificates to the ESP8266

DynamoDB Instance

Deploys the DynamoDB table + an action rule to push data from a topic into said Dynamo instance

aws cloudformation create-stack --stack-name "TrafficCop-IoT-TopicRule" \
--template-body file://aws/IoT-TopicRule.json \
--parameters file://aws/IoT-TopicRule-Params.json \
--capabilities CAPABILITY_IAM

DynamoDB API

Build the API zip

cd api
./package-lambda.sh

Upload the API to S3 bucket (this same S3 bucket should be used in the Parameters of the aws/DynamoDB-Frontend-Params.json file)

cd api
aws s3 cp dynamodb-api.zip s3://waanimals-deployment-scripts/traffic-cop/dynamodb-api.zip

Deploy the API to CloudFormation

aws cloudformation deploy --template-file aws/DynamoDB-Frontend.json \
--stack-name "TrafficCop-DynamoDB-API" \
--capabilities CAPABILITY_IAM

Retrieve the stacks API endpoint

aws cloudformation describe-stacks --stack-name "TrafficCop-DynamoDB-API"  --query Stacks[].Outputs[].OutputValue[] --output text

Place the output from this command into the frontend/index.html file under replacing the api_gateway_url variable.

var api_gateway_url = 'https://<api_gateway_id>.execute-api.us-east-1.amazonaws.com/prod';

Frontend

Deploy the frontend HTML to an S3 bucket with site capability

The bucket policy should be the following for public access

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::traffic-cop/*"
            ]
        }
    ]
}

Push the frontend to the bucket.

aws s3 sync frontend/ s3://traffic-cop/

Extras

The db_tools can be used in order to add new entries to the DynamoDB instance manually while testing. To use it simply run npm install then npm run test. You will need to also change the DynamoDB instance name in db_tools/test.js first.

Deploy to SAM

Create a bucket

aws s3 mb s3://traffic-cop-api --region us-east-1

Package

sam package --template-file aws/DynamoDB-Frontend.json \
--s3-bucket traffic-cop-api \
--output-template-file aws/packaged.yaml

Deploy

sam deploy --template-file ./aws/packaged.yaml \
--stack-name "traffic-cop-query-engine" \
--capabilities CAPABILITY_IAM

About

WiFi Beacon & Client sniffing pipeline for analysing the movements of Human Traffickers.

traffic-cop.s3-website-us-east-1.amazonaws.com/

Topics

esp8266 aws-iot espressif aws-serverless aws-cloudformation aws-dynamodb wifi-scanner

Resources

Readme
Activity

Stars

14 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages