For as long as humans have tried to lock up stuff and keep their belongings safe, burglars (hackers in this context) have always tried to break into those locks. How does it sound if we say you can build your own smart lock that allows only you to be able to unlock it?
Today’s users expect to interact in real-time. PubNub makes it easy for you to add real-time capabilities to your apps, without worrying about the infrastructure. You can build apps that allow your users to engage in real-time across mobile, browser, desktop and server. PubNub powers real-time communication for the Internet of Things and smart devices and provides the infrastructure and APIs for communication for any size IoT deployment. And PubNub Access Management makes it all secure.
The full GitHub repo for this project is available here. And here’s a demo of it in action:
PubNub Access Manager extends PubNub’s security framework by providing token-based authorization that allows read and write access control at the user, device and channel level. PubNub Access Manager plays a major role in IoT/home automation device management system where secure data is streaming bi-directionally between registered devices and IoT devices like bulbs, sensors or locks.
To access PubNub Access Manager you need to enable Access Manager in the PubNub Admin Dashboard (sign up first if you haven’t).
Set Access Manager to ON
Type ENABLE and click on ‘Save Changes’
Now you are all set to grant access to the users, groups and channels who can access the data that can be sent or received.
PAM operates completely on grant permission scheme and there are 3 levels of access:
The idea here is to power a simple lock mechanism using Raspberry Pi. You can check out our PubNub blogs on how to get connected with Raspberry Pi and how to get started with Raspberry Pi 2 and Python.
Once you set up Raspberry Pi, install Python and import PubNub into your setup using the command:
pip install Pubnub
In order to perform PAM operations correctly, you must provide administrative authority. In order to perform an administrative function, you need to include secret_key
along with publish_key
and subscribe_key
.
Your key will have your authentication key authKey
. This authKey
should be unique to your device. At any point during run-time you can set the authKey
using setAuthKey()
function.
As discussed earlier, there are 3 levels of access in PAM. Smart Locks like many other “Internet of Things” devices are vulnerable to internet hacks. So the highest level of security that can be provided to your Smart Lock using PubNub Access Manager is the channel + authKey level access.
This example grants 5 minutes access to a user whose auth_key is ‘Valid_key’ in the channel Raspberry. If a user doesn’t have access and tries to publish, they get a 403 error.
Whereas if you have access to publish you can see the following response for your JavaScript grant code:
{ error: false, operation: 'PNAccessManagerGrant', statusCode: 200 }
Once you grant permission to a user of a specific channel, you can try to publish a message on to the device. If the user is authorized to publish on to the lock, you should be able to unlock the device.
If you are not a valid user or if you do not have grant access and are trying to break the lock, you get the following error if you are using JavaScript:
{error: true, operation: "PNPublishOperation", statusCode: 403, errorData: Error: Forbidden at Request.<anonymous> (https://cdn.pubnub.com/sdk/javascript/pubnub.4.20.1.js:…, category: "PNAccessDeniedCategory"}
Setting up PubNub using Python on to your Raspberry Pi is simple and straight forward. You can provide user level read or write access using PubNub Access Manager to make your lock highly secure. PubNub authKey makes sure that only you have the privilege to unlock the IoT making it more secure and reliable.
In our next part, we add OAuth 2.0 to make our app even more secure!
Originally published at www.pubnub.com.