Suchen Sie etwas anderes?
Scenario details:
- A large pack of electric meter boxes is available. Until today the readings of the contractors are made through GSM Data Calls (CSD) made to the modems which are connected to the electric meter boxes through the RS232 port. It is intended to move from GSM (CSD) to IP, and add a remote modem management system (Device Manager) that allows remote monitoring of modems, as well as being able to make changes to remote configurations, firmware update, certificate management, etc.
- High security is required. Both the IP data channel of the meter reading (communication between the modem and the reading center) and the modem monitoring control channel (that is, the communication between the modem and the Device Manager) must be carried out through a communication IP with SSL/TLS security and mutual authentication. To further increase security, the modem must NOT have any TCP port on listen, that is, all TCP/IP connections must be made from the modem. Therefore, every time the reading platform needs to read a counter, it must execute an API command against the Plataform Device Manager, indicating that it wants to read a certain counter. The Device Manager will send a command to the modem (through the command channel already established with SSL/TLS security) to open another secure data channel against the reading platform
- Currently, the reading infrastructure of the electric meter boxes is carried out by means of a GSM data call (CSD). Therefore, new modems must also be compatible with this type of CSD calls until the infrastructure migrates to IP communications. Taking advantage of the modem replacement, it is intended to add an additional security layer to the current GSM data calls (CSD), and that modems should only accept CSD calls that are made from authorized telephone numbers, that is, from the numbers Telephone Counter Reading Center
Solution:
Config.txt configuration file (master):
Configuration | Observations |
COMM_baudrate: 9600 COMM_bitsperchar: 8 COMM_autorts: off COMM_autocts: off COMM_stopbits: 1 COMM_parity: none GPRS_apn: movistar.es GPRS_login: MOVISTAR GPRS_password: MOVISTAR GPRS_timeout: 0 GPRS_mode: 2g MTX_PIN: 0000 MTX_mode: none MTX_model: 199801422 MTX_ping: 35 MTX_pingIP: 8.8.8.8 MTX_ATLimited: off MTX_IDClient: [IMEI] MTX_temporalClientTimeout: 120 MTX_clientSSL: on SMS_allPhones: off SMS_sendIP: off SMS_ATEnabled: on SMS_ATResponse: on SMS_validPhone1: +34666123456 SMS_validPhone2: +34666123457 MQTT_enabled: on MQTT_server: ssl://broker.cervello.io:8883 MQTT_id: yku41420t957oh8t MQTT_login: jfj1usly8ijhh9hizfr453 MQTT_password: gthhdte67y3ttes33fgg MQTT_attopic1: [IMEI]/AT MQTT_atrtopic: [IMEI]/ATR MQTT_keepalive: 300 DNS_enabled: on DNS_mode: mqtt DNS_mqttTopic: [IMEI]/dns DNS_extended: off DNS_period: 600 CSD_enabled: on CSD_validPhone1: 666333444 CSD_validPhone2: 666444555 |
Serial port baud rate Number of bits No flow control No flow control 1 stop bit No parity APN GPRS provided by the GSM operator GPRS Login GPRS Password Modem is always GPRS connected GPRS connection server type Pin of the SIM GPRS connection server type Modem model Ping time to oversee connection Google IP (f.e.) to ping No AT commands limitations Identifying chain Socket closes if no traffic during x seconds TCP client socket Send SMS with commands from any phone Modem won’t respond to a missed call/SMS Commands can be sent to the MTX by SMS MTX responds with an SMS to a command SMS Authorized phone number 1 Authorized phone number 2 MQTT service enabled Broker IP/DNS specified, including identifying port Identifier Username Password MQTT topic to send AT commands Topic to send replies to commands to Connection keep alive (300 seconds) Status data sending activated MQTT sending mode Topic where status data are sent Extended data (E/S, ADCs…) are not sent One sending every 600 secs (5 mins.) CSD calls are enabled Authorized phone number 1 Authorized phone number 2 |
Details:
- The IP connection between the modem and the Device Manager is permanent and secure (SSL/TLS). It is always set and at any time it is possible to send an action command (configuration change, reset, etc.) from the Device Manager to the modem
- The connection between the modem and the reading platform is not permanent. The procedure by the reading platform to start reading an accountant safely is as follows:
-
- The reading platform executes an API (webservice) command against the Device Manager Platform, indicating the modem to be read. (See documentation of the API of the Cervello platform)
- The Device Manager Platform sends a command to the modem (through its always established data channel, with SSL/TLS security) so that it opens another secure channel (SSL/TLS) of communications in TCP mode client against the platform of meter box reading. In this case, the IP command and connection TCP port against the platform will be indicated in the API command. The command that the Device Manager platform sends to the modem is:
AT ^ MTXTUNNEL = TEMPORALCLIENT, IP, TCPPORT, TIMEOUT
Where the IP address TCP port of the meter box reading platform, respectively, is specified in the IP and TCPPORT parameter. In TIMEOUT you specify the time (seconds) after which the socket must be closed in case there is no traffic through it. - The modem opens an SSL/TLS socket against the TCP and IP port that indicates the command received from the Device Manager Platform. Mutual authentication is performed between the reading platform and modem through digital certificates
- Once the secure socket (SSL/TLS) is established, the modem sends the value of its MTX_IDClient configuration parameter through this socket, an alphanumeric string that allows the reading platform to identify the modem that has been connected (in case you want to read several counters simultaneously).
This socket will remain established until it is closed on the side of the reading platform or “MTX_temporalClientTimeout” seconds pass without traffic on it. - The platform can start the meter reading through said socket as a transparent IP-RS232 gateway with SSL/TLS security
- Once the meter is read, the reading platform will close the socket. To start a new meter reading, the process indicated in 1 is restarted
- You must adjust the values of the COMM_ parameters by adjusting them to the serial port configuration of the connected device
- For SSL communications, if you need to incorporate the root certificates of your servers, at the end of this document you will find an Annex with the procedure
- The security in this communication model is very high, since there’s no TCP port open (on listening) in the modem, all communications are of the client TCP type, secured by SSL/TLS
- In this scenario, in addition to IP communications, it is allowed to connect to the Counter via GSM data call (CSD). That is why in this scenario the modem must be forced to use the 2G network (parameter GPRS_mode: 2g). If you do not need a GSM data call, you can change the GPRS_mode configuration parameter to an “auto” value, that way the modem will use the 2G/3G network according to availability