{{announcement.body}}
{{announcement.title}}

IoT and Node.JS: How to Catch the Opportunity?

DZone 's Guide to

IoT and Node.JS: How to Catch the Opportunity?

Why to use Node.js for the server-side of your IoT device and how to minimize security risks?

· IoT Zone ·
Free Resource

In 2019, the market revenue of IoT reached $ 212 billion. There are about 26.66 billion connected IoT devices worldwide, and this number is to reach 75.44 billion by 2025. The UN estimates that, in May 2020, the world population is 7.78 billion people. A simple math operation tells us that an average person owns from 3 to 4 IoT devices. Do you have one? Maybe a smartwatch? A smart TV? Or a smart car?

Moving further, the population is expected to reach 8.1 billion people in 2025. The same math calculation shows us that, in 2025, an average person will have from 9 to 10 smart devices in their possession. Do you see where I am leading you to? Do you want to join this prosperous market niche and make your IoT device to be one of these 9 to 10?

IoT industry stats


Why Node.js?

The client-side of an IoT device is represented by the hardware itself. It is programmed with C, C++, or Lua — low-level and difficult programming languages. Yet, there is not much you can do about it because of hardware limitations. Along with high performance, the users of IoT devices prioritize low cost and energy-efficiency. Thus, at least for now, you should keep working with low-level languages.

In turn, the server-side of IoT applications offers you more freedom of choice. Here, you are not limited by the hardware, so you can choose any coding language and framework you prefer. And we believe that the right one is Node.js.

Node.js Is Fast and Performant

First of all, any IoT device is constantly working with dynamically changing data. It means that you need a framework, which would handle real-time applications and heavy data flows. Node.js is built on Google’s V8 JS engine, which is highly effective and perfectly scalable. Thanks to this feature, Node.js is the number one framework to be used with real-time apps and platforms. Constantly changing data is not a challenge for it either.

Node.js Is Easy to Integrate With IoT Protocols

IoT applications actively use a publish-subscribe-based messaging protocol MQTT. In turn, for transportation and encapsulation, this protocol uses WebSockets. Both MQTT and WebSockets are well-supported and easily integrated with Node.js development.

Node.js Modules Facilitate IoT Development

Node.js is augmented with npm — Node Package Manager, which features a lot of useful IoT modules. There are about 80 packages for Intel IoT Edison, Arduino, or Rasberry Pi. Also, it features over 30 packages for different sensors, beacons, and other tools. This is why Internet of Things development is simpler and faster with Node.js IoT modules.

Node.js Is Resource-Efficient and Scalable

In general, developers prefer working with Node.js because it does not require a lot of resources. The CPU and RAM are not overloaded. Also, Node.js is perfectly scalable, which is absolutely necessary for most modern companies.


How to Minimize Security Risks

Entering the IoT niche is a path to success. No wonder that there are a lot of challenges and traps awaiting on your way — success is never easy to achieve. And the first and foremost challenge you should be aware of is security.

Security is one of the top problems in the IoT sphere and one of the first pitfalls you will stumble upon. So what should you do and how?

Secure Authentication

Let’s start with authentication. There are a lot of tools for authentication in Node.js: tokens, jwt, auth0, and so on. Each has its advantages and disadvantages. Yet, you should look at them from the perspective of IoT.

On the one hand, tokens are effective but not 100 percent safe. The hardware (scanners, sensors, hubs, etc.) should store this token or login/password data in firmware. Respectively, attackers can steal the token if they have physical access to the hardware. The same story goes for jwt or auth0.

On the other hand, we can use any tool for authentication on the server-side. You can easily integrate any authentication tool on the Node.js platform. There are a lot of npm packages which allow you to do it manually: auth0, passport, jwt. There are also packages for integration with cloud IoT services: @azure-iot/authentication, aws-iot-device-sdk etc.

Secure HTTP Requests

Next, be careful with HTTP requests from your IoT devices. You should check if you get a request from a proper IoT device. Firstly, you should implement HTTPS with your IoT devices. Hardware is not a browser, and you should implement HTTPS manually on it. For the server-side, you can either do it manually or use hosting with HTTPS configuration and certificates. In Node.js, it is quite easy to implement:

JavaScript
 




xxxxxxxxxx
1
11


 
1
const express = require('express');
2
const https = require('https');
3
const http = require('http');
4
const fs = require('fs');
5
const options = {
6
  key: fs.readFileSync('path/to/your/key.pem'),
7
  cert: fs.readFileSync(path/to/your/certificate.cert')
8
};
9
const app = express();
10
http.createServer(app).listen(80);
11
https.createServer(options, app).listen(443);



HTTPS uses SSL or TLS protocols for data encryption. However, to be sure that you have got a request from the necessary server or client, use additional data encryption. For example, this is how you can use the signature:

JavaScript
 




xxxxxxxxxx
1
15


 
1
const fetch = require('node-fetch');
2
const verifier = crypto.createVerify('RSA-SHA1')
3
const SIGNATURE_FORMAT = 'base64';
4
//check if it trusted url for your certificate
5
const trustedUrl = ‘https://trustedUrl/’
6
const isTrustedUrl = trustedUrl.match(url);
7
If (isTrustedUrl) {
8
verifier.update(req.body, 'utf8')
9
fetch(isTrustedUrl)
10
.then(certificate => {
11
// check signature
12
const isValidSignature = verifier.verify(certificate, reg.header.signature, SIGNATURE_FORMAT);
13
})
14
.catch(err => console.log(err));
15
}



To sum up this part:

  1. First, you have to check the trusted URL of your certificate.
  2. Then, you sign a request body by public key from your certificate.
  3. Finally, you compare the signed body with the signature from headers.

It is extremely important to know that we get requests from proper devices and it is not the middle attack.


To Wrap Up

Node.js facilitates IoT development and makes sure that the system is performant and secure. It is resource-efficient, easy to integrate with IoT protocols, and scalable, while its modules accelerate IoT development. Yet, Node.js and IoT are a successful couple only if developers understand the potential benefits that Node.js development may offer and risks that need to be avoided.

The prospects of the IoT market prove that it is definitely worth jumping into this industry. However, do not dive headfirst before you minimize security risks.

Topics:
internet of things ,javascript ,node ,nodejs ,programming ,security ,security risks ,software development ,tech ,technology

Published at DZone with permission of Max Savonin . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}