Home Automation using Raspberry Pi

Tags: apache, d3js, home automation, linux, mysql, open source, php, python, raspberry pi, secure, ssh, web server

Introduction

My project utilises the growing market trend of Internet of Things devices and will help connect the bridge between hardware and software devices in our own homes using the low cost Raspberry Pi computer.

Nowadays almost everybody has a smart phone in their pockets at all times and almost everybody has a WiFi connection in their home- but how many of those people can control their home devices securely from their phone?

My project takes advantage of the low cost Pi but shields people from the complexity of programming and piecing it together.

Features of my project

All peripherals connected to the Pi can be remotely controlled from a mobile, tablet or desktop computer from anywhere in the world. After logging onto the website using their credentials, the user is presented with a dashboard which allows them to interact with their home appliances

Specifically, my project is able to:

  • Control a door lock
  • View a live webcam stream
  • Control lights
  • Control AC mains plug
  • Take temperature readings and act upon them

 Use cases

  • Automate your kettle to turn on as you open the front door from a long day at work.
  • When you hear the doorbell, you can view who is at your door, and let them in, all from your phone/tablet.
  • When the temperature drops or reaches a certain temperature, you can control the boiler to meet your needs- you could even open or close a door to let a pet in or out of the house.
  • You could automatically feed your pet based on a time schedule when you are away from the house.
  • Lights could turn on at specific times when you are not at the house/when on holiday to give the impression you are in.

These are just some of the potential use cases my project has to offer

About Me

Name: Rupert Agnew

Course: BSc (Hons) Computer Science

Project Title: Home Automation using Raspberry Pi

Project Website: https://pizilla.co.uk

Email: rupert@agnew.org.uk

LinkedIn: https://www.linkedin.com/in/rupert-agnew-543586a8/

Overview

 

My project works by running an Apache web server on a Raspberry Pi 3 connected to my home router. The domain name pizilla.co.uk was assigned to my home IP address and also has a Dynamic DNS system in place to re-assign the IP address when it changes. 

The peripherals are controlled via the GPIO (General Purpose Input Output) pins attached to the Raspberry Pi. Scripts written in Python are executed from a PHP webpage hosted on the Pi after the user has validated their credentials.

Electronic circuit boards have been created which control the peripherals. I used relays to isolate the plug and solenoid lock from the Pi. The plug is rated up to 20Amp 240AC which is perfectly capable of controlling many home appliances such as a kettle, iron, TV etc. 

Due to the personal nature of home automation systems I have focused extra care and attention to implement multiple security features to create a secure final year project. These features can be read about in the security section.

I ran an SSH Honeypot for a month collecting details on attempted hack attempts to my Pi - I have performed data analysis on these attacks using Splunk Enterprise and have used the D3.js framework to render these different data visualisations which show different connection attempts from across the globe. 

As I was running the Raspbian Jessie Lite Operating System the entire project was completed via the command line as Jessie Lite does not offer a GUI. Code was written in Notepad++ on my PC and transferred over via SFTP to be run. 

Technologies Used

  • Linux
  • Apache
  • MySQL
  • Python
  • PHP
  • D3.js
  • Bootstrap
  • Splunk Enterprise
  • LetsEncrypt SSL Certificate
  • Raspberry Pi 3 & Raspbian Jessie Lite OS
  • Electronics such as Solenoid Locks, AC Mains Plugs, Relays, MOSFETS, Resistors, LEDs

Security Features

  • All passwords are hashed with strong hashing algorithm bcrypt using dynamically generated salts to prevent against rainbow attacks.
  • Login attempts are only allowed to be passed through to the server after authorisation with Google’s reCAPTCHA program. This helps prevent/drastically reduce any brute force attempts.
  • All forms have been sanitised and validated to prevent SQL injection attacks.
  • Default ports have been changed and Linux permissions and groups have been carefully selected to provide proper authentication.
  • All pages are processed over encrypted port 443 otherwise known as HTTPS. All unencrypted HTTP requests will be forwarded onto HTTPS.
  • Directory listings have been disabled and I have removed the server signature so it does not reveal what version of Apache is being run which could give hackers an advantage to look for known exploits for said version.
  • After logging in a welcome message will state the last login time and IP address for that account.
  • HTTP POST methods are used as opposed to HTTP GET which is unsafe.
  • Strong firewall rules have been implemented to ban any IP for an indefinite amount of time after x failed attempts at SSH login.
  • SSH login attempts on default port 22 are widespread. I ran a honeypot for one month collecting data on this matter. I have displayed this data in several different visualisations which you can view.

 

End Users

  • Educational purposes, in primary schools, secondary schools and at University level- this will help close the programming gap for the UKs youth by introducing them to exciting computing lessons with practical examples
  • Disabled purposes, some people are unfortunately less able to move in their own homes; by using my product will greatly improve their quality of life. For instance turning on/off lights whilst in bed. Seeing who is at the door before going to check etc
  • Enthusiasts – as it is open-source this will allow people to ‘tinker’ with their device and add or remove as many features as they want. It is completely customisable to their needs.
  • People in Houses of Multiple Occupancy – this will be an easy way to keep track of bills, by viewing logs of who used what appliance at what time. Landlords can easily manage their homes when contracts change over by changing passwords to their homes- much cheaper than changing locks!
  • Families - anybody who has a pet at home whilst they are at work, or want to check on their children whilst they are at the shops, want to water the plants when they are away on holiday?
  • The Maker Community – this community is huge and my project will directly appeal to them

SSH Honeypot

After being online for a few days, I noticed my system authentication log file was huge - I noticed a brute force attack was taking place on SSH port 22 before I had changed it.

I installed Kippo, a SSH Honeypot written in Python on a 2nd Raspberry Pi server to analyse the true extent of these attacks.

The data I collected was fascinating and over a 1 month period I logged:

  • 68,373 attempted username/password combinations
  • 1,033 unique originating IP addresses
  • From 63 different countries!

I used Splunk Enterprise to analyse and sort this data and then used the D3.js framework to produce different data visualisations.

One visualisation I am particularly proud of is the total number of unique longitude/latitude coordinates that were resolved from an attacking IP address, I displayed these as arcs aimed towards the UK to represent the attack:

c1 - SSH attacks arcs.PNG

All my interactive visualisations can be found on my website at pizilla.co.uk/maps