International Core Journal of Engineering 2020-26 | Page 181

3. Data encryption and decryption function, through the
special encryption chip, complete the encryption protection
of sensitive data; 4. VPN function, establish an IPsec VPN
tunnel between the gateway and the server to protect the data
security of the transport layer; 5. Human-computer
interaction function, we designed serial communication
program, and LED configuration screen is connected to the
gateway through the serial port to realize convenient and
easy-to-use human-computer interaction.
Application
layer
Login
authentication VPN tunnel State of
perception Remote
control
System
management Log
information Encryption
and decryption man-machine
interaction
Protocol
layer
WAN
LAN
WIFI
Network Interfaces
FLASH
EC20
Module
Debug Interfaces
MT7620A
USB
HUB
OpenWRT
Nic driver
4G Antenna
RAM
Protocol conversion
Protocol parsing
System
layer
Driver
layer
peripherals. If the interface or peripheral fails to start, the
initialization process stops. If the peripherals and interfaces
are successfully started, the bootloader will start the kernel
and initialize. When the initialization finished, enter the user
login interface. During the user login process, the user
performs two-factor authentication, including the user's
device login password and identity information. If the
authentication is passed, the user is assigned the response
authority.
EC20 driver
USB driver
LED Bluetooth Zigbee
Serial driver
HS32U2
Serial ports
Hardware platform
Fig3. The overall structure of the Internet of Things gateway hardware
platform
Fig2. System architecture
B. Hardware Platform Design
The overall structure of the hardware platform of the
Internet of Things Gateway is shown in the figure. The
gateway hardware is divided into six parts, which are the
main controller MT7620A, 4G network module EC20,
security chip HS32U2, LED configuration screen, ZIGBEE
module and HC-05 Bluetooth module. On this basis, the
communication peripheral bus circuit design and the
communication bus design between the modules are
completed. The main controller is connected to the 4G
module and the security chip through the USB HUB. The
maximum transmission bandwidth of the USB3.0 is up to 5.0
Gbps. During the process of data encryption, decryption and
uploading and downloading, the interface has a high
communication rate requirement, so the USB3 is adopted.
The USB3.0 standard is connected to the 4G and
cryptographic modules of the main controller to meet the rate
requirements between interfaces. The working status of the
traditional gateway is only indicated by the indicator light,
and there are problems such as inconvenient monitoring of
the running state and complicated human-computer
interaction. The design of the LED configuration screen
through the serial port enables device login, log viewing,
network management, status query and other operations,
effectively solving the problems of complicated installation
and deployment of the gateway and inconvenient human-
computer interaction. In the design of the connection with
the wireless sensor network, the main controller is connected
to the ZigBee module and the Bluetooth module through
different serial interfaces, and can acquire the environmental
information collected by the wireless sensor network and
complete the information interaction with the terminal node.
Start
No
Load
Load d serial
Lo
serial port
port
ort
program
p program
Yes
Load
Load cipher
L
cipher
h r
module
modu
d le
Yes
No
User
User login
login
Dual
Dual Factor
Factor
Authentication
Authentication
Authentication
Authentication
A
ion
success
success
Yes
No
Assign
Assign permissions
permissions
User
ser operation
operation
Finish
Fig4. Initialization and authentication login
The figure shows a schematic diagram of the data
protection process. Data protection is mainly carried out in
the two paths of the terminal node and the gateway, the
gateway and the server. First, the gateway device and the
terminal node complete the PUF-based identity
authentication and key negotiation, and then encrypt and
protect the node data through the negotiation key. After the
gateway decrypts the data, the data is classified according to
the policy, and the data is encapsulated according to the
corresponding application protocol. The transmission module
establishes a VPN tunnel for the service, and uploads the
encrypted data to the server through the secure tunnel. Since
the two parties establishing the VPN do not feel the
encryption during use, the server receives the data
encapsulated by the application protocol, and then It is
C. Software Design
The gateway is based on a modular design. The entire
gateway device is divided into several key processes, and the
interaction of these processes achieves the purpose of
coordination. Here, the key processes such as device
initialization, login authentication, and data protection are
described. The first stage of device startup is bootloader
startup, completing the check of the hardware interface and
159