Blinky-Lite

An open-source secure , remotely accessible, full-stack, integrated hardware-software control platform.

Control Systems

When most people think of a control system, they imagine a room filled with dials and computer screens. But control systems are so ubiquitous that most people take them for granted. For example, the thermostat in a house is part of a control system . The stop lights in a city are synchronised by another system. One can even think of the central nervous system in a human body as a control system.

Control systems can be broken into four parts.

  • First, there are sensors to observe the surrounding environment.
  • Next, there is some type of intelligence to process the sensor input and decide on a course of action. The intelligence can be
    • a mechanical linkage,
    • an electronic circuit,
    • a computer program,
    • or even a human brain.
  • The third part is a set of actuators to implement the course of action. Actuators can be anything
    • from human hands
    • to the control rods of a nuclear reactor.
  • Lastly, but most important is the environment that reacts to the actuators and provides input to the sensors, thus, closing the loop.

What Blinky-Lite provides is the intelligence part of the control system; receiving input from sensors, deciding on a course of action, and relaying that course to the actuators.

Blinky-Lite Features

Remote Access

Consider the image of control rooms with TV screens and dials. This concept of a control system is great for large facilities that have a 24/7 staff on site. But this way of operating is expensive and inefficient for most types of facilities. Facility malfunctions usually do not happen while sitting in a control room during business hours. Many times, malfunctions occur in the middle of the night when experts are far away from the site. Also the world is interconnected as it has never been before. So an engineer needs access to the control system out in the field; wherever and whenever that may be.

To bring the control system to the engineer, Blinky-Lite was designed from the ground up to be a remotely accessible control platform. Sensors and actuators can be located anywhere in the world. All user applications are web applications that can be used on a mobile phone, tablet, desktop computer, or even in a control room.

Full Stack

Since the key feature of Blinky-Lite is remote access, security is the driving force in the development of Blinky-Lite. To be secure, a control platform must be complete or full-stack. Most available control platforms are just communication protocols. This leaves the user with missing functionality which often leads to a patchwork system, riddled with potential security vulnerabilities.

In contrast, Blinky-Lite strives to deliver a complete system. Not only does Blinky-Lite provide a set of device interfaces, a communication protocol, and configuration databases, it also provides

  • an alarm system,
  • notification system,
  • device viewers,
  • and plotting packages.

The data archiving system also includes access and setting history. User authentication interfaces include one-time-password, two factor authentication. And, instead of name-value pairs, device data is object-oriented which lends to complex data types, such as vectors and images. There is even an integrated logbook application, with hooks into the notification system.

Figure 1. Blinky-Lite Alarm Scanner


Figure 2. Blinky-Lite Notification Application


Figure 3. Blinky-Lite Device Viewer


Figure 4. Blinky-Lite Time Plotter


Figure 5. Blinky-Lite Archive Plotter


Figure 6. Blinky-Lite Access Log


Figure 7. Blinky-Lite Settings Log

Figure 8. Blinky-Lite Two Factor Authentication


Figure 9. Examples of vector and image data in Blinky-Lite


Figure 10. Blinky-Lite Logbook Application

Customization

Even though the base stack of Blinky-Lite applications should fit almost all of a user’s needs, custom user applications are an integral part of any control platform. However, developing event-driven control applications can be very challenging.

Blinky-Lite provides an application builder that makes it easy for the user to build their own custom dashboard application, without having to do any programming. The application builder has a basic library of widgets based on Boostrap 4 cards. The user just configures a JSON file in the Blinky-Lite app database.

Currently, the app builder has nine different types of cards and thirteen different types of widgets, which should cover almost all of the use cases a user will need. However, Blinky-Lite also has a framework for developing custom application cards that fit seamlessly into the Blinky-lite ecosystem.

Figure 11. Example of Blinky-Lite App Widgets


Figure 12. Examples fo Apps built from the Blinky-Lite App Builder

Security

From isolated container networks, to publish-subscribed device communication, to role-based authentication via jason web tokens, to virtual private network communication through a reverse proxy server, Blinky-Lite provides an organised, layered approach to remote access security.

Figure 13. Blinky-Lite Architecture

The Blinky-Lite architecture is based on Linux containers. A Linux container is a set of one or more processes that are isolated from the rest of the system. All the files necessary to run them are provided from a distinct image, meaning Linux containers are portable and consistent. Because of their popularity and ease of use, Linux containers make Blinky-Lite very extendable. Containers are also an important part of IT security. For example, all the Linux containers in Blinky-Lite communicate on an isolated container network.

Blinky-Lite Linux containers are managed by Portainer which itself is a linux container with an easy-to-use web interface. The core containers of Blinky-Lite are the application server, the database for storing data and application configuration, and the notification server for alarm handling.

Figure 14. Portainer container in Blinky-Lite


Figure 15. Application server container in Blinky-Lite


Figure 16. Mongo-DB Database container in Blinky-Lite


Figure 17. Notification container in Blinky-Lite.

To communicate with internal devices, Blinky-Lite uses an MQTT container. MQTT is a publish-subscribe communication protocol developed by IBM for the monitoring of oil pipelines running through the desert, but is now a very popular IoT communication protocol. A key security feature of MQTT is that every device initiates authentication to the communication broker, and the publish-subscribe topics for each device are linked to a unique device authentication. This is much different than most other control system protocols in which communication to the device is initiated externally, which can compromise security. Also, In traditional systems, devices can be overwhelmed by too many requests for data. However, MQTT provides inherent data pooling. That is, devices only publish data when they are ready, regardless of how many requests from users.

As discussed earlier, with Blinky-Lite, the user can only interact with the control system through applications served from the application server. The user accesses the web applications through a reverse proxy server that is configured to permit only appropriate routing requests from the user.

Next in the line of defence is role-based authentication. In the Blinky-Lite database, roles or permissions are assigned for each user. These roles limit which applications a user can use, what the user can do in each application, such as read or write, and what data types and data the user can interact with.

Figure 18. Role based access database

When a user logs into the control system with two factor authentication, their credentials are matched against those stored in the user database. The user’s roles that are defined in the user database are encrypted in a Jason web token. This token is then sent back to the user and is stored as an encrypted cookie in her browser. Each time the user interacts with the application server, she presents the encrypted token, and the server decides whether the request can be granted, based on the user’s allowed roles.

Figure 19. User authentication flow.

At this point, Blinky-Lite is perfectly suited for operations inside an internet firewall. However, a remote access control platform is not of much use if it cannot be securely accessed from outside the user’s facility. For secure remote access, Blinky lite provides a tunnel container that sends traffic through the firewall, using a virtual private network. Now, Blinky-Lite goes one step further by routing the VPN to an outbound-only, reverse proxy server, located in the cloud, such as Cloudflare zero trust. This reverse proxy server permits only allowed routes to the application server, and provides the first line of defence against the wild-world of the internet, such as denial-of-service attacks.

Because Blinky-Lite uses MQTT as its device communication protocol, Blinky-Lite can be easily extended to a multi-node distributed control platform, by bridging multiple Blinky-Lite systems to an external MQTT broker. By configuring the topics on the external broker, it is possible to share only a certain subset of devices between Blinky-Lite systems. This configuration provides an excellent balance between data sharing and compartmentalising. Note, again, that connections to the external broker are initiated from the internal brokers, providing a secure connection.