Cellular IoT Fundamentals

Changing the version will not affect your certificate
Lesson 1 – Basics of cellular IoT
 5 Topics | 1 Quiz
LTE-M and NB-IoT
Power saving techniques
Network coverage and SIM cards
nRF91 Series
Exercise 1 – Sending data to nRF Cloud
Lesson 1 quiz
Lesson 2 – Getting a cellular connection
 4 Topics | 1 Quiz
AT commands
LTE link controller library
Exercise 1 – Using AT commands to control the modem
Exercise 2 – Using a library to establish an LTE connection
Lesson 2 quiz
Lesson 3 – Interacting with the modem
 4 Topics | 1 Quiz
Network programming
nRF Modem library
Socket API
Exercise 1 – Using the socket API
Lesson 3 quiz
Lesson 4 – Reading buttons and controlling LEDs over MQTT
 4 Topics | 1 Quiz
MQTT protocol
MQTT library
Exercise 1 – Connecting to an MQTT broker
Exercise 2 – Adding TLS to the MQTT connection
Lesson 4 quiz
Lesson 5 – Sending and receiving messages over CoAP
 4 Topics | 1 Quiz
CoAP protocol
CoAP library
Exercise 1 – Connecting to a CoAP server
Exercise 2 – Adding DTLS to the CoAP connection
Lesson 5 quiz
Lesson 6 – Requesting location using GNSS
 4 Topics | 1 Quiz
Global Navigation Satellite System (GNSS)
GNSS interface
Exercise 1 – Acquiring a GNSS fix
Exercise 2 – Sending GNSS coordinates to a UDP server
Lesson 6 quiz
Lesson 7 – Debugging with a modem trace
 3 Topics | 1 Quiz
Modem trace
Exercise 1 – Capturing a modem trace
Exercise 2 – Decoding the modem trace
Lesson 7 quiz
Lesson 8 – nRF91 simple tracker
 2 Topics | 1 Quiz
Project description
nRF91 simple tracker solution
Lesson 8 quiz
Get your Certificate!
Feedback
Feedback

If you are having issues with the exercises, please create a ticket on DevZone: devzone.nordicsemi.com
Drag & Drop Files, Choose Files to Upload You can upload up to 2 files.
Loading
RegisterLog in

Exercise 2 – Adding DTLS to the CoAP connection

In this exercise, we will encrypt the communication between our board and the CoAP server using DTLS.

DTLS is based on the TLS protocol and is intended to provide the same security guarantees. The main difference is that DTLS uses UDP, which is the transport layer CoAP uses, and is why we are using it in this exercise.

In addition to encryption, which makes sure that the content of your communication cannot be read by third parties along the network path, DTLS also makes sure that the content cannot be altered by third parties along the network path.

Exercise Steps

1. In the GitHub repository for this course, go to the base code for this exercise, found in l5/l5_e2.

2. In the Kconfig file, define two new configurations COAP_DEVICE_NAME and COAP_SERVER_PSK.

Both these configurations will be used when writing credentials to the modem.

2.1 COAP_DEVICE_NAME will be used as the PSK Identity. From the documentation for the server we are using, the PSK Identity can be on the form cali.*.*, so we are using cali.test.nrf91.

Copy
config COAP_DEVICE_NAME
	string "Device resource name - this will be the device name on the CoAP server"
	default "cali.test.nrf91"
Kconfig

2.2 COAP_SERVER_PSK is the PSK secret, which is the string .fornium which when converted into hexadecimal values becomes 2e666f726e69756d.

Copy
config COAP_SERVER_PSK
	string "Server PSK"
	default "2e666f726e69756d"
Kconfig

3. Change the configured server port to use the DTLS port for the CoAP server we are using.

In our case, eclipse.californium.io uses port 5684 for DTLS connections. This is the standard CoAP over DTLS port.

In prj.conf, change the value of COAP_SERVER_PORT to be 5684.

Copy
CONFIG_COAP_SERVER_PORT=5684
Kconfig

4. Enable the modem key management library and TLS credentials API.

4.1 Enable the configuration by adding the following line to the prj.conf file.

Copy
CONFIG_MODEM_KEY_MGMT=y
Kconfig

4.2 In main.c, include the header file for the modem key management library and the TLS credentials API from the BSD socket API.

Copy
#include <modem/modem_key_mgmt.h>
#include <zephyr/net/tls_credentials.h>
C

5. Define the macro for the security tag.

Copy
#define SEC_TAG 12
C

6. In client_init(), create a DTLS socket and use zsock_setsockopt() to write credentials to the socket.

6.1 Create a DTLS socket by changing the last parameter in the call to zsock_socket() to IPPROTO_DTLS_1_2.

Copy
sock = zsock_socket(AF_INET, SOCK_DGRAM, IPPROTO_DTLS_1_2);
C

7. Set the DTLS relevant socket options for the socket using setsockopt(), which has the following signature

  • sock – File descriptor for the socket to use
  • level – Specifies at which protocol level the option resides
  • optname – A single option to set
  • optval – Value of the option to set
  • optlen – Length of the option value

We will be setting the options TLS_PEER_VERIFY, TLS_HOSTNAME and TLS_SEC_TAG_LIST, which resides at the protocol level SOL_TLS. Note that since DTLS is an implementation of TLS intended to work over datagram sockets, DTLS uses the same socket options as TLS.

7.1 Set the option TLS_PEER_VERIFY to be required.

Copy
enum {
	NONE = 0,
	OPTIONAL = 1,
	REQUIRED = 2,
};

int verify = REQUIRED;

err = zsock_setsockopt(sock, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify));
if (err) {
	LOG_ERR("Failed to setup peer verification, errno %d\n", errno);
	return -errno;
}
C

7.2 Set the option TLS_HOSTNAME to be the hostname for the CoAP server.

Copy
err = zsock_setsockopt(sock, SOL_TLS, TLS_HOSTNAME, CONFIG_COAP_SERVER_HOSTNAME,
	 strlen(CONFIG_COAP_SERVER_HOSTNAME));
if (err) {
	LOG_ERR("Failed to setup TLS hostname (%s), errno %d\n",
		CONFIG_COAP_SERVER_HOSTNAME, errno);
	return -errno;
}
C

7.3 Set the option TLS_SEC_TAG_LIST to the value we defined earlier in SEC_TAG.

When writing the credentials to the modem, this is the security tag that the credentials will be referenced with. The security tag must be attached to the socket before connecting.

Copy
sec_tag_t sec_tag_list[] = { SEC_TAG };

err = zsock_setsockopt(sock, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag_list,
		 sizeof(sec_tag_t) * ARRAY_SIZE(sec_tag_list));
if (err) {
	LOG_ERR("Failed to setup socket security tag, errno %d\n", errno);
	return -errno;
}
C

8. Before calling lte_lc_init_and_connect_async(), we need to write credentials to the modem using modem_key_mgmt_write(), which has the following signature

The function takes the security tag associated with the credential as the first parameter. This is the same security tag we wrote to the socket using zsock_setsockopt().

8.1 First we write the PSK identity to the modem, by specifying the credential type MODEM_KEY_MGMT_CRED_TYPE_IDENTITY.

This is the value stored in the Kconfig CONFIG_COAP_DEVICE_NAME.

Copy
err = modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_IDENTITY, CONFIG_COAP_DEVICE_NAME, 
			strlen(CONFIG_COAP_DEVICE_NAME));
if (err) {
	LOG_ERR("Failed to write identity: %d\n", err);
	return err;
}
C

8.2 Next, we write the PSK to the modem, by specifying the credential type MODEM_KEY_MGMT_CRED_TYPE_PSK. Recall that the PSK is stored in the Kconfig CONFIG_COAP_SERVER_PSK.

Copy
err = modem_key_mgmt_write(SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PSK, CONFIG_COAP_SERVER_PSK, 
			strlen(CONFIG_COAP_SERVER_PSK));
if (err) {
	LOG_ERR("Failed to write identity: %d\n", err);
	return err;
}
C

We have now configured the application to connect over CoAP using DTLS. However, if we test the application in its current state the connection will disconnect after a certain amount of time.

This is because of something called the NAT session timeout, which is the length of time the network will keep an inactive connection alive. The NAT timeout value is given by the network and can be as low as 12 seconds.

9. To solve this problem, we will set up some logic that will regularly ping the server to keep the connection alive. This will be done using work items and the system workqueue thread.

9.1 Define the interval in which the device will ping the server, TX_KEEP_ALIVE_INTERVAL.

Copy
 #define TX_KEEP_ALIVE_INTERVAL 6500
C

9.2 Define the delayable work item rx_work as a structure of type k_work_delayable.

Copy
static struct k_work_delayable rx_work;
C

9.3 Define the handler rx_work_fn() for the work item rx_work.

Define the function rx_work_fn() to call client_get_send(), just to send a package to keep the connection alive.

Copy
static void rx_work_fn(struct k_work *work)
{
	client_get_send();
}
C

9.4 Initialize the work item rx_work with the handler function rx_work_fn().

Before the while-loop in main(), call k_work_init_delayable() to initialize the delayable work structure rx_work with the handler rx_work_fn().

Copy
k_work_init_delayable(&rx_work,rx_work_fn);
C

9.5 In the while-loop, reschedule the work item rx_work using k_work_reschedule() with a delay of TX_KEEP_ALIVE_INTERVAL.

Copy
k_work_reschedule(&rx_work,K_MSEC(TX_KEEP_ALIVE_INTERVAL));
C

So if we don’t receive anything within the TX_KEEP_ALIVE_INTERVAL, rx_work performs the work to keep the connection alive. And if we do receive something, this is handled with a higher priority than rx_work, and then at the next iteration, rx_work is rescheduled with a delay of TX_KEEP_ALIVE_INTERVAL, and the cycle repeats.

More on this

There is another way to handle the issue with the NAT timer, which is to let the network disconnect, and then the next time you want to send something, initiate the DTLS connection again. In this case, the socket option TLS_SESSION_CACHE_ENABLED is recommended as it will reduce the amount of data, time and power that is required for the DTLS handshake.

10. Build the exercise and flash it to your board.

Testing

11. Let’s first set up a CoAP Client to communicate with our board. This is pretty much similar to the previous exercise. Except you need to specify the server address with coaps .

We will be testing on the PC using cf-browser. You will need Java Runtime Environment installed on your machine.

More on this

We have many options here. If you are using a PC, you could either download the desktop application cf-browser or you could use a chrome extension Copper for Chrome (Cu4Cr) CoAP. If you are using a tablet or smartphone, several Android and iOS apps are available that act as a CoAP client.

11.1 Enter the CoAP server URL (make sure it starts with coaps – it is available in the dropdown menu ) and discover its resources as shown below.

11.2 Send a message from the CoAP client to the board.

Locate the CONFIG_COAP_RX_RESOURCE resource used by the board to receive data. In other words, this is the CoAP resource that you will use to send to the board. This was set in step 3.2 of the previous exercise to validate. Type the message you want to send to the board and send it as a PUT request. You should see a response of ACK 2.04/CHANGED which means that the client has successfully modified the content of the resource.

On your board, the board is configured to periodically check this resource and print it on the terminal. Also, pressing button 1 will print the received message on the terminal.

*** Booting nRF Connect SDK ***
[00:00:00.312,538] <inf> Lesson5_Exercise2: Initializing modem library
[00:00:00.622,528] <inf> Lesson5_Exercise2: Connecting to LTE network
[00:00:04.381,195] <inf> Lesson5_Exercise2: RRC mode: Connected
[00:00:05.521,118] <inf> Lesson5_Exercise2: Network registration status: Connected - roaming
[00:00:05.521,270] <inf> Lesson5_Exercise2: Connected to LTE network
[00:00:05.688,232] <inf> Lesson5_Exercise2: IPv4 Address found 20.47.97.44
[00:00:05.688,964] <inf> Lesson5_Exercise2: Successfully connected to server
[00:00:10.806,854] <inf> Lesson5_Exercise2: RRC mode: Idle
[00:00:19.563,446] <inf> Lesson5_Exercise2: CoAP GET request sent: Token 0x4a6c
[00:00:19.650,817] <inf> Lesson5_Exercise2: RRC mode: Connected
[00:00:19.802,947] <inf> Lesson5_Exercise2: CoAP response: Code 0x45, Token 0x4a6c, Payload: Hi from my PC!
[00:00:25.094,940] <inf> Lesson5_Exercise2: RRC mode: Idle
Terminal

The payload “Hi From my PC!” is the value stored in the CONFIG_COAP_RX_RESOURCE resource.

11.3 Send a message from your board to the CoAP client.

Press button 2 on your nRF91 Series DK, or button 1 twice on the Thingy:91. This will send a PUT request from your board to the CoAP server. The message sent is set in the macro MESSAGE_TO_SEND in step 4.1 of the previous exercise.

[00:02:55.938,201] <inf> Lesson5_Exercise2: CoAP PUT request sent: Token 0x4a6d
[00:02:56.027,679] <inf> Lesson5_Exercise2: RRC mode: Connected
[00:02:56.207,336] <inf> Lesson5_Exercise2: CoAP response: Code 0x44, Token 0x4a6d, Payload: EMPTY
[00:03:01.572,784] <inf> Lesson5_Exercise2: RRC mode: Idle
Terminal

Notice that when sending a PUT request, the CoAP packet received back from the server has no payload.

On the CoAP client side, locate the CONFIG_COAP_TX_RESOURCE resource used by the board to send data. In other words, this is the CoAP resource that you will use to receive from the board. This was set in step 3.2 to large-update. Then issue a GET request. You should see the message in the response payload as shown below.

The payload “Hi from the nRF91 Series device” is the value stored in the CONFIG_COAP_TX_RESOURCE resource.

The solution for this exercise can be found in l5/l5_e2_sol.

Make sure to Log in or Register to save your progress

Back
Next

Nordic Developer Academy Privacy Policy

 

1. Introduction 

In this Privacy Policy you will find information on Nordic Semiconductor ASA (“Nordic Semiconductor”) processes your personal data when you use the Nordic Developer Academy.

References to “we” and “us” in this document refers to Nordic Semiconductor.

 

2. Our processing of personal data when you use the Nordic Developer Academy 

2.1 Nordic Developer Academy 

Nordic Semiconductor processes personal data in order to provide you with the features and functionality of the Nordic Developer Academy. Creating a user account is optional, but required if you want to track you progress and view your completed courses and obtained certificates. If you choose to create a user account, we will process the following categories of personal data:

  • Email
  • Name
  • Password (encrypted)
  • Course progression (e.g. which course you have completely or partly completed)
  • Certificate information, which consists of name of completed course and the validity of the certificate
  • Course results

During your use of the Nordic Developer Academy, you may also be asked if you want to provide feedback. If you choose to respond to any such surveys, we will also process the personal data in your responses in that survey.

The legal basis for this processing is GDPR article 6 (1) b. The processing is necessary for Nordic Semiconductor to provide the Nordic Developer Academy under the Terms of Service.

 

2.2 Analytics 

If you consent to analytics, Nordic Semiconductor will use Google Analytics to obtain statistics about how the Nordic Developer Academy is used. This includes collecting information on for example what pages are viewed, the duration of the visit, the way in which the pages are maneuvered, what links are clicked, technical information about your equipment. The information is used to learn how Nordic Developer Academy is used and how the user experience can be further developed.

 

2.2 Newsletter 

You can consent to receive newsletters from Nordic from within the Nordic Developer Academy. How your personal data is processed when you sign up for our newsletters is described in the Nordic Semiconductor Privacy Policy.

 

3. Retention period 

We will store your personal data for as long you use the Nordic Developer Academy. If our systems register that you have not used your account for 36 months, your account will be deleted.

 

4. Additional information 

Additional information on how we process personal data can be found in the Nordic Semiconductor Privacy Policy and Cookie Policy.

‍‍ 

Nordic Developer Academy Terms of Service

 

1. Introduction

‍These terms and conditions (“Terms of Use”) apply to the use of the Nordic Developer Academy, provided by Nordic Semiconductor ASA, org. nr. 966 011 726, a public limited liability company registered in Norway (“Nordic Semiconductor”). ‍

Nordic Developer Academy allows the user to take technical courses related to Nordic Semiconductor products, software and services, and obtain a certificate certifying completion of these courses. By completing the registration process for the Nordic Developer Academy, you are agreeing to be bound by these Terms of Use.

These Terms of Use are applicable as long as you have a user account giving you access to Nordic Developer Academy.‍

‍2. Access to and use of Nordic Developer Academy

‍‍Upon acceptance of these Terms of Use you are granted a non-exclusive right of access to, and use of Nordic Developer Academy, as it is provided to you at any time. Nordic Semiconductor provides Nordic Developer Academy to you free of charge, subject to the provisions of these Terms of Use and the Nordic Developer Academy Privacy Policy.

To access select features of Nordic Developer Academy, you need to create a user account. You are solely responsible for the security associated with your user account, including always keeping your login details safe.

You will able to receive an electronic certificate from Nordic Developer Academy upon completion of courses. By issuing you such a certificate, Nordic Semiconductor certifies that you have completed the applicable course, but does not provide any further warrants or endorsements for any particular skills or professional qualifications.

Nordic Semiconductor will continuously develop Nordic Developer Academy with new features and functionality, but reserves the right to remove or alter any existing functions without notice.

‍3. Acceptable use

You undertake that you will use Nordic Developer Academy in accordance with applicable law and regulations, and in accordance with these Terms of Use.‍ You must not modify, adapt, or hack Nordic Developer Academy or modify another website so as to falsely imply that it is associated with Nordic Developer Academy, Nordic Semiconductor, or any other Nordic Semiconductor product, software or service.

You agree not to reproduce, duplicate, copy, sell, resell or in any other way exploit any portion of Nordic Developer Academy, use of Nordic Developer Academy, or access to Nordic Developer Academy without the express written permission by Nordic Semiconductor. You must not upload, post, host, or transmit unsolicited email, SMS, or \”spam\” messages.

You are responsible for ensuring that the information you post and the content you share does not;

  • contain false, misleading or otherwise erroneous information
  • infringe someone else’s copyrights or other intellectual property rights
  • contain sensitive personal data or
  • contain information that might be received as offensive or insulting.
  • Such information may be removed without prior notice.

‍Nordic Semiconductor reserves the right to at any time determine whether a use of Nordic Developer Academy is in violation of its requirements for acceptable use.

Violation of the at any time applicable requirements for acceptable use may result in termination of your account. We will take reasonable steps to notify you and state the reason for termination in such cases.

‍4. Routines for planned maintenance

‍Certain types of maintenance may imply a stop or reduction in availability of Nordic Developer Academy. Nordic Semiconductor does not warrant any level of service availability but will provide its best effort to limit the impact of any planned maintenance on the availability of Nordic Developer Academy.

5. Intellectual property rights

‍Nordic Semiconductor retains all rights to all elements of Nordic Developer Academy. This includes, but is not limited to, the concept, design, trademarks, know-how, trade secrets, copyrights and all other intellectual property rights.

Nordic Semiconductor receives all rights to all content uploaded or created in Nordic Developer Academy. You do not receive any license or usage rights to Nordic Developer Academy beyond what is explicitly stated in this Agreement.

‍6. Liability and damages

‍Nothing within these Terms of Use is intended to limit your statutory data privacy rights as a data subject, as described in the Nordic Developer Academy Privacy Policy. ‍You acknowledge that errors might occur from time to time and waive any right to claim for compensation as a result of errors in Nordic Developer Academy. When an error occurs, you shall notify Nordic Semiconductor of the error and provide a description of the error situation.

You agree to indemnify Nordic Semiconductor for any loss, including indirect loss, arising out of or in connection with your use of Nordic Developer Academy or violations of these Terms of Use. ‍Nordic Semiconductor shall not be held liable for, and does not warrant that (i) Nordic Developer Academy will meet your specific requirements, (ii) Nordic Developer Academy will be uninterrupted, timely, secure, or error-free, (iii) the results that may be obtained from the use of Nordic Developer Academy will be accurate or reliable, (iv) the quality of any products, services, information, or other material purchased or obtained by you through Nordic Developer Academy will meet your expectations, or that (v) any errors in Nordic Developer Academy will be corrected.

You accept that this is a service provided to you without any payment and hence you accept that Nordic Semiconductor will not be held responsible, or liable, for any breaches of these Terms of Use or any loss connected to your use of Nordic Developer Academy. Unless otherwise follows from mandatory law, Nordic Semiconductor will not accept any such responsibility or liability.

‍7. Change of terms

‍Nordic Semiconductor may update and change the Terms of Use from time to time. Nordic Semiconductor will seek to notify you about significant changes before such changes come into force and give you a possibility to evaluate the effects of proposed changes. Continued use of Nordic Developer Academy after any such changes shall constitute your acceptance of such changes. You can review the current version of the Terms of Use at any time at https://academy.nordicsemi.com/terms-of-service/

‍8. Transfer of rights

‍Nordic Semiconductor is entitled to transfer its rights and obligation pursuant to these Terms of Use to a third party as part of a merger or acquisition process, or as a result of other organizational changes.

‍9. Third Party Services

‍‍To the extent Nordic Developer Academy facilitates access to services provided by a third party, you agree to comply with the terms governing such third party services. Nordic Semiconductor shall not be held liable for any errors, omissions, inaccuracies, etc. related to such third party services.

‍10. Dispute resolution

‍‍The Terms of Use and any other legally binding agreement between yourself and Nordic Semiconductor shall be subject to Norwegian law and Norwegian courts’ exclusive jurisdiction.

 

Switch language?

Progress is tracked separately for each language. Switching will continue from your progress in that language or start fresh if you haven't begun.

Your current progress is saved, and you can switch back anytime.

Log in
Don’t have an account? Register an account

Forgot your password?
Register an account
Already have an account? Log in
(All fields are required unless specified optional)

  • 8 or more characters
  • Upper and lower case letters
  • At least one number or special character

Forgot your password?
Enter the email associated with your account, and we will send you a link to reset your password.

Back to Log in

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.

      Change summary

      What's new in the latest version

      MCUboot & Partition Manager

      MCUboot & Partition Manager

      •Single-Slot DFU and RAM Load mode are both promoted to fully supported
      •Partition Manager is officially deprecated in favor of Zephyr's devicetree-based partitioning.