IoT and Node.JS: How to Catch the Opportunity?

Thank you to Oleg Romanyuk for coauthoring this article.

Understand the business opportunity

In 2019, the market revenue of IoT reached $ 212 billion. There are about 26.66 billion connected IoT devices worldwide, and this number is to reach 75.44 billion by 2025. The UN estimates that, in February 2020, the world population is 7.7 billion people. A simple math operation tells us that an average person owns from 3 to 4 IoT devices. Do you have one? Maybe a smartwatch? A smart TV? Or a smart car?

Moving further, the population is expected to reach 8.1 billion people in 2025. The same math calculation shows us that, in 2025, an average person will have from 9 to 10 smart devices in their possession. Do you see where I am leading you to? Do you want to join this prosperous market niche and make your IoT device to be one of these 9 to 10?

Choose the right framework

The client-side of an IoT device is represented by the hardware itself. It is programmed with C, C++, or Lua – low-level and difficult programming languages. Yet, there is not much you can do about it because of hardware limitations. Along with high performance, the users of IoT devices prioritize low cost and energy-efficiency. Thus, at least for now, you should keep working with low-level languages.

In turn, the server-side of IoT applications offers you more freedom of choice. Here, you are not limited by the hardware, so you can choose any coding language and framework you prefer. And we believe that the right one is Node.js. Here is why.

Node.js is fast and performant

First of all, any IoT device is constantly working with dynamically changing data. It means that you need a framework, which would handle real-time applications and heavy data flows. Node.js is built on Google’s V8 JS engine, which is highly effective and perfectly scalable. Thanks to this feature, Node.js is the number one framework to be used with real-time apps and platforms. Constantly changing data is not a challenge for it either.

Node.js is easy to integrate with IoT protocols

IoT applications actively use a publish-subscribe-based messaging protocol MQTT. In turn, for transportation and encapsulation, this protocol uses WebSockets. Both MQTT and WebSockets are well-supported and easily integrated with Node.js.

Node.js modules facilitate IoT development

Node.js is augmented with npm – Node Package Manager, which features a lot of useful IoT modules. There are about 80 packages for Intel IoT Edison, Arduino, or Rasberry Pi. Also, it features over 30 packages for different sensors, beacons, and other tools. This is why Internet of Things IoT development is simpler and faster with Node.js IoT modules.

Node.js is resource-efficient and scalable

In general, developers prefer working with Node.js because it does not require a lot of resources. The CPU and RAM are not overloaded. Also, Node.js is perfectly scalable, which is absolutely necessary for most modern companies. 

---

Beware of the challenges

Entering the IoT niche is a path to success. No wonder that there are a lot of challenges and traps awaiting on your way – success is never easy to achieve. And the first and foremost challenge you should be aware of is security.

Security is one of the top problems in IoT sphere, and one of the first pitfalls you will stumble upon. So what should you do and how?

Secure authentication

Let’s start with authentication. There are a lot of tools for authentication in Node.js application development: tokens, jwt, auth0, and so on. Each has its advantages and disadvantages. Yet, you should look at them from the perspective of IoT.

On the one hand, tokens are effective but not 100 percent safe. They are a cool way for authentication as they let you identify a specific user and decide whether to grant or to deny them access. A token can be encrypted with any algorithm. However, the hardware (scanners, sensors, hubs, or other IoT things) should store this token or login/password data in firmware. Respectively, attackers can steal the token if they have physical access to the hardware. The same story goes for jwt or auth0. 

On the other hand, we can use any tools for authentication on the server-side. You can easily integrate any authentication tool on the Node.js platform. There is a lot of npm (Node Package Manager) packages that allow you to do it manually: auth0, passport, jwt. There are also packages for integration with cloud IoT services: @azure-iot/authentication, aws-iot-device-sdk etc.

Secure HTTP requests

Next, be careful with http requests from your IoT devices.You should check if you get a request from a proper IoT device. Firstly, you should implement HTTPS with your IoT devices. Hardware is not a browser and you should implement HTTPS manually on it. For the server-side, you can either do it manually or use hosting with HTTPS configuration and certificates. In Node.js, it is quite easy to implement:

const express = require(‘express’);
const https = require(‘https’);
const http = require(‘http’);
const fs = require(‘fs’);
const options = {
key: fs.readFileSync(‘path/to/your/key.pem’),
cert: fs.readFileSync(path/to/your/certificate.cert’)
};
const app = express();
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);

HTTPS uses SSL or TLS protocols for data encryption. However, to be sure that you have got a request from the necessary server or client, use additional data encryption. For example, this is how you can use signature:

const fetch = require(‘node-fetch’);
const verifier = crypto.createVerify(‘RSA-SHA1’)
const SIGNATURE_FORMAT = ‘base64’;
//check if it trusted url for your certificate
const trustedUrl = ‘https://trustedUrl/’
const isTrustedUrl = trustedUrl.match(url);
If (isTrustedUrl) {
verifier.update(req.body, ‘utf8’)
fetch(isTrustedUrl)
.then(certificate => {
// check signature
const isValidSignature = verifier.verify(certificate, reg.header.signature, SIGNATURE_FORMAT);
})
.catch(err => console.log(err));
}

To wrap up this part:

1. First, you have to check the trusted URL of your certificate. 
2. Then, you sign a request body by public key from your certificate.
3. Finally, you compare the signed body with the signature from headers. 

It is extremely important to know that we get requests from proper devices and it is not the middle attack.

Check the example

PREE – finding your belongings 

PREE is a system of BLE beacons and mobile software, which helps people to stop losing their stuff. It is a lifesaver for those who often forget their phone, bag, keys, wallet, or any other valuable belongings elsewhere. The user can see the location of their item in real-time and share it with trusted contacts. Once the item is out of range, they will get a notification, and so will their friends or family members. Not to spam others with notifications when they are not needed, for example, when at home, the user can mute them for a certain area.

This Internet of Things IoT system is built with Node.js, Express, and Mongo at the backend and Ionic with Cordova at the frontend. The combination of these frameworks lets us ensure the best user experience.

Validate your idea

Once you have an idea for an IoT product, start with validating it. You can do it in two ways. One – hire an idea validation team, who will help you test the viability of your product before you invest in development. Two – hire a software design and development team, who will launch an extensive product discovery process.