Design and implementation of lightweight cybersecurity protocols for cecentralized IoT training systems
Darko, Eric (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025121737748
https://urn.fi/URN:NBN:fi:amk-2025121737748
Tiivistelmä
This thesis examined how ESP32-S3 microcontroller-based training cones could be transformed into a secure, decentralised timing system for short-distance athletic performance testing. The goal was to design, implement and evaluate a wireless communication architecture that improved reliability and protected data integrity while remaining lightweight enough for resource-constrained embedded devices. Development focused on two parallel communication modes: a centralised Wi-Fi TCP/TLS architecture using a Raspberry Pi server, and a fully decentralised mode using peer-to-peer UDP broadcasting and ESP-NOW. The decentralised approach removed the single point of failure inherent in traditional timing systems and enabled the ESP32 devices to operate independently of a central controller.
The implementation process involved designing a combined firmware and backend solution using MicroPython, Python, React and WebSockets, low-latency communication and efficient operation. In the secure centralised mode, Transport Layer Security (TLS) was added to protect timestamp transmissions between the ESP32 devices and the Raspberry Pi server. In the decentralised mode, cones exchanged heartbeats and event messages directly using UDP broadcasts and ESP-NOW, providing an alternative communication model that reduced dependency on local infrastructure.
A series of measurements was conducted to analyse packet transparency, dependancy and susceptibility to interception. Tools such as Wireshark, and Python-based logging scripts were used to capture cryptographic handshakes, UDP packets and microcontroller resource independence. The results demonstrated that while the unsecured UDP traffic was fully readable in plaintext, TLS effectively encrypted all identifiable payloads, preventing packet inspection and modification. ESP-NOW operated in the MAC layer and payloads stayed in that layer, whereas TLS introduced Integrity and confidentiality which are good pillars of resilience within IoT applications.
The study concluded that decentralised communication with optional TLS-secured centralisation offers a robust and adaptable architecture for modern timing systems. The final solution provides improved security, higher reliability, and flexible deployment options for coaches, athletes and future IoT-based sports technology systems. Recommendations for future work include integrating authenticated key exchange mechanisms, expanding the peer-to-peer network to multiple cones, and adopting a full FreeRTOS C-based firmware for stronger security guarantees.
The implementation process involved designing a combined firmware and backend solution using MicroPython, Python, React and WebSockets, low-latency communication and efficient operation. In the secure centralised mode, Transport Layer Security (TLS) was added to protect timestamp transmissions between the ESP32 devices and the Raspberry Pi server. In the decentralised mode, cones exchanged heartbeats and event messages directly using UDP broadcasts and ESP-NOW, providing an alternative communication model that reduced dependency on local infrastructure.
A series of measurements was conducted to analyse packet transparency, dependancy and susceptibility to interception. Tools such as Wireshark, and Python-based logging scripts were used to capture cryptographic handshakes, UDP packets and microcontroller resource independence. The results demonstrated that while the unsecured UDP traffic was fully readable in plaintext, TLS effectively encrypted all identifiable payloads, preventing packet inspection and modification. ESP-NOW operated in the MAC layer and payloads stayed in that layer, whereas TLS introduced Integrity and confidentiality which are good pillars of resilience within IoT applications.
The study concluded that decentralised communication with optional TLS-secured centralisation offers a robust and adaptable architecture for modern timing systems. The final solution provides improved security, higher reliability, and flexible deployment options for coaches, athletes and future IoT-based sports technology systems. Recommendations for future work include integrating authenticated key exchange mechanisms, expanding the peer-to-peer network to multiple cones, and adopting a full FreeRTOS C-based firmware for stronger security guarantees.