ant deploy

for each Sun SPOT.

What is protected?

Applications and customized libraries are always verified and unless the digital signature can be successfully verified using the trusted public key, the application will not be executed. Extra security is provided for over-the-air deployment. In this case, all updates to the configuration page are verified before the page is updated. This prevents a number of possible attacks, for example a change to the trusted public key, or a denial of service where bad startup parameters are flashed.

Generating a new key-pair

If you wish to generate a new key-pair – for example, if you believe your security has been compromised – just delete the existing sdk.key file. The next time you deploy an application or a library to a Sun SPOT a new key will be automatically created. Again, if you are using a customized library, you will need to update the signature on the library by executing

ant flashlibrary

Limitations

This security scheme has some current limitations. In particular:

There is no protection against an attacker who has physical access to the Sun SPOT device.

The SDK key pair is stored in clear text on the host, and so there is no protection against an attacker with access to the host computer’s file system.

Deploying and running a host application

Example

The directory Demos/CodeSamples/SunSpotHostApplicationTemplate contains a simple host

application. Copy this directory and its contents to a new directory to build a host application.

To run the copied host application, first start the base station as outlined in the section Using the Basestation. Run the example on your host by using these commands:

ant host-compile ant host-run

If the application works correctly, you should see (besides other output)

Base station initialized

Normally, the base station will be detected automatically. If you wish to specify the port to be used (for example, if automatic detection fails, or if you have two base stations connected) then you can either indicate this on the command line, by adding the switch “-Dport=COM3”, or within your host application code:

System.setProperty("SERIAL_PORT", "COM3");

If your application doesn’t require a basestation you may add the following switch to the command line:

ant host-run –Dbasestation.not.required=true

20

Page 19 Page 21
Page 20
Image 20
Sun Microsystems V2.0 Deploying and running a host application, What is protected?, Generating a new key-pair, Limitations
Page 19 Page 21
Top Page Image Contents