Pairing a Device
The Pairing of of a device is intended to restrict which devices can communicate from an Android app to the Pycloud API running on the server. Pairing itself is not disabled by default, but the security measures that use the pairing information to restrict access are disabled by default. Therefore, pairing a device won't do anything useful unless some of these security measures are enabled.
The two security levels are Wi-Fi Authentication, Authorization and Encryption and API Authentication, Authorization and Encryption. The Wi-Fi security measures work at the lower Wi-Fi layer, while the API security measures work at an application layer. Either or both of them can be enabled as described in Enabling-Cloudlet-Security, sections 2 and 3.
Wi-Fi Authentication, Authorization and Encryption works by enabling WPA2-Enterprise mode on the router associated to the cloudlet. A RADIUS server installed on the cloudlet and linked to the router takes care of authentication and authorization, while the router itself sets up data encryption using WPA2. When enabled, only devices that have been properly paired and for which the pairing has not yet expired are authorized to connect to the Wi-Fi network the cloudlet is associated to.
API Authentication, Authorization and Encryption works at a higher level, on top of the HTTP requests made to the Pycloud API. This authenticates devices using HTTP headers, and then encrypts the HTTP payload using the keys that were generated during the pairing procedure. When enabled, only devices that have been properly paired and for which the pairing has not yet expired are authorized to send API requests to the Pycloud API.
Pre-requisites:
- The Cloudlet Client app needs to be installed in the device.
- If using USB, a USB cable is needed, as well as proper drivers installed on the cloudlet that can recognize the device/phone through USB. Also, USB debugging needs to be enabled on the phone.
- If using Bluetooth, the cloudlet server needs to have a Bluetooth receiver (and of course, the device needs that as well).
Procedure:
- On the Cloudlet Manger, go to the Paired Devices page, and ensure there is a valid Deployment set. If not, click on "Set/Reset Deployment".
- Click on "Pair New Device".
- Choose USB or Bluetooth.
- ONLY if using USB, the USB cable needs to be plugged between the device and the cloudlet server.
- ONLY if using Bluetooth, open the Cloudlet Client app on the device, and go to the Bluetooth Pairing window ("Pairing Process" button). There, ensure that the "Is Discoverable" switch is turned on.
- If needed, click on the "Refresh" on the Cloudlet Manager button to allow the device to show up on the list.
- Click the the "Pair" button next to the device you want to pair.
- ONLY if using USB, it is like a prompt stating "Allow USB debugging for this device?" will show up on the phone. This has to be accepted with "Ok".
- The pairing procedure will work between the cloudlet server and the device to set up credentials (ids, keys, Wi-Fi profiles) on both the device and the cloudlet, automatically. If everything is successful, the pairing procedure should finish and give a success message on the Cloudlet Manager.
- NOTE: if Wi-Fi level security is not desired, the Wi-Fi profile that is generated on the phone for the SSID that was configured in the cloudlet should be deleted. If the SSID was not configured, the profile will be created for the default SSID, which probably won't affect anything, but that profile can still be removed from the phone. See Enabling Cloudlet Security for details on SSID configuration on the cloudlet.
Some notes:
- After the time indicated for a device is reached, the pairing bond will expire, and future connection attempts from the deivice will fail (more specifically, API requests will be rejected).
- A device can be manually Un-Paired with the corresponding button.
- If a new Deployment is set, all paired devices will be unpaired.