20
ant deploy
for each Sun SPOT.
What is protected?
Applications and customized libraries are always verified and unless the digital signature can be
successfully verified using the trusted public key, the application will not be executed. Extra
security is provided for over-the-air deployment. In this case, all updates to the configuration page
are verified before the page is updated. This prevents a number of possible attacks, for example a
change to the trusted public key, or a denial of service where bad startup parameters are flashed.
Generating a new key-pair
If you wish to generate a new key-pair – for example, if you believe your security has been
compromised – just delete the existing
sdk.key
file. The next time you deploy an application or a
library to a Sun SPOT a new key will be automatically created. Again, if you are using a
customized library, you will need to update the signature on the library by executing
ant flashlibrary
Limitations
This security scheme has some current limitations. In particular:
• There is no protection against an attacker who has physical access to the Sun SPOT device.
• The SDK key pair is stored in clear text on the host, and so there is no protection against an
attacker with access to the host computer’s file system.
Deploying and running a host application
Example
The directory
Demos/CodeSamples/SunSpotHostApplicationTemplate
contains a simple host
application. Copy this directory and its contents to a new directory to build a host application.
To run the copied host application, first start the base station as outlined in the section Using the
Basestation. Run the example on your host by using these commands:
ant host-compile
ant host-run
If the application works correctly, you should see (besides other output)
Base station initialized
Normally, the base station will be detected automatically. If you wish to specify the port to be used
(for example, if automatic detection fails, or if you have two base stations connected) then you can
either indicate this on the command line, by adding the switch “-
Dport=COM3
”, or within your host
application code:
System.setProperty("SERIAL_PORT", "COM3");
If your application doesn’t require a basestation you may add the following switch to the command
line:
ant host-run –Dbasestation.not.required=true