Secure smart agriculture monitoring technique
through isolation
George Suciu, Cristiana-Ioana Istrate, Maria-Cristina Dițu
R&D Department
Beia Consult International
Bucharest, Romania
george@beia.ro, cristiana.istrate@beia.ro, maria.ditu@beia.ro
Abstract—In recent years, agriculture has become increasingly
data-driven and data-enabled due to the use of different
technologies such as greenhouse and aquaculture technologies.
With the development of agriculture, new technology is required,
and the focus is facing towards the smartest technological
investment. The increasing demand for the quality and the
quantity in the food sector raised the need to intensify and
industrialize the agriculture sector. The current work provides
empirical measurement results from an Internet of Things (IoT)
platform based on remote telemetry applications for agriculture.
This paper aims to demonstrate how the processing of Big Data
and the concept of decentralized cloud operation can answer the
demands of IoT applications in agriculture and how smart
farming will help farmers operate more efficiently and more
secured. The architecture is based on ADCON Remote Telemetry
Units (RTUs), Software as a Service (SaaS), a Platform as a
Service (PaaS) represented by Grafana and influxDB database.
Keywords—smart agriculture, isolation, security, telemetry,
IoT
I. INTRODUCTION
Generally, the agriculture telemonitoring domain does not
contain all necessary hardware and software parts, such as
sensors, remote telemetry units, data collection gateway, a
server with Disease Management and Irrigation Management
software extensions, secure actuating. Communication within
the network, as well as with the outside world, is based on
heterogeneous protocols that are not entirely Internet-based so
that cooperation between different stakeholders involved in
agriculture management and precision farming is not
straightforward.
The use of Information Communication Technology (ICT),
and in particular the Internet of Things (IoT), is essential for
smart agriculture [1] in order to address the challenges during
the electronic monitoring of agricultural products. IoT
solutions have a great potential in ensuring the safety and
quality of crops.
Remote monitoring and control (M&C) systems [2]
combine both wireless and cabled sensors for data gathering
and data transport. At the same time, information management
systems are designed to store and process the collected data.
The current work provides empirical measurement results
from an IoT platform based on remote telemetry applications
for agriculture.
The paper is organized as follows: Section II analyzes
related work; Section III details the proposed system
architecture, while Section IV discusses implementation and
experiments. Section V draws the conclusions.
978-1-7281-2171-0/19/$31.00 ©2019 IEEE
II. RELATED WORK
This section presents an overview of some existing
monitoring systems for agricultural crops, and as well, a
review of earlier and parallel work.
ThingWorx [3] is an IoT platform that offers the needed
security and scalability when managing transactions associated
with a connected world. It gives the opportunity to build and
gain value from smart, connected operations. It offers rapid
development tools and support for on-premise or cloud
deployments. This platform can provide the user with the
required means to deploy smart IoT agriculture solutions with
a minimum effort.
Fuse [4] is one of the solutions used in precision
agriculture where the farmers can gain access to relevant data
to make informed decisions, leading to the enhancement of
their business’s productivity and profitability. This solution is
designed for the entire process of the crop cycle starting with
enterprise planning up to planting, harvesting and storing.
The Smart Agriculture solution from Hexagon [5]
addresses the entire lifecycle of the agriculture process and
assists in crop management through digital workflows created
from geo-enabled data.
Kaa [6] is an IoT open-source platform that allows working
safely into the agriculture field, used for solutions like
resource mapping, smart metering devices, failure prediction
systems, and livestock trackers. It is developed on a modular
micro-service architecture that allows the user to apply any
necessary modifications, extensions, or integrations.
In [7] is presented a farm management technique which
benefits from the new features that are offered by the “Future
Internet”, a programme which addresses the shortcomings in
the current Internet. These benefits include generic software
modules which may be used to produce farming related
specific modules. The farm’s management system functional
architecture is specified, depending mostly on a particular
module located in the cloud.
In [8] are presented the design, tests, and evaluation of an
IoT based device that can analyze the transmitted data. This
device, which may be implemented within the agricultural
domain for security purposes, can be monitored and controlled
from distance. This work proposes methods to solve issues
related to crops threats by delivering real-time notifications
and, based on the received data, to address these issues without
human intervention.
 Python scripts have been used to integrate the sensors of
this device. Test cases have been performed with a success
rate of 84.8%.
What brings an advantage to our solution, beyond the
decentralized cloud operations, is the security by isolation
concept that allows users, and also the system itself, to operate
more securely.
III. SYSTEM ARCHITECTURE
The System Under Analysis (SUA) is an Agro-
Meteorology system for Viticulture Disease Warning [9], an
IoT platform for precision agriculture, in particular for crops
disease management, alerts, and notifications. As shown in
Fig. 1, SUA collects data from the vineyard and presents it to
users through Web services. The users of SUA can be vineyard
owners or public authorities.
● Vineyard owners: remotely read sensor data for
observing the status of the vineyard and issue
commands to the actuator for performing some
farming activity, for instance, irrigation;
● Public authorities: collect sensor data from multiple
vineyards in an area to perform long-term agriculture
planning or management.
SUA comprises two subsystems, namely the Telemetry
sub-system and the Server subsystem. The telemetry
subsystem monitors the vineyard using wireless or cabled
sensor for data gathering and controls specific mechanical
systems in the vineyard using wireless or cabled actuators, for
example, turning on or off the irrigation process. The server
subsystem transmits sensor data to the server and user
commands to the actuators through the Internet, processes the
collected data and stores them for further research.
In the telemetry subsystem, the communication links
between sensor/actuator and Remote Terminal Unit (RTU)
may be achieved through a variety of technologies [10]. Only
the generic cases have been considered, i.e. either wired or
wireless communication links, and general threats to such
links. To deepen the generic threats, a more detailed analysis
can be conducted by considering particularities of the
communication technologies when specific information on the
telemetry subsystem are available.
Fig. 1. Architecture of SUA.
The system architecture is based on four main components,
namely the RTU, the Gateway, the Application Service
(Software as a Service - SaaS) and the Presentation Service
(Platform as a Service - PaaS) as presented in Fig. 2.
Fig. 2. The system architecture.
We propose the implementation of several virtual
machines (VM) APIs, which will execute ADCON URL
Programming Interface or addUPI. ADCON [11] is a remote
telemetry station that allows communication with sensors over
this addUPI, an XML/JSON protocol. addUPI [12] allows
applications to iterate sensors and nodes - platforms containing
multiple sensors, and also gathering sensor data. addUPI
defines the communication protocol between various TCP/IP
capable components of Adcon Telemetry’s addNET telemetry
system. The server usually stores the data in a PostgreSQL
database, but because the data is needed to be displayed in
time-series, it will be transmitted to the influxDB database
instead.
IV. IMPLEMENTATION AND EXPERIMENTS
In order to illustrate the concept of secured connections,
we have used strongSwan [13] on a Raspberry Pi to tunnel the
Internet connection through an IKEv2 virtual private network
(VPN), implemented by a Common Criteria (CC) [14]
compliant Lancom device for connecting to the internal DMZ
(demilitarized zone). The Lancom CC offers high-security
levels in data communications, using CC EAL4+. This
evaluation level is the highest certification level a commercial
network infrastructure can reach. Extensive VPN capacities
enable remote websites to access the organization’s network
securely. The Lancom router uses the IPSec system with an
IKE Authentication. Therefore, we needed a solution for
Raspbian (OS of the Raspberry Pi) compatible with IPSec and
IKE parameters. Raspbian system is based on Debian.
Tests have been performed with the IKEV2C_PEN16 VPN
on Raspberry Pi 3B+ running Raspbian Stretch Lite (version
4.14).
Isolation between different execution environments and
cloud services is done using Docker containers within SaaS
and PasS services. Furthermore, role and device management
are performed using secure configuration channels (SSH, SCP,
VPN, HTTPS) for mapping Message Queuing Telemetry
Transport MQTT [15] broker topics to the keys in the time
series databases (Graphite/Carbon or influxDB) for the After entering the Python code and running the script, a
Application Service (SaaS). Finally, authentication and access dashboard can be configured in Grafana using the same topic.
control based on token verification mechanism (JSON API Data displayed in Grafana can be seen in Fig. 5.
addUPI) are performed in Grafana [16] for the Presentation
Service (PaaS).
In order to use this interface, a transmission channel is
necessary between Grafana and the transmitted data.
Therefore, the MQTT protocol [15] will be used. This protocol
allows the user to send and receive data as a client. It can be
used in cases where a low-bandwidth is required. This protocol
is based on a publish and subscribe system that allows a device
to be subscribed to a topic or to publish a certain information
on it. This information can be data gathered from a sensor for
example or a command. The topic is basically a string Fig. 5. Data displayed in Grafana.
separated by a slash and it shows how the information is
published and the interest over a future message. Another Authentication and access control using Grafana can be
important concept when using the MQTT protocol is the demonstrated by developing two organizations entitled Beia
broker who will receive, filter and forward the message to the and ODSI [17] as shown in Fig. 6. Initially, the latter has only
right subscribed client. one available dashboard, and then the new one is imported in
Data such as memory usage from Raspberry Pi 3B+ was JSON format, from the organization named Beia.
sent using MQTT protocol over a VPN that will enable a
secure connection. These data will be displayed in Grafana
that will allow the user to visualize and interpret it. Fig. 3
shows how this process of sending data works.

Fig. 3. Sending data from Raspberry to Grafana.

Data regarding the memory usage can be seen by creating a
python script that will display those data in mqtt-spy. For this,
a topic must be created by using the same words as the one
that was used in the script.
A python script was written to connect to MQTT and to
make the user able to view data in Grafana.
Data displayed in MQTT can be seen in Fig. 4.
Fig. 6. Organizations from Beia and ODSI.
Roles within an organization can be modified by
administrators, who can control user access. Other possible
roles are Edit and View, as seen in Fig. 7, which have different
and limited permissions within the organization. Also, the
permissions for each dashboard can be changed according to
user roles, as shown in Fig. 8. Thus, it is possible to isolate
work environments within a single organization.

Fig. 7. Users with different roles within ODSI organization.

Fig. 4. Data displayed in MQTT.


Fig. 8. Changement of dashboard permissions related to the role/user.
From the hardware working environment point of view, it
consists in using two different data transmitting Raspberry PIs
in isolated conditions, as presented in Fig. 9.
Fig. 9. Raspberry PI data are available in different dashboards.
V. CONCLUSION
This article is centered on the farming domain and its need
for the latest technologies in smart farming. Using fixed and
mobile sensors, together with mobile devices such as
smartphones and tablets, the farmers gather data in various
formats regarding mainly the crops, soil, and weather allowing
them to effortlessly access their data and monitor their crops.
The collected data are sent to a core cloud platform where they
are processed and analyzed using specific algorithms. The
results are sent back to the farmers to improve the agricultural
process, also allowing remote actuating of the irrigation
systems. The same devices, sensors, and actuators will also be
used by other stakeholders, such as disaster early warning
systems [18], for efficient real-time management, and
therefore, security must be carefully controlled.
Several sensors and gateways have been integrated into an
Agro-Meteorology M2M system for precision agriculture, in
particular for crops disease management, alerts, and
notifications. As shown in Fig. 2, the system collects data from
vineyards and presents it to users through Web services. The
users of the vineyard can be a vineyard owner or a public
authority. The designed system encompasses two subsystems,
namely the Telemetry subsystem and the Server subsystem.
We are using ADCON RTUs to transmit data, which are,
in the end, displayed in Grafana dashboards. However, by this
paper, we wanted to likewise demonstrate the security through
isolation concept via the experiments we have undertaken.
As future work we envision testing the system for denial of
service (DoS) attacks. We will focus on implementing DoS
attacks to limit data transmission between RTUs and the
server, and as well, to prevent a legitimate user, a farmer,
accessing their data from the server.
ACKNOWLEDGMENT
This work has been supported in part by UEFISCDI
Romania and MCI through projects ODSI, CitiSiM,
SmartAgro project (subsidiary contract no. 8592/08.05.2018,
from the NETIO project ID: P_40_270, MySmis Code:
105976), PARFAIT, funded in part by European Union’s
Horizon 2020 research and innovation program under grant
agreement No. 777996 (SealedGRID project) and No. 787002
(SAFECARE project). The authors would like to thank Ioana
Marcu for constructive criticism of the manuscript.
REFERENCES
[1] N. Ahmed, D. De and I. Hussain, “Internet of Things (IoT) for
Smart Precision Agriculture and Farming in Rural Areas”, IEEE
Internet of Things Journal, vol. 5, no. 6, pp. 4890-4899, 2018.
Available: 10.1109/jiot.2018.2879579.
[2] Z. Yang and T. Nakajima, “Connecting Smart Objects in IoT
Architectures by Screen Remote Monitoring and Control”,
Computers, vol. 7, no. 4, p. 47, 2018. Available:
10.3390/computers7040047.
[3] “Developer Portal | Developer Portal: ThingWorx”,
Developer.thingworx.com, 2019. [Online]. Available:
https://developer.thingworx.com/en. [Accessed: 14- Jan- 2019].
[4] “Fuse® Smart Farming. Synchronized. | Fuse”, Fuse, 2019.
[Online]. Available: https://www.fusesmartfarming.com/.
[Accessed: 14- Jan- 2019].
[5] “Solutions”, 2019. [Online]. Available:
https://hexagonagriculture.com/solutions. [Accessed: 14- Jan-
2019].
[6] “The most flexible IoT platform for your business”, 2019.
[Online]. Available: https://www.kaaproject.org/. [Accessed: 14-
Jan- 2019].
[7] A. Kaloxylos et al., “Farm management systems and the Future
Internet era”, Computers and Electronics in Agriculture, vol. 89,
pp. 130-144, 2012.
[8] T. Baranwal, P. K. Pateriya, “Development of IoT based smart
security and monitoring devices for agriculture” In Cloud
System and Big Data Engineering (Confluence), 2016 6th
International Conference, pp. 597-602, January 2016.
[9] G. Suciu, O. Fratu, A. Vulpe, C. Butca, and V. Suciu, “IoT agro-
meteorology for viticulture disease warning,” 2016 IEEE
International Black Sea Conference on Communications and
Networking (BlackSeaCom), 2016.
[10] P. Jayaraman, A. Yavari, D. Georgakopoulos, A. Morshed and
A. Zaslavsky, “Internet of Things Platform for Smart Farming:
Experiences and Lessons Learnt”, Sensors, vol. 16, no. 11, p.
1884, 2016.
[11] “adcon.com”, Adcon.com, 2019. [Online]. Available:
https://www.adcon.com/. [Accessed: 29- Jan- 2019].
[12] “ADCON addVANTAGE 6.x”, Adcon.com, 2019. [Online].
Available: https://www.adcon.com/products/software-
285/adcon-addvantage-6x-1485/. [Accessed: 29- Jan- 2019].
[13] H. Redzovic, A. Smiljanic and B. Savic, “Performance
evaluation of software routers with VPN features”, Telfor
Journal, vol. 9, no. 2, pp. 74-79, 2017. Available:
10.5937/telfor1702074r.
[14] L. GmbH, “High-security site connectivity”, LANCOM
Systems, 2019. [Online]. Available: https://www.lancom-
systems.com/solutions/network-connectivity/high-security-site-
connectivity/. [Accessed: 29- Jan- 2019].
[15] V. V., R. I. and S. C., “IoT Embedded System for Data
Acquisition using MQTT Protocol”, International Journal of
Computer Applications, vol. 182, no. 11, pp. 1-4, 2018.
Available: 10.5120/ijca2018917736.
[16] “Grafana - The open platform for analytics and monitoring”,
Grafana Labs, 2019. [Online]. Available: https://grafana.com/.
[Accessed: 14- Jan- 2019].
[17] G. Suciu, C. Istrate, A. Petrache, D. Schlachet, and T. Buteau,
“On demand secure isolation using security models for different
system management platforms,” Advanced Topics in
Optoelectronics, Microelectronics, and Nanotechnologies IX,
2018.
[18] P. Stefanic, G. Suciu, D. Kimovski, and V. Stankovski, “Non-
functional requirements optimisation for multi-tier cloud
applications: An early warning system case study,” 2017 IEEE
SmartWorld, Ubiquitous Intelligence & Computing, Advanced
& Trusted Computed, Scalable Computing & Communications,
Cloud & Big Data Computing, Internet of People and Smart City
Innovation
(SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), 2017.