Smart City Lecture 4 - Harmonizing the Internet of Things

© Waher Data AB, 2018.
Smart City Lecture 4
Harmonizing the Internet of Things

1. Recapture

Smart City / Society
 Automation
 Open Data
 Transport
 Traffic (C-ITS)
 Parking
 Utilities
 Health Care
 Law enforcement
 Schools
 Libraries
 Waste management
 Citizens?
 …
Smart for whom?

Vision of a Smart City
 Ubiquitous access to interoperable
sensors and things.
 Ubiquitous access to data and
information from society’s authorities.
 Access to smart services in all niches of
society.
 Definition of ownership of information.
 Protection of Privacy, by design and by
default.
 Market for access to things and data.

Ex-Director of National Intelligence
James R. Clapper
http://www.popsci.com/clapper-americas-greatest-threat-is-internet-things
”America's greatest
threat is the
Internet of Things”
Feb 9, 2016

Vulnerabilities
 National Security
 Exploiting
 Surveillance
 Logistics
 Utilities
 Health Care
 Traffic (C-ITS)
 Residential systems
 Law enforcement
 Waste management
 Schools
 Parking
 Libraries
 Monitoring citizens
 …

What must Governments do?
Governments must make sure to provide
a strong foundation on which smart
services can be built.
 Broadband access were
infrastructure projects.
 Giving access to broadband for
everyone was a strategy.
 Likewise, Smart City Infrastructure
must be defined, required in RFPs, and
provided to everyone.

Options?
Sealed secure systems?
or
Open, Interoperable, but vulnerable
systems?
or is it possible to have:
Open, Interoperable & secure systems?

2. Openness + Security
For Things

Strong Foundation
Things are “stupid” and need help with:
 Decision Support
 Ownership
 Owner consent
 Lifecycle
 Transfer of ownership
 Decommissioning
 Discovery
 Interoperability
 Data
 Operationsc

IoT Harmonization (IEEE 1451-99)
 Sensor Data
 Control Operations
 Localization (M2M, M2H)
 Tokens for distributed transactions
 Decision Support (for devices)
 Provisioning (for owners)
 Peer-to-Peer communication
 End-to-end encryption
 Concentrator/Bridge (“Thing of things”)
 Discovery
 Ownership
 Clock Synchronization
 Secure Account Creation
 Legal Identities
 Contracts
 Automated provisioning
 Economic feedback
https://gitlab.com/IEEE-SA/XMPPI/IoT

Backbone
 Efficiency
 Global scalability
 Bridges technologies
vs

Interoperability

Horizontal Markets
Loose coupling permits new roles:

Features Summary
Blockchain CoAP HTTP LWM2M MQTT XMPP IoT
Harmonization
Identities ✓ ✓ ✓ ✓ ✓
Authentication ✓ ✓ ✓ ✓ ✓
Authorization ✓ ✓ ✓
Encryption ✓ ✓ ✓ ✓ ✓ ✓
End-to-End Encryption ✓ ✓
Consent ✓ ✓
Decentralized ✓ ✓ ✓ ✓
By design ✓ ✓ ✓
Asynchronous Messages ✗ ✓ ✓ ✓ ✓
Request / Response ✗ ✓ ✓ ✓ ✓ ✓
Publish / Subscribe ✗ ✓ ✓✓✓ ✓✓✓
Federation ✗ ✓ ✓ ✓ ✓
Broker ✗ ✓ ✓ ✓
Serverless ✗ ✓ ✓ ✓
P2P7 ✗ ✓ ✓
Personal ✓ ✓✓✓ ✓✓ ✓✓ ✓ ✓✓✓✓ ✓✓✓✓
Interoperability ✗ ✓✓ ✓✓ ✓✓✓ ✓ ✓ ✓✓✓
Plurality ✓ ✓✓✓✓✓ ✓✓✓✓✓ ✓✓ ✓✓ ✓✓✓✓✓ ✓✓✓✓✓
Law ✓✓✓✓ ✗ ✓ ✓ ✗ ✓ ✓✓✓✓
Transparency ⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆⋆ ⋆⋆⋆ ⋆⋆ ⋆⋆ ⋆⋆⋆⋆
Privacy ✗ ✓ ✓ ✓ ✓ ✓✓ ✓✓✓✓
11 21 20 19 10 32 41

3. Harmonizing the IoT
for the Smart City / Society

Failed expectations
Development of IoT not as projected
 What is missing?
Ericsson, 2010: (about 2020) IoT Analytics, 2018: (about 20B, if you stretch)

Driving forces of the Smart Society
 Local support and knowledge
 Access to data and things
 Cross fertilization of domains
 Reuse of existing equipment
 Openness and transparency
 Simple and quick integration
 Standardized interfaces
 Economy

Dilemma
Would you publish your things on the Internet?
 You would add risk to your solution
 You would degrade the performance
 Competitors could do what you do
 But cheaper
(they don’t have to buy equipment)
A crucial element is missing, for IoT to boom.

Standards
Interoperability is based on standards.
Standards are required for:
 Communication
 Representation
 Operation
 Security
 Privacy
 Discovery
 Decision support
 Economic feedback models

IEEE IoT Harmonization WG
Goals of the group is to:
 Harmonize IoT technologies
 Use XMPP as backbone to bridge IoT islands
 Standardize use of XMPP
 Sensor Data
 Control
 Concentrator
 Thing Registries
 Provisioning
 Economic feedback models
 Smart Contracts
 Counting of usage
https://standards.ieee.org/project/1451-99.html

Openness
Any attempt to harmonize technologies must be:
 Globally scalable
 Decentralized
 No centralized authority
 Support processing on the edge
 Federated
 Division of responsibilities
 Open
 Support ad hoc networks
XMPP has proved track record

Security
XMPP Provides:
 Strong global identities
 Authenticated access to network
 Consent-based authorization (for access)
 Ubiquitous (Transport) Encryption
IoT Harmonization adds:
 Secure/Managed identity creation
 Defines Ownership
 Decision Support for things
 Detailed authorization for things (for operations)
 Peer-to-Peer Communication
 End-to-End Encryption
Data Protection by design & by default

Flexibility
Any attempt to harmonize technologies must also
support common patterns:
 Asynchronous messaging
 Request / Response
 Event Subscription (Observe)
 Multicasting
 Publish / Subscribe
 Federation
 Edge Computing
IEEE IoT Harmonization is built on XMPP

4. XMPP

What is XMPP?
eXtensible Messaging and
Presence Protocol
 Standardized by the IETF
 RFC 6120
 RFC 6121
 RFC 6122
 Originally developed in the late 1990-ies.
 Instant Messaging
 “Jabber”
 Based on XML

Basic features
Some basic features of XMPP include:
 Global scalability (federation)
 Extensibility (namespaces)
 Robustness (20 years of operation)
 Open (public & free)
 Standardized
 Secure
 Interoperable

Communication
 Brokers
 Accounts
 Rosters
 Routing
 Federation
 Topology insensitive
 Server-less
 Peer-to-peer
 Authentication
 SASL
 Encryption
 TLS
 E2E

Communication Patterns
Intrinsic patterns:
 Asynchronous messages (message)
 Request/Response (iq)
 Publish/Subscribe (presence)
Extended
 Publish/Subscribe
 Personal Eventing (extended by XEP-0163)
 Publish-Subscribe (extended by XEP-0060)
 Multicasting (extended by XEP-0045)
 etc.

Security
Standard layers of security:
 Authentication (SASL)
 Encryption (TLS)
 Consent-based Authorization
 Blocking
 Spam reporting
 Provisioning
 End-to-end encryption

5. Communication
Patterns

Asynchronous Messages

Asynchronous Messages
 Spontaneous communication
 From anyone to anyone (Peers)
 Parties identified
 Full duplex
 Quality of Service
 At most once (“Unacknowledged”)
 At least once (“Acknowledged”)
 Exactly once (“Assured”, “Reliable Messaging”)
 Can be used to build any other pattern
Examples: CoAP, XMPP, IoT Harmonization

Request / Response

Request / Response
 Limited Client / Server roles
 Client initiates communication
 Server identified
 No requirement to identify client
 Half duplex
 Polling
 Event-based communication from server
difficult
Examples: HTTP, CoAP, LWM2M, XMPP,
IoT Harmonization

Event Subscription (“Observe”)

Event Subscription (“Observe”)
 Combines Req./Resp. & Asynch. Msg.
 Client initiates subscription
 Server initiates updates
 Client determines conditions
 Server does not have to know client use case
 More efficient than polling
Examples: CoAP, LWM2M, IoT Harmonization

Multicast

Multicast
 Group membership
 Often only security mechanism
 Group encryption difficult
 Anyone in group can send a message
 Everyone in a group receives messages
 Detailed authorization difficult
 Synchronizing events
 Clocks
 Updates
 Multicast Streaming (like IP-TV)
 Discovery in ad hoc networks
Examples: CoAP, XMPP, IoT Harmonization

Publish / Subscribe

Publish / Subscribe
 Publishers send messages
 Subscribers receive messages
 Degree of separation between actors
 Authorization on Topics or Nodes
 Efficient if Subscriber:Publisher ratio high
 Mass distribution
 Syndication
 Inefficient if Subscriber:Publisher ratio low
 Emulation of Asynch. Msg or Req./Resp.
 Difficult to federate a topic/node tree
Examples: MQTT, XMPP, IoT Harmonization

Queue
 Publishers send work items
 Workers collaborate processing items
 One worker per item
 Degree of separation between actors
 Authorization on Topics or Nodes
 Load balancing
 Mostly used in high-load back-ends
Examples: AMQP, IoT Harmonization

Federated brokers

Federated brokers
 Global scalability
 Divide & Conquer (federations/domains)
 Brokers cooperate
 Each domain controls its part of the network
 Cross-domain cooperation easy
 Decentralization
 Resilience
 Global distributed identities
 Solves Topology Problem
Examples: XMPP, IoT Harmonization, (SMTP)

Decentralization / Edge Computing

Decentralization / Edge Computing
 Processing done at the source
 Permits centralized processing (if required)
 Cloud used for support
 Identity
 Transport
 Discovery
 Decision Support (Orchestration, Provisioning)
 Protects Privacy
 Enforces Ownership of Information
 Distributes processing power
 Scalable
Examples: XMPP, IoT Harmonization

6. Infrastructure Services

IoT Harmonization Services
 Thing Registry
 Ownership
 Discovery
 Provisioning
 Orchestration
 Tokens
 Distributed operations
 Smart Contracts
 Legal identities
 Automation of provisioning
 Economic feedback

Ownership & Discovery

iotdisco URI
iotdisco:MAN=waher.se;
MODEL=MIoT%20ConcentratorXmpp2;
PURL=https%3A%2F%2Fgithub.com%2FPeterWaher%2FMIoT;
SN=7321c0de2e6848c28420a8afa3d2ef0f;
#V=2;
COUNTRY=Sverige;
REGION=Stockholm;
CITY=Stockholm;
AREA=Hammarby;
STREET=Hammarby%20Kaj;
STREETNR=10D;
APT=GOTO10;
ROOM=Annexet;
CLASS=Sensor;
TYPE=MIoT%20Sensor;
KEY=c9d4743f959a10b…4eda99d9ba6b8;
R=provisioning.extas.is
https://www.iana.org/assignments/uri-schemes/prov/iotdisco.pdf

Decision Support

Distributed Transactions
 Tokens
 User identities
 Service identities
 Device identities
 Challengeable
 PKI based
 Public key registered with broker
 Broker issues token
 Private key used to respond to challenges
 Multiple tokens can be distributed
 Authorization on original, not intermediate, identity

Clock Synchronization
 Synchronization of events across Internet
 Across multiple networks & time-bases
 High-frequency clocks
 < 1 ms precision in stable conditions
 Adaptation during network/clock reconfigurations

Smart Contracts
 Legal identities
 Smart Contracts
 Owner defines rules for access
 Automation of Provisioning
 Zero configuration
 Signing smart contract gives access
 Economic Feedback
 Billing based on usage

Connectivity
 Direct to XMPP network
 TCP
 HTTP (BOSH)
 Web-socket
 UDP (experimental)
 Via Concentrator (“Thing of Things”)
 Embedded
 Gateway
 Bridge protocols
 Bridge patterns
 System Integration

PLC
 Embeds logical/embedded devices
 One connection to XMPP network

Protocol/Pattern bridge
 Connecting other technologies
 Adding security
 Adding interoperability

System Integration
 Integration with Back-end systems

7. Representation

Sensor Data
 Loosely coupled representation
 M2M & M2H
 Meta-data describing information
 Localizable

Control Operations
 Loosely coupled representation
 M2M & M2H
 Meta-data
 Localizable

8. Operation

Simple Sensor Data Request

Slow Responses

Scheduled / Queued responses

Fragmented responses

Example: Simple Readout

Event Subscription

Fragmented events

Example: Simple Event Subscription

Example: Publish (PEP)

Example: Subscriber Event (PEP)

Example: Simple Control Operations

9. Events

Smart City Lectures*
1. How to build a Smart City (Oct 4th)
2. Privacy in the Smart City (Oct 18th)
3. An Open and/or Secure Smart City (Oct 25th)
4. Harmonizing the Internet of Things (Nov 8th)
5. Introduction to Encryption (Nov 15th)
6. Earning by Sharing in the Smart City (Nov 22th)
7. …
8. …
(*) Funded by Swedish Internet Fund.

Smart City Labs*
1. Sensors and actuators (Oct 10th)
2. Connect and chat with your device (Oct 17th)
3. Publishing data from your sensor (Oct 24th)
4. Publishing and discovering devices (Nov 7th)
5. Controlling actuators (Nov 14th)
6. Decision Support for your devices (Nov 21th)
7. …
8. …
(*) Funded by Swedish Internet Fund.

 Raspberry Pi & Arduino
 Sensors, Actuators, Controllers,
Concentrators, Bridges
 Protocols:
MQTT, HTTP, CoAP, LWM2M, XMPP
 Social Interaction
 Product Lifecycle
 IoT Service Platforms
 IoT Harmonization
 Security
 Privacy
Amazon
Packt
Microsoft Store
Contact: https://waher.se/, https://littlesister.se/
Mastering Internet of Things

10. Open Discussion
Ownership?
Privacy?
Security?
Surveillance?
Interoperability?
Cool stuff?
Qué?
Where’s the Money?
Who pays?
What could go wrong?
Little Sister?
Harmonization?

Smart City Lecture 4 - Harmonizing the Internet of Things

More Related Content

What's hot (20)

Similar to Smart City Lecture 4 - Harmonizing the Internet of Things (20)

More from Peter Waher (20)

Recently uploaded (20)

Smart City Lecture 4 - Harmonizing the Internet of Things