The Considerations for Internet of Things @ 2017
5 likes1,496 views
The document provides an overview of the Internet of Things (IoT), covering its purpose, structure, communication protocols, deployment, updates, and associated security concerns. It discusses various protocols like MQTT and CoAP that enable device communication and outlines considerations for maintaining and securing IoT systems. Additionally, it addresses specific challenges, including threats to security and the management of device lifecycles.
![Who am I
潘建宏 / Jian-Hong Pan (StarNight)
You can find me at ~
http://www.slideshare.net/chienhungpan/
GitHub : starnight
Facebook : Jian-Hong Pan
Email : starnight [AT] g.ncu.edu.tw](https://image.slidesharecdn.com/theconsiderationsforinternetofthings2017-170214141115/85/The-Considerations-for-Internet-of-Things-2017-2-320.jpg)
![CoAP
Constrained Application Protocol (CoAP)
● IETF RFC 7252
● The goal of CoAP is not to blindly compress
HTTP [RFC2616], but rather to realize a
subset of REST common with HTTP but
optimized for M2M applications.
● Offers features for M2M such as built-in
discovery, multicast support, and
asynchronous message exchanges.
Reference: IETF RFC 7251](https://image.slidesharecdn.com/theconsiderationsforinternetofthings2017-170214141115/85/The-Considerations-for-Internet-of-Things-2017-16-320.jpg)
![CoAP’s Main Features:
● Web protocol fulfilling M2M requirements in
constrained environments.
● UDP binding with optional reliability supporting
unicast and multicast requests.
● Asynchronous message exchanges.
● Low header overhead and parsing complexity.
● URI and Content-type support.
● Simple proxy and caching capabilities.
● Security binding to Datagram Transport Layer
Security (DTLS) [RFC 6347].
Reference: IETF RFC 7251](https://image.slidesharecdn.com/theconsiderationsforinternetofthings2017-170214141115/85/The-Considerations-for-Internet-of-Things-2017-17-320.jpg)
![Requests with Responses
CON [0xbc90]
GET /temperature
(Token 0x71)
Client Server
ACK [0xbc90]
2.05 Content
(Token 0x71)
"22.5 C"
Reference: IETF RFC 7251 2.2. Request/Response Model](https://image.slidesharecdn.com/theconsiderationsforinternetofthings2017-170214141115/85/The-Considerations-for-Internet-of-Things-2017-18-320.jpg)
![Computing Clock CostPower ...
Security is
the
Marginal
Reference: 互动百科 边缘人[网语]](https://image.slidesharecdn.com/theconsiderationsforinternetofthings2017-170214141115/85/The-Considerations-for-Internet-of-Things-2017-35-320.jpg)
The Considerations for Internet of Things @ 2017
- 1. The Considerations for Internet of Things Jian-Hong Pan (StarNight) @ 2017.02.14 TOSSUG
- 2. Who am I 潘建宏 / Jian-Hong Pan (StarNight) You can find me at ~ http://www.slideshare.net/chienhungpan/ GitHub : starnight Facebook : Jian-Hong Pan Email : starnight [AT] g.ncu.edu.tw
- 3. Outline ● The purpose of IoT ● IoT Structure ● Communication Protocals ● Describe the Things ● Deploy / Update ● Threats & Weakness ● Summary
- 4. Machine Factory Power Plant Farm Healthcare Environment ... The Purpuse of IoT SystemASet Output Feedback - + Physical, Chemical ... values error Controller Internet Remote
- 5. In General Internet Device or Internet Gateway Device #1 Device #2 Device #n RS232/485/422 Bluetooth, Zigbee, LoRa Ethernet, WiFi ...
- 6. Internet N N N N N Gateway IoT Services: Data Collector Commands Deploy/Update ... Business Applications Big Data Data Mining Analysis Machine Learning / AI Decision Making ... Sensor Network Do & Check General Network Plan & Analyze Connectivity Domain Knowledge
- 7. What features do Nodes have? ● Connectivity ● Sensor ● Actuator ● Computing ● Others ... Domain Knowledge
- 8. OSI 7 Layers Reference: Wiki OSI model https://en.wikipedia.org/wiki/OSI_model Physical Data Link Network Transport Session Presentation Application Software Connections Encodings Applications I/O port Route Link neighbors Controlled by Application Controlled by OS Electrics, Lines Socket APIs
- 9. Nodes Could be Linked with N N N N N Gateway Physical Network Data Link Transport Session Presentation Application Simple wired, Ethernet, Cable, Power Line RS232/422/485, CANbus, Bluetooth, WiFi, LR-WPANs(802.15.4), Mobile Telecom Series, NB-IoT … PS. More IEEE 802.15
- 10. Constrained Environment ● Considering the size and power restrictions, most embedded devices have limited resources. (MCU level) ○ Less processors: Usually has only one processor, single thread. ○ Less memory: On-chip RAM < 1MB. ○ Less storage: On-chip flash < 1MB. ○ Lower speed grade: Clock rate < 1GHz. ○ The on chip OS may even not provide process, thread APIs. ● For getting long battery life and long distance with wireless communication, there is the standard IEEE 802.15.4 which defines the operation of low-rate wireless personal area networks (LR-WPANs)
- 11. IEEE 802.15.4 Topologies FFD FFD RFD CoN RFD FFD FFD RFD CoN RFD FFD RFD ● FFD: Full-function device node ● RFD: Reduced-function devices node ● CoN: One of FFD serves as the coordinator of a PAN Reference: Wiki IEEE 802.15.4
- 12. Nodes Could route & connect with N N N N N Gateway Physical Data Link Session Presentation ApplicationIP / IPv6, 6LoWPAN, Zigbee, Thread, LoRaWAN, ... Transport Network
- 13. Nodes Could communicate with N N N N N Gateway Physical Data Link Presentation Application For sockets: Custom Protocal, Modbus, HTTP, CoAP, MQTT, … Also communicate with the IoT services Transport Network Session
- 14. Modbus ● Master / Slave ● Query in loop ● It is a format for Application Data Unit (ADU) ○ ADU = Address + PDU + Error Check ○ PDU = Function code + Data ○ Error Check may be discard over some protocals ○ ASCII / RTU ● Over serial communication, TCP, UDP ... Reference: Wiki Modbus
- 15. HTTP ● In general, it is over TCP/IP. ● IETF RFC 2616 ● Nodes could be either server side or client side. It is depended on the purpose. ○ Server is connected from ■ other nodes / internet ○ Client connects to ■ other nodes / internet ● Build a Micro HTTP Server for Embedded System by Jian-Hong Pan
- 16. CoAP Constrained Application Protocol (CoAP) ● IETF RFC 7252 ● The goal of CoAP is not to blindly compress HTTP [RFC2616], but rather to realize a subset of REST common with HTTP but optimized for M2M applications. ● Offers features for M2M such as built-in discovery, multicast support, and asynchronous message exchanges. Reference: IETF RFC 7251
- 17. CoAP’s Main Features: ● Web protocol fulfilling M2M requirements in constrained environments. ● UDP binding with optional reliability supporting unicast and multicast requests. ● Asynchronous message exchanges. ● Low header overhead and parsing complexity. ● URI and Content-type support. ● Simple proxy and caching capabilities. ● Security binding to Datagram Transport Layer Security (DTLS) [RFC 6347]. Reference: IETF RFC 7251
- 18. Requests with Responses CON [0xbc90] GET /temperature (Token 0x71) Client Server ACK [0xbc90] 2.05 Content (Token 0x71) "22.5 C" Reference: IETF RFC 7251 2.2. Request/Response Model
- 19. CoAP Recap ● Over UDP ● Request/Response Model ● RESTful Environments ● Data Model in payload ○ XML ○ JSON ○ CBOR (IETF RFC 7049 Concise Binary Object Representation) ○ Other format ● DTLS
- 20. MQTT Message Queuing Telemetry Transport ● ISO/IEC 20922:2016 (2016-06-15 publish) ● OASIS MQTT TC ● Over TCP/IP ● The publish/subscribe message pattern provides one-to-many message distribution and decoupling of applications. ● Three qualities of service for message delivery: At most once, At least once, Exactly once Reference: ISO/IEC 20922:2016 Message Queuing Telemetry Transport (MQTT) v3.1.1
- 21. Broker Publisher - Broker - Subscriber Publisher Publisher Publisher Topic Topic Subscriber Subscriber Subscriber 1. Subscribe a topic 2. Publish a message to the topic 3. Publish the message to whom has subscribed the topic Clients Clients Server
- 22. Recap with a Picture Apache Mynewt ConnecGvity Layer Apache Mynewt Overview by Sterling Hughes & James Pace Page 7 @ OpenIoT Summit Europe 2016
- 23. by Aaron Vernon @ OpenIoT Summit Europe 2016 Avoid the Silos and Help Build the True Internet of Things
- 24. Reference: Wiki Silo https://en.wikipedia.org/wiki/Silo
- 25. All of the specifications and protocols mentioned above are just the communication protocol. Still need a protocol to describe the thing and it’s properties and methods.
- 26. The “ Thing ” of IoT is not only Object-oriented, but also is a “ Real Object ” !
- 27. ● OIC SPECIFICATION 1.1 ○ Core Framework, Security, Smart Home Device, Resource Type ● OCF for resource-constrained environments by Kishen Maloor @ OpenIoT Summit Europe 2016 ● OIC Specification Overview by OIC, Page 59 ~ 65 Open Connectivity Foundation (OCF)
- 28. Considering Maintenance The Purpose of the Device Assets’ Value Device’s Life Time
- 29. Reference: 自由時報
- 30. Reference: 自由時報
- 31. Considerations of Deploy & Update ● OS Type: ○ RTOS ○ Bigger OS like Linux ● Management: ○ Version Control ○ Testing (before/after) ○ Code Review ○ Code Scanning ○ Separation of Duties ○ … ● Method: ○ Physical attachment ○ Remote with internet ■ Capability of the internet ■ Integrity of ● The package ● The firmware ● The image ● The container ● ...
- 32. The Container Solution by resin.io
- 33. Deploy & Update are Popular Issues Slides in OpenIoT Summit Europe 2016 : ● Creating Continuous Delivery for Yocto Based IoT Distribution by Alexander Kanevskiy ● Software update for IoT: the current state of play by Chris Simmonds ★ Software Updates for Connected Devices: Key Considerations by Eystein Stenberg ● Gateways - The Center of Complexity for Update by Ned Smith ● OSS Remote Firmware Updates for IoT-like Projects by Silvano Cirujano Cuesta
- 34. IoT Security ● Security in IoT, more an attitude issue than a technical challenge by Dominig ar Foll ● Securing the Connected Car by Eystein Stenberg, also why do have to update ● IOT與系統安全 by Realtek Technical Project Manager, Neo Jou ● Securing Communications for SCADA and Critical Industrial Systems by Tom Bartman and Kevin Carson, Schweitzer Engineering Laboratories, Inc. ● P1711.2 - Standard for Secure SCADA Communications Protocol (SSCP) ● MISRA C facilitates code safety, security, portability and reliability. ● We have to bargain! Security is on the opposite of side of Computing, Clock, Power, Cost …
- 35. Computing Clock CostPower ... Security is the Marginal Reference: 互动百科 边缘人[网语]
- 36. Reference: OWASP Top 10 Mobile Risks - Final List 2014 2014
- 37. Threats & Weakness Model IoT Services IoT Node Other IoT Nodes M1 M7 M3, M5, M6, M9 Sensor Network General Network M7, M8 APP APP Memory M2, M4 M7, M8 M10 M8
- 38. There are more Issues ● DoS/DDoS 1. Cracked device 2. Mass deployed measuring devices connect at the same time
- 39. Reference: 臺北.幸福領航:守山護水安全城市 / 林慶維等撰文-臺北市政府工務局 2013〔民102〕, P. 6~7 為了掌握汛情,臺北市建立了完整的 水情監測資訊系統,整合的資訊包含: 衛星氣象資訊、河川及雨水下水道水 位即時資訊、雨量即時資訊、雨水抽水 站及閘門即時運轉資訊 Mass deployed measuring devices connect at the same time
- 40. Trend of the Flow in Emergency Peace Time Peace TimeEmergency Time Flow Time
- 41. There are more Issues ● DoS/DDoS 1. Cracked device 2. Mass deployed measuring devices connect at the same time ● Interference 1. Noise 2. The square is crowded with devices (Wireless) 3. Leaky wave (Wireless) 4. Wrong command
- 42. It is really tough to be in the space that is crowded with WiFi devices in a big conference like COSCUP
- 43. Leaky Wave ● It is just like “ Walls Have Ears ” ● Transmitted data and commands ● Send wrong commands ● Secured tunnel ● Same as the sniffered serial port lines
- 44. IEEE 802.15.4 Security ● Wiki IEEE 802.15.4 Reliability and security ● Security Considerations for IEEE 802.15.4 Networks by Naveen Sastry & David Wagner, University of California, Berkeley ● On evaluating the performance impact of the IEEE 802.15.4 security sub-layer by Roberta Daidone, Gianluca Dini, Giuseppe Anastasi, Department of Information Engineering, University of Pisa, Pisa, Italy, Computer Communications 47 (2014) 65–76 ● IETF Layer-2 security aspects for the IEEE 802.15.4e MAC draft-piro-6tisch-security-issues-03 no longer active
- 46. Summary ● IoT = Connectivity + Domain Knowledge ● What is purpose of the IoT application? ● There is no best solution or template for all of the cases. It is case by case. ● The amount of sensors is much more than actuators. ● Big difference between RTOS and big OS. ● How to deploy, maintain and update the devices? ● For the security, do as what general system has done with the proper methods.
- 47. Reference: 聯合報 UDN 雷射驅鳥 在家顧田水…資 訊人帶科技下田 Reference: 數位時代 用科技收成! 新世代農夫下田,讓農業變得更性感 More Example in Taiwan ~
- 48. Location Aware Sensing System Reference: LASS
- 50. 港口自動化門哨系統 Reference: 臺北港導入RFID建置門禁管理系統 完成貨櫃通關全程自動化 辜雅蕾, iThome, 2011.12.16
- 51. ● Slides in Open IoT Summit Europe 2016 http://events.linuxfoundation.org/events/openiot-summit-europe ● Wiki IEEE_802.15.4 https://en.wikipedia.org/wiki/IEEE_802.15.4 ● Wiki IEEE_802.15 https://en.wikipedia.org/wiki/IEEE_802.15 ● Wiki 6LoWPAN https://en.wikipedia.org/wiki/6LoWPAN ● RFC 4919 IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals https://tools.ietf.org/html/rfc4919 Errata Exist ● Internet of Things: 802.15.4, 6LoWPAN, RPL, COAP https://www.utwente.nl/ewi/dacs/colloquium/archive/2010/slides/20 10-utwente-6lowpan-rpl-coap.pdf Reference
- 52. ● Security Considerations for IEEE 802.15.4 Networks by Naveen Sastry & David Wagner, University of California, Berkeley ● Wiki ZigBee https://en.wikipedia.org/wiki/ZigBee ● ZigBee Alliance - Application Level Standardization http://www.zigbee.org/zigbee-for-developers/applicationstandards/ ● Security in 802.15.4 and ZigBee networks http://www.libelium.com/security-802-15-4-zigbee/ ● The New Wireless Thread Network Protocol http://www.allaboutcircuits.com/technical-articles/thread-network-pr otocol/ ● Thread Overview http://threadgroup.org/Portals/0/documents/whitepapers/Thread%2 0Stack%20Fundamentals_v2_public.pdf Reference Cont.
- 53. Reference Cont. ● LoRaWAN https://www.lora-alliance.org/portals/0/documents/whitepapers/LoR aWAN101.pdf ● Wiki Modbus https://en.wikipedia.org/wiki/Modbus ● RFC 2616 HTTP 1.1 https://tools.ietf.org/html/rfc2616 ● RFC 7252 CoAP https://tools.ietf.org/html/rfc7252 ● ISO/IEC 20922:2016 MQTT v3.1.1 http://www.iso.org/iso/catalogue_detail.htm?csnumber=69466
- 54. Thank you ~ and Q & A