Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Considerations for Internet of Things @ 2017

1,002 views

Published on

物聯網是一門透過通訊,將端點蒐集到的資料,集中關聯分析,並將分析結果用以決策並回饋的工程藝術。
本次的分享將從物聯網的目的當作進入點,接著分享可能的佈署架構。並概述目前各個常用的通訊標準、協定,以及其所屬的角色。
除此之外,也會分享去年到柏林參加Linux Foundation舉辦的Open IoT Summit Europe 2016的心得。
在此,帶回一些國外對於物聯網節點的佈署、更新或維護的看法、作法。
另外,也會分享一些物聯網可能需要考量的資訊安全議題。

IoT is a kind of engineering art, which analyzes the collected data from
the device nodes through the communication and has the result for the
decision making and feedback.
This sharing goes for the purpose of IoT and it's deployment structure.
Then, the slide introduces the most used communication standards or
protocols in IoT and their roles.
Besides, also shares what I have got from the Open IoT Summit Europe 2016
which was held by Linux Foundation in Berlin last year.
It introduces how will the device nodes be deployed, updated and maintained.
Finally, the slide provides some security issues that should be considered
in IoT.

Published in: Technology
  • Be the first to comment

The Considerations for Internet of Things @ 2017

  1. 1. The Considerations for Internet of Things Jian-Hong Pan (StarNight) @ 2017.02.14 TOSSUG
  2. 2. Who am I 潘建宏 / Jian-Hong Pan (StarNight) You can find me at ~ http://www.slideshare.net/chienhungpan/ GitHub : starnight Facebook : Jian-Hong Pan Email : starnight [AT] g.ncu.edu.tw
  3. 3. Outline ● The purpose of IoT ● IoT Structure ● Communication Protocals ● Describe the Things ● Deploy / Update ● Threats & Weakness ● Summary
  4. 4. Machine Factory Power Plant Farm Healthcare Environment ... The Purpuse of IoT SystemASet Output Feedback - + Physical, Chemical ... values error Controller Internet Remote
  5. 5. In General Internet Device or Internet Gateway Device #1 Device #2 Device #n RS232/485/422 Bluetooth, Zigbee, LoRa Ethernet, WiFi ...
  6. 6. Internet N N N N N Gateway IoT Services: Data Collector Commands Deploy/Update ... Business Applications Big Data Data Mining Analysis Machine Learning / AI Decision Making ... Sensor Network Do & Check General Network Plan & Analyze Connectivity Domain Knowledge
  7. 7. What features do Nodes have? ● Connectivity ● Sensor ● Actuator ● Computing ● Others ... Domain Knowledge
  8. 8. OSI 7 Layers Reference: Wiki OSI model https://en.wikipedia.org/wiki/OSI_model Physical Data Link Network Transport Session Presentation Application Software Connections Encodings Applications I/O port Route Link neighbors Controlled by Application Controlled by OS Electrics, Lines Socket APIs
  9. 9. Nodes Could be Linked with N N N N N Gateway Physical Network Data Link Transport Session Presentation Application Simple wired, Ethernet, Cable, Power Line RS232/422/485, CANbus, Bluetooth, WiFi, LR-WPANs(802.15.4), Mobile Telecom Series, NB-IoT … PS. More IEEE 802.15
  10. 10. Constrained Environment ● Considering the size and power restrictions, most embedded devices have limited resources. (MCU level) ○ Less processors: Usually has only one processor, single thread. ○ Less memory: On-chip RAM < 1MB. ○ Less storage: On-chip flash < 1MB. ○ Lower speed grade: Clock rate < 1GHz. ○ The on chip OS may even not provide process, thread APIs. ● For getting long battery life and long distance with wireless communication, there is the standard IEEE 802.15.4 which defines the operation of low-rate wireless personal area networks (LR-WPANs)
  11. 11. IEEE 802.15.4 Topologies FFD FFD RFD CoN RFD FFD FFD RFD CoN RFD FFD RFD ● FFD: Full-function device node ● RFD: Reduced-function devices node ● CoN: One of FFD serves as the coordinator of a PAN Reference: Wiki IEEE 802.15.4
  12. 12. Nodes Could route & connect with N N N N N Gateway Physical Data Link Session Presentation ApplicationIP / IPv6, 6LoWPAN, Zigbee, Thread, LoRaWAN, ... Transport Network
  13. 13. Nodes Could communicate with N N N N N Gateway Physical Data Link Presentation Application For sockets: Custom Protocal, Modbus, HTTP, CoAP, MQTT, … Also communicate with the IoT services Transport Network Session
  14. 14. Modbus ● Master / Slave ● Query in loop ● It is a format for Application Data Unit (ADU) ○ ADU = Address + PDU + Error Check ○ PDU = Function code + Data ○ Error Check may be discard over some protocals ○ ASCII / RTU ● Over serial communication, TCP, UDP ... Reference: Wiki Modbus
  15. 15. HTTP ● In general, it is over TCP/IP. ● IETF RFC 2616 ● Nodes could be either server side or client side. It is depended on the purpose. ○ Server is connected from ■ other nodes / internet ○ Client connects to ■ other nodes / internet ● Build a Micro HTTP Server for Embedded System by Jian-Hong Pan
  16. 16. CoAP Constrained Application Protocol (CoAP) ● IETF RFC 7252 ● The goal of CoAP is not to blindly compress HTTP [RFC2616], but rather to realize a subset of REST common with HTTP but optimized for M2M applications. ● Offers features for M2M such as built-in discovery, multicast support, and asynchronous message exchanges. Reference: IETF RFC 7251
  17. 17. CoAP’s Main Features: ● Web protocol fulfilling M2M requirements in constrained environments. ● UDP binding with optional reliability supporting unicast and multicast requests. ● Asynchronous message exchanges. ● Low header overhead and parsing complexity. ● URI and Content-type support. ● Simple proxy and caching capabilities. ● Security binding to Datagram Transport Layer Security (DTLS) [RFC 6347]. Reference: IETF RFC 7251
  18. 18. Requests with Responses CON [0xbc90] GET /temperature (Token 0x71) Client Server ACK [0xbc90] 2.05 Content (Token 0x71) "22.5 C" Reference: IETF RFC 7251 2.2. Request/Response Model
  19. 19. CoAP Recap ● Over UDP ● Request/Response Model ● RESTful Environments ● Data Model in payload ○ XML ○ JSON ○ CBOR (IETF RFC 7049 Concise Binary Object Representation) ○ Other format ● DTLS
  20. 20. MQTT Message Queuing Telemetry Transport ● ISO/IEC 20922:2016 (2016-06-15 publish) ● OASIS MQTT TC ● Over TCP/IP ● The publish/subscribe message pattern provides one-to-many message distribution and decoupling of applications. ● Three qualities of service for message delivery: At most once, At least once, Exactly once Reference: ISO/IEC 20922:2016 Message Queuing Telemetry Transport (MQTT) v3.1.1
  21. 21. Broker Publisher - Broker - Subscriber Publisher Publisher Publisher Topic Topic Subscriber Subscriber Subscriber 1. Subscribe a topic 2. Publish a message to the topic 3. Publish the message to whom has subscribed the topic Clients Clients Server
  22. 22. Recap with a Picture Apache Mynewt ConnecGvity Layer Apache Mynewt Overview by Sterling Hughes & James Pace Page 7 @ OpenIoT Summit Europe 2016
  23. 23. by Aaron Vernon @ OpenIoT Summit Europe 2016 Avoid the Silos and Help Build the True Internet of Things
  24. 24. Reference: Wiki Silo https://en.wikipedia.org/wiki/Silo
  25. 25. All of the specifications and protocols mentioned above are just the communication protocol. Still need a protocol to describe the thing and it’s properties and methods.
  26. 26. The “ Thing ” of IoT is not only Object-oriented, but also is a “ Real Object ” !
  27. 27. ● OIC SPECIFICATION 1.1 ○ Core Framework, Security, Smart Home Device, Resource Type ● OCF for resource-constrained environments by Kishen Maloor @ OpenIoT Summit Europe 2016 ● OIC Specification Overview by OIC, Page 59 ~ 65 Open Connectivity Foundation (OCF)
  28. 28. Considering Maintenance The Purpose of the Device Assets’ Value Device’s Life Time
  29. 29. Reference: 自由時報
  30. 30. Reference: 自由時報
  31. 31. Considerations of Deploy & Update ● OS Type: ○ RTOS ○ Bigger OS like Linux ● Management: ○ Version Control ○ Testing (before/after) ○ Code Review ○ Code Scanning ○ Separation of Duties ○ … ● Method: ○ Physical attachment ○ Remote with internet ■ Capability of the internet ■ Integrity of ● The package ● The firmware ● The image ● The container ● ...
  32. 32. The Container Solution by resin.io
  33. 33. Deploy & Update are Popular Issues Slides in OpenIoT Summit Europe 2016 : ● Creating Continuous Delivery for Yocto Based IoT Distribution by Alexander Kanevskiy ● Software update for IoT: the current state of play by Chris Simmonds ★ Software Updates for Connected Devices: Key Considerations by Eystein Stenberg ● Gateways - The Center of Complexity for Update by Ned Smith ● OSS Remote Firmware Updates for IoT-like Projects by Silvano Cirujano Cuesta
  34. 34. IoT Security ● Security in IoT, more an attitude issue than a technical challenge by Dominig ar Foll ● Securing the Connected Car by Eystein Stenberg, also why do have to update ● IOT與系統安全 by Realtek Technical Project Manager, Neo Jou ● Securing Communications for SCADA and Critical Industrial Systems by Tom Bartman and Kevin Carson, Schweitzer Engineering Laboratories, Inc. ● P1711.2 - Standard for Secure SCADA Communications Protocol (SSCP) ● MISRA C facilitates code safety, security, portability and reliability. ● We have to bargain! Security is on the opposite of side of Computing, Clock, Power, Cost …
  35. 35. Computing Clock CostPower ... Security is the Marginal Reference: 互动百科 边缘人[网语]
  36. 36. Reference: OWASP Top 10 Mobile Risks - Final List 2014 2014
  37. 37. Threats & Weakness Model IoT Services IoT Node Other IoT Nodes M1 M7 M3, M5, M6, M9 Sensor Network General Network M7, M8 APP APP Memory M2, M4 M7, M8 M10 M8
  38. 38. There are more Issues ● DoS/DDoS 1. Cracked device 2. Mass deployed measuring devices connect at the same time
  39. 39. Reference: 臺北.幸福領航:守山護水安全城市 / 林慶維等撰文-臺北市政府工務局 2013〔民102〕, P. 6~7 為了掌握汛情,臺北市建立了完整的 水情監測資訊系統,整合的資訊包含: 衛星氣象資訊、河川及雨水下水道水 位即時資訊、雨量即時資訊、雨水抽水 站及閘門即時運轉資訊 Mass deployed measuring devices connect at the same time
  40. 40. Trend of the Flow in Emergency Peace Time Peace TimeEmergency Time Flow Time
  41. 41. There are more Issues ● DoS/DDoS 1. Cracked device 2. Mass deployed measuring devices connect at the same time ● Interference 1. Noise 2. The square is crowded with devices (Wireless) 3. Leaky wave (Wireless) 4. Wrong command
  42. 42. It is really tough to be in the space that is crowded with WiFi devices in a big conference like COSCUP
  43. 43. Leaky Wave ● It is just like “ Walls Have Ears ” ● Transmitted data and commands ● Send wrong commands ● Secured tunnel ● Same as the sniffered serial port lines
  44. 44. IEEE 802.15.4 Security ● Wiki IEEE 802.15.4 Reliability and security ● Security Considerations for IEEE 802.15.4 Networks by Naveen Sastry & David Wagner, University of California, Berkeley ● On evaluating the performance impact of the IEEE 802.15.4 security sub-layer by Roberta Daidone, Gianluca Dini, Giuseppe Anastasi, Department of Information Engineering, University of Pisa, Pisa, Italy, Computer Communications 47 (2014) 65–76 ● IETF Layer-2 security aspects for the IEEE 802.15.4e MAC draft-piro-6tisch-security-issues-03 no longer active
  45. 45. Defense in Depth Device Firewall APP Sensor Network Guard Unknow / Internet
  46. 46. Summary ● IoT = Connectivity + Domain Knowledge ● What is purpose of the IoT application? ● There is no best solution or template for all of the cases. It is case by case. ● The amount of sensors is much more than actuators. ● Big difference between RTOS and big OS. ● How to deploy, maintain and update the devices? ● For the security, do as what general system has done with the proper methods.
  47. 47. Reference: 聯合報 UDN 雷射驅鳥 在家顧田水…資 訊人帶科技下田 Reference: 數位時代 用科技收成! 新世代農夫下田,讓農業變得更性感 More Example in Taiwan ~
  48. 48. Location Aware Sensing System Reference: LASS
  49. 49. Reference: udn.com 經濟日報 智慧電表全民化 明年 啟動
  50. 50. 港口自動化門哨系統 Reference: 臺北港導入RFID建置門禁管理系統 完成貨櫃通關全程自動化 辜雅蕾, iThome, 2011.12.16
  51. 51. ● Slides in Open IoT Summit Europe 2016 http://events.linuxfoundation.org/events/openiot-summit-europe ● Wiki IEEE_802.15.4 https://en.wikipedia.org/wiki/IEEE_802.15.4 ● Wiki IEEE_802.15 https://en.wikipedia.org/wiki/IEEE_802.15 ● Wiki 6LoWPAN https://en.wikipedia.org/wiki/6LoWPAN ● RFC 4919 IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals https://tools.ietf.org/html/rfc4919 Errata Exist ● Internet of Things: 802.15.4, 6LoWPAN, RPL, COAP https://www.utwente.nl/ewi/dacs/colloquium/archive/2010/slides/20 10-utwente-6lowpan-rpl-coap.pdf Reference
  52. 52. ● Security Considerations for IEEE 802.15.4 Networks by Naveen Sastry & David Wagner, University of California, Berkeley ● Wiki ZigBee https://en.wikipedia.org/wiki/ZigBee ● ZigBee Alliance - Application Level Standardization http://www.zigbee.org/zigbee-for-developers/applicationstandards/ ● Security in 802.15.4 and ZigBee networks http://www.libelium.com/security-802-15-4-zigbee/ ● The New Wireless Thread Network Protocol http://www.allaboutcircuits.com/technical-articles/thread-network-pr otocol/ ● Thread Overview http://threadgroup.org/Portals/0/documents/whitepapers/Thread%2 0Stack%20Fundamentals_v2_public.pdf Reference Cont.
  53. 53. Reference Cont. ● LoRaWAN https://www.lora-alliance.org/portals/0/documents/whitepapers/LoR aWAN101.pdf ● Wiki Modbus https://en.wikipedia.org/wiki/Modbus ● RFC 2616 HTTP 1.1 https://tools.ietf.org/html/rfc2616 ● RFC 7252 CoAP https://tools.ietf.org/html/rfc7252 ● ISO/IEC 20922:2016 MQTT v3.1.1 http://www.iso.org/iso/catalogue_detail.htm?csnumber=69466
  54. 54. Thank you ~ and Q & A

×