Industrial Internet of Things: Protocols an Standards

Industrial Internet of Things: Protocols and
Standards
Javier Povedano Molina, PhD. <javier@rti.com>
Senior Software Engineer

©2018 Real-Time Innovations, Inc.
Ask me
Anything
At any time during the
presentation

Recognized Industrial IoT Leader

What is the
Industrial
Internet of Things?

#oktoberfestofthings

The Industrial IoT is about Systems
Consumer Internet of Things (CIoT) Industrial Internet of Things (IIoT)
Cyber-Physical Systems (CPS)
80% of hype 80% of value

Industrial Internet of Things is Everywhere

Industrial IoT is disrupting entire industries
Disrupting Energy
Industry
Disrupting Medical
Industry
Disrupting
Transportation
Industry

Medical and HealthCare
Patient Monitoring:
Can NASA-inspired
Command Centers
help the hospital of
the future? This
hospital thinks so [2]
Connected Medical
Devices
Image: source

Transportation
Hyperloop:
Planes, Trains and Hyperloops:
The Importance of Connectivity
in the IIoT (video)
Autonomous Cars:
Whitepaper: DDS in Autonomous
Car Design
Accelerate Autonomous Car
Development

Energy
● Siemens Wind Power
○ IT integration for maintenance
● LocalGrid
○ Monitor and control
● Grand Coulee Dam
○ Largest Electricity Producer
○ in US
● Green Energy IIC Testbed

It's all about
Standards

Object Management Group (OMG)
● The authors of CORBA and UML
○ standards
● Focused in Interoperability
● DDS Standards family
○ DDS 1.2 (API)
○ RTPS 2.1 (Wire prototocol)
○ X-Types (Extensibility)
○ WEB-DDS
○ PSM (C++, Java)
○ Security
○ RPC

Industrial Internet Consortium (IIC)

IIC Connectivity Framework
http://www.iiconsortium.org/IICF.htm

Industry 4.0
● German Government Initiative
● Focused on manufacturing
Smart Factory = Cyber Physical Systems + Cloud Computing + IoT

AUTOSAR
AUTOSAR (AUTomotive Open System ARchitecture) is a
worldwide development partnership of vehicle manufacturers,
suppliers, service providers and companies from the automotive
electronics, semiconductor and software industry.
> 100 partners including
• Core Partners: BMW, Bosch, Continental, Daimler, Ford, GM,
PSA, Toyota, and VW.
• RTI joined as a Development Partner in 2017
https://www.autosar.org/

AUTOSAR Standards
Classic Platform
• Defines a solution for embedded systems with hard real-time and safety constraints.
Adaptive Platform
Defines a solution for high-performance computing ECUs to build fail-operational systems for use cases such as
autonomous driving.
Implements the AUTOSAR Runtime for Adaptive Applications (ARA)
Characteristics
• Uses C++
• Defines a Service-oriented Architecture
• Leverages existing standards
• Focuses on safety and security
• Defined in terms of functional clusters (see next slides)

Open FMB
● Standard for Grid Control
● COW (+25)

Protocols for the
Industrial Internet

CoAP
● COnstrained Application Protocol
● Web of Things
○ REST model for small devices
● Pull model
● RFC7252
● http://coap.technology/
Source: openmobilealliance.org

AMQP
● Advanced Message Queuing
Protocol
● Wire-level protocol
○ Multiple Interfaces
● One to One and One To Many
● Broker based
● Message centric
● Implementations:
○ RabbitMQ, ActiveMQ, Apache
QPid

2014 © Real-Time Innovations Inc.
XMPP: Access Device Data
© 2014 Real-Time Innovations, Inc.
Extensible Messaging and Presence Protocol (XMPP)

JMS
● Java Messaging Service
● API
● Broker based
● Message centric
○ Websphere, ActiveMQ,...

MQTT: Collect Device Data
Message Queuing Telemetry Transport (MQTT)
● Brokered
● Lightweight
● Wire protocol
○ paho, mosquitto, ...

Data Distribution Service
● Data Centric Approach
● Fully distributed Architecture
● Advanced QoS
● Stantard
○ Both Wire-protocol and API
○ Connext, Vortex OpenSplice, OpenDDS, CoreDX

Pub/Sub Protocol Comparison
AMQP JMS MQTT DDS
Architecture Broker Broker Broker Descentralized
Type Topic Topic Topic Content/Type
Standard API N Y N Y
Standard Wire Y N Y Y
Transport TCP TCP TCP UDP*
QoS Y(3) Y(4) Y(3) Y (20*)
Standard Payload
Format
N N N CDR
Filtering Content Content N Content/Time

...so which one to use?
IT DEPENDS!

Choose AMQP If…
• Distributing work, not information?
• Just send A to B?
• Speed & CPU use not important?
• Can’t lose anything?
• 3 or 4 => AMQP
Process: AMQP

Choose MQTT If…
• Think of it as collection?
• Little device-device communications?
• Large number of devices?
• Very small devices?
• 3 or 4 => MQTT
Collect:
MQTT, CoAP

Choose XMPP/REST If…
• Use the word “my”?
• Few connectivity points in large space?
• Speed & CPU use not important?
• “Always” connected?
• 3 or 4 => XMPP or REST

Choose DDS If…
• Disaster if offline for 5 minutes?
• Measure performance in ms or us? Or scale >100+
applications? Or 10k+ data values?
• Code actively developed for >3 yrs?
• 2 or 3 => DDS
Control: DDS

There is strength in numbers
• IIoT will need many protocols
– Server to Server: MQ, AMQP, SOAP,...
– Device to Server: MQTT, CoAP
– Device to Device: DDS
– Control Plane: Melting pot
• An example:
– MQTT to collect device information
– DDS shares device data to build intelligent system
– AMQP messages between servers

DDS & IoT
• Access
– Link sparse endpoints
– XMPP
• Process
– Biz intelligence
– Centralized/ESB
– ~100ms
– MQ/AMQP
• Collect
– Collect data
– Hub & spoke
– ~10ms
– MQTT/CoAP
• Control, distribute
– DataBus
– ~.01ms
– DDS
Devices and Intelligent Systems
Web services and Bussiness aps
Control
Collect
ProcessAccess

Protocol Collaboration

Many Others

DDS:
A real-time
connectivity platform

Data Distribution Service is a Databus
Application
Application
Message centric
Client/Server
Remote Objects
Publish-subscribe
SOA
DDS is the standard
that defines a databus
Application
Application
Data
Data-centric technology
connects applications to
the data, not to each other

The Databus is Different!
Data-Centric
DDS
Shared Data Model
DataBus
Point-to-Point
TCP
Sockets
Client/Server
MQTT
XMPP
OPC
CORBA
Brokered
ESB
Daemon
Publish/Subscribe
Fieldbus
CANbus
ZeroMQ
JMS
Queuing
AMQP
Active MQ

Database and Databus are Data Centric
• Common “truth” for integration
• Natural redundancy
• Right data, right time, right place
• Complexity in infrastructure, not code
• No startup dependencies
• Generic tools and analyzers
Database Databus
Stores & searches old data Seeks & filters future data
Why Data Centricity?

Data Distribution Service
● Object Management Group
Standards
● Data Distribution Service (DDS)
○ API
○ QoS
● Real-Time Publish Subscribe (RTPS)
○ Data encoding
○ Interaction Protocol
○ On the Wire Format
● Extensions:
○ XTypes
○ Security

Connectivity Gateway
Database Integration
Service
Persistence Service
Visualization
& Debug
Tools
Recording &
Playback
Services
Application
Prototyper
Data
Modeling
Tools
Connectivity
SDKs
(C, C++, Java, .NET,
Javascript, Python …)
Tools &
SDKs
Connectivity
Services
Quality
of
Service
Security
Publish-Subscribe Request-Reply Discovery
ID and Addressing
Data Type
System
Lifecycle (CRUD)
Exception Handling
State
Management
API Governance
Databus
DDS-RTPS Messaging Protocol
Data Resource Model

Cloud Services
Sensing
Planning
Radar, LIDAR Vehicle Platform Navigation
Error
Management
Cockpit/Dashboard
Situation Analysis
Situation Awareness
Vision Fusion
Cameras, LIDAR,
Radar
…
Data Fusion
LoggingVehicle Control
Localization
Connext Databus
Traffic Maps
Connext Databus
Example: Autonomous Car

DDS Quality of Service (QoS)
Quality of Service Quality of service
DURABILITY USER_DATA
HISTORY TOPIC_DATA
READER DATA LIFECYCLE GROUP_DATA
WRITER DATA LIFECYCLE PARTITION
LIFESPAN PRESENTATION
ENTITY FACTORY DESTINATION ORDER
RESOURCE LIMITS OWNERSHIP
RELIABILITY OWNERSHIP STRENGTH
TIME BASED FILTER LIVELINESS
DEADLINE LATENCY BUDGET
CONTENT FILTERS TRANSPORT PRIORITY
VolatilityInfrastructureDelivery
UserPresentationRedundancyTransport

QoS Example: Reliable alarms/events
HISTORY TOPIC_DATA

QoS Example: Data Redundancy
HISTORY TOPIC_DATA

Security in IIoT

Threats
Alice: Allowed to publish topic T
Bob: Allowed to subscribe to topic T
Eve: Non-authorized eavesdropper
Trudy: Intruder
Trent: Trusted infrastructure service
Mallory: Malicious insider
1. Unauthorized subscription
2. Unauthorized publication
3. Tampering and replay
4. Unauthorized access to data by
infrastructure services

App 2
Limitations of TLS: Security Is at a Very Gross Level
•Inefficient: all data is encrypted and signed
– Application data and metadata
– Regardless of whether privacy and/or integrity are required
•Poor latency and jitter: usually runs over TCP
•Not scalable: no multicast support
– Even with DTLS over UDP
App 1

Limitations of TLS: No Inherent Access Control
• Apps are authenticated or they’re not
• No inherent protection against insider threats
– E.g.: authorized subscriber but unauthorized publisher
• Access control has to be done by centralized broker or at application
level
Device
App App App
Device Device
Message Broker
• Poor performance and
scalability
• Single point of
failure/failover
• Single point of
vulnerability

The Alarm Limit is attacked. A
hacker compromises a device and
makes it change the alarm limits for
the entire system. Devices are
allowed to read this, but should not
write it.
RTI Connext Databus
Sensor Device(s)
Supervisor
Numeric
Image
AlarmLimit
Numeric
Image
AlarmLimit
Transport-Level Security
63

RTI Connext Databus
Compromised Sensor
Device
Supervisor
Numeric
Image
AlarmLimit
Numeric
Image
AlarmLimit
Transport-level security does
not prevent an insider from
attacking, writing data it
should not be allowed to
modify.
AlarmLimit
Transport-Level Security
64

RTI Connext Databus
Compromised Sensor
Device
Supervisor
Numeric
Image
AlarmLimit
Numeric
Image
AlarmLimit
AlarmLimitDDS security contains
fine-grained permissions that
prevent an application from
writing (or reading) something
it is not entitled to.
DDS Security: Access Control
65

DDS Secures the Data, Not the Pipe
DDS Domain
Line Flight Dest Arv
UA 567 SFO 7:32
AA 432 LAX 9:15
Squawk Long Lat Alt
1234 37.4 -122.0 500.0
7654 40.7 -74.0 250.0
Squawk Line Flight
1234 UA 567
7654 AA 432
Topi
c

The Developer
Tools
and Processes
A whirlwind tour

©2017 Real-Time Innovations, Inc. Confidential.
Coding Standards and Practices
SEI CERT Coding Standards
● Coding Rules and
Conventions
○ MISRA
● Certifications

Developer Tools
• Code Coverage
– In some industries it is required 100% coverage!
– LCov
• Static Analysis
– Clang
• Memory Tools
– Valgrind

Vulnerability
Management
Process

Vulnerability Management process
•What is considered a vulnerability?
•How do catalog vulnerabilities in your bug management system?
•What should you pay attention to when fixing vulnerabilities and
who should be involved in the code reviews?
•Where and how do you document vulnerabilities?
•How do you communicate the information both internally and
externally?
•How do you set up secure channels to receive and discuss
vulnerability reports?

“It's important to understand that the
definition isn't the final word on whether
an issue warrants a security bulletin —
instead, it's the first word.”
- Microsoft

TLP –
Traffic
Light
Protocol

Critical infrastructure requires more discreet
management of vulnerabilities

We’re hiring
software engineers
in Granada
https://www.rti.com/careers

Industrial Internet of Things: Protocols an Standards

More Related Content

What's hot

Similar to Industrial Internet of Things: Protocols an Standards

Recently uploaded

Industrial Internet of Things: Protocols an Standards