BLE, BT, Wifi, Z-Wave, Zigbee, EnOcean, 802.15.4, NB-IoT, EC-GSM, LoRa, SigFox. Lista jest długa a cały czas się jeszcze wydłuża. Która technologia będzie najlepsza dla Twojego projektu IoT? Jak się nie pogubić w tej mnogości i szybkości zmian?
Sesja postara się odpowiedzieć na te i kilka innych pytań związanych z łącznością bezprzewodową w świecie Internet of Things.
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...PROIDEA
W wyścigu wielu technologii i standardów budowy sieci Data Center oraz Data Center Interconnect, EVPN zdaje się być tym, który wysunął się na prowadzenie. W ramach sesji odpowiemy sobie na pytanie gdzie EVPN jest w tej chwili na tle innych technologii, gdzie go stosować, na co zwracać uwagę podczas wdrożenia.
Enhancing Network Visibility Based On Open Converged Network ApplianceOpen Networking Summit
Dr. Dongheon Lee' and Dr. Junho Suh's presentation from the 2017 Open Networking Summit.
As the mobile traffic carried by cellular networks has been growing rapidly and the networks gets bigger and more complex, network operators have been forced to search for solutions to substantially enhance network visibility. This talk introduces SKT integrated Network Analyzer (TiNA) and Converged Appliance Platform (T-CAP) which help us improving the efficiency of network operation, troubleshooting, and analyzing traffic. TiNA is composed of virtual network packet broker, flow analyzer, high speed packet dump system, connection performance analyzer, and 3D-based network management system. T-CAP is an open architecture of a server-switch type hardware. We will review how to implement those TiNA functions based on open source (e.g., DPDK, Spark Streaming) and T-CAP. Finally, we will also discuss about the use-cases of TiNA and T-CAP for the private cloud & telco network infrastructure.
3 hours course on IEEE and IETF protocols introducing the 6TiSCH architecture and the RPL routing protocol. Course given at telecom Bretagne on Feb 12th 2014
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...PROIDEA
W wyścigu wielu technologii i standardów budowy sieci Data Center oraz Data Center Interconnect, EVPN zdaje się być tym, który wysunął się na prowadzenie. W ramach sesji odpowiemy sobie na pytanie gdzie EVPN jest w tej chwili na tle innych technologii, gdzie go stosować, na co zwracać uwagę podczas wdrożenia.
Enhancing Network Visibility Based On Open Converged Network ApplianceOpen Networking Summit
Dr. Dongheon Lee' and Dr. Junho Suh's presentation from the 2017 Open Networking Summit.
As the mobile traffic carried by cellular networks has been growing rapidly and the networks gets bigger and more complex, network operators have been forced to search for solutions to substantially enhance network visibility. This talk introduces SKT integrated Network Analyzer (TiNA) and Converged Appliance Platform (T-CAP) which help us improving the efficiency of network operation, troubleshooting, and analyzing traffic. TiNA is composed of virtual network packet broker, flow analyzer, high speed packet dump system, connection performance analyzer, and 3D-based network management system. T-CAP is an open architecture of a server-switch type hardware. We will review how to implement those TiNA functions based on open source (e.g., DPDK, Spark Streaming) and T-CAP. Finally, we will also discuss about the use-cases of TiNA and T-CAP for the private cloud & telco network infrastructure.
3 hours course on IEEE and IETF protocols introducing the 6TiSCH architecture and the RPL routing protocol. Course given at telecom Bretagne on Feb 12th 2014
How new Low Power Wireless Area Networks (LPWAN's) are aggressively challenging the Internet of Things status quo and how industry can exploit this opportunity. Specifically, the ability to query IoT endpoints in real time, improve network capacity and data rates, and the ability to deploy a filesystem in order to create a "Hadoop"-like real-time query capability at the edge of the network is explored.
TRUST BASED ROUTING METRIC FOR RPL ROUTING PROTOCOL IN THE INTERNET OF THINGSpijans
While smart factories are becoming widely recognized as a fundamental concept of Industry 4.0, their implementation has posed several challenges insofar that they generate and process vast amounts of security critical and privacy sensitive data, in addition to the fact that they deploy IoT heterogeneous and constrained devices communicating with each other and being accessed ubiquitously through lossy networks. In this scenario, the routing of data is a specific area of concern especially with the inherent constraints and limiting properties of such devices like processing resources, memory capacity and battery life. To suit these constraints and to provide the required connectivity, the IETF has developed several standards, among them the RPL routing protocol for Low powerand Lossy Networks (LLNs). However, and even though RPL provides support for integrity and confidentiality of messages, its security may be compromised by several threats and attacks. We propose in this work TRM-RPL, a Trust based Routing Metric for the RPL protocol in an IIoT based environments. TRM-RPL uses a trust management mechanism to detect malicious behaviors and resist routing attacks while providing QoS guarantees. In addition, our model addresses both node and link trust and follows a multidimensional approach to enable
an accurate trust assessment for IoT entities. TRM-RPL is implemented, successfully tested and compared with the standard RPL protocol where its effectiveniness and resilience to attacks has been proved to be better.
This presentation is based on the IETF draft draft-farrell-lpwan-lora-overview-01 and provides a brief overview of the LoRaWAN architecture. It was presented at the LPWAN WG meeting in IETF 98.
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PROIDEA
Na przykładzie rozwiązania AMS (Attack Mitigation System) firmy RADWARE niniejsza prezentacja przedstawi różne modele skutecznej ochrony aplikacji internetowych zarówno w modelu „chmurowym” jak również mieszanym (hybrydowym). Prezentacja przedstawi również zalety implementacji mechanizmów bezpieczeństwa w formie natywnych funkcji sieciowych oraz odpowie na pytanie w jaki sposób zapewnić najlepszą ochronę przy jednoczesnym zachowaniu najwyższego poziomu SLA aplikacji.
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...PROIDEA
W trakcie tej sesji zostaną przedstawione założenia, które stały u podstaw zbudowania przez firmę Dell rewolucyjnego i otwartego sieciowego systemu operacyjnego znanego pod kryptonimem OS10. Omówina zostanie jego architektura, funkcjonalności oraz praktyczne zastosowania. System OS10 to nastepny krok w promowanej od 2 lat przez firmę Dell idei otwartej sieciowości (Dell Open Networking) rozdzialając i standaryzując obecnie już nawet warstwy w samym sieciowym systemie operacyjnym !
How new Low Power Wireless Area Networks (LPWAN's) are aggressively challenging the Internet of Things status quo and how industry can exploit this opportunity. Specifically, the ability to query IoT endpoints in real time, improve network capacity and data rates, and the ability to deploy a filesystem in order to create a "Hadoop"-like real-time query capability at the edge of the network is explored.
TRUST BASED ROUTING METRIC FOR RPL ROUTING PROTOCOL IN THE INTERNET OF THINGSpijans
While smart factories are becoming widely recognized as a fundamental concept of Industry 4.0, their implementation has posed several challenges insofar that they generate and process vast amounts of security critical and privacy sensitive data, in addition to the fact that they deploy IoT heterogeneous and constrained devices communicating with each other and being accessed ubiquitously through lossy networks. In this scenario, the routing of data is a specific area of concern especially with the inherent constraints and limiting properties of such devices like processing resources, memory capacity and battery life. To suit these constraints and to provide the required connectivity, the IETF has developed several standards, among them the RPL routing protocol for Low powerand Lossy Networks (LLNs). However, and even though RPL provides support for integrity and confidentiality of messages, its security may be compromised by several threats and attacks. We propose in this work TRM-RPL, a Trust based Routing Metric for the RPL protocol in an IIoT based environments. TRM-RPL uses a trust management mechanism to detect malicious behaviors and resist routing attacks while providing QoS guarantees. In addition, our model addresses both node and link trust and follows a multidimensional approach to enable
an accurate trust assessment for IoT entities. TRM-RPL is implemented, successfully tested and compared with the standard RPL protocol where its effectiveniness and resilience to attacks has been proved to be better.
This presentation is based on the IETF draft draft-farrell-lpwan-lora-overview-01 and provides a brief overview of the LoRaWAN architecture. It was presented at the LPWAN WG meeting in IETF 98.
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PROIDEA
Na przykładzie rozwiązania AMS (Attack Mitigation System) firmy RADWARE niniejsza prezentacja przedstawi różne modele skutecznej ochrony aplikacji internetowych zarówno w modelu „chmurowym” jak również mieszanym (hybrydowym). Prezentacja przedstawi również zalety implementacji mechanizmów bezpieczeństwa w formie natywnych funkcji sieciowych oraz odpowie na pytanie w jaki sposób zapewnić najlepszą ochronę przy jednoczesnym zachowaniu najwyższego poziomu SLA aplikacji.
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...PROIDEA
W trakcie tej sesji zostaną przedstawione założenia, które stały u podstaw zbudowania przez firmę Dell rewolucyjnego i otwartego sieciowego systemu operacyjnego znanego pod kryptonimem OS10. Omówina zostanie jego architektura, funkcjonalności oraz praktyczne zastosowania. System OS10 to nastepny krok w promowanej od 2 lat przez firmę Dell idei otwartej sieciowości (Dell Open Networking) rozdzialając i standaryzując obecnie już nawet warstwy w samym sieciowym systemie operacyjnym !
PLNOG 17 - Piotr Pieprzycki - Praktycznie: Ścieżka Continuous Integration w k...PROIDEA
Konfigurowanie urządzeń sieciowych można traktować jak pisanie kodu. To co programiści znają jako continous integration może być wykorzystane również w zarządzaniu siecią, nawet tak dużą jak w Grupie Onet-RAS Polska. Opowiem z perspektywy praktyka jak dziś wygląda model w jakim wprowadzamy w DreamLabie zmiany w naszym środowisku i z jakimi problemami zetknęliśmy się po drodze.
PLNOG 17 - Nicolai van der Smagt - Building and connecting the eBay Classifie...PROIDEA
It seems everybody is talking about SDN. But where are the implementations? Nicolai talks about the intricacies of a successful cloud building project, at eBay Classifieds, and will discuss the implementation of the underlay network, virtualized overlay, hybrid cloud and MPLS integration.
Czy można na własne oczy zobaczyć krzywiznę Ziemi, albo czerń kosmicznego nieba?
Jak daleko może dolecieć mały balonik - dziecięca zabawka? Postanowiłem to sprawdzić.
Aby to zrobić - musiałem zabezpieczyć sobie transmisję danych w miejscu gdzie nie ma zasięgu sieci komórkowych, a o WiFi nikt nie słyszał. Jak zapewnić zasilanie na kilkutygodniową misję przy temperaturach rzędu -60 stopni celsjusza? O tym jak rozwiązałem te problemy opowiem w mojej prezentacji.
Zapraszam.
PLNOG 17 - Konrad Kulikowski - Cisco WAE - Wan Automation Engine - Co SDN moż...PROIDEA
W swojej prezentacji Konrad omówi WAN Automation Engine (WAE), czyli oprogramowanie instalowane na serwerze, które pozwala na wielowarstwową widoczność sieci, historię pracy, optymalizację ścieżek i optymalizację przepływu ruchu. WAE jest unikalnym, centralnym punktem posiadający pełny aktualny ogląd sieci.
PLNOG 17 - Piotr Jasiniewski, Przemek Papużyński - Ericsson HDS 8000 Server p...PROIDEA
Prelegenci przedstawią w skrócie charakterystykę rozwiązania serwerowego HDS 8000 firmy ERICSSON, opartego o architekturę Rack Scale Design (RSD).
Poruszone zostaną zagadnienia związanie z przewagami takiego rozwiązania (zarówno od strony technicznej jak i użytkowej) nad dotychczas dostępnymi, i korzyściami które są tego efektem.
PLNOG 17 - Robert Rosiak - Zcentralizowane i dystrybuowane CPE - różnice i po...PROIDEA
Podczas prezentacji zostaną zaprezentowane różnice i podobieństwa
zcentralizowanego i dystrubowanego CPE zarządzanego przez orkiestratora CSO.
Zcentralizowane CPE oparte jest o rozwiązanie hostowane w chmurze u
operatora w postaci gotowego rozwiązania do tworzenia usług NFV z
wykorzystaniem CSO jak i kontrolera contrail.
Rozwiązanie dystrybuowane, dedykowane dla bardziej wymagających
klientów, oparte jest o nowoczesne urządzenie NFX250 instalowane u
klienta, które oprócz standardowych funkcjonalności routera ma możliwość
uruchamiania wielu wirtualnych instancji VNF na wbudowanym hypervisorze KVM.
PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie...PROIDEA
Protokół spanning-tree - wypierany przez inne technologie w nowoczesnych rozwiązaniach nadal stanowi podstawę działania sieci. Wśród wielu jego odmian trochę zapomniane i niedocenione wcielenie stanowi 802.1s czyli MST. Sesja ma na celu przypomnienie podstaw działania MST i wskazanie scenariuszy, w których protokół ten może ułatwić nam życie.
PLNOG 17 - Paweł Wachelka - Zastosowanie 802.1x w sieciach kampusowych - nowe...PROIDEA
Na prezentacji zostanie omówiona technologia 802.1x, zostaną przedstawione praktyczne przykłady uwierzytelniania stacji oraz telefonów. Rozszerzeniem wykładu będzie omówienie rozwiązania bazującego na ID użytkownika/grupy, które ma za zadanie zunifikowanie polityk bezpieczeństwa w całej sieci kampusowej, ułatwienie implementacji oraz zwiększenie bezpieczeństwa.
PLNOG 17 - Maciej Flak - Cisco Cloud Networking - czyli kompletna infrastrukt...PROIDEA
W trakcie sesji zostanie omówiony nowy zyskujący coraz większe uznanie model zarządzania i provisioningu sieci LAN, WAN, WIFI z chmury. Pokazane zostanie w jaki sposób operatorzy telekomunikacyjni przy pomocy platformy Cisco Cloud Networking mogą budować i dostarczać własne usługi zarządzane Klientom (manager LAN, WAN i WIFI).
PLNOG 17 - Stefan Meinders - Slow is the new DownPROIDEA
In this presentation, we will review trends in Over-the-Top (OTT) traffic usage, user behavior and rapidly growing volumes of video streaming from services such as Netflix. The amount of video traffic carried by networks and its interconnections is significant. Delivery methods and encryption are challenges for today’s methods of network analysis—as are unexpected network changes that can drastically impact subscribers, transit costs, and network overload. Recent research unveiled that existing monitoring tools cannot cope with these variations in traffic delivery, caching strategies, and encryption. Finally, we describe how the use of “big data” techniques and multi-dimensional databases combined with global internet service mapping provides new insights into traffic delivery, consumption, and quality.
Kiedy myślimy o nowoczesnych sieciach w Centrum Przetwarzania Danych (CPD), musimy się zmierzyć z poważnym wyzwaniem: w jaki sposób używać - rosnące prawie z prawem Moore’a - prędkości transmisji, nie tracąc jednocześnie możliwości „widzenia” co się naprawdę w naszej sieci dzieje.
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PROIDEA
From zero to hero. The story of technology startup from national academic network of the Czech Republic to world leader in Netflow/IPFIX. Flowmon is developing artificial inteligence that detects and responds to volumetric attacks. Flowmon DDoS Defender is an example how DDoS protection can be easy, efficient and flexible.
This session provides an overview of the Next Generation Network Architecture with Segment Routing technology that helps Service Providers to simplify the network. You will get an understanding of the basic concepts behind the technology and its wide applicability ranging from simple transport for MPLS services, disjoint routing, traffic engineering and its benefits in the context of software defined networking. Previous knowledge of IP routing and MPLS is beneficial to understand Segment Routing.
How to Become a Thought Leader in Your NicheLeslie Samuel
Are bloggers thought leaders? Here are some tips on how you can become one. Provide great value, put awesome content out there on a regular basis, and help others.
Delivered a talk to discuss developer-perspective technical introduction, stories around LoRa/LoRaWAN, also the state in Indonesia.
Use this deck for a sharing session with Maker4Nation community, back then on Oct 3, 2018 in Jakarta.
Single node architecture: hardware and software components of a sensor node - WSN
Network architecture: typical network architectures-data relaying and aggregation strategies -
MAC layer protocols: self-organizing, Hybrid TDMA/FDMA and CSMA based MAC- IEEE
802.15.4
Outdoor wireless broadband
networks for critical applications. Wireless broadband outdoor networks create opportunities to bring enterprise IT architecture closer
to field operations with video and data communications, or to improve safety and security with video
surveillance. Many situations however cannot be served by traditional wired or wireless technologies
IoT and Low Power WANs Can Enable Smart Cities and Smart Health 4-8-17Ed Hightower
These are the slides used at the CIE-IEEE 2017 Tech Symposium at University of Texas at Dallas. Ed Hightower presente brief history of IoT, who are key players in the Low Power WAN space and how all this could enable Smart Cities and Smart Health.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
4. LPWA Characteristics
Characteristic Order of magnitude Typical value
Spectrum Unlicensed <1GHz
2.4 Ghz
Range Long 10-50+ km (rural)
0-5 km (urban)
Objects Many Many thousands
Data volume Small Up to 10’s kB per day
Data rate Low From 100 to 100kb/s
Latency Low to high Up to minutes
Battery life Long Up to 20 years
Module cost Low <$5
Service cost Low <$10 per year
7. Licensed or Unlicensed?
Licensed Pros
1. NB-IoT can fit into existing
PRB structure
2. Will be an upgrade to
existing eNBs Important
3. MNOs will be able to hit
KPIs in owned spectrum
4. Can be integrated with
existing EPC
Licensed Cons
1. Will NB-IoT scale? PRACH
considerations1
2. Will it REALLY just be a
software upgrade ?
3. This is true, but do we have
enough spectrum?
4. Yes, but do we have the
correct EPC2 ?
1. http://www.3gpp.org/ftp/Meetings_3GPP_SYNC/RAN2/Docs/R2-161141.zip
2. http://networks.nokia.com/sites/default/files/document/nokia_lte-m_-_optimizing_lte_for_the_internet_of_things_white_paper.pdf
8. Wireless IOT Connectivity Options
Technology 2G 3G LTE WIFI Zigbee Wireless
Hart
802.15.4g LPWA
(Lora/Sigfox,
etc.)
Long Range Yes Yes Yes No No No Limited (1.5
Km)
Yes (10s Km)
Tx Current
Consumption (3V)
30mA to
400mA
500 to
1000mA
600 to
1100 mA
19 to
400 mA
34mA 28mA ~ 35mA 20-70mA
Topology P2P P2P P2P P2P/Mesh Mesh Mesh Mesh P2P
Standby Current
Consumption (3V)
0.35 mA 1.2 to 3.5mA 1.5 to
5.5mA
1.1 mA 0.003mA 0.008mA ~.005mA 0.005mA
Operating Life on
battery (2000mAh)
A=Active
I=Idle
4-8 hours (A)
36 days (I)
5 years with
1 msg/day
2-4 hours (A)
20 days (I)
2-3 hours (A)
12 days (I)
4-8 hours (A)
50 hours (I)
60 hours (A) 8-10 years Variable 10-20 Years
Module Cost $12 $35-$50 $40-$80 $5-$8 $6-$12 NC $3 $2-$5
Spectrum Costs Yes Yes Yes No
(Unlicensed)
No
(Unlicensed)
No
(Unlicensed)
No
(Unlicensed)
No (Unlicensed)
9. Technology LORAWAN Sigfox Weightless-N ONRAMP/Ingenu LTE-M/NB-IOT
Frequency Sub-Ghz ISM Sub-Ghz ISM Sub-Ghz ISM 2.4 Ghz LTE band
RF PHY CSS and FSK UNB UNB DSSS LTE
True Bi-Directional Yes No No Yes Yes
BW 300 bps-50kbps 100 bps (EU)
600 bps (US)
100 bps 1 Mbps/
10s kbps
Tx Current Low Low Low Low High
Rx Current Low Low Low Low Moderate
Interference immunity Good Bad Bad Good Moderate
Mobile/Nomadic Yes/Yes No/Yes No/Yes No/Yes No/Yes
Module Cost Low Low Low Low High
Maturity Yes Yes No No No
LPWA Technologies Comparison
12. • Specific physical layer (PHY) for address LPWA requirements
• Secure Sub-Ghz (ISM bands) bi-directional point-to-point wireless link
• Proprietary chirp spread-spectrum (CSS) modulation and Forward Error Correction
• Low data rates between 0.3 kbps (SF12) and 10 kbps (SF7), 50 kbps via FSK
• Packet size up to 250 Bytes
• Dynamically trades data rate against range, up to +20dBm TX power, 157 dB link budget
• 10 mA RX current, < 200 nA sleep current
• supported in all ISM bands (915/868/433/169)
• Semtech provides chipsets and reference designs to build a LoRa gateway
• chipset SX127x & SX13XX
• Semtech license the LORA modulation to other vendors: Microchip
Semtech Long Range (LoRa)
13. • Non profit organisation aiming at
standardising LPWA networks with a
focus on LoRaWAN
• Main contributors
• Semtech
• Actility
• IBM
• Sagemcom
• Cisco part of the board of Directors
LORA Alliance
http://lora-alliance.org
14. • Authored by Semtech, Actility, IBM
• Current specification includes:
• Identifiers definition
(Network and Application Ids)
• Security procedures
• Join procedure for OTA provisioning
• Data and Control messages (MAC layer)
• PHY layer for sub-Ghz ISM bands(*)
LoRaWAN 1.0 Specification
(Jan 2015)
(*) includes 433, 868, 915MHz band; 169MHz also supported but not specifed in LoRaWAN
16. AppData
LoRaWAN
Radio PHY
LoRa End-to-End Architecture
LORAWAN Device
Standards Compliant
Low power sensor/actuator
Gateway
RF Termination
Transparently forward
packet
to NetWork Server
Network Server
MAC decaps, Security
Network/Radio
management
Message scheduling, ZTD
etc…
Application Server
Platform for ASP
e.g., Parking, Air quality,
Meter reading
Cloud Based LoRa Platform
RF Backhaul
LoRaWAN MAC
IP
Tunnel
IP Transport
Cloud
AppData
21. • Different Spreading Factors yield different bit rates, shown below for 125KHz transmission bandwidth
• LoRaWAN specifications also support ADR (Adaptive Data Rate), by which the network instructs an end-device
to perform rate adaptation as a function of its radio conditions:
• Devices in good radio conditions use higher data rates to send their packets compared to devices in bad radio conditions
• ADR optimizes the device battery and reduces radio pollution
• Note that ADR is only suitable for stationary devices (fixed), but it should be disabled for mobile devices
LoRaWAN Data Rates
Spreading Factor Data Rate (bit/s) Chips/symbol LoRa Demod SNR dB
SF12 293 4096 -20
SF11 540 2048 -17.5
SF10 980 1024 -15
SF9 1760 512 -12.5
SF8 3125 256 -10
SF7 5470 128 -7.5
22. SF12 11 10 9 8 7
ADR
Adaptive Data Rate is the procedure by which the network instructs a
node to perform a rate adaptation by using a requested DR (e.g.
DR0), a requested TX Power (e.g. 11 dBm)
14km 10km 8km 6km 4km
290bps 530 970
Avg bitrate ~1300bps
2D simulation (flat environment)
Adaptive Data Rate Mechanism
23. Typical Range: Dense City
Ø8th floor of building
Øfacing NE, omni
antenna 30cm
ØNoise level >-110dBm
• 3km in directions where antenna is above
mean rooftop level
• 1km in directions where antenna is about
10m below roof level
• About 600m behind and on sides of
building (shielding by Base station building)
27. • Sigfox is the first LPWA SP
• Country covered include France (w/ TDF), Spain (w/ Abertis), UK (w/ Arqiva), Netherlands, Russia
• Sigfox business model is based on subscription fee (e.g. 12$/year to <1$/year per device)
• Radio Technology based on proprietary UNB in unlicensed ISM band
• End-to-end service
• Customer access data from devices using APIs
• Ecosystem of partners for vertical applications
• Devices – no proprietary hardware
• Off the shelf wireless (Silabs, Semtech, ST or ATMEL) can be used
• Sigfox license for free his patents to reduce price effects on chipset/device side
SIGFOX
Alternative LPWA SP
29. • Sigfox techology is licensed at no cost to module/device vendors
• Telit, Atmel, TST, Adenuis, Telecom Design, TI
• Supported on sub-Ghz ISM bands: 868, 915, 433 Mhz
• Battery usage:
• Tx(@14Bm) = Typical 65mA
• Rx = max 40mA
• Standby < 5μA
• Link Budget/Receivier Sensitivity: 162 dB/-125 dB
• Message Size: max 12 bytes
• Message per day: max 140(*)
Sigfox Characteristics
(*) On ISM bands a device is not allowed to emit more than 1% of the time each hour and since emission of a message
can take up to ~6 seconds, this allows up to 6 messages per hour
30. • Data can be accessed via 3 mechanisms:
• Web interface on http://backend.sigfox.com
• REST API
• Callback mechanism
• REST API (details on http://makers.sigfox.com) allows to:
• Retrieve the list of devices associated to a device type
• Retrieve the messages of a given device
• Get metrics about a device's messages
• Callback can be registered via HTTP: message with device id,time, data, rssi
are sent everytime a device send a message
Sigfox Data Access
34. Core Network Optimizations
§ Cellular IoT (CIoT) – core network supporting IoT
optimizations
§ CIoT supports both LTE-eMTC and NB-IoT
• LTE-eMTC (CAT-M) - 1.4 MHz BW, served as
normal UE in the core network
• NB-IoT- 200 kHz BW
• new RAT type
• Ultra low UE power consumption
• Large number of devices per cell
• Applied in narrowband spectrum
• Increased coverage
CIoT
RAN
S1*
CIoT CN
(EPC)
CIoT UE TBD
CIoT Architectural Reference Model
LTE
LTE eMTC/CAT-M
(Rel 12/13)
NB-IoT (Rel 13)
2016 2017 2018
36. • New work item agreed in 3GPP in Sept. by all parties (HW, E///, QCOM, VF)
• NB-IOT – Narrow Band IoT
• Part of 3GPP R13 (March 2016) – TR 45.820
• Objective is to define an optimized radio for low power low throughput clients
• 100s bytes per day, Large nb of clients, etc.
• 180 kHz UE RF bandwidth for both downlink and uplink
• Compatible with GSM, LTE and LTE guard band spectrum
• Downlink modulation
• OFDMA with 15 kHz sub-carrier spacing (with normal or extended CP) and/or 3.75 kHz sub-carrier spacing
• Uplink modulation
• FDMA with GMSK and/or SC-FDMA
• MAC, RLC, PDCP and RRC procedures based on existing LTE procedures and protocols and relevant
optimisations to support the selected physical layer
CIoT – Radio Aspect
CIoT
RAN
S1*
CIoT CN
(EPC)
CIoT UE TBD
37. • Key assumptions for the specification:
• Low user plane data rate requirements
• New/altered control plane shall be efficient to allow large nb of devices
• Applications expected to be delay tolerant
• No or low mobility; no inter-RAT mobility
• Support for IP and non-IP communications
• Different approaches depending: modified EPC vs new elements (C-SGN)
• Key is to keep compatibility with existing packet core
CIoT – Core Network CIoT
RAN
S1*
CIoT CN
(EPC)
CIoT UE TBD
Non-roaming Roaming
38. • CIoT Serving Gateway Node (C-SGN) optimizations
• User plane optimization for small data transmission
• Necessary security procedures for efficient small data transmission
• SMS without combined attach for NB-IoT only UEs
• Paging optimisations for coverage enhancements
• Support for non-IP data transmission via SGi tunnelling and/or SCEF
• Support for Attach without PDN connectivity
CIoT - Core Network
CIoT
UE
E-UTRAN C-SGN
HSS
SCEF
CIoT Services
S1CIoT Uu
S6a
T6a
SGi
SMS-GMSC/
IWMSC/
SMS Router
SGd
MME
SAEGW
CSGN
Non-roaming
40. IoT Core
IoT Core
WiFi
CAT-M
Access
• Multi-access Core with unified policy, charging and service capability layer.
• Additional capabilities – analytics, data exposure provide monetization opportunities
• Network Service Capabilities (NSC) based on ETSI framework exposes various network capabilities
to the applications and includes adapters for different access types (Cat-M, NB-IOT, LTE-M, LPWA)
vCSGN IoT vNSC
vSCEF
Billing Authentication Policy
Analytics
Monetization
Server
NBIoT
LPWA
LPWA
Adapter
LTE IOT
Adapter
Orchestration
MME SAEGW
IoT App
Servers
46. LTE-M Details
aka eMTC
IOT technology
migration
RAN Core Network
LTE-> LTE-M (eMTC) Existing RAT
• R12:
Cat-0: 20MHz BW, 23 dBm
• R13:
Cat-M: 1.4 MHz BW, 20 DBm
MME:
• PSM
• eDRX
• HLCom
• Storage of extended coverage information to be used for paging
• Storage of list eBNs /cells to page
SGW:
• extended buffering and HLCom,
• Re-routing the buffered packets to target node during mobility,
• Taking bearer / PDN restoration decision based on delay tolerant connection
indication (DTCI) of the PDN during restoration procedures.
PGW:
• Support for latency sensitive PDN and
• buffering of signaling message till UE makes radio contact
47. IOT technology
migration
RAN Core Network
NB-IoT New RAT – NB-IoT
Data over SRB
Data over DRB
New CIoT architecture
• Non-IP data
• Data over NAS
• Attach w/o PDN
• SMS support w/o combined attach
• Small data using U-plane
• PGW/SGW selection based on NB-IOT Rat
• Non-IP data delivery w/ and w/o PDN
• Header compression for IP small data over NAS
• Ciphering and integrity protection of user data
• LI of user data
• Uplink/downlink UE-AMBR enforcement
• S1-AP uplink NAS carrying both RATs (NB-IoT or E-UTRAN)
• NB-IoT UE: Don’t detach UE after the last PDN release
• Access restriction per RAT
• Negotiation of PDN with UE (IP and non-IP)
• Negotiate delivery method for non IP PDN
• DÉCOR
• HLCOM, eDRX, PSM
• SMS over MME (w/o SGs/CS attach)
• Data buffering
NB-IOT Solution