物聯網是一門透過通訊,將端點蒐集到的資料,集中關聯分析,並將分析結果用以決策並回饋的工程藝術。
本次的分享將從物聯網的目的當作進入點,接著分享可能的佈署架構。並概述目前各個常用的通訊標準、協定,以及其所屬的角色。
除此之外,也會分享去年到柏林參加Linux Foundation舉辦的Open IoT Summit Europe 2016的心得。
在此,帶回一些國外對於物聯網節點的佈署、更新或維護的看法、作法。
另外,也會分享一些物聯網可能需要考量的資訊安全議題。
IoT is a kind of engineering art, which analyzes the collected data from
the device nodes through the communication and has the result for the
decision making and feedback.
This sharing goes for the purpose of IoT and it's deployment structure.
Then, the slide introduces the most used communication standards or
protocols in IoT and their roles.
Besides, also shares what I have got from the Open IoT Summit Europe 2016
which was held by Linux Foundation in Berlin last year.
It introduces how will the device nodes be deployed, updated and maintained.
Finally, the slide provides some security issues that should be considered
in IoT.
2. Who am I
潘建宏 / Jian-Hong Pan (StarNight)
You can find me at ~
http://www.slideshare.net/chienhungpan/
GitHub : starnight
Facebook : Jian-Hong Pan
Email : starnight [AT] g.ncu.edu.tw
3. Outline
● The purpose of IoT
● IoT Structure
● Communication Protocals
● Describe the Things
● Deploy / Update
● Threats & Weakness
● Summary
6. Internet
N
N N
N
N
Gateway
IoT Services:
Data Collector
Commands
Deploy/Update
...
Business
Applications
Big Data
Data Mining
Analysis
Machine
Learning / AI
Decision
Making
...
Sensor Network
Do & Check
General Network
Plan & Analyze
Connectivity
Domain
Knowledge
7. What features do Nodes have?
● Connectivity
● Sensor
● Actuator
● Computing
● Others ...
Domain Knowledge
8. OSI 7 Layers
Reference: Wiki OSI model https://en.wikipedia.org/wiki/OSI_model
Physical
Data Link
Network
Transport
Session
Presentation
Application
Software Connections
Encodings
Applications
I/O port
Route
Link neighbors
Controlled
by
Application
Controlled
by OS
Electrics, Lines
Socket APIs
9. Nodes Could be Linked with
N
N
N
N
N
Gateway
Physical
Network
Data Link
Transport
Session
Presentation
Application
Simple wired,
Ethernet, Cable, Power Line
RS232/422/485,
CANbus,
Bluetooth,
WiFi,
LR-WPANs(802.15.4),
Mobile Telecom Series,
NB-IoT
…
PS. More IEEE 802.15
10. Constrained Environment
● Considering the size and power restrictions, most
embedded devices have limited resources. (MCU level)
○ Less processors: Usually has only one processor, single
thread.
○ Less memory: On-chip RAM < 1MB.
○ Less storage: On-chip flash < 1MB.
○ Lower speed grade: Clock rate < 1GHz.
○ The on chip OS may even not provide process, thread APIs.
● For getting long battery life and long distance with
wireless communication, there is the standard IEEE
802.15.4 which defines the operation of low-rate
wireless personal area networks (LR-WPANs)
11. IEEE 802.15.4 Topologies
FFD
FFD
RFD
CoN
RFD FFD
FFD
RFD
CoN
RFD
FFD RFD
● FFD: Full-function device node
● RFD: Reduced-function devices node
● CoN: One of FFD serves as the
coordinator of a PAN
Reference: Wiki IEEE 802.15.4
12. Nodes Could route & connect with
N
N
N
N
N
Gateway
Physical
Data Link
Session
Presentation
ApplicationIP / IPv6,
6LoWPAN,
Zigbee,
Thread,
LoRaWAN,
...
Transport
Network
13. Nodes Could communicate with
N
N
N
N
N
Gateway
Physical
Data Link
Presentation
Application
For sockets:
Custom Protocal,
Modbus,
HTTP,
CoAP,
MQTT,
…
Also communicate
with the IoT services
Transport
Network
Session
14. Modbus
● Master / Slave
● Query in loop
● It is a format for Application Data Unit (ADU)
○ ADU = Address + PDU + Error Check
○ PDU = Function code + Data
○ Error Check may be discard over some protocals
○ ASCII / RTU
● Over serial communication, TCP, UDP ...
Reference: Wiki Modbus
15. HTTP
● In general, it is over TCP/IP.
● IETF RFC 2616
● Nodes could be either server side or client
side. It is depended on the purpose.
○ Server is connected from
■ other nodes / internet
○ Client connects to
■ other nodes / internet
● Build a Micro HTTP Server for Embedded
System by Jian-Hong Pan
16. CoAP
Constrained Application Protocol (CoAP)
● IETF RFC 7252
● The goal of CoAP is not to blindly compress
HTTP [RFC2616], but rather to realize a
subset of REST common with HTTP but
optimized for M2M applications.
● Offers features for M2M such as built-in
discovery, multicast support, and
asynchronous message exchanges.
Reference: IETF RFC 7251
17. CoAP’s Main Features:
● Web protocol fulfilling M2M requirements in
constrained environments.
● UDP binding with optional reliability supporting
unicast and multicast requests.
● Asynchronous message exchanges.
● Low header overhead and parsing complexity.
● URI and Content-type support.
● Simple proxy and caching capabilities.
● Security binding to Datagram Transport Layer
Security (DTLS) [RFC 6347].
Reference: IETF RFC 7251
18. Requests with Responses
CON [0xbc90]
GET /temperature
(Token 0x71)
Client Server
ACK [0xbc90]
2.05 Content
(Token 0x71)
"22.5 C"
Reference: IETF RFC 7251 2.2. Request/Response Model
19. CoAP Recap
● Over UDP
● Request/Response Model
● RESTful Environments
● Data Model in payload
○ XML
○ JSON
○ CBOR (IETF RFC 7049 Concise Binary Object
Representation)
○ Other format
● DTLS
20. MQTT
Message Queuing Telemetry Transport
● ISO/IEC 20922:2016 (2016-06-15 publish)
● OASIS MQTT TC
● Over TCP/IP
● The publish/subscribe message pattern
provides one-to-many message distribution
and decoupling of applications.
● Three qualities of service for message
delivery: At most once, At least once,
Exactly once
Reference: ISO/IEC 20922:2016 Message Queuing Telemetry Transport (MQTT) v3.1.1
21. Broker
Publisher - Broker - Subscriber
Publisher
Publisher
Publisher
Topic
Topic
Subscriber
Subscriber
Subscriber
1. Subscribe
a topic
2. Publish a
message to
the topic
3. Publish the message
to whom has
subscribed the topic
Clients Clients
Server
22. Recap with a Picture
Apache Mynewt
ConnecGvity Layer
Apache Mynewt Overview
by Sterling Hughes & James Pace
Page 7
@ OpenIoT Summit Europe 2016
23. by Aaron Vernon
@ OpenIoT Summit Europe 2016
Avoid the Silos and Help
Build the True Internet of
Things
25. All of the specifications and protocols
mentioned above are just the
communication protocol.
Still need a protocol to describe
the thing and it’s properties
and methods.
26. The “ Thing ” of IoT is not
only Object-oriented,
but also is a
“ Real Object ” !
27. ● OIC SPECIFICATION 1.1
○ Core Framework, Security, Smart Home Device,
Resource Type
● OCF for resource-constrained environments
by Kishen Maloor @ OpenIoT Summit Europe 2016
● OIC Specification Overview
by OIC, Page 59 ~ 65
Open Connectivity Foundation (OCF)
31. Considerations of Deploy & Update
● OS Type:
○ RTOS
○ Bigger OS like Linux
● Management:
○ Version Control
○ Testing (before/after)
○ Code Review
○ Code Scanning
○ Separation of Duties
○ …
● Method:
○ Physical attachment
○ Remote with internet
■ Capability of the
internet
■ Integrity of
● The package
● The firmware
● The image
● The container
● ...
33. Deploy & Update are Popular Issues
Slides in OpenIoT Summit Europe 2016 :
● Creating Continuous Delivery for Yocto Based IoT Distribution
by Alexander Kanevskiy
● Software update for IoT: the current state of play
by Chris Simmonds
★ Software Updates for Connected Devices: Key Considerations
by Eystein Stenberg
● Gateways - The Center of Complexity for Update
by Ned Smith
● OSS Remote Firmware Updates for IoT-like Projects
by Silvano Cirujano Cuesta
34. IoT Security
● Security in IoT, more an attitude issue than a technical challenge
by Dominig ar Foll
● Securing the Connected Car
by Eystein Stenberg, also why do have to update
● IOT與系統安全
by Realtek Technical Project Manager, Neo Jou
● Securing Communications for SCADA and Critical Industrial Systems
by Tom Bartman and Kevin Carson, Schweitzer Engineering Laboratories,
Inc.
● P1711.2 - Standard for Secure SCADA Communications Protocol (SSCP)
● MISRA C facilitates code safety, security, portability and reliability.
● We have to bargain!
Security is on the opposite of side of Computing, Clock, Power, Cost …
38. There are more Issues
● DoS/DDoS
1. Cracked device
2. Mass deployed measuring devices connect at the
same time
39. Reference: 臺北.幸福領航:守山護水安全城市 / 林慶維等撰文-臺北市政府工務局 2013〔民102〕, P. 6~7
為了掌握汛情,臺北市建立了完整的
水情監測資訊系統,整合的資訊包含:
衛星氣象資訊、河川及雨水下水道水
位即時資訊、雨量即時資訊、雨水抽水
站及閘門即時運轉資訊
Mass deployed measuring devices
connect at the same time
40. Trend of the Flow in Emergency
Peace Time Peace TimeEmergency
Time
Flow
Time
41. There are more Issues
● DoS/DDoS
1. Cracked device
2. Mass deployed measuring devices connect at the
same time
● Interference
1. Noise
2. The square is crowded with devices (Wireless)
3. Leaky wave (Wireless)
4. Wrong command
42. It is really tough to be in the space that is crowded
with WiFi devices in a big conference like COSCUP
43. Leaky Wave
● It is just like “ Walls Have Ears ”
● Transmitted data and commands
● Send wrong commands
● Secured tunnel
● Same as the sniffered serial port lines
44. IEEE 802.15.4 Security
● Wiki IEEE 802.15.4 Reliability and security
● Security Considerations for IEEE 802.15.4 Networks
by Naveen Sastry & David Wagner, University of
California, Berkeley
● On evaluating the performance impact of the IEEE
802.15.4 security sub-layer
by Roberta Daidone, Gianluca Dini, Giuseppe Anastasi,
Department of Information Engineering, University of
Pisa, Pisa, Italy, Computer Communications 47 (2014)
65–76
● IETF Layer-2 security aspects for the IEEE 802.15.4e
MAC draft-piro-6tisch-security-issues-03 no longer active
46. Summary
● IoT = Connectivity + Domain Knowledge
● What is purpose of the IoT application?
● There is no best solution or template for all of the cases.
It is case by case.
● The amount of sensors is much more than actuators.
● Big difference between RTOS and big OS.
● How to deploy, maintain and update the devices?
● For the security, do as what general system has done
with the proper methods.
47. Reference: 聯合報 UDN
雷射驅鳥 在家顧田水…資
訊人帶科技下田
Reference: 數位時代
用科技收成!
新世代農夫下田,讓農業變得更性感
More Example in Taiwan ~
51. ● Slides in Open IoT Summit Europe 2016
http://events.linuxfoundation.org/events/openiot-summit-europe
● Wiki IEEE_802.15.4 https://en.wikipedia.org/wiki/IEEE_802.15.4
● Wiki IEEE_802.15 https://en.wikipedia.org/wiki/IEEE_802.15
● Wiki 6LoWPAN https://en.wikipedia.org/wiki/6LoWPAN
● RFC 4919 IPv6 over Low-Power Wireless Personal Area Networks
(6LoWPANs): Overview, Assumptions, Problem Statement, and
Goals
https://tools.ietf.org/html/rfc4919 Errata Exist
● Internet of Things: 802.15.4, 6LoWPAN, RPL, COAP
https://www.utwente.nl/ewi/dacs/colloquium/archive/2010/slides/20
10-utwente-6lowpan-rpl-coap.pdf
Reference
52. ● Security Considerations for IEEE 802.15.4 Networks
by Naveen Sastry & David Wagner, University of California,
Berkeley
● Wiki ZigBee https://en.wikipedia.org/wiki/ZigBee
● ZigBee Alliance - Application Level Standardization
http://www.zigbee.org/zigbee-for-developers/applicationstandards/
● Security in 802.15.4 and ZigBee networks
http://www.libelium.com/security-802-15-4-zigbee/
● The New Wireless Thread Network Protocol
http://www.allaboutcircuits.com/technical-articles/thread-network-pr
otocol/
● Thread Overview
http://threadgroup.org/Portals/0/documents/whitepapers/Thread%2
0Stack%20Fundamentals_v2_public.pdf
Reference Cont.