2. T.Rob Wyatt
»WebSphere MQ security guy
»Security blogger
»Autistic blogger
»Enthusiastic fan of Internet of Things
Moved to IBM in order to improve the state of
middleware security and to help build the
instrumented, networked, interactive world of
pervasive, embedded computing.
3.
4. 1. Subscribe to service
2. Possibly configure gateway
3. Configure device to network
4. Possibly configure device to gateway
5. Device talks to vendor cloud
6. User Interface talks to cloud
5. Device Gateway Local data intercept?
WiThings scale Wi-Fi Router No
Fitbit PC, Phone No
Garmin, Omron PC File
Schlage LiNK Z-Wave Bridge No
iFit Wi-Fi Router No
Summer Baby Monitor Proprietary No
Ford Sync Cell data modem No
Ninja Blocks Ethernet Router No (Open HW/SW FTW!)
Ceiva photo frame Wi-Fi router No
LIFX LED Bulb Wi-Fi / Mesh network No
6. » Security is hard. Solve the problem with an
encrypted tunnel from the device to the vendor.
» No need to authenticate data so long as the secure
connection provides identity context.
In a world where vendors claim ownership of your data,
this model is expected. It is the status quo. Who
would even think of doing it any other way?
WE would, that's who.
Our data is OUR data. That's why we call it that.
7. » Network goes down? The house blue screens?
» You want to push a device's feed to a 3rd party?
» You want H/A or offsite redundancy?
» You want a different data granularity or
availability than the vendor gives you?
» Your vendor goes out of business and you have
10,000 hours left on your $100 LED bulb?
8.
9. » User needs to configure each device type
» Doesn’t scale
» Devices don’t talk to one another
» Functionality degrades or fails without
connectivity
» Vendor-first data capture
» User options severely limited by vendors
» Lot$ of $ub$cription$
» Limited sense-and-respond, esp. across vendors
10. » Devices self-configure
» Devices talk locally first, to vendor is optional
» Local functionality does not require Internet
» Full if-this-then-that capability in home
» Data owners are free to use their own data
» Interoperability across different device types
and/or different vendors
11. 1. Consumer enters device GUID into their dashboard.
2. Power up the device in the vicinity of the router. Press the sync
button on the device, then the WPS* button on the router.
3. Device joins the network and acquires an IP address from DHCP.
4. Device issues MQTT Connect on DHCP server port 1883
5. Device subscribes to an admin topic that publishes on-boarding
info.
6. Device now publishes the manufacturer's MQTT feed URL to the
dashboard.
7. User dashboard now displays device-specific options to publish to
the vendor, subscribe from the vendor, etc.
8. User has options to publish topic feeds at any level to 3 rd parties.
(* Note: Requires some rework to make WPS secure or to replace it.)
12. After install of the new device, all data is exchanged
locally unless specifically provisioned by the user.
13. Optionally, the user can authorize various interactions with device vendor:
1.Publish device data to vendor.
2.Subscribe to vendor administrative alerts (recall notices, offers, etc.)
3.Allow vendor to send inbound control messages.
14.
15. IT’S MY DATA!
If I want to give it to someone
OTHER
than the device manufacturer,
Why can’t I?
16. What’s the point if…
»My device vendor controls all my device data…
»My ability to correlate across devices depends
on my vendors communicating with one another
and writing code…
»The protocols are all proprietary…
»I can’t inject my own events into the
ecosystem…
17. Optional interaction with 3rd party vendors:
1.User registers with 3rd party value-added service.
2.3rd party provides a URL for device notifications.
3.User subscribes external URL to topic using local dashboard,
4.3rd party now receives/sends data
and events from homeowner.
18. » Community / Regional load control
» Volunteer distributed sensor net for research
» Aggregators/rules engines (Smart Things, IFTTT)
» Special Interest communities
» Activists (e.g. green-ness badges)
» Notification providers (stocks, weather alerts)
» Augmented reality
» ___________________________ (You pick it)
19. » WPS that actually works as intended
» User dashboard
» Local event capture, correlation and rules
» Pub/Sub messaging architecture
» Internet traversable protocols
» Globally managed topic namespace
(But can be prototyped with existing public servers.)
21. You really need these next slides but there was no
way to fit them in the 5 minutes I had to talk so I
cheated and sort of stuck them in the end where
you'll find them if you download this deck and
accidentally scroll past the Thank You! Page
because your finger twitched, your curiosity got
the better of you or perhaps you are one of those
people who sits through the movie credits thinking
there will be an Easter Egg scene at the very end
that makes it all worthwhile. There is.
22. » An open, royalty-free protocol invented in 1999.
» Optimized for constrained devices, unreliable
networks and high bandwidth costs.
» Proposed to OASIS for standards acceptance.
» Implemented samples in dozens of languages.
» Scales to millions of connected devices.
» Backed by Eclipse Foundation Paho project.
» http://mqtt.org
» http://bit.ly/oasismqtttc
23. » Stephen Nicholas performed some power
profiling on Android to measure battery drain.
» Mutually authenticated connections.
» Comet polling for HTTPS.
» MQTT wins by large margin.
» Effects multiplied when polling on more than
one subscription.
» http://stephendnicholas.com/archives/1217
24. » Open-source (BSD licensed) MQTT broker
» Binaries for the usual Linuxes, but also iPhone,
Open WRT, Raspberry PI, and others.
» I easily got it running on a Synology NAS drive.
» Free test broker
˃ Unencrypted @ test. mosquitto.org:1883
˃ Server-auth SSL @ test. mosquitto.org:8883
˃ Mutual-auth SSL @ test. mosquitto.org:8883
» http://mosquitto.org
25. » Open Messaging for M2M and IoT
» Focused on protocol standardization, tools.
» C & Java clients delivered.
» Clients developed under EPL 1.0
» http://projects.eclipse.org/projects/technology.paho
26. » Provide M2M development, simulation, testing,
debugging and deployment tools.
» Initial focus on the Lua language
» Delivered development, modeling and
simulator tools so far.
» http://projects.eclipse.org/projects/technology.koneki
27. » Embedded runtime exposing high-level Lua API
that can be used to develop portable M2M
applications easily.
» Project and samples on Eclipse git
» http://projects.eclipse.org/projects/technology.mihini
28. » Eclipse-based visual development and server
platform for mobile apps.
» Build, test, deploy, and manage your
smartphone and tablet apps for iOS, Android,
Blackberry, and Windows Phone devices.
» http://ibm.co/dWworklight
29. » Gelernter, David, Mirror Worlds (Oxford University Press, 1991).
» Kelley, Kevin, Out of Control: The New Biology of Machines, Social
Systems, & the Economic World (Addison, Wesley, 1994).
» Mitchell, William J., City of Bits (MIT Press, 1995).
» Dyson, George B., Darwin Among the Machines
(Perseus Books, 1997).
» Dodsworth, Clark Jr., Contributing Editor, Digital Illusion:
Entertaining the Future with High Technology (ACM Press, 1998).
» Holland, John H., Emergence: From Chaos to Order
(Perseus Books 1998).
» Gershenfeld, Neil, When Things Start to Think
(Harry Holt and Company, 1999).