Upload
others
View
23
Download
3
Embed Size (px)
Citation preview
IoT Connectivity TalkdeliveredbyTaiebZna/
On2/8/18
IoT Protocols • IoTcoversawiderangeofindustriesandusecases
• Fromsingleconstraineddevicetomassivecross-pla8ormdeploymentsofembeddedtechnologiesandcloudsystemsconnec<nginreal-<me.
• Integra<ngnumerouslegacyandemergingcommunica<onprotocolsintoacoherentecosystemofinterconnecteddevices,servesisachallenge!
Pro
toco
l Spe
ctru
m
Protocols by “Layers”
• Networking–6LowPAN,IPv4/IPv6,RPL)• Iden<fica<on–EPC,uCode,IPv6,URIs• Transport–Wifi,Bluetooth,LPWAN,• Discovery–PhysicalWeb,mDNS,DNS-SD,• DataProtocols–MQTT,CoAP,AMQP,Websocket,Node,• DeviceManagement–TR-069,OMA-DM)• Seman<c–JSON-LD,WebThingModel)• Mul<layeredFrameworks–Alljoyn,IoTivity,Weave,Homekit
Protocol Stacks Internet Protocol Suite IP Smart Object Protocol Suite
Constrained Application Protocol
• CoAPisaspecializedInternetApplica<onProtocolforconstraineddevicestointeractwithInternetprotocols.
• TranslateseasilytoHTTPforsimplifiedintegra<onwiththeweb,forefficiency
• Supportsspecializedrequirementssuchasmul<castsupport,verylowoverheadandsimplicity,cri<calforInternetofThings(IoT)andMachine-to-Machine(M2M)communica<ons
Blue Tooth
Bluetooth Low Energy (BLE)
• Bluetoothlowenergyisanopen,shortrangeradiotechnology
• BLEadoptsacleanslatedesignforenergyefficientprotocol
• Op<mizedforultralowpower• BLEimprovesonclassicBluetoothBasicRate/EnhancedDataRate
• BLEusescoincellba`ery,whichlastsasignificantamountof<me
BLE Energy Saving Features • BLEphysicaldesignandusemodesareconceivedtominimizepowerconsump<on• Op<mizingthefirmwaretroughsta<cconfigura<onsofcri<calhardwarecomponents,includingperipheralbusspeedsandpinconfigura<on
• Efficientprotocoldesignandpacketsizestotransmitandreceiverpacketswithlowpower.
• ABLEdeviceiskeptinsleepmodemostofthe<me,un<litwakeswhenaneventoccurstosendashortmessagetoagateway,PC,orsmartphone.
• BLEisdesignedtoachieveamaximum/peakpowerconsump<onoflessthan15mAandanaveragepowerconsump<onofabout1μA.
• Inlowdutycycleapplica<ons,acoincellba`erycouldprovide5-10yearsofreliableopera<on
• BLEphysicallayerisdesignedwith37channels,anduses3channelsfordiscovery• BluetoothBR/EDRhopsover79channelsandperformsdiscoveryon32channels,resul<nginhigherenergyconsump<onandlongerchanneldiscoveryprocesstoestablishachannel
• 9
Bluetooth low energy factsheet Range: ~ 150 meters open field Output Power: ~ 10 mW (10dBm) Max Current: ~ 15 mA Latency: 3 ms Topology: Star Connections: > 2 billion Modulation: GFSK @ 2.4 GHz Robustness: Adaptive Frequency Hopping, 24 bit CRC Security: 128bit AES CCM Sleep current: ~ 1μA Modes: Broadcast, Connection, Event Data Models, Reads,
Writes
10
Bluetooth Low Energy Profile • BLEisnotdesignedforlargedatatransferandstreamingmedia
• BluetoothBR/EDRisamoresuitablesolu<onofthisfiletransferanddatastreaming.
• BLEisdesignedtouseshortburstsoflonger-rangeradioconnec<on,makingitidealforIoTapplica<onsthatdon’trequirecon<nuousconnec<on
• Exposingstate
Transfer of small data, triggered by local events. Data can be read at any
time by a client.
Low Power Startup
Sense Data
Advertise Sensed Data
Wakeup
Enter Low Power Mode
Bluetooth Low Energy Architecture
Controller
Host
Application
Host Controller Interface
Link Layer
Physical Layer
Generic Attribute Protocol
Attribute Protocol
Logical Link Control
Application
Generic Access Profile
Direct Test Mode
Adaptation Protocol
Security Manager
Bluetooth Operational Modes • SinglemodeBLEanddualmodeBLE
• BluetoothSMARTREADYandBluetoothSMART
• BluetoothSMARTREADYcanconnecttoboth“classic”andSMARTBluetoothdevices
• BluetoothSMARTcannotconnectwith“classic”Bluetoothdevices
BluetoothSmartReadydevicesare“hub”devicessuchascomputers,tablets,mobilephonesetc,thatsupportBluetoothSmartandallowaddi<onalprofilestobeadded,eitherthroughapps,driversorothermethods
Device Modes
• 14
BR/EDR Stack Dual-Mode Stack Single-Mode Stack
Basic Rate RF
L2CAP
Link Manager
Serial Port Profile
RECOMM Protocols
Attribute Profile Serial Port Profile Attribute Profile
RECOMM Protocols
L2CAP L2CAP
Link Manager Link Layer Link Layer
Basic Rate RF Low Energy RF
Attribute Protocol Attribute Protocol
Physical Layer • 2.4GHzISMband,reservedforindustrial,scien<fic,andmedicalradiorequirementsratherthanforcommunica<ons.
• 1MbpsGFSK–Largermodula<onindexthanBluetoothBR
• Higherrange• 40Channelson2MHzspacing
Physical Channels • Twotypesofchannels
16
Physical Channels • Adver<singavoidIEEE802.11channels
17
Link Layer State Machine Scanning
Connection Transmitting Receiving
Advertising Standby
Not Transmitting or Receiving
Initiating
Slave
Initiator, device in initiating state, listens for
advertising channel packets from a specific
device(s) and responds to these packets to initiate a
connection with an another device.
Scanner, device in scanning state, listens for advertising channel packets from devices that are advertising passive
scanner
Active scanner may request an advertiser to send additional information
Advertiser, device in advertising state,
transmits advertising channel packets and possibly listening to and responding to
responses triggered by these advertising channel packets.
Bluetooth Smart Peripheral – Slave
Master
Adver<singEvent• Adver<sersendsadver<singpacketsoverupto3adver<singchannels• Scannersreceiveadver<sing
• Scannersdonotconnecttotheadver<ser• Scannermayissueascanrequesttotheadver<ser,seekingaddi<onalinforma<on”
• Adver<serreini<atesanadver<singevent,periodically• Adver<sermayendtheadver<singevent,any<meduringtheevent.
Bi-Directional Communication over Data Channels
Advertiser Event Advertising Event
Advertiser Scanner Advertiser
Adv Ch(k) Adv Ch(k+1) Adv Ch(k)
3 1 2 4
3
2
1
4
5
Advertiser Advertiser Advertiser Advertiser
Adv Ch(k+1) Adv Ch(k+2)
5
Connec<onEvent• Adver<sersendsconnectableadver<singpacket• Ini<atorsendsaconnec<onrequest
• Adver<seracceptsrequest• Connec<onisestablishedanddatatransmissioncantakeplace
• Ini<atorMasterM,Adver<serSlaveS,alternatedatatransmission• Masterini<atesaconnec<oneventandcanterminateconnec<onatany<me• Adap<veFrequencyHopingover37channelsisusedfordatatransmission
Uni-Directional or Broadcast Communication using Advertising Events
Advertising Event
Initiator
Advertising Event Advertising Event
M S
S M
M S
M S
S M
S M Advertiser
Adv Ch(k) Data Ch(k) Data Ch(k+1)
4 1 2 4
3
2
1
4
Link Layer Connection
≤ 3 ms
Advertisement
Connection Request
Master Slave
Poll
Data
Ack
Link Layer Termination
Ack
Advertising Channels
Data Channels
Advertiser Initiator
Low Latency
Blue 5.0 – Higher data rate, higher range and better broadcast capability • Datarate
• Bluetooth5increasesthedatarateto2Mbps,fornetdatarateofabout1.4Mbpswhenoverheadisignored.
• Notfastenoughtostreamvideo,audiostreaming,butwithinreach.• Range• Uptofour<mesrangeincrease
• Bluetooth4.2reachisabout50mBluetooth5canachieve200mrange• Bluetoothcanbeusedtoconnectdevicesthroughoutahouse,notjustwithinoneroom.
• Allowsscalingdownthedataratetoachievelongerrange–2Mbps,1Mbps,500kbpsand125kbps.
• Thelowerthedatarate,thelongertherangeis.• Broadcastcapability
• Bluetooth5supports8<meslargerpacketsizes,forincreaseddatathroughput.
Comparative Analysis ANT Z-Wave Bluetooth Bluetooth LE ZigBee
Standardization Proprietary Proprietary Standard Standard Standard
Topologies Point-to-point, star, tree, mesh Mesh Point-to-point,
scatternet Point-to-point, star, mesh Mesh
Range 30 meters at 0 dBm 10-100 meters 1–100 meters 10–600 metres in air (Bluetooth 5) 10–100 metres
Max data rate
Broadcast/Ack - 200 Hz[ × 8 bytes × 8 bits = 12.8 kbit/s Burst - 20 kbit/s Advanced Burst - 60kbit/s
100kbit/s 1-3 Mbit/s
0.125 kbit/sec, 0.250 kbit/sec, 0.500 kbit/sec, 1 Mbit/s, 2 Mbit/s (Bluetooth 5 PHY speeds)
250 kbit/s (at 2.4 GHz)
Application throughput
0.5 Hz to 200 Hz (8 bytes data) 0.7-2.1 Mbit/s 305 kbit/s
(Bluetooth 4.0)
Max nodes in piconet
65533 per shared channel (8 shared channels)
232 devices per network
1 master and 7 active slaves, 200+ inactive
1 master and 7 slaves (but scatternet unlimited) mesh - 32767
star - 65536
Security AES-128 and 64-bit key AES-128 56-128 bit key AES-128 AES-128
Modulation GFSK FSK GFSK GFSK OQPSK
6LoWPAN – IP for Things
Benefits of 6LoWPAN Technology
• Low-powerRF+IPv6=• TheWirelessEmbeddedInternet• 6LoWPANmakesthispossible• Thebenefitsof6LoWPANinclude:
• Open,long-lived,reliablestandards• Easylearning-curve• TransparentInternetintegra<on• Networkmaintainability• Globalscalability• End-to-enddataflows
6LoWPAN Applications
26
Broad range of applications • Facility, Building and Home
Automation • Personal Sports & Entertainment • Healthcare and Wellbeing • Asset Management • Advanced Metering
Infrastructures • Environmental Monitoring • Security and Safety • Industrial Automation
6LowPan Architecture
Internet
Extended LoWPAN Adhoc LoWPAN
Simple LoWPAN
Router
Router
Edge Router Edge Router
Edge Router
Remote Server Local Server
Backbone Link
Protocol Suite
TCP/IP Protocol Stack 6LoWPAN Protocol Stack
TCP
Internet Protocol
UDP ICMP
HTTP RTP
ETHERNET MAC
Ethernet PHY
IPv6 with LoWPAN
UDP ICMP
Application
IEEE 802.15.4 MAC
IEEE 802.15.4 PHY
6LoWPAN Protocol • IPv6overLow-PowerwirelessAreaNetworks• SpecifiedbyIETFstandards• Statelessheadercompression• EnablesastandardsocketAPI• Minimaluseofcodeandmemory• Directend-to-endInternetintegra<on
• Mul<pletopologyop<ons
Features • Supportfor64-bitand16-bit802.15.4addressing• Usefulwithlow-powerlinklayerssuchasIEEE802.15.4,narrowbandISMandpower-linecommunica<ons
• Efficientheadercompression• IPv6baseandextensionheaders,UDPheader
• Networkautoconfigura<onusingneighbourdiscovery• Unicast,mul<castandbroadcastsupport
• Mul<castiscompressedandmappedtobroadcast• Fragmenta<on
• 1280byteIPv6MTU->127byte802.15.4frames• SupportforIProu<ng(e.g.IETFRPL)• Supportforuseoflink-layermesh(e.g.802.15.5)
Protocol Architecture – Rotuers • LoWPANsarestubnetworks• SimpleLoWPAN
• SingleEdgeRouter• ExtendedLoWPAN
• Mul<pleEdgeRouterswithcommonbackbonelink• Ad-hocLoWPAN
• NorouteoutsidetheLoWPAN• InternetIntegra<onissues
• Maximumtransmissionunit• Applica<onprotocols• IPv4interconnec<vity• FirewallsandNATs• Security
IPv6-LoWPAN Router Stack
IPv6
Ethernet MAC LoWPAN Adaptation
IEEE 802.15.4 MAC
Ethernet MAC IEEE 802.15.4 PHY
Medium Access Control
• Thesharingofaradiobymul<pleindependentdevices• FrequencyDivisionMul<pleAccess• TimeDivisionMul<pleAccess• CarrierSenseMul<pleAccess• CodeDivisionMul<pleAccess• Hybridsoftheabove
• MACalgorithmsalsotakecareof• Acknowledgementsforpackets• Linktopologyandaddressing• Errorcheckingandlinksecurity
IEEE 802.15.4 • For home networking, industrial
control and building automation • Three PHY modes
• 20 kbps at 868 MHz • 40 kbps at 915 MHz • 250 kbps at 2.4 GHz (DSSS)
• Beaconless mode • Simple CSMA algorithm
• Beacon mode with superframe • Hybrid TDMA-CSMA algorithm
• Up to 64k nodes with 16-bit addresses
• Extensions to the standard • IEEE 802.15.4a, 802.15.4e,
802.15.5
IEEE 802.15.4 MAC
IEEE 802.15.4 868/915 MHz IEEE 802.15.4 PHY
Upper Layers
Other Link-Layers for 6LoWPAN • Sub-GHzIndustrial,Scien<ficandMedicalbandradios
• Typically10-50kbpsdatarates,longerrangethan2.4GHz• UsuallyuseCSMA-stylemediumaccesscontrol• Example:CC1110fromTexasInstruments
• Power-LineCommunica<ons• SomePLCsolu<onsbehavelikean802.15.4channel• Example:AtechnologyfromWa`ecoprovidesan802.15.4emula<onmode,allowingtheuseof6LoWPAN
• Z-Wave• Ahome-automa<onlow-powerradiotechnology
6LowPan Architecture
Internet
Extended LoWPAN Adhoc LoWPAN
Simple LoWPAN
Router
Router
Edge Router Edge Router
Edge Router
Remote Server Local Server
Backbone Link
Micro Mobility
Macro Mobility
6LowPan Architecture
Internet
Simple LoWPAN
Router New
Remote Server
Network Mobility Old
Router
Edge Router
Managing Mobility • Micro-mobility
• Do nothing (restart) • Link-layer techniques (e.g. GPRS, WiFi) • 6LoWPAN-ND extended LoWPANs • Routing also plays a role
• Macro-mobility • Do nothing (restart) • Application layer (SIP, UUID, DNS) • Mobile IPv6 [RFC3775] • Proxy Home Agent
• Network mobility • Do nothing (restart all nodes) • NEMO [RFC3963]
Simple LoWPAN
IPV6 Router Edge
Router
UDP HTTP
IPv6 LowPAN
MAC PHY
IPv6 LowPAN
MAC PHY
IPv6 LowPAN
MAC PHY
MAC PHY
UDP HTTP
IPv6
MAC PHY
Edge Router
IPV6 Host Host
Router
6LoWPAN Routing
• IPRou<nginaLoWPAN• Single-interfacerou<ng• Flataddressspace
• Exact-match• Stubnetwork
• Notransitrou<ng
IPV6 Network 6LoWPAN
IETF ROLL • Rou<ngOverLowpowerandLossynetworks(ROLL)
• WorkinggroupattheIETF• Standardizingarou<ngalgorithmforembeddedapps• Applica<onspecificrequirements
• Homeautoma<on• Commercialbuildingautoma<on• Industrialautoma<on• Urbanenvironments
• Solu<onmustworkoverIPv6and6LoWPAN• Protocolin-progresscalledRPL“Ripple”
• Proac<vedistance-vectorapproach
ROLL RPL – “Ripple”
Internet
Low Power and Lossy Network (LLN)
Router
LLN Border Router (LBR)
LBR
Router
Remote Server
Local Server
Backbone Link
Internet
Host
Security challenges in an Internet of Things
Scott CADZOW C3L
© C3L 2008. All rights reserved Workshop – RFID Networks Start
Security
• CIA…• Confiden<ality• Integrity• Authen<city• Availability• Access• Reliability• Repeatability• …
42
Internets of things
• Devicesversushosts• Hostsareaddressed
• InRFIDthereadersarehosts(ifnetworked)• Devicesarenamed
• InRFIDthetagsaredevices
• Hostsneedtobereachable• (Semi-)Permanentaddress• Rou<ngcapabili<esdeepinthenetwork(DNS,BGP)
43
The security challenge • Devicesarenotreachable
• Mostofthe<meadeviceisnotconnected• Devicescanbelostandstolen
• Makessecuritydifficultwhenthedeviceisnotconnected• Devicesarenotcrypto-engines
• Strongsecuritydifficultwithoutprocessingpower• Deviceshavefinitelife
• Creden<alsneedtobe<edtolife<me• Devicesaretransportable
• Willcrossborders• Devicesneedtoberecognisedbymanyreaders
• Whatdataisreleasedtowhatreader?
44
Security work in an Internet of Things
• Assurance• Riskanalysis• Deviceanalysis• Cryptocapabilityandexportanalysis
• RFIDtagswillnotdocryptoforsomeyears• Securityobjec<ve
• Privacyprotec<on• Iden<typrotec<on• Trafficanalysisprotec<on
• Iden<tyandiden<fiermanagement• Separa<onofiden<tyandiden<fier
45
Thanks