USING NFC TO CONNECT, COMMISSION AND CONTROL IOT DEVICES Brian Romansky TrustPoint Innovation Technologies

Advancing Near Field Communication Technology

MANAGING EMBEDDED DEVICES

Advancing Near Field Communication Technology 2

Pairing a device with one (or more) communications platforms Challenges: §  There are many different connectivity

options, not all devices support all types of connectivity

§  Policies and capabilities of infrastructure systems are not the same everywhere

Connect

Setup an identity and role for a device Challenges: §  Most applications require authenticity

and privacy §  Configuring and managing a large

number of devices is complex

Commission

Manage a device directly Challenges: §  Most control functions are only

available through a remote interface §  What do you do if you need

immediate or emergency access? §  How do you recover if the remote

service is unavailable?

Control

COMPETING CONNECTIVITY OPTIONS

Advancing Near Field Communication Technology 3

LAN Short Range Communicating Devices

Low Power WAN Long Range w/ Battery Internet of Objects

Cellular Long Range w/Power Require Network Operator

§  Well established standards

§  Good for: -  Mobile devices -  In-home -  Short range

§  Not good: -  Long range -  Battery life

§  Well established standards

§  Good for: -  Long range -  High data-rate -  Coverage

§  Not good: -  Battery life -  Cost

§  Emerging PHY solutions

§  Good for: -  Long range -  Long battery -  Low cost

§  Not good: -  High data-rate

EXAMPLES OF NFC APPLICATIONS TODAY

Advancing Near Field Communication Technology 4

NFC SETUP EXAMPLE

Advancing Near Field Communication Technology 5

● Remote-Control Light Bulb §  Low-cost device §  Difficult to access once it is installed §  No power available prior to installation

●  Tap to configure §  Passive read-write tag on bulb §  Tap bulb to IoT Gateway for setup §  Gateway reads bulb ID and capabilities,

then writes configuration data to the tag §  After installation and initial power-on, controller in

bulb reads configuration information from the tag §  Gateway / Bulb establish secure connection

MEDIATED SETUP USING CELL PHONE

Advancing Near Field Communication Technology 6

● Reasons for Mediated Setup: §  For many devices, tapping a gateway may be impractical §  In some applications, a user may need to configure a large number of devices §  Commissioning of devices may require additional information, not known to the gateway §  Cell phone (or other NFC-enabled device) can load parameters, collect additional

commissioning data, and then act as a proxy to configure additional devices

● Steps §  Tap Gateway to obtain configuration information (or login to administrative account on cell

phone and download configuration information) §  Tap device to configure – cell phone acts as a proxy for the IoT Gateway to connect and

commission the device

MORE COMPLEX EXAMPLES

LoRa Device Setup §  Device-specific network key required to

connect device to a network §  Application key is needed to pass data

to a service provider §  Service-specific TLS or MQTT

certificates may be needed to access services

Cellular Device Setup §  eSIM devices must be electronically

configured to connect a specific carrier and network

§  Service-specific TLS or MQTT certificates may be needed to access services

Advancing Near Field Communication Technology 7

NFC CONTROL EXAMPLE

Advancing Near Field Communication Technology 8

● Christie LCD Projector §  NFC tag stores lamp-hours used §  On-site service technician needs only

physical access to the projector to tap/read status

§  Access to additional “advanced setup” controls could also be enabled through NFC interface

INDUSTRIAL DEVICE WITH NFC CONTROL

Advancing Near Field Communication Technology 9

●  Zelio NFC Timer §  NFC enabled application allows for a rich user

interface to configure advanced industrial timer §  Built-in diagnostics and reporting functions

RECOMMENDATIONS

Advancing Near Field Communication Technology 10

●  Two-Way Authentication §  Systems should validate the authenticity of remote devices using device certificates §  Devices should confirm that they are connecting to a legitimate service

● Unique Key Per-Device §  IoT gateways should establish a unique network key for every connected device §  Application can enforce end-to-end security that is independent of the connection §  Authenticated symmetric-key algorithms (such as AES in GCM mode) prevent replays and

ensure device/service authenticity

● NFC Forum Signature RTD Standard §  Supports implicit ECC certificates on NFC tags §  Validated device public key can be used to create unique device keys using ECDH

IMPLICIT ECC CERTIFICATES FOR IOT

Advancing Near Field Communication Technology 11

More efficient than conventional X.509 certificates with RSA: Meta Data, 35%

Crypto, 65%

Meta Data, 85%

Crypto, 15%

RSA/DSA Certificate Implicit ECC Certificate Available open-source implementation:

§  https://github.com/Trustpoint/tpm2m

RESOURCES

Advancing Near Field Communication Technology 12

Blog Post and White Paper:

http://nfc-forum.org/nfc-iot-opportunity

Contact Information:

bromansky@trustpointinnovation.com http://www.trustpointinnovation.com