Efficient IoT Framework for Industrial Applications Pablo Pual - PowerPoint PPT Presentation

DOCTORAL THESIS Efficient IoT Framework for Industrial Applications Pablo Puñal Pereira Industrial Electronics

Department of Computer Science, Electrical and Space Engineering Division of EISLAB Luleå University of Technology, Luleå, Sweden Supervisors: Jens Eliasson and Jerker Delsing

C ONTENT • Introduction to IoT • Results • Research • Discussion - Access control • Conclusion - Efficient IoT Framework • Future work • Case studies 3

I NTRODUCTION What is Internet of Things? 4

I NTRODUCTION Internet of Things “An IoT device is a resource-constrained embedded system with the capability to perform a number of well-defined tasks, such as sensing, signal processing, and networking. It usually has wireless communication capabilities and is powered by batteries” 5

I NTRODUCTION Resource-constrained embedded device ✓ Small size ๏ Low processing ✓ Low weight ๏ Low memory ✓ Low cost • Program memory ✓ Low power consumption • Working memory ✓ Multiple I/Os • Data storage ‣ Communications ๏ Battery lifetime restricted 
 ‣ Sensors & Actuators 6

R ESEARCH Research questions 1.Is it feasible to use IoT-SOA technology in WSANs for industrial applications? 1.What are the benefits of adding IoT technology to industrial WSANs? 2.Is it possible to increase interoperability while mitigating performance impact? 2.How can access to exposed IoT nodes be protected and controlled while maintaining performance? 3.How can zero-configuration operation be achieved for an IoT node? 7

R ESEARCH Baseline of the research Application protocols Stack Hardware compatibility Communication Semantics Services Standards Security Encryption Hardware Security Mechanisms Security level 8

R ESEARCH Evolution - SOA - Access policies How to - Customized protect them? IP-based Enable Access Services Nodes resources control A B C F G A B C D F G Zero- Bootstrapping configuration Complex EG functionalities G Configuration Run-time reconfiguration E G G 9

R ESEARCH Network architecture Clients External Servers Internal Servers N 1 N 4 G 1 G 2 N 2 N 5 G 3 N 3 N 8 N 7 N 6 Area to cover Industrial Network 10

R ESEARCH Network architecture Application JSON/CBOR CoAP NTP UDP IP / IPsec 6LoWPAN IEEE 802.15.4 11

R ESEARCH Access control Authentication Authorization 12

R ESEARCH Access control - Standardized solutions RADIUS DIAMETER Kerberos • Complex processing - Low-power criteria - Latencies • Additional overhead - Communication - Computation • Extra communication - Low-power criteria - Network performance 13

R ESEARCH Access control - Proposed solution Ticket-based access control • Reduced message overhead • Reduced extra-communications • Reduced processing overhead • Dual-Authentication 14

R ESEARCH Access control - Proposed solution 69 bytes 20 bytes + 20 bytes + 8 bytes + 21 bytes IPsec header UDP header CoAP header Data IP header 20 bytes + 20 bytes + 8 bytes + (21+ 8 ) bytes 77 bytes 15

R ESEARCH Access control - Proposed solution 300 RFC Access control Dual authentication 3.4% 225 Message size (bytes) 150 7.2% 8.2% 8.5% 8.5% 8.5% 8.0% 8.5% 8.5% 75 0 T T T E E K T e e E S U E r s T V C o n G O E S R P A c o L E E P / p n E R S w s D B e o O r n k - l l e w . 16

R ESEARCH Access control - Authentication Client AAA Server Authentication Process Authentication Process Authentication Request Authenticator Challenge Request-Response Encrypt Password Ticket 17

R ESEARCH Access control - CoAP CoAP Client CoAP Server AAA Server Standard Request without Access Control Standard Request without Access Control CoAP Request 18

R ESEARCH Access control - CoAP CoAP Client CoAP Server AAA Server Access Control - Access Allowed - First Request Access Control - Access Allowed - First Request CoAP Request Get Ticket Check Ticket Valid Ticket Access Control - Access Allowed - Non-First Request Access Control - Access Allowed - Non-First Request CoAP Request Get Ticket and check 19

R ESEARCH Access control - AAA Server Architecture Ticket Ticket CoAP Validation Generation MQTT RADIUS RADIUS XMPP Client Server HTTP Per Per ... Access Time Accepted Protocols Accounting AAA Server 20

R ESEARCH Access control - Custom services example Non-authorized Administrator Authorized 21

R ESEARCH Efficient IoT framework Industrial IoT requirements Scalability Security Interoperability Companies/Alliances on IoT Intel, IPSO, OMA, IETF, Microsoft, ZigBee-Alliance, IBM, Cisco, Motivity, IIC… 22

R ESEARCH Efficient IoT framework Bootstrapping Device Manager Efficient IoT Framework Access control Configuration 23

R ESEARCH Efficient IoT framework - Bootstrapping • Primary Service (before deployment) • Preconfigured endpoint / discoverable • Provides routes to other basic services - Access control - Configuration - Device manager • Accept service replication [robustness and scalability] 24

R ESEARCH Efficient IoT framework - Device manager • OMA LWM2M-based • Provide relevant information of the Nodes: - Serial number - Endpoints - Model number - Firmware version 25

R ESEARCH Efficient IoT framework - Configuration • Service-Producer - Services configuration - Actuators configuration - Sensors configuration • Service-Consumer - Services to use - How to use the services (type of access, semantics,…) 26

R ESEARCH Efficient IoT framework - Security • The framework is not dependent of one specific technology: - IPsec + IKEv2 - Standard - Custom • An energy consumption profile is needed 27

C ASE STUDIES Characteristics • Condition monitoring: - Wheel-loader - Rock bolts • The use of wires is problematic: - Wireless communication - Batteries 28

C ASE STUDIES Mobile Machinery Monitoring 29

C ASE STUDIES Mobile Machinery Monitoring ) Period)covered:)) ) ) From)month)13)))))))))))))))))))))to))month)24) ) Task)leader:)))PerNErik)Larsson,)SKF))))))))))))))))))))))))) per-erik.larsson@skf.com ! 30

C ASE STUDIES Smart rock bolt Standard rock bolt • 1900s technology • Reinforce critical structures 31

C ASE STUDIES Smart rock bolt 32

R ESULTS Energy consumption by service 2000 @ 96 MHz @ 48 MHz 1500 1000 Energy consumption (mJ) 500 35 30 25 20 15 10 5 0 IKE_INIT IKE_AUTH Bootstrapping Configuration Authentication Authorization Manager Services 33

R ESULTS Delay by service @ 96 MHz 12000 @ 48 MHz 10000 8000 6000 4000 2000 Delay (ms) 200 150 100 50 0 IKE_INIT IKE_AUTH Bootstrapping Configuration Authentication Authorization Manager Services 34

D ISCUSSION Limitations • Use of long timeouts to reduce the power consumption • Standard technologies - OMA LWM2M - IPSO Smart Objects - 6LoWPAN - Key negotiation mechanisms 35

D ISCUSSION Limitations • Use of big timeouts to reduce the power consumption • Standard technologies - OMA LWM2M - IPSO Smart Objects - 6LoWPAN - Key negotiation mechanisms 36

C ONCLUSIONS Research questions 1.Is it feasible to use IoT-SOA technology in WSANs for industrial applications? 1.What are the benefits of adding IoT technology to industrial WSANs? 2.Is it possible to increase interoperability while mitigating performance impact? 2.How can access to exposed IoT nodes be protected and controlled while maintaining performance? 3.How can zero-configuration operation be achieved for an IoT node? 37

F UTURE WORK Access control • Accounting • Robust ticket generation (COSE-like) • CoAP-RADIUS reliability • Scalability analysis 38

F UTURE WORK Efficient IoT framework • Efficiency - Security - Key negotiations - Run-time reconfiguration • Scalability • Quality of Service 39

T HANKS TO

DOCTORAL THESIS Efficient IoT Framework for Industrial Applications Pablo Puñal Pereira Industrial Electronics