Efficient IoT Framework for Industrial Applications Pablo Pual - - PowerPoint PPT Presentation

Efficient IoT Framework for Industrial Applications

DOCTORAL THESIS

Pablo Puñal Pereira

Industrial Electronics

Department of Computer Science, Electrical and Space Engineering Division of EISLAB Luleå University of Technology, Luleå, Sweden Supervisors: Jens Eliasson and Jerker Delsing

• Introduction to IoT
• Research
• Access control
• Efficient IoT

Framework

• Case studies
• Results
• Discussion
• Conclusion
• Future work

3

CONTENT

4

What is Internet of Things?

INTRODUCTION

INTRODUCTION

5

“An IoT device is a resource-constrained embedded system with the capability to perform a number of well-defined tasks, such as sensing, signal processing, and networking. It usually has wireless communication capabilities and is powered by batteries”

Internet of Things

6

INTRODUCTION

Resource-constrained embedded device

✓ Small size ✓ Low weight ✓ Low cost ✓ Low power consumption ✓ Multiple I/Os

• Communications
• Sensors & Actuators

๏ Low processing ๏ Low memory

• Program memory
• Working memory
• Data storage

๏ Battery lifetime restricted


7

RESEARCH

Research questions

1.Is it feasible to use IoT-SOA technology in WSANs for industrial applications? 1.What are the benefits of adding IoT technology to industrial WSANs? 2.Is it possible to increase interoperability while mitigating performance impact? 2.How can access to exposed IoT nodes be protected and controlled while maintaining performance? 3.How can zero-configuration operation be achieved for an IoT node?

8

RESEARCH

Baseline of the research

Standards Communication Security Stack Application protocols Hardware compatibility Semantics Services Encryption Hardware Security Mechanisms Security level

9

RESEARCH

Evolution

IP-based Nodes Enable resources Access control Services Complex functionalities Bootstrapping Configuration Zero- configuration Run-time reconfiguration How to protect them?

• SOA
• Access policies
• Customized

A B E G A D B C F G C F G EG G G

10

RESEARCH

Network architecture

Industrial Network Area to cover G1 N1 N2 N3 G2 N5 N4 N6 G3 N7 N8 Internal Servers Clients External Servers

11

RESEARCH

Network architecture

Application JSON/CBOR CoAP NTP UDP IP / IPsec 6LoWPAN IEEE 802.15.4

12

RESEARCH

Access control

Authentication Authorization

13

RESEARCH

Access control - Standardized solutions

RADIUS DIAMETER Kerberos

• Complex processing
• Low-power criteria
• Latencies
• Additional overhead
• Communication
• Computation
• Extra communication
• Low-power criteria
• Network performance

14

RESEARCH

Access control - Proposed solution

Ticket-based access control

• Reduced message overhead
• Reduced extra-communications
• Reduced processing overhead
• Dual-Authentication

15

RESEARCH

Access control - Proposed solution IP header UDP header CoAP header Data IPsec header

69 bytes 20 bytes + 20 bytes + 8 bytes + 21 bytes 20 bytes + 20 bytes + 8 bytes + (21+8) bytes 77 bytes

16

RESEARCH

Access control - Proposed solution

Message size (bytes) 75 150 225 300 G E T P O S T P U T D E L E T E O B S E R V E A C K R E S E T . w e l l

• k

n

• w

n / c

• r

e r e s p

• n

s e

RFC Access control Dual authentication

8.2% 8.5% 8.5% 8.5% 8.0% 8.5% 8.5% 7.2% 3.4%

17

RESEARCH

Access control - Authentication

Client AAA Server Authentication Request Authenticator Challenge Request-Response Encrypt Password Ticket Authentication Process Authentication Process

18

RESEARCH

Access control - CoAP

CoAP Client CoAP Server AAA Server CoAP Request Standard Request without Access Control Standard Request without Access Control

RESEARCH

Access control - CoAP

CoAP Client CoAP Server AAA Server CoAP Request Get Ticket Check Ticket Valid Ticket Access Control - Access Allowed - First Request Access Control - Access Allowed - First Request CoAP Request Get Ticket and check Access Control - Access Allowed - Non-First Request Access Control - Access Allowed - Non-First Request 19

20

RESEARCH

Access control - AAA Server Architecture

RADIUS Server CoAP MQTT XMPP HTTP ... RADIUS Client

Ticket Generation Ticket Validation Per Access Per Time

Accepted Protocols AAA Server Accounting

21

RESEARCH

Access control - Custom services example

Non-authorized Authorized Administrator

22

RESEARCH

Efficient IoT framework

Scalability Security Interoperability Industrial IoT requirements Companies/Alliances on IoT Intel, IPSO, OMA, IETF, Microsoft, ZigBee-Alliance, IBM, Cisco, Motivity, IIC…

23

RESEARCH

Efficient IoT framework

Bootstrapping Access control Device Manager Configuration Efficient IoT Framework

24

RESEARCH

Efficient IoT framework - Bootstrapping

• Primary Service (before deployment)
• Preconfigured endpoint / discoverable
• Provides routes to other basic services
• Access control
• Configuration
• Device manager
• Accept service replication [robustness and scalability]

25

RESEARCH

Efficient IoT framework - Device manager

• OMA LWM2M-based
• Provide relevant information of the Nodes:
• Serial number
• Endpoints
• Model number
• Firmware version

26

RESEARCH

Efficient IoT framework - Configuration

• Service-Producer
• Services configuration
• Actuators configuration
• Sensors configuration
• Service-Consumer
• Services to use
• How to use the services (type of access, semantics,…)

27

RESEARCH

Efficient IoT framework - Security

• The framework is not dependent of one specific

technology:

• IPsec + IKEv2
• Standard
• Custom
• An energy consumption profile is needed

28

CASE STUDIES

Characteristics

• Condition monitoring:
• Wheel-loader
• Rock bolts
• The use of wires is problematic:
• Wireless communication
• Batteries

29

CASE STUDIES

Mobile Machinery Monitoring

30

) Period)covered:)) ) ) From)month)13)))))))))))))))))))))to))month)24) ) Task)leader:)))PerNErik)Larsson,)SKF)))))))))))))))))))))))))

per-erik.larsson@skf.com

!

CASE STUDIES

Mobile Machinery Monitoring

31

Standard rock bolt

• 1900s technology
• Reinforce critical structures

CASE STUDIES

Smart rock bolt

32

CASE STUDIES

Smart rock bolt

33

IKE_INIT IKE_AUTH Bootstrapping Configuration Authentication Authorization Manager

5 10 15 20 25 30 35 500 1000 1500 2000

Energy consumption (mJ) Services @ 96 MHz @ 48 MHz

RESULTS

Energy consumption by service

34

IKE_INIT IKE_AUTH Bootstrapping Configuration Authentication Authorization Manager

50 100 150 200 2000 4000 6000 8000 10000 12000

Delay (ms) Services @ 96 MHz @ 48 MHz

RESULTS

Delay by service

35

DISCUSSION

Limitations

• Use of long timeouts to reduce the power

consumption

• Standard technologies
• OMA LWM2M
• IPSO Smart Objects
• 6LoWPAN
• Key negotiation mechanisms

36

DISCUSSION

Limitations

• Use of big timeouts to reduce the power

consumption

• Standard technologies
• OMA LWM2M
• IPSO Smart Objects
• 6LoWPAN
• Key negotiation mechanisms

37

CONCLUSIONS

Research questions

1.Is it feasible to use IoT-SOA technology in WSANs for industrial applications? 1.What are the benefits of adding IoT technology to industrial WSANs? 2.Is it possible to increase interoperability while mitigating performance impact? 2.How can access to exposed IoT nodes be protected and controlled while maintaining performance? 3.How can zero-configuration operation be achieved for an IoT node?

38

FUTURE WORK

Access control

• Accounting
• Robust ticket generation (COSE-like)
• CoAP-RADIUS reliability
• Scalability analysis

39

FUTURE WORK

Efficient IoT framework

• Efficiency
• Security
• Key negotiations
• Run-time reconfiguration
• Scalability
• Quality of Service

THANKS TO

Efficient IoT Framework for Industrial Applications

DOCTORAL THESIS

Pablo Puñal Pereira

Industrial Electronics