Recent advances in industrial wireless sensor networks towards efficient management in IoT

With the accelerated development of Internet-of- Things (IoT), wireless sensor networks (WSN) are gaining importance in the continued advancement of information and communication technologies, and have been connected and integrated with Internet in vast industrial applications. However, given the fact that most wireless sensor devices are resource constrained and operate on batteries, the communication overhead and power consumption are therefore important issues for wireless sensor networks design. In order to efficiently manage these wireless sensor devices in a unified manner, the industrial authorities should be able to provide a network infrastructure supporting various WSN applications and services that facilitate the management of sensor-equipped real-world entities. This paper presents an overview of industrial ecosystem, technical architecture, industrial device management standards and our latest research activity in developing a WSN management system. The key approach to enable efficient and reliable management of WSN within such an infrastructure is a cross layer design of lightweight and cloud-based RESTful web service

Data Lifetime Estimation in a Multicast-Based CoAP Proxy

In this work we consider kernel-based record lifetime estimation in a proactive Internet of Things (IoT) proxy with multicast based cache management. Multicast refreshment requests were based on lifetime expiration for a predefined number of records. To reduce the traffic volume in the IoT domain, we assume that only nodes where the observed physical variable has changed its value will respond to the multicast request. For estimating the data lifetime at the proxy, we use Gaussian kernels, assuming that the intrinsic data lifetime probability distribution was taken from Erlang-k family of sub-exponential distributions. In this setup, we consider that the proxy connects to the IoT domain using an IEEE 802.15.4-compatible wireless network. Results indicate that narrow and symmetrical lifetime probability distributions require more frequent multicasting refreshments compared to wider and asymmetric ones. This increases traffic intensity and energy consumption in IoT domain. We quantify finding with numerical results

Expressive policy based authorization model for resource-constrained device sensors.

Los capítulos II, III y IV están sujetos a confidencialidad por el autor 92 p.Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multistakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Given that, strong security in general and access control in particular is a must.However, tightness, feasibility and usability of existing access control models do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In fact, (1) traditional access control solutions are not feasible in all constrained devices due their big impact on the performance although they provide the highest effectiveness by means of tightness and flexibility. (2) Recent access control solutions designed for constrained devices can be implemented only in not so constrained ones and lack policy expressiveness in the local authorization enforcement. (3) Access control solutions currently feasible in the most severely constrained devices have been based on authentication and very coarse grained and static policies, scale badly, and lack a feasible policy based access control solution aware of local context of sensors.Therefore, there is a need for a suitable End-to-End (E2E) access control model to provide fine grained authorization services in service oriented open scenarios, where operation and management access is by nature dynamic and that integrate massively deployed constrained but manageable sensors. Precisely, the main contribution of this thesis is the specification of such a highly expressive E2E access control model suitable for all sensors including the most severely constrained ones. Concretely, the proposed E2E access control model consists of three main foundations. (1) A hybrid architecture, which combines advantages of both centralized and distributed architectures to enable multi-step authorization. Fine granularity of the enforcement is enabled by (2) an efficient policy language and codification, which are specifically defined to gain expressiveness in the authorization policies and to ensure viability in very-constrained devices. The policy language definition enables both to make granting decisions based on local context conditions, and to react accordingly to the requests by the execution of additional tasks defined as obligations.The policy evaluation and enforcement is performed not only during the security association establishment but also afterward, while such security association is in use. Moreover, this novel model provides also control over access behavior, since iterative re-evaluation of the policy is enabled during each individual resource access.Finally, (3) the establishment of an E2E security association between two mutually authenticated peers through a security protocol named Hidra. Such Hidra protocol, based on symmetric key cryptography, relies on the hybrid three-party architecture to enable multi-step authorization as well as the instant provisioning of a dynamic security policy in the sensors. Hidra also enables delegated accounting and audit trail. Proposed access control features cope with tightness, feasibility and both dimensions of usability such as scalability and manageability, which are the key unsolved challenges in the foreseen open and dynamic scenarios enabled by IoT. Related to efficiency, the high compression factor of the proposed policy codification and the optimized Hidra security protocol relying on a symmetric cryptographic schema enable the feasibility as it is demonstrated by the validation assessment. Specifically, the security evaluation and both the analytical and experimental performance evaluation demonstrate the feasibility and adequacy of the proposed protocol and access control model.Concretely, the security validation consists of the assessment that the Hidra security protocol meets the security goals of mutual strong authentication, fine-grained authorization, confidentiality and integrity of secret data and accounting. The security analysis of Hidra conveys on the one hand, how the design aspects of the message exchange contribute to the resilience against potential attacks. On the other hand, a formal security validation supported by a software tool named AVISPA ensures the absence of flaws and the correctness of the design of Hidra.The performance validation is based on an analytical performance evaluation and a test-bed implementation of the proposed access control model for the most severely constrained devices. The key performance factor is the length of the policy instance, since it impacts proportionally on the three critical parameters such as the delay, energy consumption, memory footprint and therefore, on the feasibility.Attending to the obtained performance measures, it can be concluded that the proposed policy language keeps such balance since it enables expressive policy instances but always under limited length values. Additionally, the proposed policy codification improves notably the performance of the protocol since it results in the best policy length compression factor compared with currently existing and adopted standards.Therefore, the assessed access control model is the first approach to bring to severely constrained devices a similar expressiveness level for enforcement and accounting as in current Internet. The positive performance evaluation concludes the feasibility and suitability of this access control model, which notably rises the security features on severely constrained devices for the incoming smart scenarios.Additionally, there is no comparable impact assessment of policy expressiveness of any other access control model. That is, the presented analysis models as well as results might be a reference for further analysis and benchmarkingGaur egun darabilzkigun hainbeste gailutan mikroprozesadoreak daude txertatuta, eragiten duten prozesuan neurketak egin eta logika baten ondorioz ekiteko. Horretarako, bai sentsoreak eta baita aktuadoreak erabiltzen dira (hemendik aurrera, komunitatean onartuta dagoenez, sentsoreak esango diegu nahiz eta erabilpen biak izan). Orain arteko erabilpen zabalenetako konekzio motak, banaka edota sare lokaletan konekatuta izan dira. Era honetan, sentsoreak elkarlanean elkarreri eraginez edota zerbitzari nagusi baten agindupean, erakunde baten prozesuak ahalbideratu eta hobetzeko erabili izan dira.Internet of Things (IoT) deritzonak, sentsoreak dituzten gailuak Internet sarearen bidez konektatu eta prozesu zabalagoak eta eraginkorragoak ahalbidetzen ditu. Smartcity, Smartgrid, Smartfactory eta bestelako smart adimendun ekosistemak, gaur egun dauden eta datozen komunikaziorako teknologien aukerak baliatuz, erabilpen berriak ahalbideratu eta eragina areagotzea dute helburu.Era honetan, ekosistema hauek zabalak dira, eremu ezberdinetako erakundeek hartzen dute parte, eta berariazko sentsoreak dituzten gailuen kopurua izugarri handia da. Sentsoreak beraz, berariazkoak, merkeak eta txikiak dira, eta orain arteko lehenengo erabilpen nagusia, magnitude fisikoren bat neurtzea eta neurketa hauek zerbitzari zentralizatu batera bidaltzea izan da. Hau da, inguruan gertatzen direnak neurtu, eta zerbitzari jakin bati neurrien datuak aldiro aldiro edota atari baten baldintzapean igorri. Zerbitzariak logika aplikatu eta sistema osoa adimendun moduan jardungo du. Jokabide honetan, aurretik ezagunak diren entitateen arteko komunikazioen segurtasuna bermatzearen kexka, nahiz eta Internetetik pasatu, hein onargarri batean ebatzita dago gaur egun.Baina adimendun ekosistema aurreratuak sentsoreengandik beste jokabide bat ere aurreikusten dute. Sentsoreek eurekin harremanak izateko moduko zerbitzuak ere eskaintzen dituzte. Erakunde baten prozesuetan, beste jatorri bateko erakundeekin elkarlanean, jokabide honen erabilpen nagusiak bi dira. Batetik, prozesuan parte hartzen duen erabiltzaileak (eta jabeak izan beharrik ez duenak) inguruarekin harremanak izan litzake, eta bere ekintzetan gailuak bere berezitasunetara egokitzearen beharrizana izan litzake. Bestetik, sentsoreen jarduera eta mantenimendua zaintzen duten teknikariek, beroriek egokitzeko zerbitzuen beharrizana izan dezakete.Holako harremanak, sentsoreen eta erabiltzaileen kokalekua zehaztugabea izanik, kasu askotan Internet bidez eta zuzenak (end-to-end) izatea aurreikusten da. Hau da, sentsore txiki asko daude handik hemendik sistemaren adimena ahalbidetuz, eta harreman zuzenetarako zerbitzu ñimiñoak eskainiz. Batetik, zerbitzu zuzena, errazagoa eta eraginkorragoa dena, bestetik erronkak ere baditu. Izan ere, sentsoreak hain txikiak izanik, ezin dituzte gaur egungo protokolo eta mekanismo estandarak gauzatu. Beraz, sare mailatik eta aplikazio mailarainoko berariazko protokoloak sortzen ari dira.Tamalez, protokolo hauek arinak izatea dute helburu eta segurtasuna ez dute behar den moduan aztertu eta gauzatzen. Eta egon badaude berariazko sarbide kontrolerako ereduak baina baliabideen urritasuna dela eta, ez dira ez zorrotzak ez kudeagarriak. Are gehiago, Gartnerren arabera, erabilpen aurreratuetan inbertsioa gaur egun mugatzen duen traba Nagusia segurtasunarekiko mesfidantza da.Eta hauxe da erronka eta tesi honek landu duen gaia: batetik sentsoreak hain txikiak izanik, eta baliabideak hain urriak (10kB RAM, 100 kB Flash eta bateriak, sentsore txikienetarikoetan), eta bestetik Internet sarea hain zabala eta arriskutsua izanik, segurtasuna areagotuko duen sarbide zuzenaren kontrolerako eredu zorrotz, arin eta kudeagarri berri bat zehaztu eta bere erabilgarritasuna aztertu

Fog computing for sustainable smart cities: a survey

The Internet of Things (IoT) aims to connect billions of smart objects to the Internet, which can bring a promising future to smart cities. These objects are expected to generate large amounts of data and send the data to the cloud for further processing, specially for knowledge discovery, in order that appropriate actions can be taken. However, in reality sensing all possible data items captured by a smart object and then sending the complete captured data to the cloud is less useful. Further, such an approach would also lead to resource wastage (e.g. network, storage, etc.). The Fog (Edge) computing paradigm has been proposed to counterpart the weakness by pushing processes of knowledge discovery using data analytics to the edges. However, edge devices have limited computational capabilities. Due to inherited strengths and weaknesses, neither Cloud computing nor Fog computing paradigm addresses these challenges alone. Therefore, both paradigms need to work together in order to build an sustainable IoT infrastructure for smart cities. In this paper, we review existing approaches that have been proposed to tackle the challenges in the Fog computing domain. Specifically, we describe several inspiring use case scenarios of Fog computing, identify ten key characteristics and common features of Fog computing, and compare more than 30 existing research efforts in this domain. Based on our review, we further identify several major functionalities that ideal Fog computing platforms should support and a number of open challenges towards implementing them, so as to shed light on future research directions on realizing Fog computing for building sustainable smart cities

Expressive policy based authorization model for resource-constrained device sensors.

Los capítulos II, III y IV están sujetos a confidencialidad por el autor 92 p.Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multistakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Given that, strong security in general and access control in particular is a must.However, tightness, feasibility and usability of existing access control models do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In fact, (1) traditional access control solutions are not feasible in all constrained devices due their big impact on the performance although they provide the highest effectiveness by means of tightness and flexibility. (2) Recent access control solutions designed for constrained devices can be implemented only in not so constrained ones and lack policy expressiveness in the local authorization enforcement. (3) Access control solutions currently feasible in the most severely constrained devices have been based on authentication and very coarse grained and static policies, scale badly, and lack a feasible policy based access control solution aware of local context of sensors.Therefore, there is a need for a suitable End-to-End (E2E) access control model to provide fine grained authorization services in service oriented open scenarios, where operation and management access is by nature dynamic and that integrate massively deployed constrained but manageable sensors. Precisely, the main contribution of this thesis is the specification of such a highly expressive E2E access control model suitable for all sensors including the most severely constrained ones. Concretely, the proposed E2E access control model consists of three main foundations. (1) A hybrid architecture, which combines advantages of both centralized and distributed architectures to enable multi-step authorization. Fine granularity of the enforcement is enabled by (2) an efficient policy language and codification, which are specifically defined to gain expressiveness in the authorization policies and to ensure viability in very-constrained devices. The policy language definition enables both to make granting decisions based on local context conditions, and to react accordingly to the requests by the execution of additional tasks defined as obligations.The policy evaluation and enforcement is performed not only during the security association establishment but also afterward, while such security association is in use. Moreover, this novel model provides also control over access behavior, since iterative re-evaluation of the policy is enabled during each individual resource access.Finally, (3) the establishment of an E2E security association between two mutually authenticated peers through a security protocol named Hidra. Such Hidra protocol, based on symmetric key cryptography, relies on the hybrid three-party architecture to enable multi-step authorization as well as the instant provisioning of a dynamic security policy in the sensors. Hidra also enables delegated accounting and audit trail. Proposed access control features cope with tightness, feasibility and both dimensions of usability such as scalability and manageability, which are the key unsolved challenges in the foreseen open and dynamic scenarios enabled by IoT. Related to efficiency, the high compression factor of the proposed policy codification and the optimized Hidra security protocol relying on a symmetric cryptographic schema enable the feasibility as it is demonstrated by the validation assessment. Specifically, the security evaluation and both the analytical and experimental performance evaluation demonstrate the feasibility and adequacy of the proposed protocol and access control model.Concretely, the security validation consists of the assessment that the Hidra security protocol meets the security goals of mutual strong authentication, fine-grained authorization, confidentiality and integrity of secret data and accounting. The security analysis of Hidra conveys on the one hand, how the design aspects of the message exchange contribute to the resilience against potential attacks. On the other hand, a formal security validation supported by a software tool named AVISPA ensures the absence of flaws and the correctness of the design of Hidra.The performance validation is based on an analytical performance evaluation and a test-bed implementation of the proposed access control model for the most severely constrained devices. The key performance factor is the length of the policy instance, since it impacts proportionally on the three critical parameters such as the delay, energy consumption, memory footprint and therefore, on the feasibility.Attending to the obtained performance measures, it can be concluded that the proposed policy language keeps such balance since it enables expressive policy instances but always under limited length values. Additionally, the proposed policy codification improves notably the performance of the protocol since it results in the best policy length compression factor compared with currently existing and adopted standards.Therefore, the assessed access control model is the first approach to bring to severely constrained devices a similar expressiveness level for enforcement and accounting as in current Internet. The positive performance evaluation concludes the feasibility and suitability of this access control model, which notably rises the security features on severely constrained devices for the incoming smart scenarios.Additionally, there is no comparable impact assessment of policy expressiveness of any other access control model. That is, the presented analysis models as well as results might be a reference for further analysis and benchmarkingGaur egun darabilzkigun hainbeste gailutan mikroprozesadoreak daude txertatuta, eragiten duten prozesuan neurketak egin eta logika baten ondorioz ekiteko. Horretarako, bai sentsoreak eta baita aktuadoreak erabiltzen dira (hemendik aurrera, komunitatean onartuta dagoenez, sentsoreak esango diegu nahiz eta erabilpen biak izan). Orain arteko erabilpen zabalenetako konekzio motak, banaka edota sare lokaletan konekatuta izan dira. Era honetan, sentsoreak elkarlanean elkarreri eraginez edota zerbitzari nagusi baten agindupean, erakunde baten prozesuak ahalbideratu eta hobetzeko erabili izan dira.Internet of Things (IoT) deritzonak, sentsoreak dituzten gailuak Internet sarearen bidez konektatu eta prozesu zabalagoak eta eraginkorragoak ahalbidetzen ditu. Smartcity, Smartgrid, Smartfactory eta bestelako smart adimendun ekosistemak, gaur egun dauden eta datozen komunikaziorako teknologien aukerak baliatuz, erabilpen berriak ahalbideratu eta eragina areagotzea dute helburu.Era honetan, ekosistema hauek zabalak dira, eremu ezberdinetako erakundeek hartzen dute parte, eta berariazko sentsoreak dituzten gailuen kopurua izugarri handia da. Sentsoreak beraz, berariazkoak, merkeak eta txikiak dira, eta orain arteko lehenengo erabilpen nagusia, magnitude fisikoren bat neurtzea eta neurketa hauek zerbitzari zentralizatu batera bidaltzea izan da. Hau da, inguruan gertatzen direnak neurtu, eta zerbitzari jakin bati neurrien datuak aldiro aldiro edota atari baten baldintzapean igorri. Zerbitzariak logika aplikatu eta sistema osoa adimendun moduan jardungo du. Jokabide honetan, aurretik ezagunak diren entitateen arteko komunikazioen segurtasuna bermatzearen kexka, nahiz eta Internetetik pasatu, hein onargarri batean ebatzita dago gaur egun.Baina adimendun ekosistema aurreratuak sentsoreengandik beste jokabide bat ere aurreikusten dute. Sentsoreek eurekin harremanak izateko moduko zerbitzuak ere eskaintzen dituzte. Erakunde baten prozesuetan, beste jatorri bateko erakundeekin elkarlanean, jokabide honen erabilpen nagusiak bi dira. Batetik, prozesuan parte hartzen duen erabiltzaileak (eta jabeak izan beharrik ez duenak) inguruarekin harremanak izan litzake, eta bere ekintzetan gailuak bere berezitasunetara egokitzearen beharrizana izan litzake. Bestetik, sentsoreen jarduera eta mantenimendua zaintzen duten teknikariek, beroriek egokitzeko zerbitzuen beharrizana izan dezakete.Holako harremanak, sentsoreen eta erabiltzaileen kokalekua zehaztugabea izanik, kasu askotan Internet bidez eta zuzenak (end-to-end) izatea aurreikusten da. Hau da, sentsore txiki asko daude handik hemendik sistemaren adimena ahalbidetuz, eta harreman zuzenetarako zerbitzu ñimiñoak eskainiz. Batetik, zerbitzu zuzena, errazagoa eta eraginkorragoa dena, bestetik erronkak ere baditu. Izan ere, sentsoreak hain txikiak izanik, ezin dituzte gaur egungo protokolo eta mekanismo estandarak gauzatu. Beraz, sare mailatik eta aplikazio mailarainoko berariazko protokoloak sortzen ari dira.Tamalez, protokolo hauek arinak izatea dute helburu eta segurtasuna ez dute behar den moduan aztertu eta gauzatzen. Eta egon badaude berariazko sarbide kontrolerako ereduak baina baliabideen urritasuna dela eta, ez dira ez zorrotzak ez kudeagarriak. Are gehiago, Gartnerren arabera, erabilpen aurreratuetan inbertsioa gaur egun mugatzen duen traba Nagusia segurtasunarekiko mesfidantza da.Eta hauxe da erronka eta tesi honek landu duen gaia: batetik sentsoreak hain txikiak izanik, eta baliabideak hain urriak (10kB RAM, 100 kB Flash eta bateriak, sentsore txikienetarikoetan), eta bestetik Internet sarea hain zabala eta arriskutsua izanik, segurtasuna areagotuko duen sarbide zuzenaren kontrolerako eredu zorrotz, arin eta kudeagarri berri bat zehaztu eta bere erabilgarritasuna aztertu

6LoWPAN Stack Model Configuration for IoT Streaming Data Transmission over CoAP

Abstract: Different protocols have been developed for the Internet of things (IoT), such as the constrained application protocol (CoAP) for the application layer of the IPv6 over low-power wireless personal area networks (6LoWPAN) stack model. Data transmitted over 6LoWPAN are limited by the throughput and the frame size defined by IEEE 805.14.5 standards. Choosing the best configuration for data transmission involves a trade off between the application requirements, the constrained network configuration, the constrained device specifications and IoT application protocols. This paper provides an analysis of message size and structure recommendations for the 6LoWPAN stack model for different network topologies using CoAP. CoAP is a promising application protocol for the 6LoWPAN stack model because it can effectively manage the transmission required functionality in small header UDP packets compared to TCP packets. However, a data model is also required to realize an effective IoT model. While fragmentation and reassembly are supported by CoAP, they should be avoided for this type of model. As for any conceptual model, a high configuration between layers is mandatory. Additionally, the proposed message format is useful for semantic web of things application development and for WSN design and management

A gap analysis of Internet-of-Things platforms

We are experiencing an abundance of Internet-of-Things (IoT) middleware solutions that provide connectivity for sensors and actuators to the Internet. To gain a widespread adoption, these middleware solutions, referred to as platforms, have to meet the expectations of different players in the IoT ecosystem, including device providers, application developers, and end-users, among others. In this article, we evaluate a representative sample of these platforms, both proprietary and open-source, on the basis of their ability to meet the expectations of different IoT users. The evaluation is thus more focused on how ready and usable these platforms are for IoT ecosystem players, rather than on the peculiarities of the underlying technological layers. The evaluation is carried out as a gap analysis of the current IoT landscape with respect to (i) the support for heterogeneous sensing and actuating technologies, (ii) the data ownership and its implications for security and privacy, (iii) data processing and data sharing capabilities, (iv) the support offered to application developers, (v) the completeness of an IoT ecosystem, and (vi) the availability of dedicated IoT marketplaces. The gap analysis aims to highlight the deficiencies of today's solutions to improve their integration to tomorrow's ecosystems. In order to strengthen the finding of our analysis, we conducted a survey among the partners of the Finnish IoT program, counting over 350 experts, to evaluate the most critical issues for the development of future IoT platforms. Based on the results of our analysis and our survey, we conclude this article with a list of recommendations for extending these IoT platforms in order to fill in the gaps.Comment: 15 pages, 4 figures, 3 tables, Accepted for publication in Computer Communications, special issue on the Internet of Things: Research challenges and solution

New Architectures for ubiquitous networks : use and adaptation of internet protocols over wireless sensor networks

This thesis focuses on the study of low-resource demanding protocols, communication techniques and software solutions to evaluate, optimise and implement Web service in WSNs. We start analysing the Web service architectures in order to choose the most appropriate for the constraints of WSNs, which is REST. Based on this analysis, we review the state-of-the-art of protocols that allows implementing REST Web services. To this end, we adopt the IEEE 802.15.4 standard for the physical and data-link layers, 6LoWPAN for the network layer and CoAP for the application layer. 6LoWPAN defines two forwarding techniques, which are called mesh under (MU) and route over (RO). It also provides a mechanism to fragment packets, which is called 6LoWPAN fragmentation. In part of the thesis, we study the effects that MU and RO have on communications using 6LoWPAN fragmentation. In particular, MU does not prevent forwarding unnecessary fragments and out-of-order delivery, which could lead to an inefficient use of bandwidth and a growth of energy consumption. We propose, then, a novel technique able to improve the performance of MU with fragmented packets, which we refer to as controlled mesh under (CMU). The results of a performance evaluation in a real WSN show that CMU is able to enhance the performance of MU by reducing its packet loss and end-to-end delay. In 6LoWPAN fragmentation, the loss of a fragment forces the retransmission of the entire packet. To overcome this limitation, CoAP defines blockwise transfer. It splits the packet into blocks and sends each one in reliable transactions, which introduces a significant communication overhead. We propose a novel analytical model to study blockwise and 6LoWPAN fragmentation, which is validated trough Monte Carlo simulations. Both techniques are compared in terms of reliability and delay. The results show that 6LoWPAN fragmentation is preferable for delay-constrained applications. For highly congested networks, blockwise slightly outperforms 6LoWPAN fragmentation in terms of reliability. CoAP defines the observe option to allow a client to register to a resource exposed by a server and to receive updates of its state. Existing QoS in the observe option supports partially timeliness. It allows specifying the validity of an update but it does not guarantee its on-time delivery. This approach is inefficient and does not consider applications, i.e. e-health, that requires the delivery of an update within a deadline. With this limitation in mind, we design and evaluate a novel mechanism for update delivery based on priority. The evaluation proves that implementing a delivery order improves the delay and delivery ratio of updates. Our proposal is also able to reduce the energy consumption allowing clients to express the class of updates that they wish to receive. In part of this thesis, we present our original library for TinyOS, which we referred to as TinyCoAP, and the design and implementation of a CoAP proxy. We compare TinyCoAP to CoapBlip, which is the CoAP implementation distributed with TinyOS. TinyCoAP proves to be able to reach a high code optimization and to reduce the impact over the memory of WSN nodes. The evaluation includes also the analysis of the CoAP reliability mechanism, which was still uncovered in the literature. As a novelty, we also compare CoAP with HTTP considering different solutions for the transport layer protocol such as UDP and persistent TCP connections. The CoAP proxy enables Web applications to transparently access the resources hosted in CoAP devices. It supports long-lived communications by including the WebSocket protocol. It also supports Web applications that use the traditional HTTP long-polling technique. Finally, one of the main contributions of the proxy design is the proposal of a standard URI path format to be used by Web applications to access to a CoAP resource.Esta tesis se enfoca en el estudio de protocolos de bajo consumo, técnicas de comunicación y software con el fin de evaluar, optimizar y desarrollar servicios Web en WSNs. Empezamos analizando la arquitectura de servicios Web con el objetivo de elegir la arquitectura más apropiada debido a las limitaciones de WSNs. Ésta se denomina REST. En base a este análisis, revisamos el estado del arte de los protocolos que permiten desarrollar servicios Web. Con este objetivo adoptamos el estándar IEEE 802.15.4 por la capa física y de enlace, 6LoWPAN por la de red y CoAP por la capa de aplicación. 6LoWPAN define dos técnicas de enrutamiento, denominadas 'Mesh Under' (MU) y 'Route Over' (RO). Asimismo ofrece un mecanismo para fragmentar paquetes, llamado 6LoWPAN fragmentation. En parte de la tesis estudiamos los efectos que MU y RO tienen sobre la comunicación que utiliza 6LoWPAN fragmentation. En particular, MU no previene enrutar fragmentos innecesarios y la entrega fuera de orden, lo cual podría provocar un uso ineficiente de ancho de banda y un crecimiento del consumo energía. Proponemos entonces nueva técnica capaz de mejorar las prestaciones de MU con paquetes fragmentados que denominamos 'Controlled Mesh Under' (CMU). Los resultados de una evaluación en una WSN real demuestran que CMU es capaz de mejorar las prestaciones de MU reduciendo la pérdida de paquetes y el retraso end-to-end. En 6LoWPAN fragmentation, la pérdida de un fragmento causa la retransmisión del paquete entero. Para evitar esta limitación CoAP define blockwise transfer. Esto divide el paquete en bloques y los envía en comunicaciones fiables provocando overhead. Proponemos un nuevo modelo analítico para estudiar blockwise y 6LoWPAN fragmentation cuya validación se realiza mediante simulaciones de Monte Carlo. Ambas técnicas se comparan en términos de fiabilidad y retraso. Los resultados muestran que es preferible usar 6LoWPAN fragmentation para las aplicaciones con restricciones en retraso. Para las redes mas congestionadas, blockwise mejora ligeramente 6LoWPAN fragmentation en términos de fiabilidad. CoAP define la opción observe para permitir a un cliente registrarse a un recurso proporcionado por un servidor y recibir actualizaciones de su estado. La QoS ofrecida por la opción observe proporciona soporte parcial por el timeliness. Esta permite especificar la validez de una actualización pero no garantiza su entrega a tiempo. Este enfoque es ineficiente y no incluye aplicaciones, como por ejemplo e-health que requieren la entrega de las actualizaciones en un plazo determinado. Teniendo en cuenta esta limitación, diseñamos y evaluamos un mecanismo novedoso para la entrega de actualizaciones basada en la prioridad. La evaluación demuestra que la implementación de una orden de entrega mejora la tasa de llegada y el retraso de las actualizaciones. Nuestra propuesta es capaz de reducir el consumo de energía permitiendo a los clientes expresar el tipo de actualización que desean recibir. En parte de esta tesis presentamos nuestra librería original pro TinyOS a la que nos referimos como TinyCoAP, así como el diseño y desarrollo de un Proxy CoAP. Comparamos TinyCoAP a CoapBlip, que es la aplicación distribuida con TinyOS. TinyCoAP demuestra ser capaz de alcanzar una alta optimización de código y reducir el impacto sobre la memoria de nodos de WSNs. La evaluación también incluye el análisis de la fiabilidad de CoAP que no había sido estudiada en la literatura. Como novedad también comparamos CoAP con HTTP, considerando diferentes soluciones para el protocolo de transporte como UDP y conexiones TCP persistentes. El Proxy CoAP permite a las aplicaciones Web acceder de manera transparente a los recursos almacenados en dispositivos CoAP. Éste incluye el protocolo WebSocket, que permite el establecimiento de conexiones long-lived. También permite el uso de aplicaciones Web con la tradicional técnica HTTP long-pollin

VIoLET: A Large-scale Virtual Environment for Internet of Things

IoT deployments have been growing manifold, encompassing sensors, networks, edge, fog and cloud resources. Despite the intense interest from researchers and practitioners, most do not have access to large-scale IoT testbeds for validation. Simulation environments that allow analytical modeling are a poor substitute for evaluating software platforms or application workloads in realistic computing environments. Here, we propose VIoLET, a virtual environment for defining and launching large-scale IoT deployments within cloud VMs. It offers a declarative model to specify container-based compute resources that match the performance of the native edge, fog and cloud devices using Docker. These can be inter-connected by complex topologies on which private/public networks, and bandwidth and latency rules are enforced. Users can configure synthetic sensors for data generation on these devices as well. We validate VIoLET for deployments with > 400 devices and > 1500 device-cores, and show that the virtual IoT environment closely matches the expected compute and network performance at modest costs. This fills an important gap between IoT simulators and real deployments.Comment: To appear in the Proceedings of the 24TH International European Conference On Parallel and Distributed Computing (EURO-PAR), August 27-31, 2018, Turin, Italy, europar2018.org. Selected as a Distinguished Paper for presentation at the Plenary Session of the conferenc