510 research outputs found
IETF standardization in the field of the Internet of Things (IoT): a survey
Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities
Contributions to Securing Software Updates in IoT
The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate
Discovery and Group Communication for Constrained Internet of Things Devices using the Constrained Application Protocol
The ubiquitous Internet is rapidly spreading to new domains. This expansion of
the Internet is comparable in scale to the spread of the Internet in the ’90s. The
resulting Internet is now commonly referred to as the Internet of Things (IoT) and
is expected to connect about 50 billion devices by the year 2020. This means that
in just five years from the time of writing this PhD the number of interconnected
devices will exceed the number of humans by sevenfold. It is further expected that
the majority of these IoT devices will be resource constrained embedded devices
such as sensors and actuators. Sensors collect information about the physical world
and inject this information into the virtual world. Next processing and reasoning
can occur and decisions can be taken to enact upon the physical world by injecting
feedback to actuators.
The integration of embedded devices into the Internet introduces new challenges,
since many of the existing Internet technologies and protocols were not
designed for this class of constrained devices. These devices are typically optimized
for low cost and power consumption and thus have very limited power,
memory, and processing resources and have long sleep periods. The networks
formed by these embedded devices are also constrained and have different characteristics
than those typical in todays Internet. These constrained networks have
high packet loss, low throughput, frequent topology changes and small useful payload
sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to
run standard Internet protocols on this class of constrained devices and/or LLNs.
New or adapted protocols that take into consideration the capabilities of the constrained
devices and the characteristics of LLNs, are required.
In the past few years, there were many efforts to enable the extension of the
Internet technologies to constrained devices. Initially, most of these efforts were
focusing on the networking layer. However, the expansion of the Internet in the
90s was not due to introducing new or better networking protocols. It was a result
of introducing the World Wide Web (WWW), which made it easy to integrate services
and applications. One of the essential technologies underpinning the WWW
was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key
protocol in the realization of scalable web services building around the Representational
State Transfer (REST) paradigm. The REST architectural style enables
the realization of scalable and well-performing services using uniform and simple
interfaces. The availability of an embedded counterpart of HTTP and the REST
architecture could boost the uptake of the IoT.
Therefore, more recently, work started to allow the integration of constrained
devices in the Internet at the service level. The Internet Engineering Task Force
(IETF) Constrained RESTful Environments (CoRE) working group has realized
the REST architecture in a suitable form for the most constrained nodes and networks.
To that end the Constrained Application Protocol (CoAP) was introduced,
a specialized RESTful web transfer protocol for use with constrained networks and
nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is
optimized for Machine-to-Machine (M2M) applications.
This PhD research builds upon CoAP to enable a better integration of constrained
devices in the IoT and examines proposed CoAP solutions theoretically
and experimentally proposing alternatives when appropriate. The first part of this
PhD proposes a mechanism that facilitates the deployment of sensor networks
and enables the discovery, end-to-end connectivity and service usage of newly
deployed sensor nodes. The proposed approach makes use of CoAP and combines
it with Domain Name System (DNS) in order to enable the use of userfriendly
Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It
includes the automatic discovery of sensors and sensor gateways and the translation
of HTTP to CoAP, thus making the sensor resources globally discoverable and
accessible from any Internet-connected client using either IPv6 addresses or DNS
names both via HTTP or CoAP. As such, the proposed approach provides a feasible
and flexible solution to achieve hierarchical self-organization with a minimum
of pre-configuration. By doing so we minimize costly human interventions and
eliminate the need for introducing new protocols dedicated for the discovery and
organization of resources. This reduces both cost and the implementation footprint
on the constrained devices.
The second, larger, part of this PhD focuses on using CoAP to realize communication
with groups of resources. In many IoT application domains, sensors
or actuators need to be addressed as groups rather than individually, since individual
resources might not be sufficient or useful. A simple example is that all
lights in a room should go on or off as a result of the user toggling the light switch.
As not all IoT applications may need group communication, the CoRE working
group did not include it in the base CoAP specification. This way the base protocol
is kept as efficient and as simple as possible so it would run on even the most
constrained devices. Group communication and other features that might not be
needed by all devices are standardized in a set of optional separate extensions. We
first examined the proposed CoAP extension for group communication, which utilizes
Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and
weaknesses and propose our own complementary solution that uses unicast to realize
group communication. Our solution offers capabilities beyond simple group
communication. For example, we provide a validation mechanism that performs
several checks on the group members, to make sure that combining them together
is possible. We also allow the client to request that results of the individual members
are processed before they are sent to the client. For example, the client can
request to obtain only the maximum value of all individual members.
Another important optional extension to CoAP allows clients to continuously
observe resources by registering their interest in receiving notifications from CoAP
servers once there are changes to the values of the observed resources. By using
this publish/subscribe mechanism the client does not need to continuously poll the
resource to find out whether it has changed its value. This typically leads to more
efficient communication patterns that preserve valuable device and LLN resources.
Unfortunately CoAP observe does not work together with the CoAP group communication
extension, since the observe extension assumes unicast communication
while the group communication extension only support multicast communication.
In this PhD we propose to extend our own group communication solution to offer
group observation capabilities. By combining group observation with group
processing features, it becomes possible to notify the client only about certain
changes to the observed group (e.g., the maximum value of all group members has
changed).
Acknowledging that the use of multicast as well as unicast has strengths and
weaknesses we propose to extend our unicast based solution with certain multicast
features. By doing so we try to combine the strengths of both approaches to obtain
a better overall group communication that is flexible and that can be tailored
according to the use case needs.
Together, the proposed mechanisms represent a powerful and comprehensive
solution to the challenging problem of group communication with constrained devices.
We have evaluated the solutions proposed in this PhD extensively and in
a variety of forms. Where possible, we have derived theoretical models and have
conducted numerous simulations to validate them. We have also experimentally
evaluated those solutions and compared them with other proposed solutions using
a small demo box and later on two large scale wireless sensor testbeds and under
different test conditions. The first testbed is located in a large, shielded room,
which allows testing under controlled environments. The second testbed is located
inside an operational office building and thus allows testing under normal operation
conditions. Those tests revealed performance issues and some other problems.
We have provided some solutions and suggestions for tackling those problems.
Apart from the main contributions, two other relevant outcomes of this PhD are
described in the appendices. In the first appendix we review the most important
IETF standardization efforts related to the IoT and show that with the introduction
of CoAP a complete set of standard protocols has become available to cover the
complete networking stack and thus making the step from the IoT into the Web
of Things (WoT). Using only standard protocols makes it possible to integrate
devices from various vendors into one bigWoT accessible to humans and machines
alike.
In the second appendix, we provide an alternative solution for grouping constrained
devices by using virtualization techniques. Our approach focuses on the
objects, both resource-constrained and non-constrained, that need to cooperate
by integrating them into a secured virtual network, named an Internet of Things
Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication
can take place through the use of protocols that take the limitations of the most
resource-constrained devices into account. We describe how this concept maps to
several generic use cases and, as such, can constitute a valid alternative approach
for supporting selected applications
IETF standardization in the field of the internet of things (IoT): a survey
Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities.The research leading to these results has received funding from the European Union’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no 258885 (SPITFIRE project), from the iMinds ICON projects GreenWeCan and O’CareCloudS, a FWO postdoc grant for Eli De Poorter and a VLIR PhD scholarship to Isam Ishaq
Discovery and group communication for constrained Internet of Things devices using the Constrained Application Protocol
The ubiquitous Internet is rapidly spreading to new domains. This expansion of
the Internet is comparable in scale to the spread of the Internet in the ’90s. The
resulting Internet is now commonly referred to as the Internet of Things (IoT) and
is expected to connect about 50 billion devices by the year 2020. This means that
in just five years from the time of writing this PhD the number of interconnected
devices will exceed the number of humans by sevenfold. It is further expected that
the majority of these IoT devices will be resource constrained embedded devices
such as sensors and actuators. Sensors collect information about the physical world
and inject this information into the virtual world. Next processing and reasoning
can occur and decisions can be taken to enact upon the physical world by injecting
feedback to actuators.
The integration of embedded devices into the Internet introduces new challenges,
since many of the existing Internet technologies and protocols were not
designed for this class of constrained devices. These devices are typically optimized
for low cost and power consumption and thus have very limited power,
memory, and processing resources and have long sleep periods. The networks
formed by these embedded devices are also constrained and have different characteristics
than those typical in todays Internet. These constrained networks have
high packet loss, low throughput, frequent topology changes and small useful payload
sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to
run standard Internet protocols on this class of constrained devices and/or LLNs.
New or adapted protocols that take into consideration the capabilities of the constrained
devices and the characteristics of LLNs, are required.
In the past few years, there were many efforts to enable the extension of the
Internet technologies to constrained devices. Initially, most of these efforts were
focusing on the networking layer. However, the expansion of the Internet in the
90s was not due to introducing new or better networking protocols. It was a result
of introducing the World Wide Web (WWW), which made it easy to integrate services
and applications. One of the essential technologies underpinning the WWW
was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key
protocol in the realization of scalable web services building around the Representational
State Transfer (REST) paradigm. The REST architectural style enables
the realization of scalable and well-performing services using uniform and simple
interfaces. The availability of an embedded counterpart of HTTP and the REST
architecture could boost the uptake of the IoT.
Therefore, more recently, work started to allow the integration of constrained
devices in the Internet at the service level. The Internet Engineering Task Force
(IETF) Constrained RESTful Environments (CoRE) working group has realized
the REST architecture in a suitable form for the most constrained nodes and networks.
To that end the Constrained Application Protocol (CoAP) was introduced,
a specialized RESTful web transfer protocol for use with constrained networks and
nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is
optimized for Machine-to-Machine (M2M) applications.
This PhD research builds upon CoAP to enable a better integration of constrained
devices in the IoT and examines proposed CoAP solutions theoretically
and experimentally proposing alternatives when appropriate. The first part of this
PhD proposes a mechanism that facilitates the deployment of sensor networks
and enables the discovery, end-to-end connectivity and service usage of newly
deployed sensor nodes. The proposed approach makes use of CoAP and combines
it with Domain Name System (DNS) in order to enable the use of userfriendly
Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It
includes the automatic discovery of sensors and sensor gateways and the translation
of HTTP to CoAP, thus making the sensor resources globally discoverable and
accessible from any Internet-connected client using either IPv6 addresses or DNS
names both via HTTP or CoAP. As such, the proposed approach provides a feasible
and flexible solution to achieve hierarchical self-organization with a minimum
of pre-configuration. By doing so we minimize costly human interventions and
eliminate the need for introducing new protocols dedicated for the discovery and
organization of resources. This reduces both cost and the implementation footprint
on the constrained devices.
The second, larger, part of this PhD focuses on using CoAP to realize communication
with groups of resources. In many IoT application domains, sensors
or actuators need to be addressed as groups rather than individually, since individual
resources might not be sufficient or useful. A simple example is that all
lights in a room should go on or off as a result of the user toggling the light switch.
As not all IoT applications may need group communication, the CoRE working
group did not include it in the base CoAP specification. This way the base protocol
is kept as efficient and as simple as possible so it would run on even the most
constrained devices. Group communication and other features that might not be
needed by all devices are standardized in a set of optional separate extensions. We
first examined the proposed CoAP extension for group communication, which utilizes
Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and
weaknesses and propose our own complementary solution that uses unicast to realize
group communication. Our solution offers capabilities beyond simple group
communication. For example, we provide a validation mechanism that performs
several checks on the group members, to make sure that combining them together
is possible. We also allow the client to request that results of the individual members
are processed before they are sent to the client. For example, the client can
request to obtain only the maximum value of all individual members.
Another important optional extension to CoAP allows clients to continuously
observe resources by registering their interest in receiving notifications from CoAP
servers once there are changes to the values of the observed resources. By using
this publish/subscribe mechanism the client does not need to continuously poll the
resource to find out whether it has changed its value. This typically leads to more
efficient communication patterns that preserve valuable device and LLN resources.
Unfortunately CoAP observe does not work together with the CoAP group communication
extension, since the observe extension assumes unicast communication
while the group communication extension only support multicast communication.
In this PhD we propose to extend our own group communication solution to offer
group observation capabilities. By combining group observation with group
processing features, it becomes possible to notify the client only about certain
changes to the observed group (e.g., the maximum value of all group members has
changed).
Acknowledging that the use of multicast as well as unicast has strengths and
weaknesses we propose to extend our unicast based solution with certain multicast
features. By doing so we try to combine the strengths of both approaches to obtain
a better overall group communication that is flexible and that can be tailored
according to the use case needs.
Together, the proposed mechanisms represent a powerful and comprehensive
solution to the challenging problem of group communication with constrained devices.
We have evaluated the solutions proposed in this PhD extensively and in
a variety of forms. Where possible, we have derived theoretical models and have
conducted numerous simulations to validate them. We have also experimentally
evaluated those solutions and compared them with other proposed solutions using
a small demo box and later on two large scale wireless sensor testbeds and under
different test conditions. The first testbed is located in a large, shielded room,
which allows testing under controlled environments. The second testbed is located
inside an operational office building and thus allows testing under normal operation
conditions. Those tests revealed performance issues and some other problems.
We have provided some solutions and suggestions for tackling those problems.
Apart from the main contributions, two other relevant outcomes of this PhD are
described in the appendices. In the first appendix we review the most important
IETF standardization efforts related to the IoT and show that with the introduction
of CoAP a complete set of standard protocols has become available to cover the
complete networking stack and thus making the step from the IoT into the Web
of Things (WoT). Using only standard protocols makes it possible to integrate
devices from various vendors into one bigWoT accessible to humans and machines
alike.
In the second appendix, we provide an alternative solution for grouping constrained
devices by using virtualization techniques. Our approach focuses on the
objects, both resource-constrained and non-constrained, that need to cooperate
by integrating them into a secured virtual network, named an Internet of Things
Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication
can take place through the use of protocols that take the limitations of the most
resource-constrained devices into account. We describe how this concept maps to
several generic use cases and, as such, can constitute a valid alternative approach
for supporting selected applications
System Design of Internet-of-Things for Residential Smart Grid
Internet-of-Things (IoTs) envisions to integrate, coordinate, communicate,
and collaborate real-world objects in order to perform daily tasks in a more
intelligent and efficient manner. To comprehend this vision, this paper studies
the design of a large scale IoT system for smart grid application, which
constitutes a large number of home users and has the requirement of fast
response time. In particular, we focus on the messaging protocol of a universal
IoT home gateway, where our cloud enabled system consists of a backend server,
unified home gateway (UHG) at the end users, and user interface for mobile
devices. We discuss the features of such IoT system to support a large scale
deployment with a UHG and real-time residential smart grid applications. Based
on the requirements, we design an IoT system using the XMPP protocol, and
implemented in a testbed for energy management applications. To show the
effectiveness of the designed testbed, we present some results using the
proposed IoT architecture.Comment: 10 pages, 6 figures, journal pape
MONICA in Hamburg: Towards Large-Scale IoT Deployments in a Smart City
Modern cities and metropolitan areas all over the world face new management
challenges in the 21st century primarily due to increasing demands on living
standards by the urban population. These challenges range from climate change,
pollution, transportation, and citizen engagement, to urban planning, and
security threats. The primary goal of a Smart City is to counteract these
problems and mitigate their effects by means of modern ICT to improve urban
administration and infrastructure. Key ideas are to utilise network
communication to inter-connect public authorities; but also to deploy and
integrate numerous sensors and actuators throughout the city infrastructure -
which is also widely known as the Internet of Things (IoT). Thus, IoT
technologies will be an integral part and key enabler to achieve many
objectives of the Smart City vision.
The contributions of this paper are as follows. We first examine a number of
IoT platforms, technologies and network standards that can help to foster a
Smart City environment. Second, we introduce the EU project MONICA which aims
for demonstration of large-scale IoT deployments at public, inner-city events
and give an overview on its IoT platform architecture. And third, we provide a
case-study report on SmartCity activities by the City of Hamburg and provide
insights on recent (on-going) field tests of a vertically integrated,
end-to-end IoT sensor application.Comment: 6 page
- …