Tampere University of Technology

IoT in the Home

CitationSilverajan, B., Luoma, J-P., Vajaranta, M., Itäpuro, R., & Lindholm-Ventola, H. (2014). IoT in the Home: SecureCloud-based Management. Paper presented at Digile Internet of Things Sprint 3/2014, Poster session, Helsinki,3.12.2014, .Year2014

Link to publicationTUTCRIS Portal (http://www.tut.fi/tutcris)

Take down policyIf you believe that this document breaches copyright, please contact cris.tau@tuni.fi, and we will remove accessto the work immediately and investigate your claim.

Download date:22.05.2020

IoT in the Home:

Secure Cloud-based Management

B. Silverajan, J-P. Luoma, M. Vajaranta, R. Itäpuro, H. Lindholm-Ventola

Department of Pervasive Computing, Tampere University of Technology

Internet

Application Server

WLAN CELLULAR B

Gateway CELLULAR A

Collaborative Management Efforts

• Allow expert assistance / co-management by using SDN-like 3-layer model

• Allow the management and control interface to be hosted outside the home using

cloud-based network management controllers

• Smart homes are the convergence

points for many new IoT technologies

and devices

• Home networks are becoming

complex, eg IETF HomeNet

architecture allows multiple subnets

with intra-home routing and automatic

service discovery

• But the home owner receives little help

in managing the network

• Difficult to co-operate with expert

advisors to jointly manage the network,

if all the control resides in the home

Managing Complex Home Networks

Deploying Homenet-

based infrastructure

• 4 OpenWRT APs with HNCP

and Babel routing protocol

• HNCP discovers external links,

configures Babel and allocates

IP addresses to routers - DHCP and NAT for IPv4

- Prefix delegation for IPv6

• Babel dynamically adjusts

selection of next hop links by

changes in wireless link quality

• Separate the roles and network view of home owners, ISPs and 3rd party providers

• Allows operators and service providers the ability to co-manage homes without remotely accessing CPE.

• Service providers get e2e access, can manage their devices and service also inside the home, (and possibly gain for insight into customer)

• User policies and access control can be easier provisioned

• Forwarding and routing policies

• Traffic engineering, energy profiles

• Security policies (firewall configuration, ACLs)

• Homenet router configuration and network configuration snapshots stored in the cloud

• New business in the form of providing dynamic network provisioning and management service

Co-Managed Configuration and Control • Network management tools and apps work with cloud-based data and

manipulate configuration resource graph

• Parse.com back-end as a service (BaaS) selected for developing

scalable cloud-based Homenet remote controller service

• The BaaS cloud service interfaces with an intermediate local controller

(smartphone/tablet/laptop) to trigger management actions

- Introducing local controller allows management of network in case of uplink

disruptions

• Local control element interfaces to routers and switches in the home

using configuration protocol

Privacy, Access Control,

and Authorisation REST-Based

Communication

• HTTPS-based communication with BaaS service

and apps

• Class-level permissions and object-level access

control is permitted for cloud data

• BaaS-specific user management, access control

and views according to user role

• Smartphone as a trusted local controller to audit

and execute configuration changes on home

devices

• Need to be able to ascertain the local controller’s

credentials and access rights to manage the home

network, but also grant time and role-based access

rights to others to co-manage

– Combine access control and access rights mechanisms

from BaaS systems with ISP-based AAA solutions for

privileged operations by smartphone

• Cloud controller supports push notifications to mobile apps or alternatively apps can pull data using REST APIs

• Resources exposed in the cloud can be retrieved and manipulated by authenticated HTTP/CoAP proxies and clients

• Easy integration with other 3rd party IoT or REST-based policy engines for home network management

– IFTTT as a possible service-specific controller eg for time-/presence-based energy-savings profiles for Homenet-based routers and Access Points

• Communication between local controller and nodes at home uses REST-based API to interact with the Unified Configuration Interface of OpenWRT

– CoAP and RESTCONF-based management approaches under investigation

• Infrastructure

consists of both ISP

and home network

• ISP provided DHCP for

IPv4 but supported

IPv6 prefix delegation

for home routers

130.230.141.192 /282001:708:310:7742::/64

.199

::10/64DHCP

130.230.141.176 /28

2001:708:310:6090::/60

-2001:708:310:60f0::/60

::11/64.198

130.230.141.176 /28

2001:708:310:6080::/64

::1/64.193

.177

::1/64

Upstream router

G0

G1

>2001:708:310:6080::/57<

Tlt-iot-isp Tlt-iot-dhcpv6

DHCP Queries

5GHz ”Babelmesh”Adhoc

IPv6: Prefix DelegationIPv4: NAT

Owrt-1.home

OWRT-Master.home

Owrt-2.home Owrt-3.home

2.4GHz Client-AP

2.4GHz Client-AP 2.4GHz Client-AP2.4GHz Client-AP

*.homeLAN.OWRT-1.home *.homeLAN.OWRT-2.home *.homeLAN.OWRT-3.home

*.homeLAN.OWRT-master.home