iot in the home - tuni · and babel routing protocol • hncp discovers external links, configures...
TRANSCRIPT
Tampere University of Technology
IoT in the Home
CitationSilverajan, B., Luoma, J-P., Vajaranta, M., Itäpuro, R., & Lindholm-Ventola, H. (2014). IoT in the Home: SecureCloud-based Management. Paper presented at Digile Internet of Things Sprint 3/2014, Poster session, Helsinki,3.12.2014, .Year2014
Link to publicationTUTCRIS Portal (http://www.tut.fi/tutcris)
Take down policyIf you believe that this document breaches copyright, please contact [email protected], and we will remove accessto the work immediately and investigate your claim.
Download date:22.05.2020
IoT in the Home:
Secure Cloud-based Management
B. Silverajan, J-P. Luoma, M. Vajaranta, R. Itäpuro, H. Lindholm-Ventola
Department of Pervasive Computing, Tampere University of Technology
Internet
Application Server
WLAN CELLULAR B
Gateway CELLULAR A
Collaborative Management Efforts
• Allow expert assistance / co-management by using SDN-like 3-layer model
• Allow the management and control interface to be hosted outside the home using
cloud-based network management controllers
• Smart homes are the convergence
points for many new IoT technologies
and devices
• Home networks are becoming
complex, eg IETF HomeNet
architecture allows multiple subnets
with intra-home routing and automatic
service discovery
• But the home owner receives little help
in managing the network
• Difficult to co-operate with expert
advisors to jointly manage the network,
if all the control resides in the home
Managing Complex Home Networks
Deploying Homenet-
based infrastructure
• 4 OpenWRT APs with HNCP
and Babel routing protocol
• HNCP discovers external links,
configures Babel and allocates
IP addresses to routers - DHCP and NAT for IPv4
- Prefix delegation for IPv6
• Babel dynamically adjusts
selection of next hop links by
changes in wireless link quality
• Separate the roles and network view of home owners, ISPs and 3rd party providers
• Allows operators and service providers the ability to co-manage homes without remotely accessing CPE.
• Service providers get e2e access, can manage their devices and service also inside the home, (and possibly gain for insight into customer)
• User policies and access control can be easier provisioned
• Forwarding and routing policies
• Traffic engineering, energy profiles
• Security policies (firewall configuration, ACLs)
• Homenet router configuration and network configuration snapshots stored in the cloud
• New business in the form of providing dynamic network provisioning and management service
Co-Managed Configuration and Control • Network management tools and apps work with cloud-based data and
manipulate configuration resource graph
• Parse.com back-end as a service (BaaS) selected for developing
scalable cloud-based Homenet remote controller service
• The BaaS cloud service interfaces with an intermediate local controller
(smartphone/tablet/laptop) to trigger management actions
- Introducing local controller allows management of network in case of uplink
disruptions
• Local control element interfaces to routers and switches in the home
using configuration protocol
Privacy, Access Control,
and Authorisation REST-Based
Communication
• HTTPS-based communication with BaaS service
and apps
• Class-level permissions and object-level access
control is permitted for cloud data
• BaaS-specific user management, access control
and views according to user role
• Smartphone as a trusted local controller to audit
and execute configuration changes on home
devices
• Need to be able to ascertain the local controller’s
credentials and access rights to manage the home
network, but also grant time and role-based access
rights to others to co-manage
– Combine access control and access rights mechanisms
from BaaS systems with ISP-based AAA solutions for
privileged operations by smartphone
• Cloud controller supports push notifications to mobile apps or alternatively apps can pull data using REST APIs
• Resources exposed in the cloud can be retrieved and manipulated by authenticated HTTP/CoAP proxies and clients
• Easy integration with other 3rd party IoT or REST-based policy engines for home network management
– IFTTT as a possible service-specific controller eg for time-/presence-based energy-savings profiles for Homenet-based routers and Access Points
• Communication between local controller and nodes at home uses REST-based API to interact with the Unified Configuration Interface of OpenWRT
– CoAP and RESTCONF-based management approaches under investigation
• Infrastructure
consists of both ISP
and home network
• ISP provided DHCP for
IPv4 but supported
IPv6 prefix delegation
for home routers
130.230.141.192 /282001:708:310:7742::/64
.199
::10/64DHCP
130.230.141.176 /28
2001:708:310:6090::/60
-2001:708:310:60f0::/60
::11/64.198
130.230.141.176 /28
2001:708:310:6080::/64
::1/64.193
.177
::1/64
Upstream router
G0
G1
>2001:708:310:6080::/57<
Tlt-iot-isp Tlt-iot-dhcpv6
DHCP Queries
5GHz ”Babelmesh”Adhoc
IPv6: Prefix DelegationIPv4: NAT
Owrt-1.home
OWRT-Master.home
Owrt-2.home Owrt-3.home
2.4GHz Client-AP
2.4GHz Client-AP 2.4GHz Client-AP2.4GHz Client-AP
*.homeLAN.OWRT-1.home *.homeLAN.OWRT-2.home *.homeLAN.OWRT-3.home
*.homeLAN.OWRT-master.home