m2m and iot protocols: mqtt, alljoyn, dds and coap… · m2m and iot protocols: mqtt, alljoyn, dds...
TRANSCRIPT
M2M and IoT Protocols: MQTT, ALLJOYN, DDS and COAP: Why, Where and When
Geoff Brown, CEO
[email protected] @M2MiCorp @GeoffreyBrown
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Quick Intro Cyber Security and Privacy Expert– M2M and IoT Pioneer, Based at NASA Research Park – Founder & CEO of The Machine-To-Machine Intelligence (M2Mi) Corporation ( 9 years ) – Open Standards Advocate : OASIS MQTT Secretary & Chair of security sub-committee – Former Chair of DoD W2CoG – OASIS, Industrial Internet Consortium, SGIP, World IoT Forum (steering Committee) – Built world’s largest pure play M2M and IoT global application platform – Chair Silicon Valley CTO Professionals – Chair Silicon Valley Network & Infrastructure Group
2
• Gartner Cool Vendor 2014, Connected World Top 100 • Available for trial and purchase via the IBM Cloud Marketplace
Inventor of 5G Telecommunications
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
The Protocols
3
The Protocols (why, where and when):– MQTT – ALLJOYN – DDS – COAP (WebofThings)
Guidelines:– Listen – Security & Privacy #1 – Is the most important delta – There is no #1 protocol, each is applicable to difference and compatible use-case – I enjoy and appreciate all the M2M and IoT protocols – An explanation of M2M and Internet of Things and Web of Things
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Cybersecurity Compliance Hierarchy
4
Enterprise Security Requirements • IP Management • DDoS/DoS Mi0ga0on • Web Applica0on Firewalls • Firewall Zones • Fine Grained Roles and privileges • Proof of device iden0ty and source • Encryp0on of data at rest and in transit
Infrastructure Protec6on • Database Server Isola0on • Two-‐Factor Authen0ca0on Access • Firewall Management • Fully Managed An0virus Protec0on • IDS • Log Monitoring and Management • Con0nuous backup
Governance and Regula6ons SOX, HIPPA/MDDS, PCI, FISMA, FIPS
NIST Cybersecurity Framework
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Oil and Gas use-case
5
Id: 23, Line: 2 Id: 67, Tank: empty
Id: 22, Pressure: 5
Id: 7, Diesel: 45
Id: 38, Level: 157
Id: 893, GPS: -‐121,54
Id: 2240, Temp: 23
Id: 12070, Flow: 567
Id: 32111, Volume: 64
Processing Distribu0on Sta0on Infrastructure Fleet Services Extrac0on
SECU
RITY
Data Gathering : Connec0vity Services, Message Collec0on, Data Parsing, Context Crea0on
FlowChains : Data Transforma0on, Aggrega0on, Analysis, Aler0ng, Even0ng, Visualiza0on, Privacy Management
VISIBILITY
Applica6on SOA M2Mi Dashboards Repor6ng Services Data Store
Opera6ons, Safety, Sales and Enterprise Applica6ons
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
M2Mi : Where does all the data go?
6
Id: 67, Tank: empty
Id: 7, Diesel: 45
Id: 38, Level: 157
Id: 893, GPS: -‐121,54
Id: 32111, Volume: 64
Processing Distribu0on Sta0on Infrastructure Fleet Services Extrac0on
18500 250MB 2500 20MB 8000 10MB 48000 35MB 160000 5MB
4517GB 49GB 78GB 1641GB 781GB
0.31TB 13.2TB 1.34TB 0.17TB 6.01TB
Raw DataINGEST (6.9TB)
Intelligence DataREAL TIME PROCESS (75.7TB)
Application DataANALYSIS (529.6TB) 41.3TB 0.21TB 0.08TB 5.77TB 0.37TB
230,311 MSGs/ sec 50
Ave KB/ MSG
237,000 devices 143 MB/sec streaming
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Crypto for M2M & IoT Protocols
7
• Simon& Speck submided and accepted by ISO Standards Body 29192-‐2 Speck : hdp://en.wikipedia.org/wiki/Speck_(cipher) Simon : hdp://en.wikipedia.org/wiki/Speck_(cipher)
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Crypto for M2M & IoT
8
* Triathlon of Lightweight Block Ciphers for the Internet of Things
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Speck
9
#include <stdint.h> #define ROR(x, r) ((x >> r) | (x << (64 -‐ r))) #define ROL(x, r) ((x << r) | (x >> (64 -‐ r))) #define R(x, y, k) (x = ROR(x, 8), x += y, x ^= k, y = ROL(y, 3), y ^= x) void encrypt(uint64_t *pt, uint64_t *ct, uint64_t *K) { uint64_t i, B = K[1], A = K[0]; ct[0] = pt[0]; ct[1] = pt[1]; for(i = 0; i < 32; i++) { R(ct[1], ct[0], A); R(B, A, i); } }
Reference code of encryp0on of Speck variant with 128 bit block size and key
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Cryptanalysis Performance
10
SPECK : Differential cryptanalysis can break 17 rounds of Speck128/128 with 2113 data, 222 bytes memory and time complexity of 2113. Rectangle attack can break 18 rounds of Speck128/192,256 with 2121.9 data, 2125.9 bytes memory and time complexity of 2182.7. SIMON : Differential cryptanalysis can break 46 rounds of Simon128/128 with 2125.6 data, 240.6 bytes memory and time complexity of 2125.7 with success rate of 0.632
COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION
Conclusions
11
The Protocols:– MQTT – ALLJOYN – DDS – COAP
Guidelines:
– Security & Privacy #1 – Is the most important delta – There is no #1 protocol, each is application to difference and compatible use-case – The use-case drives the protocol choice not the other way around