t2trg: thing-to-thing research group · riot summit 2016 • ~ 135 developers and researchers met...
TRANSCRIPT
![Page 1: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/1.jpg)
T2TRG: Thing-to-Thing Research Group
IETF #96 summary meeting July 19th 2016, Berlin, Germany
Chairs: Carsten Bormann & Ari Keränen
![Page 2: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/2.jpg)
Note Well
• You may be recorded
• The IPR guidelines of the IETF apply: see http://irtf.org/ipr for details.
2
![Page 3: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/3.jpg)
Administrivia (I)• Pink Sheet
• Note-Takers
• Off-site (Jabber, Hangout?)
• xmpp:[email protected]?join
• Mailing List: [email protected] — subscribe at:https://www.ietf.org/mailman/listinfo/t2trg
• Repo: https://github.com/t2trg/2016-ietf96
3
![Page 4: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/4.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
4
![Page 5: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/5.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
5
![Page 6: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/6.jpg)
T2TRG scope & goals• Open research issues in turning a true "Internet of Things" into
reality
• Internet where low-resource nodes ("things", "constrained nodes") can communicate among themselves and with the wider Internet
• Focus on issues with opportunities for IETF standardization
• Start at the IP adaptation layer
• End at the application layer with architectures and APIs for communicating and making data and management functions, including security
![Page 7: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/7.jpg)
Done so far• Chartered in December 2015. Multiple meetings before
official chartering co-located with IETF meetings and with W3C Web of Things (WoT) group
• 2016: RG meeting at Nice co-located with W3C WoT, at San Jose co-located with IAB IoTSI WS, at Buenos Aires with the IETF meeting; participated in Dublin IAB IoTSU WS
• Three RG deliverable documents in progress on REST and security; multiple new documents on REST interaction ➔ later today
• Outreach (e.g., organizations like OCF and Bluetooth SIG)
![Page 8: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/8.jpg)
Where are we going• Work on RG deliverables and outreach continues
• Future meetings co-located with good research venues (2017)
• Meetings co-located with open source activity
• RIOT summit right before this meeting
• Eclipse IoT meeting (October in Southern Germany? TBD)
• Benchmark/reference scenarios
• Initial discussion in various drafts and slides
• More elaborate documentation by end of 2016
![Page 9: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/9.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
9
![Page 10: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/10.jpg)
bringing together RIOTers, beginners & experts
gathering people interested in the IoT in general
plenary talks, hands-on tutorials & demos
http://summit.riot.org
In Berlin, days before IETF96
![Page 11: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/11.jpg)
RIOT Summit 2016• ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT
(microkernel-based, full-fledged network stack)Addressing “M-class” platforms (microcontrollers)Can make good use of modern CPUs (32 bit) Has 6LoWPAN, CoAP, CBOR, …
• Half a day for breakout groups T2TRG: “The Web & the IoT: Design, Hacking, and Discussions” • Learning about implementation approaches and
experience with relevant protocols
![Page 12: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/12.jpg)
General issues• What should be part of a “starter pack” for IoT
developers?(potential for I-D about basic setup of an IoT node)
• What have we learned about memory management in constrained devices (≠ malloc())? • Constant tension between
• optimizing for constrained devices • code-reuse for “A-class” platforms (Linux etc.) • ability to merge in open-source contributions
![Page 13: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/13.jpg)
CoAP implementation• One size does not fit all
• from pure protocol parsers to highly flexible libraries
• discussed microcoap, libcoap, and new gcoap
• Also: Cloud-/Hub-side (e.g., aiocoap)
• Limited experience with resource-directory implementations
![Page 14: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/14.jpg)
Hypermedia Controls, W3C Web of Things
• New JavaScript engine JerryScript, fits upper M-class (using 1024 KiB/128 KiB as a reference platform)
• One target for mobile code (but don’t ignore Lua)
• Discussion of the different roles different classes of devices can take in the W3C Thing Description approach
![Page 15: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/15.jpg)
Data formats
• Floating point is still costly (SenML!)
• JSON libraries are larger than one thinks (printf!)
• Several “M-class” CBOR libraries now available (RIOT’s CBOR, cn-cbor, tinycbor)
• Implementation experience with SenML (feedback mostly a need for clarifications)
![Page 16: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/16.jpg)
Security• TinyDTLS (Eclipse) as a reference platform
• Good experience with focused set of cipher suites (PSK)
• Somewhat chaotic advances in crypto providers, moving target
• Complement DTLS with object security (COSE) • random number generators: entropy pools • Discussion of OTA needs to address OS-specific as
well as security-related issues
![Page 17: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/17.jpg)
Next Steps
• Session was generally regarded as useful
• Follow-up:
• Join in via the periodic online meetups
• Transfer information between RIOT and IETF/IRTF lists
![Page 18: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/18.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
18
![Page 19: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/19.jpg)
Prof.CarstenBormann,[email protected]
SOLACE:SmartObjectLifecycleArchitecture
! Processesforusablysecurelifecycle(changesofownership,authorizaDon,privacy,…)
_Manufactured _SW update _Decommissioned / / / | _Installed | _ Application | _Removed & | / | / reconfigured | / replaced | | _Commissioned | | | | | | / | | | | _Reownership & | | | _Application | | _Application | | / recommissioned | | | / running | | / running | | | | | | | | | | | | | \\ +##+##+###+#############+##+##+#############+##+##+##############>>> \/ \______________/ \/ \_____________/ \___/ time // / / \ \ \ Bootstrapping / Maintenance & \ Maintenance & / re-bootstrapping \ re-bootstrapping Operational Operational
The lifecycle of a thing in the Internet of Things
[draft-garcia-core-security]
19
![Page 20: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/20.jpg)
Dublin,2016-06-13/-14
![Page 21: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/21.jpg)
[Plonka]
![Page 22: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/22.jpg)
![Page 23: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/23.jpg)
![Page 24: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/24.jpg)
![Page 25: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/25.jpg)
![Page 26: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/26.jpg)
InternetofThingsSoftwareUpdateWorkshop(IoTSU)
SessionI-experiences
![Page 27: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/27.jpg)
Overview“CortexMClass”TypeofDevice
• Hardwareoffersbasicisolationfeatures(e.g.,MPU)
• Oftendonotrunanoperatingsystem(baremetal).
• MayrunaRTOS• Singlefirmwareimage/MCU• FirmwareimagecomesfromOEM
(butmaycontainlibraries• ProductmaycontainmultipleMCU
“CortexAClass”TypeofDevice
• Hardwareoffershardwareisolationfeatures(e.g.,MMU,virtualizationcapabilities)
• RunstandardOS(e.g.,Linux)• Softwareupdatesusesophisticated
packagemanagers• Softwarecomesfromvarious
sources.• Hardwaremaycomewithatrusted
executionenvironment(TEE).
RFC7228:(Class-0)Class-1Class-2
![Page 28: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/28.jpg)
http://6lowapp.net core@IETF80, 2011-03-28
10/100 vs. 50/250! There is not just a single class of “constrained node”
! Class 0: too small to securely run on the Internet " “too constrained”
! Class 1: ~10 KiB data, ~100 KiB code " “quite constrained”, “10/100”
! Class 2: ~50 KiB data, ~250 KiB code " “not so constrained”, “50/250”
! These classes are not clear-cut, but may structure the discussion and help avoid talking at cross-purposes
Constrained nodes: orders of magnitude
RFC 7228
28
![Page 29: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/29.jpg)
Movingtheboundaries
• EnableInternetTechnologiesformass-marketapplicaDons
Acceptable complexity, Energy/Power needs, Cost
Can use Internet TechnologiesCannot use
Internet Technologies
Can use Internet Technologies unchanged
Can use Linux
29
![Page 30: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/30.jpg)
Movingtheboundaries
• EnableInternetTechnologiesformass-marketapplicaDons
Acceptable complexity, Energy/Power needs, Cost
Can use Internet TechnologiesCannot use
Internet Technologies
Can use Internet Technologies unchanged
Can use Linux
30
![Page 31: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/31.jpg)
TrustZoneforARMv8-AandARMv8-MSecureWorldNormalWorld SecureWorldNormalWorld
TrustZoneforARMv8-M
SecureApp/Libs
SecureOSNon-secure
OS
Non-secureApp
SecureApp/Libs
SecureOS
RichOS,e.g.Linux
SecureMonitor
TrustZoneforARMv8-A
Twoseparatesoftwareupdatemechanisms;onefornormalworldandoneforthesecureworld.
Singlesoftwareupdatemechanism?Maybedifferentdeveloperexperience.
![Page 32: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/32.jpg)
Whyarethesefeaturesthere?
• Becausesecurityisgood?Nah.• DeviceswithDRM(set-topboxes)• ➔Featuresthatgoagainstthewishesofthedeviceowners!
![Page 33: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/33.jpg)
Intel IoT SoCs
Ned SmithIoTSU WorkshopJune 2016
![Page 34: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/34.jpg)
Intel Quark and Atom for IoT
• Quark D2000 SoC– MCU
• 32-bit x86• 32 MHz (settable to 4/8/16 MHz)• APIC w/ 1 32-bit core timer
– Memory• 32K Flash (4 protection ranges)• 8K SRAM (4 protection ranges)• 8K OTP RAM (code)• 4K OTP RAM (data)• MMU
– Other• 2 32-bit timers / PWM• Always on counter• Always on timer w/ wake• Watchdog timer• <3.5uA - <30mA
– Future• EPID
• Atom E3800 SoC– CPU
• 64/32-bit x86 (1,2,4 cores)• 1.3 – 1.9 GHz• 32K L1, 1M L2 cache
– Memory• DDR3 X 2• MMU
– Security• DRNG• VT-x• AESNI• 128-bit carryless mult• Secure boot
– Other• Timers• <100mW – (3 – 10 W)
– Future• EPID
![Page 35: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/35.jpg)
Updatable Components
35
• Quark D2000 SoC– uCode– BIOS– Option ROMs(?)– Protection ranges (4)
• System image(s), Secure storage, BIOS
– OTP RAM• First use
• Atom E3800 SoC– uCode– BIOS– Option ROMs– Hypervisor– Guest OS(s)– Frameworks– Apps– Secure boot
• First use
![Page 36: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/36.jpg)
Quark D2000 SoC Layout
36
![Page 37: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/37.jpg)
RelevantPapers
• Paper01:Housley,PositionPaperforInternetofThingsSoftwareUpdateWorkshop(IoTSU)
• Paper10:Thomas,Incentivisingsoftwareupdates• Paper15:Zappaterra,SoftwareUpdatesforWireless
ConnectedLightingSystems:requirements,challengesandrecommendations
• Paper21:Zugenmaier,UpdatesinIoTaremorethanjustoneiota
• Paper25:Plonka,TheInternetofThingsOldandUnmanaged• Paper:Tschofenig,SoftwareandFirmwareUpdateswiththe
OMALWM2MProtocol• JimenezandOcak,SoftwareUpdateExperiencesforIoT
![Page 38: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/38.jpg)
Incentives
• Paper10:Thomas,Incentivisingsoftwareupdates
• Paper25:Plonka,TheInternetofThingsOldandUnmanaged
• Companiesoftenfailtoshipsoftwareupdates.Why?Canwesosomethingaboutit?
• Question:Canwemonitortheperformanceofdifferentcompaniesatsupplyingsoftwareupdatestotheircustomers?
![Page 39: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/39.jpg)
TypesofDevices
• “Jellybean”vs.regulated(e.g.,healthcare)• Securityimpact(doorlock)• Safetyimpact(e.g.,Nest!)• Petvs.cattle
![Page 40: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/40.jpg)
Theroleoftheuser
• Usersdon’twantupgrades• “Itworkswellenoughasitis”• EvilDevicecomightbedeletingfeaturesIrelyupon• orbugsIrelyupon(!)• ➔rollback!?
• Asingleupgradegoingbadcanbeclosingthewindowforalongtime
![Page 41: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/41.jpg)
iOSupgradestatistics
• Looksgreat• Butthen:
• highdevicechurn• lotsofnaggingbyiOS• “pet”status• dependencyofnewappsonOSupgrades
Last Updated: Jun 21, 2016 07:30:54https://david-smith.org/iosversionstats/
![Page 42: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/42.jpg)
Security
• Paper01:Housley,PositionPaperforInternetofThingsSoftwareUpdateWorkshop(IoTSU)
• Isaboutsecuringfirmwarepackages.• Russ:FeaturesofRFC4108anddesignrational.• Question:Whatfeaturescouldbeadded(MerkleTreeSignatures)?
![Page 43: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/43.jpg)
InternetofThingsSoftwareUpdateWorkshop
SessionII-RequirementsandConstraints
SessionLeader:RussHousley
![Page 44: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/44.jpg)
TopicsfromthePositionPapers
• DeviceRequirements• InfrastructureRequirements• ManufacturingRequirements
• Questionsthatwereraisedthatmightrevealsomeotherrequirements
![Page 45: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/45.jpg)
DeviceRequirements
• Notlimitedtofullfirmwareupdate• Providecompatiblefirmwareforvariouscomponentswithin
thedevice• Supportdeviceswithmultipleowners• Differentauthoritiesmayupdatesoftwarefordifferentpartsof
thedevice• Identifydependenciesamongvarioussoftwareupdates• Digitalsignatureandencryptionontheupdate• Allowmultiplesignaturesontheupdate• Minimizedevicedowntimeduetoupdateprocessing• Recoveryprocedurewhenthedevicegetshacked• Supportover-the-airsoftwareupdate,probablyrequires
polling
![Page 46: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/46.jpg)
InfrastructureRequirements
• Supportmanydifferentapproachestodigitalsignatures• Oneinfrastructurecansupportopen-andclosed-source• Onedevicecanactalocalserverforneighbors• Performsomedigitalsignaturechecksonbehalfoftheserved
devices,suchasrevocationchecking• Multicastthesameupdatestomanysimilardevices• HidecomplexityassociatedwithNATsandFirewallsfromthe
devices
![Page 47: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/47.jpg)
ManufacturingRequirements
• Fastandsecurekeygeneration
![Page 48: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/48.jpg)
QuestionsfromthePositionPapers
• Canthedeviceownerdecidetoaccept/rejectanupdate?• Canwedeterminewhethertheupdateimpactsotherdevices
intheIoT?• Canwehandleend-of-service,end-of-feature,and
end-of-device-support?• Canacommunitytakeoversupportafterthevendordecides
toend-of-lifeadevice?• Cantheuserpickamongupdateswhenthereismorethanone
available?• Canwedeterminewhenadeviceisnotactivetoapplythe
update?• Canwedoabetterjobpreservingtheprivacyofthedevice
owner?
![Page 49: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/49.jpg)
Authentication(1)
• Canthefirmwarebetrusted?• Canthesourcebetrusted?
• Isitreallyforme?• AmItherightdeviceforthisFW?(HWrevision!)• DoIhavetheotherprerequisites(libraries,FPGAcode,…)ordotheyneedtobeupgradedinsync?
• IstheFWtherightoneformyusagesituation?(Authorization!)
![Page 50: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/50.jpg)
Authentication(2):Freshness
• IstheFWfresh?• downgradeattacks(revocation?)
• versionnumbercomparison?• (butalsopreventsoperationaldowngrades!)
• weakupgradeattacks• sidegradeattacks?
![Page 51: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/51.jpg)
InternetofThingsSoftwareUpdateWorkshop(IoTSU)
SessionV:FutureSolutions
![Page 52: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/52.jpg)
Transport• Lightingindustrywithmeshnetworks(basedonIEEE802.15.4)
– Paper15:Zappaterra,SoftwareUpdatesforWirelessConnectedLightingSystems:requirements,challengesandrecommendations
• LowPowerWANs– Paper21:Zugenmaier,UpdatesinIoTaremorethanjustoneiota
• LWM2M– Tschofenig,SoftwareandFirmwareUpdateswiththeOMALWM2MProtocol
• CommunicationPatterns:– JimenezandOcak,SoftwareUpdateExperiencesforIoT
• Questions:– Howtodistributedfirmwareupdatesefficiently?Howtoreducethe
amountofflashmemory?Whatistheimplicationforsecurityofimageitself?Howtoavoiddrainingthebattery?
![Page 53: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/53.jpg)
PapersinthisSlot
• Paper03:RobertBisewski,ComparativeAnalysisofDistributedRepositoryUpdateMethodologyandHowCoAP-like...
• Paper05:Smith,TowardACommonModelingStandardforSoftwareUpdateandIoTObjects
• Paper13:Schmidt,SecureFirmwareUpdateOvertheAirintheInternetofThingsFocusingonFlexibilityandFeasibility
• Paper16:Adomnicai,HowcarefulshouldwebewhenimplementingcryptographyforsoftwareupdatemechanismsintheIoT?
• Paper20:Prevelakis,ControllingChangeviaPolicyContracts• Paper23:Birkholz,IoTSoftwareUpdatesneedSecurityAutomation• (butalsoseePaper08,11,…)
![Page 54: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/54.jpg)
Updatingaseaofdevices
• WhatdoIhave• Devicedescription(models,components—e.g.,SWIDs)?• andcanItrustwhatIbelieve(Attestation)?
• Push/Pull• Push:MPLandothermulticast/flooding• (Pull:Doingpropercongestioncontrol)
• LimitingDamage• AreweinCriticalOperationalState?• Evenbetter:HitlessUpgrades• Identifyingdudupgrades,rollback
![Page 55: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/55.jpg)
55
DM2
IM,DM,andSerialization
SWID
SWIDCBORData
DefinitionDM1
IM
DM3 DMn
Serialization1.1 Serialization3.1
…
…Serialization2.1 Serializationn.1SWIDCBORInstance
SWIDXMLInstance
SWIDXMLSchema
SoftwareInstance
IETF95- April2016 10
COSWID: Software-ID tags for constrained devices
• Devicedescribesitself• Canusehashesondevice• Comparewithsource-basedvalues
• Basisforautomation
#23
![Page 56: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/56.jpg)
TUDA: Time-based unidirectional attestation
• Remote Attestation: attempt to describe the integrity and trustworthiness of a host or device
• Measurements of components (e.g., hash values)
• Protocols for RA typically bidirectional
• Challenge for freshness
• TUDA: Time-based unidirectional attestation
![Page 57: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/57.jpg)
DeploymentExperiences&Issues
http://jaimejim.github.io/drafts/draft-jimenez-iotsu-soft-exp.txt
• DealingwithSleepyendpoints:Cachingisneeded• DeviceInitiatedCommunication:thecommonpatternwesee
fromdevices.• ManagerInitiatedCommunication:NATsmakethatverytricky
--COAPProxycanbeused• Delegationonothernodes(GW):Veryusefulforsome
usecases• UsingMultipleStacks:Wehavealsoseenthatitisvery
commontohavetwostacksondevices,onefordailyuseandanotherforfirmwareupgrades,whichisunrealisticontheconstrainedspace.
• RuntimeDiscovery:Aproposalonhowsoftwareupdatescouldbedonewithsmallupgrades-notonce
#L2
![Page 58: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/58.jpg)
2
Admission
z new software component “arrives”z need to determine whether:
¾ the new component is suitable for our system¾ the system can accommodate the new component
� need to consider aspects such as:Q servicesQ load (memory, CPU)Q interconnections (internal, platform, outside)Q behavior
#20
![Page 59: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/59.jpg)
3
Who do you trust?
Original (Software)
Component
Subsystem Subsystem
Product
CustomisedProduct
Original (Software)
Component
Original (Software)
Component
Original (Software)
ComponentOEM
Integrator
Vendor
Service Provider
User
#20
![Page 60: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/60.jpg)
4
Policy Contracts
z credentials¾ X-509 certs with extensions¾ from one key to another key¾ attribute-based access control (ABACS)
z essentially say¾ this component can do this, this and this¾ and needs this, this and this resource/library/comm-channel etc.
z can enforce customization¾ e.g. integrator limits connectivity of component
z policy language can be “run” to determine access
#20
![Page 61: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/61.jpg)
UsingRFC2704Keynote#20
![Page 62: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/62.jpg)
Component-basedapproaches
• Componentsareimportantfor• WhatdoIhave• Hitlessupgrades• Anecosystemofupgradesources
• Modelthebuildprocess• Pre-built(possiblyforaspecificdevice)• Linkingondevice
![Page 63: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/63.jpg)
#05
![Page 64: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/64.jpg)
#05
![Page 65: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/65.jpg)
Mapping Data/Information Models
IOTSI Workshop, 2016-03-17
![Page 66: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/66.jpg)
n2 – n
![Page 67: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/67.jpg)
2n
![Page 68: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/68.jpg)
What is that hub? Data loss?
2n
![Page 69: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/69.jpg)
Translating data between data models
vs. Translating data
models
![Page 70: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/70.jpg)
Data/Information Models vs.
Interaction Models
![Page 71: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/71.jpg)
Information Model Data Model Serialization
Ontology
Abstract SyntaxConcrete Syntax
Marshaling Scheme
Message Transport Format
Encoding
Taxonomy
Vocabulary
Semantic Level
Meaning
![Page 72: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/72.jpg)
How far can we get?
Limits to translation (e.g., security?)
![Page 73: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/73.jpg)
Whatisholdingbackcomponents?
• doweknowhowtokeepfirmwarecomponentizedinclass-2orevenclass-1devices,oristhisonlyforA-classdevices?
• whataresafeupdateprocedures,inparticularforclass-2/class-1?• howcanwehandletheissuesthatwillpropupwhenvariousversionsofvariouscomponentsmeeteachotheraswellasvarioushardwarerevisions?Howcanweusemodelingtoassessthesecurity/safetyissuesofthesecombinations?
• whatarethenon-technicalissues(disclosureofvendorrelationships[Ted]andof"secretsauce"ingeneral,liabilityconsiderationsthroughamorecomplexsetofcombinationsdeployedand/orincreasedhackabilityofcomponents,...),andhowcantheybemitigated?
![Page 74: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/74.jpg)
Butthen…
• TherearesystemsthatsplitROM/flash• (Problemhere:FlashpartgetsbiggereachupdateasROMcodegrowsinvalid)
• Somesystemsthatprovidehitlessupgradeevenupgradeconfigdataandoperationalstate
![Page 75: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/75.jpg)
Evolvingfrom…#08
![Page 76: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/76.jpg)
ContinuousDeployment?
![Page 77: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/77.jpg)
IoT Software: Towards Hardware Independence
• Need to evolve towards a state where 90% of the IoT software is hardware independent
• Else, we head to an Internet of buggy Things
• This is achievable with an efficient, open-source IoT software platform, e.g. RIOT
![Page 78: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/78.jpg)
IoT Software: Components vs Full Firmware• Open-source platform model for IoT software:
• community maintains basic OS + network stack
• vendors focus on small part of the software, e.g. application software, or low-level driver
• Bottom-line: different entity will update different parts of the software.
• Advantages: smaller software updates, end of vendor support does not necessarily imply end of security, vendor independent security maintenance…
![Page 79: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/79.jpg)
bringing together RIOTers, beginners & experts
gathering people interested in the IoT in general
plenary talks, hands-on tutorials & demos
http://summit.riot.org
In Berlin, days before IETF96
![Page 80: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/80.jpg)
Übungsblatt! Aufgabe 1, 5 Punkte, Gruppe ! Welche Internet-verbundenen (oder sonst vernetzten)
Geräte besitzt/verantwortet Ihr? Findet jeweils heraus, ! ob es Firmware-/Software-Updates dafür gibt ! wo man die (autoritativ!) findet ! welche Sicherheitsprobleme das Gerät hat und welche
durch Updates gelöst wurden ! evtl., wie gesichert der Update-Prozess ist ! evtl., wie automatische Updates funktionieren ! was eine guter Zeitpunkt für ein Update wäre, und wie
das Gerät das evtl. herausfinden könnte ! …
! Abgabe: Donnerstag, 30.06.2016 25:59 UTC
80
![Page 81: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/81.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
81
![Page 82: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/82.jpg)
T2TRGSummaryIETF96,Berlin,Germany,2016
![Page 83: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/83.jpg)
INTERESTGROUPRE-CHARTERhttp://w3c.github.io/wot/charters/wot-ig-2016.html
![Page 84: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/84.jpg)
WoTInterestGroup
• ACReviewfinished15July2016– 34supportthisCharterasis– 1suggestschanges,butsupportstheproposal
• IGScope– SupportproposedWG– OrganizeandrunPlugFests– CollaboratewithotherSDOs,organizations,etc.– Investigateideasforlong-termgoals
![Page 85: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/85.jpg)
WORKINGGROUPCHARTERhttp://w3c.github.io/wot/charters/wot-wg-2016.html
![Page 86: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/86.jpg)
ProposedWoTWorkingGroup
• Roadmap– Integratefeedbackfrombilateraloutreach– Resolutiontosubmiton27July2016– StartW3MReviewperiodon3August2016– StartACReviewperiodon24August2016– BeabletostartWGaroundOctober2016
• Pleasehavealookandsendfeedback– http://w3c.github.io/wot/charters/wot-wg-2016.html– MailinglistorGitHubIssues
![Page 87: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/87.jpg)
MAINPROGRESSTOPICS
![Page 88: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/88.jpg)
ThingDescription(TD)TypeSystem
• TDallowstoplugindifferentsystems• EvaluationofpopulartypesystemsinWebapps
– Schema.orgsystemhassomelimitations– XML-basedschemasaretooimplementationspecific– JSONSchemafornowusedinPlugFesttoexplorefurther
• Openissues– Semanticannotationsalongsidedatastructuredefinitions– Existingtoolsupportforautomaticvalidation
![Page 89: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/89.jpg)
WithoutScriptingAPI
• Applicationlogicoftenimplementednatively
WoTServient
ProtocolBindings
ApplicationLogic
C/C++/Java/…
ResourceModel
WoTInterface···
![Page 90: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/90.jpg)
ScriptingAPI
• Web-likedevelopmentanddeployment
WoTServient
RuntimeEnvironment
AppScript
ProtocolBindings
ResourceModel
ClientAPI
Server API
Disc. API
WoTInterface···
![Page 91: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/91.jpg)
• Commonruntimeenablesportableapps
WoTServientVendorB
RuntimeEnvironment
WoTServientVendorA
RuntimeEnvironment
ScriptingAPI
ResourceModel ResourceModel
AppScript
ClientAPI
Server API
Disc. API
ClientAPI
Server API
Disc. API
WoTInterface···
WoTInterface···
ProtocolBindings ProtocolBindings
![Page 92: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/92.jpg)
ScriptExample(ExposeThing)//createsoftwareobjecttorepresentlocalThingWoT.newThing("counter").then(function(thing){thing//programmaticallyaddinteractions.addProperty("count",{"type":"integer"}).addAction("increment").onInvokeAction("increment",function(){console.log("incrementingcounter");//persistentstateismanagedbyruntimeenvironmentvarvalue=thing.getProperty("count")+1;thing.setProperty("count",value);returnvalue;})//initializestate(nobuilderpatternanymore)thing.setProperty("count",0);})._catch(console.err);
![Page 93: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/93.jpg)
ScriptExample(ConsumeThing)//createsoftwareobjecttorepresentremoteThingbasedonTDURIWoT.consumeDescriptionUri("http://servient.example.com/things/counter")//usepromisetohandleasynchronouscreation.then(function(counter){counter//invokeanActionwithoutarguments.invokeAction("increment",{})//whichisanasynchronouscall->promise.then(function(){console.log("incremented");counter//readProperty(async.)toconfirmincrement.getProperty("count").then(function(count){console.log("newcountstateis"+count);});})._catch(console.error);})._catch(console.error);
![Page 94: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/94.jpg)
F2FMEETINGANDPLUGFESTW3CWoTF2FBeijing2016
![Page 95: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/95.jpg)
F2FMeeting
• 11–14July2016• HostedbyCETCinBeijing
– ColocatedwithlocalIoTevent– ExchangewithCETCandlocalcompanies
• PlugFestandtechnicaldemos• Plenaryandbreakoutdiscussions
![Page 96: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/96.jpg)
Scenario1:HelloWoT
TDWebUIforhumaninteraction
/voteTooHot /on
Servientplatformwithscriptedapps
Servientconnected tolegacydevices
OpenSource
![Page 97: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/97.jpg)
Scenario2:FullWoTWoTServientproviding
voterscriptandvotingServientWebBrowserScriptingAPI
/voteTooHot /on
TDRepositorySearchforAction@type=“tooHot“
/voteTooHot
WoTServientsearchingforavotingServient
WoTServientconnected tolegacydevices
![Page 98: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/98.jpg)
Scenario3:Rule-basedAutomation
Consumebrightnesssensortocontrolcurtain
![Page 99: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/99.jpg)
PlugFestOnlineResources• CurrentPractices(BeijingRelease)
– http://w3c.github.io/wot/current-practices/wot-practices-beijing-2016.html• OrganizationWiki
– https://www.w3.org/WoT/IG/wiki/F2F_meeting,_July_2016,_China,_Beijing#PlugFest• TestCases
– https://github.com/w3c/wot/blob/master/plugfest/2016-beijing/plugfest-test-cases-beijing-2016.md
• ReportTemplate– https://github.com/w3c/wot/blob/master/plugfest/2016-beijing/TestCaseCoverage.xlsx
(t.b.d.)
![Page 100: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/100.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
100
![Page 101: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/101.jpg)
RESTful(Design(for(Internet(of(Things(Systems(
dra89keranen9t2trg9rest9iot(Ari(Keränen(<[email protected]>((with(MaFhias(Kovatsch(&(Klaus(Hartke(
(T2TRG(@(IETF96(
![Page 102: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/102.jpg)
Dra8(goals(
• "Guidance(for(designing(IoT(systems(that(follow(the(principles(of(the(REST(architectural(style"(
• CollecQon(of("basic"(informaQon(and(terminology(that(has(been(found(useful(
2(
![Page 103: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/103.jpg)
Next(steps(
• ApplicaQon(state(• Discovery(mechanisms(• Resource(design(guidance(• Intro(to(hypermedia9driven(apps(
• But(not(much(more.(Publish.(– Future(docs(on(hyper9media(aspects(
3(
![Page 104: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/104.jpg)
SecurityconsiderationfortheIoT
IETF96
Mohit(Ericsson)Oliver(Siemens)
Sandeep,Oscar(Philips)
![Page 105: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/105.jpg)
Contentsinolddraft-garcia-core-security-06
– Thinglifecycle– Architecturalconsiderations– Stateoftheart– Challenges
• Constraints• Bootstrapping• Operation
– Securityprofiles
![Page 106: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/106.jpg)
Proposedwayforward
– Thinglifecycle– Architecturalconsiderations<-Update– Stateoftheart<-Update– Challenges
• Constraints• Bootstrapping# refertobootstrappingdraft• Operation• Newchallenges(seenextslides)
– (new)Solutions# bootstrappingsolutionsinbootstrappingdraft
– Securityprofiles
![Page 107: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/107.jpg)
Specificresearchtopicstobeadded(1)
• Topicsfrom:https://mailarchive.ietf.org/arch/msg/ace/Bgc3Mq3vxvOLi19fVR0ckbLOkuw– Firmwareupdates– Transparencyandattestationofcommunications– Avoiddevicefingerprinting– Authorizationhandover(vendor)– Penetrationtesting
![Page 108: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/108.jpg)
Specificresearchtopicstobeadded(2)
• Furthertopicsfromhttps://github.com/t2trg/2015-ietf94/blob/master/t2trg-b.mkd– Handingoverdeviceownership– Lawfulaccess– Forensicreadiness– Regulationsandcompliance– Cross-domainoperation– …
• Others– Longtermsecurity
![Page 109: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/109.jpg)
Proposedwayforward
– Thinglifecycle– Architecturalconsiderations<-Update– Stateoftheart<-Update– Challenges
• Constrains• Bootstrapping# refertobootstrappingdraft• Operation• Newchallenges(seenextslides)
– (new)Solutions# exceptbootstrappingsolutions,thosewillbeinbootstrappingdraft
– Securityprofiles
• Sandeep• Oscar
• Mohit
• Oliver
![Page 110: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/110.jpg)
Q&A
![Page 111: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/111.jpg)
Fromhttps://github.com/t2trg/2015-ietf94/blob/master/99-t2trg-94-summary.pdf
![Page 112: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/112.jpg)
Fromhttps://github.com/t2trg/2015-ietf94/blob/master/99-t2trg-94-summary.pdf
![Page 113: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/113.jpg)
SecureIoTBootstrapping:ASurvey
draft-sarikaya-t2trg-sbootstrapping-01
Behcet Sarikaya and Mohit Sethi
![Page 114: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/114.jpg)
SecureBootstrapping• Whatisbootstrappingandwhatissecurebootstrapping?<-Updated
-Whatisonboarding-Whatisidentityandidentifier-Whatisuseranddeviceidentityandidentifier
• Possiblegoalsofsecurebootstrapping:-Identity:authenticationofapre-establishedidentityvs.creationofanewidentity-Authorizationfornetworkaccess,incl.configurationofcommunicationparameters-Registrationorjoiningadomainorgroup-Pairingwithaspecificnode,orconnectingtoacloudservice
• Someexampleofbootstrapping:-pairingofphonesoverbluetoothtoexchangefiles,and-securelyconnectingIEEE802.15.4sensorsfactorytothebackendbothrequiresomeformofsecurebootstrapping
![Page 115: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/115.jpg)
Managedmethods• Pre-establishedtrustrelationsandauthenticationcredentials
• Centralizedorfederated• Examples:
– AAA/ExtensibleAuthenticationProtocol(EAP)– GenericBootstrappingArchitecture(GBA)withSIM– OpenMobileAlliance(OMA)Light-weightM2M:
• FactoryBootstrap,BootstrapfromSmartcard,ClientInitiatedBootstrap,ServerInitiatedBootstrap
– Kerberos– ANIMA<-Updated– Vendorcertificates
![Page 116: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/116.jpg)
P2P / ad-hoc methods
• Nopre-establishedcredentials• Out-of-bandchannelusedfordistributingorconfirmingkeys– TypicallyDiffie-Hellmanexchange+MitMpreventedwithOOBcommunication
• Examples:<-Updated– Bluetoothsimplepairing– Wi-Fiprotectedsetup– EAP-NOOB(out-of-bandauthenticationforEAP)– Magicwand,e.g.commissioningtoolinI-D.kumar-6lo-selective-bootstrap
![Page 117: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/117.jpg)
Opportunistic/leap-of-faithmethods
• Continuityofidentityorconnection,ratherthaninitialauthentication
• Somemethodsassumethattheattackerisnotpresentattheinititialsetup
• Examples:<-Updated– SENDandCGA– WPSpushbutton– SSH,gmail,Facebook
![Page 118: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/118.jpg)
Hybridmethods
• Mostdeployedmethodsarehybrid:• Componentsfrombothmanagedandad-hocmethods• E.g.centralmanagementafterad-hocregistration
• Categorizationisnotalwayseasyorclear
• Choiceofbootstrappingmethoddependsheavilyonthebusinesscase:– Whatthirdpartiesavailable?– Whowantstoretaincontroloravoidwork?– Manufacturer/vendor,systemadmin,user,fullyad-hoc
![Page 119: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/119.jpg)
Secure Bootstrapping
• Nextsteps:– Hiddengemsandbestpractices?– Textonownershiptransferandhowdoesitaffectbootstrapping:https://www.iab.org/wp-content/IAB-uploads/2016/03/draft-farrell-iotsi-00.txt
![Page 120: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/120.jpg)
CoRALandHSML
MediaTypesforMachineInteractionKlausHartkeandMichaelKoster
![Page 121: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/121.jpg)
Comparison• Similarities
– Collectionsoflinksanditems– Formstodriveresourcestateupdates– Interoperabledatamodels
• Differences– CoRALusesadatamodelderivedfromHAL– HSMLusesCoRELink-FormatandSenML– CoRALusesmediatypestodefineapplicationsemanticvocabularyanddataserialization
– HSMLuseslinkannotationtoembedapplicationsemantics
![Page 122: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/122.jpg)
NextSteps• Createacommonusecaseprototypetoevaluatebothapproaches– Cross-domaininteroperability– Howdoesthedifferenceinsemanticannotationimpactapplicationdesign?
– Discovery,resourceconstruction,applicationinteraction
• Convergetoasinglerepresentationformatandinteractionmodelovertime
![Page 123: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/123.jpg)
The$BLE$(Bluetooth$Low$Energy)$URI$Scheme$and$Media$Types$
dra?@bormann@t2trg@ble@uri@00$Carsten$Bormann$&$Ari$Keränen$
T2TRG$@$IETF96$
![Page 124: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/124.jpg)
Background$
• Bluetooth$Low@Energy$(BLE):$popular$technology$for$constrained$devices$
• Resources$of$BLE$devices$can$be$accessed$over$IP$(RFC7668)$or$via$gateways$
• How$about$locally$connected$devices$and$web$technologies?$
• Straw$man$proposal$of$BLE$URI$scheme$and$media$types$
2$
![Page 125: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/125.jpg)
Example$
• Passive$scan$for$nodes:$
• ..results$in$node$list;$used$for$query$services$
• ..returning$"applica\on/ble@ga^@servicelist"$
3$
GET ble:/gap/nodes/passive
GET {node}/services
servicelist = [* service] service = { href: text, uuid: uuid, } uuid = bytes .size 16
![Page 126: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/126.jpg)
Next$steps$
• Adding$(much)$details$• Align$with$Web$Bluetooth$• Reviews$from$Bluetooth$experts$
4$
![Page 127: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/127.jpg)
IoT Platform Architecture and Data Model
! 1!
h$ps://www.ie-.org/id/dra34liu4t2trg4architecture4data4model400.txt
Dapeng Liu Alibaba Group
![Page 128: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/128.jpg)
The$Smart$Home$Ecosystem$
2
Internet $IoT$Pla3orm$
$
Other$Pla3orm$
Connecting with multiple device vendors
1. Multiple APPs can use same way to locally control devices
2. Cloud and APPs should understand the local device control information from different vendors so that they can control in an unified way, so the device data types, data format should have a standard
3. Interface between the cloud platform and the device needs standard for common function like device registration, device login, etc.
4. Multiple APPs can use same way to remotely control devices
5. Interface standard to guarantee inter-platform interconnectivity
![Page 129: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/129.jpg)
Data Model Design for IoT Platform
• The data model can be applied to various kinds of IoT service platform scenarios, example smart home
! 3!
![Page 130: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/130.jpg)
Data Model
• Can be used in the communication between service platform and user APP, between service platform and other platform, between service platform and IoT devices, and between service platform and gateway device
• Default encoding schema for this data model is JSON
! 4!
![Page 131: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/131.jpg)
Fields in Data Model Name Format Length Description
version String 0-255 Data model version signature String 32-255 Signature value timestamp String 0-255 Timestamp deviceID String 0-255 Optional, required when data is sent by device account String 0-255 Optional, required when data is sent by user application, or server, or
other vendor's platform token String 0-255 Optional, required when data is sent to server. The token is assigned by
server to device, user, or vendor platform target String 0-255 Optional, required when data is sent to server, indicating target destination rspID String 0-255 Optional, required when data is a response to last remote control
command data. The value is set to last command data's id filed value method String 0-255 Indicate the method params String 0-1023 Attribute set id String 0-255 message ID ! 5!
![Page 132: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/132.jpg)
Examples
One example that device posts data to server
! 6!
![Page 133: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/133.jpg)
Examples
One example that user APP requests server to get device status
! 7!
![Page 134: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/134.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
134
![Page 135: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/135.jpg)
Decentralized, peer-to-peer IoTMANAGE IOT DEVICES WITH BLOCKCHAIN BASED, PEER-TO-PEER, DECENTRALIZED SYSTEMS
![Page 136: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/136.jpg)
Who we are?• Group of open source developers• We do blockchain and decentralized, P2P application development• We develop Streembit http://streembit.github.io/• We participate in the W3C standardization process
![Page 137: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/137.jpg)
The ProblemProblems with proprietary, closed source client-server systems
• Security and Privacy, mitigate the risk of inside job hacking• Economy• Politics - Incoming communication legislation such as the UK Investigatory Powers Bill
![Page 138: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/138.jpg)
The solutionUse decentralized, peer-to-peer systems to move away from the cloud.Blockchain technologies: • Confirming data origin and accuracy• Tracking updates
• Establishing true data authority for millions of different data fields• Smart contract management
![Page 139: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/139.jpg)
Device Discovery
![Page 140: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/140.jpg)
Control Internet of Things devices
• Via peer to peer manner• End to end encrypted between the human users and IoT devices • Using W3C WoT standards
![Page 141: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/141.jpg)
Control Internet of Things devices
![Page 142: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/142.jpg)
Upgrade and manage IoT devices• Hardware and software providers upgrade Internet of Things devices on the always up and running on decentralized networks.• Internet of Things device manufacturers and software designers publish firmware and software updates via the decentralized network.• Ensure via strong PPKI security that the origin and data integrity of the updates by verifying the public key of the publisher.
![Page 143: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/143.jpg)
Upgrade and manage IoT devices
![Page 144: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/144.jpg)
Strong security
• Based on PPKI, ECC cryptography
• Each actor of the system must generate a public/private key pair. (Typically keys are generated prior to configuring the device and will be burned into the devices’ firmware).
• The devices and users publishes the public key to other users of the system.
• The data integrity and authenticity of the messages is guaranteed with PPK signatures.
• Each session between users is secured with strong 256-bit AES symmetric symmetriccryptography keys.
• Uses ECC Diffie Hellman (ECDH) key exchange
![Page 145: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/145.jpg)
Working on standardsWe try to create an IETF standard for decentralized, peer-to-peer IoT.
Github protocol repository
![Page 147: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/147.jpg)
Agenda• 16:20 (Chairs) RG status update • 16:30 (Chairs) Summary from RIOT Summit • 16:45 Hannes, Stephen, Carsten:
Summary from IOTSU IAB Workshop • 17:15 Matthias Kovatsch:
Update from W3C WoT IG and WG • 17:35 (Authors) T2TRG documents • 17:50 Tibor Pardi:
Secure, decentralized, blockchain based IoT (talk) • 18:10 (Chairs) Future activities
147
![Page 148: T2TRG: Thing-to-Thing Research Group · RIOT Summit 2016 • ~ 135 developers and researchers met in Berlin • RIOT = Research operating system for IoT (microkernel-based, full-fledged](https://reader031.vdocuments.us/reader031/viewer/2022011900/5f02c5757e708231d405ee39/html5/thumbnails/148.jpg)
Next meetings• SDOs: Co-locate with W3C WoT meeting @ TPAC
in Lisbon (Thu/Fri Sep 22/23): Sat/Sun Sep 24/25
• Open-Source: October Eclipse?
• Full meeting in Seoul before IETF97 (Sat/Sun Nov 12/13)?
• Academic: February @EWSN?
148