IOT = (Proprietary Networks != Internet) Of Things

T.Rob Wyatt»WebSphere MQ security guy»Security blogger»Autistic blogger»Enthusiastic fan of Internet of Things

Moved to IBM in order to improve the state of middleware security and to help build the instrumented, networked, interactive world of pervasive, embedded computing.

1. Subscribe to service2. Possibly configure gateway3. Configure device to network4. Possibly configure device to gateway5. Device talks to vendor cloud6. User Interface talks to cloud

Device Gateway Local data intercept?

WiThings scale Wi-Fi Router No

Fitbit PC, Phone No

Garmin, Omron PC File

Schlage LiNK Z-Wave Bridge No

iFit Wi-Fi Router No

Summer Baby Monitor Proprietary No

Ford Sync Cell data modem No

Ninja Blocks Ethernet Router No (Open HW/SW FTW!)

Ceiva photo frame Wi-Fi router No

LIFX LED Bulb Wi-Fi / Mesh network No

» Security is hard. Solve the problem with an encrypted tunnel from the device to the vendor.

» No need to authenticate data so long as the secure connection provides identity context.

In a world where vendors claim ownership of your data, this model is expected. It is the status quo. Who would even think of doing it any other way?

WE would, that's who. Our data is OUR data. That's why we call it that.

» Network goes down? The house blue screens?» You want to push a device's feed to a 3rd party?» You want H/A or offsite redundancy?» You want a different data granularity or

availability than the vendor gives you?» Your vendor goes out of business and you have

10,000 hours left on your $100 LED bulb?

» User needs to configure each device type» Doesn’t scale» Devices don’t talk to one another» Functionality degrades or fails without

connectivity» Vendor-first data capture» User options severely limited by vendors» Lot$ of $ub$cription$» Limited sense-and-respond, esp. across vendors

» Devices self-configure» Devices talk locally first, to vendor is optional» Local functionality does not require Internet» Full if-this-then-that capability in home» Data owners are free to use their own data» Interoperability across different device types

and/or different vendors

1. Consumer enters device GUID into their dashboard.2. Power up the device in the vicinity of the router. Press the sync

button on the device, then the WPS* button on the router.3. Device joins the network and acquires an IP address from DHCP.4. Device issues MQTT Connect on DHCP server port 18835. Device subscribes to an admin topic that publishes on-boarding

info.6. Device now publishes the manufacturer's MQTT feed URL to the

dashboard.7. User dashboard now displays device-specific options to publish

to the vendor, subscribe from the vendor, etc.8. User has options to publish topic feeds at any level to 3rd parties.

(* Note: Requires some rework to make WPS secure or to replace it.)

After install of the new device, all data is exchanged locally unless specifically provisioned by the user.

Optionally, the user can authorize various interactions with device vendor:1.Publish device data to vendor.2.Subscribe to vendor administrative alerts (recall notices, offers, etc.)3.Allow vendor to send inbound control messages.

IT’S MY DATA!If I want to give it to someone

OTHERthan the device manufacturer,

Why can’t I?

What’s the point if…»My device vendor controls all my device data…»My ability to correlate across devices depends on my vendors communicating with one another and writing code…»The protocols are all proprietary…»I can’t inject my own events into the ecosystem…

Optional interaction with 3rd party vendors:1.User registers with 3rd party value-added service.2.3rd party provides a URL for device notifications.3.User subscribes external URL to topic using local dashboard,4.3rd party now receives/sends dataand events from homeowner.

» Community / Regional load control» Volunteer distributed sensor net for research» Aggregators/rules engines (Smart Things, IFTTT)» Special Interest communities» Activists (e.g. green-ness badges)» Notification providers (stocks, weather alerts)» Augmented reality» ___________________________ (You pick it)

» WPS that actually works as intended » User dashboard» Local event capture, correlation and rules » Pub/Sub messaging architecture» Internet traversable protocols» Globally managed topic namespace

(But can be prototyped with existing public servers.)

Questions? Comments? Rotten tomatoes?

T.Rob Wyattt.rob.wyatt@us.ibm.comiot@t-rob.net http://t-rob.nethttp://linkedin.com/in/tdotrob http://facebook.com/tdotrob

You really need these next slides but there was no way to fit them in the 5 minutes I had to talk so I cheated and sort of stuck them in the end where you'll find them if you download this deck and accidentally scroll past the Thank You! Page because your finger twitched, your curiosity got the better of you or perhaps you are one of those people who sits through the movie credits thinking there will be an Easter Egg scene at the very end that makes it all worthwhile. There is.

» An open, royalty-free protocol invented in 1999.

» Optimized for constrained devices, unreliable networks and high bandwidth costs.

» Proposed to OASIS for standards acceptance.» Implemented samples in dozens of languages.» Scales to millions of connected devices.» Backed by Eclipse Foundation Paho project.» http://mqtt.org » http://bit.ly/oasismqtttc

» Stephen Nicholas performed some power profiling on Android to measure battery drain.

» Mutually authenticated connections.» Comet polling for HTTPS.» MQTT wins by large margin.» Effects multiplied when polling on more than

one subscription.» http://stephendnicholas.com/archives/1217

» Open-source (BSD licensed) MQTT broker» Binaries for the usual Linuxes, but also iPhone,

Open WRT, Raspberry PI, and others.» I easily got it running on a Synology NAS drive.» Free test broker

˃ Unencrypted @ test. mosquitto.org:1883˃ Server-auth SSL @ test. mosquitto.org:8883˃ Mutual-auth SSL @ test. mosquitto.org:8883

» http://mosquitto.org

» Open Messaging for M2M and IoT» Focused on protocol standardization, tools.» C & Java clients delivered.» Clients developed under EPL 1.0» http://projects.eclipse.org/projects/technology.paho

» Provide M2M development, simulation, testing, debugging and deployment tools.

» Initial focus on the Lua language» Delivered development, modeling and

simulator tools so far.» http://projects.eclipse.org/projects/technology.koneki

» Embedded runtime exposing high-level Lua API that can be used to develop portable M2M applications easily.

» Project and samples on Eclipse git» http://projects.eclipse.org/projects/technology.mihini

» Eclipse-based visual development and server platform for mobile apps.

» Build, test, deploy, and manage your smartphone and tablet apps for iOS, Android, Blackberry, and Windows Phone devices.

» http://ibm.co/dWworklight

» Gelernter, David, Mirror Worlds (Oxford University Press, 1991).» Kelley, Kevin, Out of Control: The New Biology of Machines, Social

Systems, & the Economic World (Addison, Wesley, 1994).» Mitchell, William J., City of Bits (MIT Press, 1995).» Dyson, George B., Darwin Among the Machines

(Perseus Books, 1997).» Dodsworth, Clark Jr., Contributing Editor, Digital Illusion:

Entertaining the Future with High Technology (ACM Press, 1998).» Holland, John H., Emergence: From Chaos to Order

(Perseus Books 1998).» Gershenfeld, Neil, When Things Start to Think

(Harry Holt and Company, 1999).