Smart, Secure and Efficient Data Sharing in IoT
Angelo Corsaro, PhD Chief Technology Officer
HYPE CYCLE 2015
GARTNER
HYPE CYCLE 2015
GARTNER
HYPE CYCLE 2015
GARTNER
What is IoT all About?
IoT is about extracting value through the insights derived from the real-time and historical data produced by a cyber-physical system
— Data is the currency of IoT —
the buzZ digital humanism
CIoT
smartcollar
connected f0rk
smart socks
Smart Lightbulbs
the ValueIIoT
While consumer applications such as fitness monitors and self-driving cars attract the most attention and can create significant value, we estimate that B2B/Industrial applications can generate nearly 70 percent of potential value enabled by IoT.
THE INTERNET OF THINGS:
MAPPING THE VALUE BEYOND THE HYPE Mc Kinsey, June 2015
Cop
yrig
ht P
rism
Tech
, 201
4
Smart Factory0.5 TB of data
produced per day
Autonomous Vehicles
coordination of fast moving autonomous vehicles
intermittent connectivity
dynamic pairing of devices
Cop
yrig
ht P
rism
Tech
, 201
4
Smart-Grid20ms deadline for phase
alignment data
Interoperability
Oil Rig 30000 data pointsonly 1% of available data
used today
Smart Lightbulbs96Kbytes Memory
Connected Medical Devices
12 msec period for pleath data
Peer-to-Peer connectivity
smart cities
Connected Aircrafts
10 TB of data every 30m of flight
Launch System80K+ data points with aggregate updates
rate of ~400K msgs/sec
ESA Extremely Large & SMART Telescope (ELT)
1750 computing nodes
100.000 mirrors whose position is
adjusted 100 times per second!
ELT will allow astronomers to probe the earliest stages
of the formation of planetary systems and to detect water and organic
molecules in proto-planetary discs around
stars in the making
CIoT / IIoT Differences
IIoT is concerned with reactive cyber-physical systems IIoT is about interacting with the physical world
Cloud-centric architectures centred around device-to-cloud communication are not
applicable/sufficient for IIoT applications because of performance, connectivity and
resource constraints
This subtle but essential difference introduces a series of requirements for
IIoT platform that are not addressed by device-2-cloud centric IoT platforms
Data SharingIIoT
needs
Location Transparency
Data should flow where needed transparently and independently from the location its source so to allow for analytics to be deployed/migrate where it makes the most sense, i.e. edge, cloud, etc.
Cop
yrig
ht P
rism
Tech
, 201
4
Smart Factory0.5 TB of data
produced per day
Device-2-Devicecommunication
Device-2-Cloud connectivity is not always possible due to connectivity challenges, response time or data volumes
Cop
yrig
ht P
rism
Tech
, 201
4
Smart Factory0.5 TB of data
produced per day
Cloud + FogComputing
Cloud and Fog computing architectures should be transparently supported to allow for data to be processed wherever makes the most sense
Autonomous Vehicles
coordination of fast moving autonomous vehicles
intermittent connectivity
dynamic pairing of devices
DurabilityAlong with real-time data, historical data should be available for query and non-real-time analytics
Oil Rig 30000 data pointsonly 1% of available data
used today
Interoperability
Data sharing standard are a pre-prerequisite for IoT.
Without standards there is not interoperability, without interoperability there is not IoT
Cop
yrig
ht P
rism
Tech
, 201
4
Smart-Grid20ms deadline for phase
alignment data
Interoperability
SecurityData-Level security should be provided to simplify the deployment of secure IoT systems
Smart Lightbulbs96Kbytes Memory
Connected Medical Devices
12 msec period for pleath data
Peer-to-Peer connectivity
The (I)IoT Data SharingDDS
Standard
DDS is a standard technology for efficient, ubiquitous, interoperable, secure, and platform independent data sharing across network connected devices
DDS in131 Characters
The DDS Standard
Standard
Cop
yrig
ht P
rism
Tech
, 201
5
Proven in Defence / Aerospace
Integrated Modular Vetronics Training & Simulation Systems Naval Combat Systems
Air Traffic Control & Management Unmanned Air Vehicles Aerospace Applications
Cop
yrig
ht P
rism
Tech
, 201
5
Broad Commercial Applications
Agricultural Vehicle Systems
Train Control Systems Complex Medical Devices
Smart CitiesLarge Scale SCADA Systems
High Frequency Auto-Trading
Cop
yrig
ht P
rism
Tech
, 201
4DDS is independent from the
- Programming language,
- Operating System
- HW architecture
Platform Independent
Grasping the Idea
Cop
yrig
ht P
rism
Tech
, 201
5
DDS provides a Distributed Data Space abstraction where applications can autonomously and asynchronously read and write data enjoying spatial and temporal decoupling
Its built-in dynamic discovery isolates applications from network topology and connectivity details
DDS’ Data Space is decentralised
High Level Abstraction
DDS Global Data Space
...
Data Writer
Data Writer
Data Writer
Data Reader
Data Reader
Data Reader
Data Reader
Data Writer
TopicAQoS
TopicBQoS
TopicCQoS
TopicDQoS
Conceptual Model
DDS Global Data Space
...
Data Writer
Data Writer
Data Writer
Data Reader
Data Reader
Data Reader
Data Reader
Data Writer
TopicAQoS
TopicBQoS
TopicCQoS
TopicDQoS
Conceptual Model Actual Implementation
Data Writer
Data Writer
Data Writer
Data Reader
Data Reader
Data Reader
Data Writer
TopicAQoS
TopicBQoS
TopicCQoS
TopicDQoS
TopicDQoS
TopicDQoS
TopicAQoS
DDS Global Data Space
...
Data Writer
Data Writer
Data Writer
Data Reader
Data Reader
Data Reader
Data Reader
Data Writer
TopicAQoS
TopicBQoS
TopicCQoS
TopicDQoS
The communication between the DataWriter and matching DataReaders can be peer-‐to-‐peer exploiting UDP/IP (Unicast and Multicast)or TCP/IP
Data Writer
Data Writer
Data Writer
Data Reader
Data Reader
Data Reader
Data Writer
TopicAQoS
TopicBQoS
TopicCQoS
TopicDQoS
TopicDQoS
TopicDQoS
TopicAQoS
The communication between the DataWriter and matching DataReaders can be “brokered” but still exploiting UDP/IP (Unicast and Multicast)or TCP/IP
Cop
yrig
ht P
rism
Tech
, 201
5
Abstracting Connectivity
Cloud Computing
Fog Computing
Device-to-Cloud Communication
Device-to-Device Communication
Fog-to-Cloud Communication
Cloud-to-Cloud Communication
Device-to-Device Communication
Collect | Store | Analyse | Share
Collect | Store | Analyse | Share
Fog Computing
Fog Computing
Autonomous Vehicles
coordination of fast moving autonomous vehicles
intermittent connectivity
dynamic pairing of devices
Cop
yrig
ht P
rism
Tech
, 201
5
DDS supports the definition of Data Models.
These data models allow to naturally represent physical and virtual entities characterising the application domain
DDS types are extensible and evolvable, thus allowing incremental updates and upgrades
Data Centricity
Cop
yrig
ht P
rism
Tech
, 201
5
A Topic defines a domain-wide information’s class
A Topic is defined by means of a (name, type, qos) tuple, where
• name: identifies the topic within the domain
• type: is the programming language type associated with the topic. Types are extensible and evolvable
• qos: is a collection of policies that express the non-functional properties of this topic, e.g. reliability, persistence, etc.
Topic
TopicTypeName
QoS
struct TemperatureSensor { @key long sid; float temp; float hum; }
Cop
yrig
ht P
rism
Tech
, 201
5DDS “knows” about application data types and uses this information provide type-safety and content-based routing
Content Awarenessstruct TemperatureSensor { @key long sid; float temp; float hum; }
sid temp hum101 25.3 0.6507 33.2 0.7913 27,5 0.551307 26.2 0.67
“temp > 26 AND hum >= 0.6”
sid temp hum
507 33.2 0.71307 26.2 0.67
Type
TempSensor
Oil Rig 30000 data pointsonly 1% of available data
used today
Cop
yrig
ht P
rism
Tech
, 201
4
DDS provides a rich set of QoS-Policies to control local as well as end-to-end properties of data sharing
Some QoS-Policies are matched based on a Request vs. Offered (RxO) Model
QoS Policies
HISTORY
LIFESPAN
DURABILITY
DEADLINE
LATENCY BUDGET
TRANSPORT PRIO
TIME-BASED FILTER
RESOURCE LIMITS
USER DATA
TOPIC DATA
GROUP DATA
OWENERSHIP
OWN. STRENGTH
LIVELINESS
ENTITY FACTORY
DW LIFECYCLE
DR LIFECYCLE
PRESENTATION
RELIABILITY
PARTITION
DEST. ORDER
RxO QoS Local QoS
Cop
yrig
ht P
rism
Tech
, 201
5
For data to flow from a DataWriter (DW) to one or many DataReader (DR) a few conditions have to apply:
The DR and DW domain participants have to be in the same domain
The partition expression of the DR’s Subscriber and the DW’s Publisher should match (in terms of regular expression match)
The QoS Policies offered by the DW should exceed or match those requested by the DR
Quality of ServiceDomain
Participant
DURABILITY
OWENERSHIP
DEADLINE
LATENCY BUDGET
LIVELINESS
RELIABILITY
DEST. ORDER
Publisher
DataWriter
PARTITION
DataReader
Subscriber
DomainParticipant
offered QoS
Topicwrites reads
Domain Idjoins joins
produces-in consumes-from
RxO QoS Policies
requested QoS
Cop
yrig
ht P
rism
Tech
, 201
4
Smart-Grid20ms deadline for phase
alignment data
Interoperability
Cop
yrig
ht P
rism
Tech
, 201
5
Support for fine grained access control
Support for Symmetric and Asymmetric Authentication
Standard Authentication, Access Control, Crypto, and Logging plug-in API
Security
Arthur Dent
Arthur Dent
Ford Prerfect
Zaphod Beeblebrox
Marvin
Trillian
A(r,w), B(r)
A(r,w), B(r,w), X(r)
*(r,w)
*(r)
A(r,w), B(r,w), C(r,w)
Ford Prerfect
Zaphod Beeblebrox
Trillian
Marvin
A
B
A,BX
*
*
A,B,C
Identity Access RightsSessions are authenticated and communication is encrypted
Only the Topic included as part of the access rights are visible and accessible
Cop
yrig
ht P
rism
Tech
, 201
5
The DDS Security defines a framework for interoperable security with pluggable:
- Authentication
- Access Control
- Crypto
- Logging
- Tagging
DDS Security
Cop
yrig
ht P
rism
Tech
, 201
5
Authentication X.509 Public Key Infrastructure (PKI) with pre-configured shared Certificate Authority (CA) Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange
Access Control Access Control List file signed by a shared Certificate Authority Police access to join Domains and Partitions and read/write Topics as well as instances
Cryptography Protected key distribution AES128 and AES256 for encryption HMAC-SHA1 and HMAC-SHA256 for MAC
Default Plugins
Smart Lightbulbs96Kbytes Memory
Connected Medical Devices
12 msec period for pleath data
Peer-to-Peer connectivity
Your First DDS App!
Cop
yrig
ht P
rism
Tech
, 201
4
Anatomy of a DDS Application
Cop
yrig
ht P
rism
Tech
, 201
5
Writing Data in Python
import dds import timeif __name__ == '__main__': topic = dds.Topic("SmartMeter", "Meter") dw = dds.Writer(topic) while True: m = readMeter() dw.write(m) time.sleep(0.1)
enum UtilityKind { ELECTRICITY, GAS, WATER }; struct Meter { string sn; UtilityKind utility; float reading; float error; }; #pragma keylist Meter sn
Cop
yrig
ht P
rism
Tech
, 201
5
Reading Data in Pythonimport ddsimport sys def readData(dr): samples = dds.range(dr.read()) for s in samples: sys.stdout.write(str(s.getData())) if __name__ == '__main__': t = dds.Topic("SmartMeter", "Meter") dr = dds.Reader(t) dr.onDataAvailable = readData
enum UtilityKind { ELECTRICITY, GAS, WATER }; struct Meter { string sn; UtilityKind utility; float reading; float error; }; #pragma keylist Meter sn
DDS enables Smart, Secure and Efficient Data Sharing in IoT
In Summary