Unit 4
9,239 views
60 slides
Sep 19, 2021
Slide 1 of 60
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
About This Presentation
ESIoT unit 4
Slide Content
Unit IV IOT PROTOCOLS & SECURITY Syllabus: Protocol Standardization for IoT , Efforts, M2M and WSN Protocols, SCADA and RFID Protocols, Issues with IoT Standardization, Unified Data Standards, Protocols – IEEE 802.15.4, BACNet Protocol, Modbus , KNX, Zigbee Architecture, Network layer, APS layer. IoT Security: Vulnerabilities of IoT , Security Requirements, Challenges for Secure IoT , Threat Modeling , Key elements of IoT Security: Identity establishment, Access control, Data and message security, Non-repudiation and availability, Security model for IoT .
IoT Protocol Standardization Some of the IoT projects such as the Internet of Things Strategic Research Roadmap by CERP - IoT are still at the grand concept level with limited materialized results. The IoT -A (Internet of Things A rchitecture) is one of the few efforts targeting a holistic architecture for all IoT sectors. This consortium consists of 17 European organizations from nine countries. They summarized the current status of IoT standardization as follows : Fragmented architectures, no coherent unifying concepts , solutions exist only for application silos. No holistic approach to implement the IoT has yet been proposed . Many island solutions do exist (RFID, sensor nets, etc.). Little cross-sector reuse of technology and exchange of knowledge .
Working groups of IoT standards. SCOE / COMP/ ESIOT/ MPW
Issues with IoT Standardization It should be noted that not everything about standardization is positive • Standardization is like a double-edged sword: Critical to market development But it may threaten innovation and inhibit change when standards are accepted by the market • Standardization and innovation are like yin & yang • They could be contradictory to each other in some cases, even though this observation is debatable
Some people believe that the IoT concept is well established • However, some gray zones remain in the definition, especially which technology should be included • Following two issues for IoT standardization in particular and ICT standardization in general may never have answers: 1. ICT standardization is a highly decentralized activity. How can the individual activities of the network of extremely heterogeneous standards setting bodies be coordinated? 2. It will become essential to allow all interested stakeholders to participate in the standardization process toward the IoT and to voice their respective requirements and concerns. How can this be achieved?
Unified Data Standards • Already discussed about two pillars of the Internet • HTML/HTTP combination of data format and exchange protocol is the foundation pillar of WWW • Described great number of data standards and protocols proposed for four pillar domains of IoT • Many issues still impede the development of IoT and especially WoT vision
Before IoT , Internet was actually an Internet of documents or of multimedia documents • Two pillars of Internet including HTML/HTTP turned the Internet into WWW • We need to turn the IoT into the WoT . There are many different levels of protocols, but the ones that most directly relate to business and social issues are the ones closest to the top, the so-called application protocols such as HTML / HTTP for the web
Protocols – IEEE 802.15.4 • Defines LR-WPANs • Specifies physical layer and media access control for LR-WPANs • Defined the standard in 2003 • Basic framework conceives a 10m communications range with a transfer rate of 250 kbit /s
802.15.4 Protocol Stack
Uses of IEEE 802.15.4: Suitable for IOT Based applications where multiple sensors nodes are working. Highly scalable where large number of nodes can be deployed together. Network maintenance is low cost & reliable.
BACNet Protocol Communications protocol for Building Automation and Control (BAC) networks • Provides mechanisms for computerized building automation devices to exchange information • Designed to allow communication of building automation & control system for application like • Heating, Ventilating and Air-conditioning Control (HVAC) • Lighting Control, Access Control • Fire Detection Systems and their Associated Equipment
BACNet Protocol defined by three types of characteristics: BACnet objects BACnet properties. BACNet Services. 1. BACnet objects: Logical representation of physical entity. Represent many different aspects of a control system. Examples are: A physical device (device objects) A temperature input (analog input) A relay control (binary output) BACNet Protocol
BACnet objects BACNet Standard Object
2. BACnet properties Contains information about an object. Every object in BACnet must have at least the following three properties: object_identifier object_name object_type
3. BACnet Services Information exchange between. Services are used to perform reads, writes, and I/O. The object that provides the service is a server and the object that requests the service is the client. Most objects can be both a server and a client, depending on the system's needs. Some Important Services as:
BACnet routers: A BACnet router transmits BACnet messages between two BACnet networks. The networks can be different (IP to MS/TP) or the same (IP to IP). The router sends appropriate messages between the networks in both directions. BACnet networks BACnet MS/TP: Receive Token. Initiate communication (up to the number of Max Info Frames) as needed. Increment the node’s token count, if the token count equals the Token Count parameter (as defined above) then initiate the polling for masters sequence, or pass the token to the next node.
Modbus is a serial communications protocol . It used with programmable logic controllers . Truly open and the most widely used network protocol in the industrial manufacturing environment . The main reasons for the use of Modbus in the industrial environment are: developed with industrial applications in mind, openly published and royalty-free, easy to deploy and maintain, moves raw bits or words without placing many restrictions on vendors. Communication between MODBUS devices : ( master-slave technique ) Modbus enables communication among many devices connected to the same network Modbus
SERIAL TRANSMISSION MODES OF MODBUS NETWORKS: ASCII Mode: Each character byte in a message is sent as 2 ASCII characters. Allows time intervals of up to a second between characters during transmission without generating errors . Modbus
RTU Mode: Each 8-bit message byte contains two 4-bit hexadecimal characters The message is transmitted in a continuous stream.
What is Zigbee ? Protocol which provides communication for wireless PAN of resource constrained devices. It is developed by Zigbee alliance & IEEE jointly. ZigBee aims to provide the upper layers of the protocol stack (from network to the application layer ). It just reside on top of the PHY & MAC Sub layers. ZigBee , with its sleepy, battery-powered end devices , is a perfect fit for wireless sensors . This communication system is less expensive and simpler Feature: Multi-Hop Routing , Ad-hoc Topology, Stochastic addressing, Link Management , Frequency Agility , Fragmentation and Reassembly, Power Management , Security ZIGBEE
ZigBee applications: ZIGBEE
Zigbee Network: ZIGBEE
Zigbee Network topologies
ZigBee Protocol Stack/Architecture
KNX, also known as Konnex , Open international building control standard. It is a joint work of three previous standards, European Home Systems Protocol (EHS), BatiBUS , and the European Installation Bus (EIB). KNX can provide energy savings ,comfort and convenience, security . KNX is a network of microcontrollers In a KNX automation system, there is only one software tool for configuring KNX devices, ETS (Engineering Tool Software). KNX
KNX system: KNX
KNX defines several physical communication media: Twisted pair wiring (inherited from the BatiBUS and EIB Instabus standards) Powerline networking (inherited from EIB and EHS - similar to that used by X10 ) Radio (KNX-RF) Infrared Ethernet (also known as EIBnet /IP or KNXnet /IP ) KNX
KNX Products: The KNX Association member companies have more than 7000 KNX certified product in their catalogues. This wide range of products allow, for example, the integration of : Heating/ventilation & Air Conditioning control Shutter/Blind & shading control Alarm monitoring Energy management & Electricity/Gas/Water metering Audio & video distribution KNX
M2M and WSN Protocols M2M application – highly customized Vertical industry – developing standards form auto industry to smart grid Horizontal standards – key requirement for M2M to move from its current state to truly interconnected IoT . A horizontal standard is expected to be the major impetus to growth in the future . The International Telecommunication Union’s (ITU) and ETSI’s (M2M Technical Committee) Global Standards Collaboration (GSC), which has established the M2M Standardization Task Force (MSTF, created during the GSC-15). It define a conceptual framework for M2M applications that is vertical industry and communication technology agnostic, and to specify a service layer that will enable application developers to create applications that operate transparently across different vertical domains and communication technologies without the developers having to write their own complex custom service layer.
M2M and WSN Protocols The high-level M2M architecture from MSTF does include fixed and other noncellular wireless networks, which means it’s a generic, holistic IoT architecture even though it is called M2M architecture Despite all of the positives, it seems the voices from the SCADA (supervisory control and data acquisition) and RFID communities are relatively weak ; efforts to incorporate existing SCADA standards such as OPC, ISA-95, and RFID EPCIS, ONS , and others are not seen yet. It remains to be seen whether all of the stakeholders from the four pillars of IoT will be equally included in the loop . 3GPP is only one of the SDOs in the MSTF, this makes sense and good results are much anticipated from MSTF. Some vertical applications on top of the Unified Horizontal M2M architecture are already under way
Standardization Bodies in the field of WSNs There are a number of standardization bodies in the field of WSNs. The IEEE focuses on the physical and MAC layers; T he IETF works on layers 3 and above. IEEE 1451 is a set of smart transducer interface standards developed by the IEEE Instrumentation and Measurement Society’s Sensor Technology Technical Committee that describe a set of open, common , network-independent communication interfaces for connecting transducers (sensors or actuators) to microprocessors, instrumentation systems , and control/field networks. One of the key elements of these standards is the definition of transducer electronic data sheets (TEDS) for each transducer. The TEDS is a memory device attached to the transducer, which stores transducer identification, calibration, correction data, and manufacturer-related information.
The IEEE 1451 family of standards includes: 1451.0-2007 Common Functions, Communication Protocols , and TEDS Formats 451.1-1999 Network Capable Application Processor Information Model 1451.2-1997 Transducer to Microprocessor Communication Protocols & TEDS Formats 1451.3-2003 Digital Communication & TEDS Formats for Distributed Multi-drop Systems 1451.4-2004 Mixed-mode Communication Protocols & TEDS Formats 1451.5-2007 Wireless Communication Protocols & TEDS Formats 1451.7-2010 Transducers to Radio Frequency Identification ( RFID) Systems Communication Protocols and TEDS Formats The goal of the IEEE 1451 family of standards is to allow the access of transducer data through a common set of interfaces whether the transducers are connected to systems or networks via a wired or wireless.
SCADA and RFID Protocols The SCADA is one of the IoT pillars to represent the whole industrial automation arena. Industrial automation has a variety of vertical markets and there are also many types of SCADAs. IEEE created a standard specification, called Std C37.1™, for SCADA and automation systems in 2007,
IEEE Std. C37.1 SCADA architecture. P ower SCADA applications
IEEE Std. C37.1 SCADA architecture . In recent years, network- based industrial automation, use of i ntelligent electronic devices(IEDs),or IoT devices. The processing is distributed , and functions that used to be done at the control center can now be done by the IED, that is, M2M between devices . Despite the fact that many functions can be moved to the IED, utilities still need a master station , the IoT platform, for the operation of the power system. Due to the restructuring of the electric industry, traditional vertically integrated electric utilities are replaced by many entities such as GENCO (Generation Company), TRANSCO (Transmission Company), DISCO (Distribution Company), ISO ( independent system operator), RTO (regional transmission organization), To fulfil their role, each of these entities needs a control centre, that is, a substation, to receive and process data and take appropriate control actions .
IEEE Std. C37.1 SCADA architecture. This specification addressed all levels of SCADA systems and covered the technologies used and, most importantly , the architecture of how those technologies interact and work together . However , no XML data formats and componentized architecture details are specified, which is perhaps why SCADA has long been regarded as a traditional control system market . People working in that area are often not aware of Internet-based IT innovations and cannot relate their work to a new concept such as IoT .
RFID 38 The smart cards with contactless interfaces (RFID is a subset) are becoming increasingly popular for payment and ticketing applications. The RFID protocols and data formats are relatively well defined, mostly by EPCglobal , and unified compared with protocols and formats of the other three pillars of IoT
The standard for contactless smart cards is ISO/IEC 15693, which allows communications at distances up to 50 cm
IOT Security • Fundamental idea - IoT will connect all objects around us to provide smooth communication • Economic of scale in IoT presents new security challenges for global devices in terms of – Authentication – Addressing – Embedded Security
IOT Security Devices like RFID and sensor nodes have no access control functionality • Can freely obtain or exchange information from each other • So authentication & authorization scheme must be established between these devices to achieve the security goals for IoT • Privacy of things and security of data is one of the key challenges in the IoT
Vulnerabilities of IoT
Vulnerabilities of IoT Unauthorized Access – One of the main threats is the tampering of resources by unauthorized access – Identity-based verification should be done before granting the access rights • Information corruption – Device credential must be protected from tampering – Secure design of access rights, credential and exchange is required to avoid corruption
• DoS Attack – Denial of Service ( DoS ) – Makes an attempt to prevent authentic user from accessing services which they are eligible for – For example, unauthorized user sends to many requests to server – That flood the network and deny other authentic users from access to the network
• DDoS Attack – Distributed Denial of Service – Type of DoS attack where multiple compromised systems are used to target single system causing DoS – Compromised systems – usually infected with Trojan – Victims of a DDoS attack consist of both • End targeted systems • All systems maliciously used and controlled by the hacker in the distributed attack
Security Requirements
Security Architecture for IoT
IoT Security Tomography • Classified according to attacks addressing to different layers – Transport Layer- sends wrong data and inject incorrect control packets – Network Layer- routing loop,wormhole attack and network partitioning – MAC layer- spoofing,buffer overflow, eavesdropping and os level threats. – RF layer- complete jamming,eavesdropping,hardware / sensor level threat
IoT Security Tomography
Key Elements of Security • Authentication • Access Control • Data and Message Security • Non-repudiation and Availability
Authentication • Secure Entity Identification or Authentication • Authentication is identity establishment between communicating devices or entities • Entity can be a single user, a set of users, an entire organization or some networking device • Identity establishment is ensuring that origin of electronic document & message is correctly identified
Access Control • Also known as access authorization • Principles is to determine who should be able to access what • Prevents unauthorized use of resources • To achieve access control, entity which trying to gain access must be authenticated first • According to authentication, access rights can be modified to the individual
Data and Message Security • Related with source authenticity, modification detection and confidentiality of data • Combination of modification & confidentiality of message is not enough for data integrity • But origin of authenticity is also important • Location privacy is equally important risk in IoT • Should not be any way for attacker to reveal identity or location information of device
Non-repudiation and Availability • Non-repudiation is the security services for point-to-point communications • Process by which an entity is prevented from denying a transmitted message • So when message is sent, receiver can prove that initiating sender only sent that message • Sender can prove that receiver got message • To repudiate means to deny
Non-repudiation and Availability • Availability is ensured by maintaining all h/w, repairing immediately whenever require • Also prevents bottleneck occurrence by keeping emergence backup power systems • And guarding against malicious actions like Denial of Service ( DoS ) attack
Security Model for IoT
Security model for IoT represents the security features that should be followed by an IoT application. The security model of IoT can be represented by a cube with three dimensions representing 1 . security – authorization, 2 . trust – repudiation and 3 . privacy – respondent . The intersection defines the specific characteristics of the IoT security model . security of the IoT based application focuses on Authorization, Identification and Authentication, Confidentiality, Integrity, Non-repudiation and Availability . Privacy focuses on Owner’s privacy, user’s privacy, Ethics of communication, Laws concerned and accused’s privacy . While trust focuses on Beliefs, credentials, delegation (allocations), recommendation and repudiation.
Challenges for Secure IoT Identity Management for IoT devices Secure interaction with and within IoT Privacy and Distributed access control Secure Data Management and Transfer End to End security (cryptographic encryption) Privacy Security Structure
Challenges for Secure IoT Identity Management for IoT devices IoT device needs a unique identity and identifier Provides Trust management and building circle of trust. Useful for authentication mechanisms. Secure interaction with and within IoT Physical and virtual movement of devices needs to be managed. Privacy and Distributed access control I dentity of devices should be exchanged dynamically. Secure Data Management and Transfer Secure storage management, separate data auditing policies for devices. End to End security Cryptographic encryption and authentication is one way to achieve this. Privacy Security Structure
Explain lifecycle of an IOT device.
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 9,239
- Slides 60
- Favorites 2
- Age 1536 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views