Presentation for the Distributed Systems Master at the University of Cordoba (Spain). In this presentation we review the state of the art in communication middlewares for Industrial Internet of Things
15. Medical and HealthCare
Patient Monitoring:
Can NASA-inspired
Command Centers
help the hospital of
the future? This
hospital thinks so [2]
Connected Medical
Devices
Image: source
16. Transportation
Hyperloop:
Planes, Trains and Hyperloops:
The Importance of Connectivity
in the IIoT (video)
Autonomous Cars:
Whitepaper: DDS in Autonomous
Car Design
Accelerate Autonomous Car
Development
17. Energy
● Siemens Wind Power
○ IT integration for maintenance
● LocalGrid
○ Monitor and control
● Grand Coulee Dam
○ Largest Electricity Producer
○ in US
● Green Energy IIC Testbed
25. Industry 4.0
● German Government Initiative
● Focused on manufacturing
Smart Factory = Cyber Physical Systems + Cloud Computing + IoT
26. AUTOSAR
AUTOSAR (AUTomotive Open System ARchitecture) is a
worldwide development partnership of vehicle manufacturers,
suppliers, service providers and companies from the automotive
electronics, semiconductor and software industry.
> 100 partners including
• Core Partners: BMW, Bosch, Continental, Daimler, Ford, GM,
PSA, Toyota, and VW.
• RTI joined as a Development Partner in 2017
https://www.autosar.org/
27. AUTOSAR Standards
Classic Platform
• Defines a solution for embedded systems with hard real-time and safety constraints.
Adaptive Platform
Defines a solution for high-performance computing ECUs to build fail-operational systems for use cases such as
autonomous driving.
Implements the AUTOSAR Runtime for Adaptive Applications (ARA)
Characteristics
• Uses C++
• Defines a Service-oriented Architecture
• Leverages existing standards
• Focuses on safety and security
• Defined in terms of functional clusters (see next slides)
31. CoAP
● COnstrained Application Protocol
● Web of Things
○ REST model for small devices
● Pull model
● RFC7252
● http://coap.technology/
Source: openmobilealliance.org
32. AMQP
● Advanced Message Queuing
Protocol
● Wire-level protocol
○ Multiple Interfaces
● One to One and One To Many
● Broker based
● Message centric
● Implementations:
○ RabbitMQ, ActiveMQ, Apache
QPid
36. Data Distribution Service
● Data Centric Approach
● Fully distributed Architecture
● Advanced QoS
● Stantard
○ Both Wire-protocol and API
● Implementations:
○ Connext, Vortex OpenSplice, OpenDDS, CoreDX
37. Pub/Sub Protocol Comparison
AMQP JMS MQTT DDS
Architecture Broker Broker Broker Descentralized
Type Topic Topic Topic Content/Type
Standard API N Y N Y
Standard Wire Y N Y Y
Transport TCP TCP TCP UDP*
QoS Y(3) Y(4) Y(3) Y (20*)
Standard Payload
Format
N N N CDR
Filtering Content Content N Content/Time
52. Data Distribution Service
● Object Management Group
Standards
● Data Distribution Service (DDS)
○ API
○ QoS
● Real-Time Publish Subscribe (RTPS)
○ Data encoding
○ Interaction Protocol
○ On the Wire Format
● Extensions:
○ XTypes
○ Security
55. DDS Quality of Service (QoS)
Quality of Service Quality of service
DURABILITY USER_DATA
HISTORY TOPIC_DATA
READER DATA LIFECYCLE GROUP_DATA
WRITER DATA LIFECYCLE PARTITION
LIFESPAN PRESENTATION
ENTITY FACTORY DESTINATION ORDER
RESOURCE LIMITS OWNERSHIP
RELIABILITY OWNERSHIP STRENGTH
TIME BASED FILTER LIVELINESS
DEADLINE LATENCY BUDGET
CONTENT FILTERS TRANSPORT PRIORITY
VolatilityInfrastructureDelivery
UserPresentationRedundancyTransport
56. QoS Example: Reliable alarms/events
Quality of Service Quality of service
DURABILITY USER_DATA
HISTORY TOPIC_DATA
READER DATA LIFECYCLE GROUP_DATA
WRITER DATA LIFECYCLE PARTITION
LIFESPAN PRESENTATION
ENTITY FACTORY DESTINATION ORDER
RESOURCE LIMITS OWNERSHIP
RELIABILITY OWNERSHIP STRENGTH
TIME BASED FILTER LIVELINESS
DEADLINE LATENCY BUDGET
CONTENT FILTERS TRANSPORT PRIORITY
VolatilityInfrastructureDelivery
UserPresentationRedundancyTransport
57. QoS Example: Data Redundancy
Quality of Service Quality of service
DURABILITY USER_DATA
HISTORY TOPIC_DATA
READER DATA LIFECYCLE GROUP_DATA
WRITER DATA LIFECYCLE PARTITION
LIFESPAN PRESENTATION
ENTITY FACTORY DESTINATION ORDER
RESOURCE LIMITS OWNERSHIP
RELIABILITY OWNERSHIP STRENGTH
TIME BASED FILTER LIVELINESS
DEADLINE LATENCY BUDGET
CONTENT FILTERS TRANSPORT PRIORITY
VolatilityInfrastructureDelivery
UserPresentationRedundancyTransport
60. Threats
Alice: Allowed to publish topic T
Bob: Allowed to subscribe to topic T
Eve: Non-authorized eavesdropper
Trudy: Intruder
Trent: Trusted infrastructure service
Mallory: Malicious insider
1. Unauthorized subscription
2. Unauthorized publication
3. Tampering and replay
4. Unauthorized access to data by
infrastructure services
61. App 2
Limitations of TLS: Security Is at a Very Gross Level
•Inefficient: all data is encrypted and signed
– Application data and metadata
– Regardless of whether privacy and/or integrity are required
•Poor latency and jitter: usually runs over TCP
•Not scalable: no multicast support
– Even with DTLS over UDP
App 1
62. Limitations of TLS: No Inherent Access Control
• Apps are authenticated or they’re not
• No inherent protection against insider threats
– E.g.: authorized subscriber but unauthorized publisher
• Access control has to be done by centralized broker or at application
level
Device
App App App
Device Device
Message Broker
• Poor performance and
scalability
• Single point of
failure/failover
• Single point of
vulnerability
63. The Alarm Limit is attacked. A
hacker compromises a device and
makes it change the alarm limits for
the entire system. Devices are
allowed to read this, but should not
write it.
RTI Connext Databus
Sensor Device(s)
Supervisor
Numeric
Image
AlarmLimit
Numeric
Image
AlarmLimit
Transport-Level Security
63
64. RTI Connext Databus
Compromised Sensor
Device
Supervisor
Numeric
Image
AlarmLimit
Numeric
Image
AlarmLimit
Transport-level security does
not prevent an insider from
attacking, writing data it
should not be allowed to
modify.
AlarmLimit
Transport-Level Security
64
65. RTI Connext Databus
Compromised Sensor
Device
Supervisor
Numeric
Image
AlarmLimit
Numeric
Image
AlarmLimit
AlarmLimitDDS security contains
fine-grained permissions that
prevent an application from
writing (or reading) something
it is not entitled to.
DDS Security: Access Control
65
66. DDS Secures the Data, Not the Pipe
DDS Domain
Line Flight Dest Arv
UA 567 SFO 7:32
AA 432 LAX 9:15
Squawk Long Lat Alt
1234 37.4 -122.0 500.0
7654 40.7 -74.0 250.0
Squawk Line Flight
1234 UA 567
7654 AA 432
Topi
c
73. “It's important to understand that the
definition isn't the final word on whether
an issue warrants a security bulletin —
instead, it's the first word.”
- Microsoft