Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Building and managing iot applications with Lightweight M2M

3.191 visualizaciones

Publicado el

In this webinar we will present how to solve those problems using OMA LightweightM2M and Eclipse IoT projects Leshan and Wakaama.

We will cover the following topics:

✔︎ From M2M to Web-of-things, new challenges.
✔︎ What is devices management and why I need it
✔︎ What is OMA Lightweight M2M
✔︎ Security with Lightweight M2M
↳ End-to-end vs. gateways
↳ Key distribution & ACLs
✔︎ How to get started with LightweightM2M with Leshan and Wakaama

Publicado en: Tecnología
  • Sé el primero en comentar

Building and managing iot applications with Lightweight M2M

  1. 1. Building and Managing IoT Apps with Lightweight M2M Virtual IoT Meetup - Sept. 10, 2015 Julien Vermillard – Sierra Wireless
  2. 2. Building and Managing IoT Apps with Lightweight M2M Virtual IoT Meetup - Sept. 10, 2015 Julien Vermillard – Sierra Wireless
  3. 3. Agenda ● From M2M to Web-of -Things ● Device management 101 ● Intro to Lightweight M2M ● Security with LwM2M ○ End-to-End vs Gateways ○ Secrets & Access control ● Get started with Leshan & Wakaama
  4. 4. Machine-to-Machine Server Machine A Machine B Machine C
  5. 5. Internet-of-Things
  6. 6. Web-of-Things /walk /hand/left/raise /eye/picture /on /red /green /blue /mtbf /on /on /buttons /buttons/1/push /bat-level /engine/status /position /fuel /CO2 /noise /lights/on
  7. 7. Conquering the last mile Low power networks plugged to the Internet ● 6LowPAN ● Bluetooth Smart 4.2 ● Thread IPv6 MTU: 1280 bytes, 6LowPAN: ~100 bytes TCP, HTTP,MQTT doesn’t fit
  8. 8. CoAP: a new protocol for the IoT Class 1 devices ~100KiB Flash ~10KiB RAM ~$1 Low-power networks <100Bytes packets
  9. 9. CoAP in a nutshell RESTful protocol designed from scratch URIs, Internet Media Types GET, POST, PUT, DELETE Transparent mapping to HTTP Additional features for M2M scenarios Observe
  10. 10. CoAP: Constrained Application Protocol Binary protocol - Low parsing complexity - Small message size Options - Binary HTTP-like headers 0 – 8 Bytes Token Exchange handle for client 4-byte Base Header Version | Type | T-len | Code | ID Options Location, Max-Age, ETag, … Marker 0xFF Payload Representation
  11. 11. Device management? Secure, monitor, manage a fleet of devices ● Configure the device ● Update the firmware (and maybe the app) ● Monitor and gather connectivity statistics
  12. 12. Device management You don't know yet what hardware will power your IoT projects on the field, But you MUST be able to do device management in a consistent way without vendor lock
  13. 13. OMA Lightweight M2M An API on top of CoAP
  14. 14. Lightweight M2M REST API for: Security, Device, Server Connectivity monitoring, Connectivity statistics Location, Firmware Upgrade, Software management, Swipe & Lock But objects have a numerical identifier
  15. 15. Lightweight M2M - CoAP URLs /{object}/{instance}/{resource} Examples: ● "/6/0" the whole location object (binary record) ● "/6/0/1" only the longitude (degree)
  16. 16. Example: Object Device Manufacturer Model number Serial number Firmware version Reboot Factory reset Power sources Power V/A Battery level Memory free Error code Current time UTC offset Timezone
  17. 17. Also with applicative objects You can define your own objects Discoverable using CoAP Link Format IPSO Alliance Smart Objects: accelerometer, temperature, sensors,...
  18. 18. Demo!
  19. 19. Security with LwM2M DTLS and secret management
  20. 20. Authentication and encryption Based on DTLS 1.2 (TLS for Datagrams) Focus on AES & Elliptic Curve Cryptography (ECC) AES Hardware acceleration in IoT oriented SoC Works on Low Power networks (~100bytes MTU)
  21. 21. TLS_PSK_WITH_AES_128_CCM_8 Pre-Shared-Key: password for session authentication AES 128bits (or 256) - Counter CBC Mode: encryption and integrity (AEAD cipher) 8 bytes for integrity in place of CCM usual 16
  22. 22. What? :D PSK: No certificates, just password CCM8: compactness Full DTLS-PSK-CCM8 handshake in ~1030 bytes Ex: HTTPS TLS handshake ~6000bytes
  23. 23. More security: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE: Perfect Forward Secrecy (PFS) Someone rob your private key: he can’t decrypt past communications ECDSA: use public key in place of password You can use X.509 certificates (like HTTPS)
  24. 24. Security with gateways public network Sensor network (ex: Zigbee) Gateway: collect data and push to cloud cable, 4G, etc.. Secure transportLow or no security
  25. 25. Security with gateways public network Sensor network (ex: Zigbee) cable, 4G, etc.. Attack gateway get access to all the network Local wireless sniffing
  26. 26. Other gateway architecture flaws Complexity: mixing IP and non IP networks Lack of flexibility compared to end-to-end IP Hard to scale vs IP routing
  27. 27. End-to-end security public network Low power nodes: security starts here Sensor network (ex: Thread) Router cable, 4G, etc.. See only encrypted communication Not your Achilles heel
  28. 28. At scale? You will have a fleet of device They needs secrets (key, password, etc..) Unique across devices You need to be able to change those secrets You will probably don’t trust your factory
  29. 29. Lightweight M2M Bootstrap Flash bootstrap credentials
  30. 30. I only have bootstrap credentials or I can’t reach final server Lightweight M2M Bootstrap
  31. 31. Lightweight M2M Bootstrap Give me key and my server(s) Bootstrap Server
  32. 32. Lightweight M2M Bootstrap New key and server(s) URLs and ACL Bootstrap Server
  33. 33. Lightweight M2M Bootstrap Registration Bootstrap Server Registration Home Automation Server Device Manag. Server
  34. 34. Access Control Lists Define which operation on a given object for a given server One server for Over-The-Air upgrade: “/5/”+“/9/” read, write, exec One server for application, maybe with: “/5” read only
  35. 35. Hands-On! Getting started with Leshan & Wakaama
  36. 36. Leshan Java library for implementing servers & clients Friendly for any Java developer Simple (no framework, few dependencies) But also a Web UI for discovering and testing Build using “mvn install” Based on Californium and Scandium
  37. 37. Public sandbox Bleeding edge: deployed on master commit IPv4 and IPv6 Press “CoAP messages” for low-level traces
  38. 38. Wakaama A C client and server implementation of LwM2M Not a shared library (.so/.dll) Embedded friendly but using malloc/free Plug your own IP stack and DTLS implementation
  39. 39. Wakaama features Register, registration update, deregister Read, write resources Read, write, create, delete object instances TLV or plain text Observe
  40. 40. Wakaama internals core : internals.h liblwm2m.c liblwm2m.h list.c management.c objects.c observe.c packet.c registration.c tlv.c transaction.c uri.c utils.c core/er-coap-13 : er-coap-13.c er-coap-13.h
  41. 41. Tinydtls Eclipse Proposal “Support session multiplexing in single-threaded applications and thus targets specifically on embedded systems.” Examples for Linux, or Contiki OS TLS_PSK_WITH_AES_128_CCM_8 TLS_ECDHE_ECDSA_WITH_AES128_CCM_8
  42. 42. In real hardware? Spark Core: Cortex-M3 STM32, RAM/ROM 20/128k, 72MHz WiFi Arduino Mega AVR, ATmega2560, RAM/ROM 8/256k, 16MHz Ethernet
  43. 43. Thank you! Questions? @vrmvrm