IoT Infrastructure. idevicesinc.com

Similar documents
Ruckus ZoneDirector 3450 WLAN Controller (up to 500 ZoneFlex Access Points)

Dolby Conference Phone 3.1 configuration guide for West

Ruckus ZoneDirector 1106 WLAN Controller (up to 6 ZoneFlex Access Points)

Yanzi IoT for Smart Buildings From Sensor to Cloud. Marie Lassborn, VP Cloud Operations Jfokus 2018

IoT Edge Router Getting Started Guide Published on Silver Spring Networks STAGE (

Architecture Overview

What do we expect from Wireless in the Factory?

Xceedium Xio Framework: Securing Remote Out-of-band Access

Security Guide Zoom Video Communications Inc.

Real-time Communications Security and SDN

Intel Active Management Technology Overview

IPM Secure Hardening Guidelines

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

The Zentri Secure IoT Platform

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

WP-PD Wirepas Mesh Overview

System Architecture Challenges in the Home M2M Network

SUB-TITLE WLAN Management-as-a-Service

VNC Connect security whitepaper. Cloud versus direct with VNC Connect

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

MicroPnP The Zero-Configuration Platform for Wireless Sensing & Actuation

The office for the anywhere worker!!! Your LCB SOFTPHONE: A powerful new take on the all-in-one for a more immersive experience.

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

The Internet of Things and Security

Windows 10 IoT Core Azure Connectivity and Security

Cassia MQTT User Guide

Cloud versus direct with VNC Connect

Cisco 5921 Embedded Services Router

A62 Access Point. Netsurion makes Wi-Fi smarter and simpler. Diverse solutions. Enterprise Wi-Fi that just works. Hospitality

Milestone Interconnect TM

A connected workforce is a more productive workforce

BYOD: BRING YOUR OWN DEVICE.

Introducing Linxs Executive Summary - Q2/2018. Linxs by New Tinxs NV/SA

INTERNET OF THINGS (IoT) DESIGN CONSIDERATIONS FOR EMBEDDED CONNECTED DEVICES ANDREW CAPLES SENIOR PRODUCT MARKETING MANAGER, NUCLEUS

A62 Access Point. Enterprise Wi-Fi that just works. Netsurion makes Wi-Fi smarter and simpler. Diverse solutions

Resilient IoT Security: The end of flat security models

Level 1 Technical. Microsoft Lync Basics. Contents

Chapter 11: Networks

Pulseway Security White Paper

RTX41xx Introduction. March 2013

Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS)

Move, manage, and run SAP applications in the cloud. SAP-Certified Infrastructure from IBM Cloud

Nokia AirGile cloud-native core: shaping networks to every demand

Portable Wireless Mesh Networks: Competitive Differentiation

PI System Pervasive Data Collection

Chapter 11: It s a Network. Introduction to Networking

The Integrated Smart & Security Platform Powered the Developing of IOT

Seminar: Mobile Systems. Krzysztof Dabkowski Supervisor: Fabio Hecht

DECT and ULE Addressing the requirements of IMT2020

VMware Workspace ONE UEM Integration with Smart Glasses. VMware Workspace ONE UEM 1811

Distributed Pervasive Systems

ČVUT FEL v Praze, U-BLOX IOT MODULES

Industrial IOT Gateway Family Datasheet

Cisco RV110W Wireless-N VPN Firewall

Meraki Z-Series Cloud Managed Teleworker Gateway

System Requirements. Network Administrator Guide

A10 HARMONY CONTROLLER

Introduction. The Safe-T Solution

Sentinet for Microsoft Azure SENTINET

EFOLDER SHADOWPROTECT CONTINUITY CLOUD GUIDE

SOLO NETWORK (11) (21) (31) (41) (48) (51) (61)

23 Must-Have WiFi Features

Cisco RV180 VPN Router

Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust

IPv6 Home Automation. IGC/INET, 12/05/2004 Jordi Palet & Francisco Ortiz Consulintel

Securing MQTT. #javaland

Solution Overview Vectored Event Grid Architecture for Real-Time Intelligent Event Management

for Multi-Services Gateways

TECHNICAL WHITE PAPER FIDO APPROACHES: NOK NOK LABS S3 SUITE VS BUILD YOUR OWN FIDO

APC by Schneider Electric Elite Data Centre Partner

Accelerating IoT with ARM mbed

Service Mesh and Microservices Networking

Campus Network Design

Dell EMC OpenManage Mobile. Version 3.0 User s Guide (Android)

idevices Connected App Manual

The team has extensive expertise in microcontrollers, embedded systems design and wireless technologies like NFC, Bluetooth and Wi-Fi.

Accelerating IoT with ARM mbed

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Securing Internet of things Infrastructure Standard and Techniques

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

A Series Enterprise WiFi that just works.

Security in Bomgar Remote Support

ARM mbed Reference Designs

RUCKUS CLOUD WI-FI Cloud Managed Wi-Fi

Enterprise Connected Video Security

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Security in Apple HomeKit. 4. Meeting IG sha 9. März 2017 in Horw Dr. Cuno Pfister

BlueJeans Room with Dolby Conference Phone. Advanced Configuration Guide

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

EXAM Core Solutions of Microsoft Lync Server Buy Full Product.

DMK 11A & 11A GPS Owners Manual

General System Requirements MCS Apps

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Configuring OfficeExtend Access Points

UNIK Building Mobile and Wireless Networks Maghsoud Morshedi

Never Drop a Call With TecInfo SIP Proxy White Paper

Intel Research mote. Ralph Kling Intel Corporation Research Santa Clara, CA

Nuclias by D-Link is a complete cloud-managed networking solution for small to medium-sized organisations with one or more sites.

ARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC MAINFLUX

Cisco Webex Cloud Connected Audio

Transcription:

IoT Infrastructure idevicesinc.com

Introduction To The idevices IoT Infrastructure The idevices IoT Infrastructure efficiently solves communication needs for connected devices without increasing development costs, retaining end-to-end model (no additional server programming required) with minimal memory and CPU footprints, and with orders of magnitude lower costs for device lifetime connectivity when compared to competing solutions. It handles firewalls and NATs smoothly, and its datagram nature greatly reduces the load on the network infrastructure while ensuring ping-level end-to-end latencies.

BUSINESS DIFFERENTIATORS Orders of magnitude lower costs to eliminate consumer- pricing impact Sample lifetime cost: One-way environmental sensors: $0.50 Smart plugs: $1.00 Video streaming 1hr/day, 2hrs stored: $20.00 Device lifetime access granted at manufacture time. Zero after-market onboarding. Eliminates the need for, and cost of, server programming. All interaction is between devices and controllers (handsets, etc.) If it works locally, it works remotely. The same technology covers a wide range of use cases, from simple sensors and switches to video streaming. Users, not the IoT/IP Infrastructure, own data. TECHNOLOGY DIFFERENTIATORS Short latency real-time communications Has storage Wide range of applications, from remote control to live video streaming Support for battery operated devices with ultra-low duty cycles Lifetime provisioning model at time of manufacturing Zero on-boarding, handled by coins Native handling of NATs and firewalls Secure and audited

SERVICES Conduit: A fast, secure and transparent real-time communication bridge between devices and controllers. On one side this bridge is terminated by IoT/IP enabled accessories (devices), which may also provide remote connectivity to other (legacy) devices without IoT/IP capability. On the other side, it is terminated by controllers (handsets) or server-based applications. No new trust relationships are formed and the existence of the idevices IoT infrastrure is hidden from the users. EStorage: Key-value storage service for short or long timeshifted data exchange between accessories, controllers and server-based applications, including video streaming. For both services, pairing an accessory with one or more controllers enables the basic naming and security model. This pairing provides a unique identifier in a sparse name space, which is required to access real-time communication channels or stored records. It can be viewed as a key-value communication channel and a key-value store. Keys are sparse and impossible to guess (similar to, but far more secure than telephone confernce call PINs). While all communication between the IoT/IP Infrastructure and clients is encrypted, application developers are advised to use independent end-to-end encryption provided by the SDK. The IoT/ IP Infrastructure is without knowledge of what data goes through it or is stored in it.

Infrastructure The idevices IoT Infrastructure is a passive conduit and storage channel of data that it cannot understand. It does not need to identify clients, instead, the IoT/IP access authorization itself is based on anonymous bearer certificates ( coins ), and it does not understand the semantics of communications, or of stored records. Only devices (accessories) need coins, everyone else gets access for free, within the constraints of specific services. It involves no onboarding, meaning there are no accounts, no logins, no dashboards and no new relationships. DDoS General DDoS attacks are mitigated by large, uniform attack surfaces across all servers, and targeted DoS attacks are prevented by the huge private address space.

HIGH AVAILABILITY The idevices IoT Infrastructure consists of growing sets of bare metal servers placed in premium colocations at major Internet exchange points, connected to the backbone, in all cases, by two independent tier-1 bandwidth providers. The system operates in a highly redundant mode without performance or availability bottlenecks. CAPACITY As of July 2015, the system capacity is 400,000 transactions per second, which supports around 50 million switch-like devices, and it is expected to double by the end of 2015.

Integration Roadmap 1. DEVELOPER ONBOARDING Authorized IoT/IP developers get access to the idevices IoT SDK, support, test coins and the development infrastructure. In some cases, idevices staff performs the initial integration. 2. INTEGRATING SDK The flow of this step depends on the nature of the project. Some possible scenarios are: Completely new device, built ground-up for IoT/IP Adding IoT/IP connectivity to the exisiting device Providing IoT/IP connectivity only at the handset level Using an existing IoT/IP-enabled device as a bridge

3. TESTING Developers get access to both a dedicated testing infrastructure (X-Ray servers), which provides detailed feedback essential in the early phases of development, and to the fast deployment infrastructure, where they can experience IoT/IP at full speed. 4. MANUFACTURING INTEGRATION The OEM is issued coins for their particular class of devices and each device is permanently provided with one coin. Coins are typically valid for the lifetime of the device. 5. DEPLOYMENT Devices are sold to consumers and no further action is required. If necessary, idevices deploys additional servers closer to the target market(s). Co-operation of the IoT/IP infrastructure with OEM is an option.

IoT/IP Essentials The main objective of the idevices IoT Infrastructure is to provide an efficient solution for two major aspects of device connectivity: communication setup and communication channel. DISCOVERY + PROVISIONING The discovery involves establishing the initial after-market association between devices (out of the box) and their controllers (usually the exisiting handsets and/or servers.) During this process the two sides learn each other s identities and perform an exchange of credentials and other information required for operation of the device. This will ensure a reliable establishment of secure connections in the future. The idevices IoT Infrastructure and idevices IoT SDK provide several features to facilitate the provisioning: CrossCast: Fast and reliable Wi-Fi communication method where the device does not need to know Wi-Fi access point credentials or associate with one, and does not require either side to enter Access Point mode. CrossCast typically provisions the device with 2 kilobytes of information, in noisy environments, in less than 1 second. Estorage: A standard feature of the idevices IoT Infrastructure, used as a provisioning mediator for low-duty cycle devices. EStorage allows for efficient communication for devices with ultra-low energy budget.

This provisioning process consists of several steps: 1. Establish a shared secret for the initial communication, ensuring that the involved controller actually talks to the device involved, and not the neighbor s. This is usually done with out-of-band signaling by the user (e.g. by typing in the PIN printed on the device or by Bluetooth pairing, etc.) 2. Using the initial shared secret, provide the following information, with the initial communication channel (CrossCast or Bluetooth ): Network access information, if applicable. For example, Wi-Fi access point credentials. This step may cause the switch from the initial communication mode to the new one (IP over Wi-Fi ). Channel names to be used for communicating with peers, and credentials for authenticating (such as public keys). Other required information, such as specific device characteristics or settings. 3. Testing the newly established communication channel, names and credentials. In a typical consumer scenario, the device does not have any user input hardware and initially knows only its unique ID(s), such as PIN printed on the device (or Bluetooth pairing PIN), which is sufficient for Step 1. The following SDK API calls perform the provisioning: On the controller side: int provision_send(uint8_t *pin, int pinlen, uint8_t CSID[16], uint8_t *mypubkey, int mypubkeylen, uint8_t *devicepubkey, int *devicepubkeylen); [devicepubkey and devicepubkeylen are returned values.] On the device side: int provision_get(uint8_t *pin, int pinlen, uint8_t *mypubkey, int mypubkeylen, uint8_t *CSID, uint8_t *controllerpubkey, int *controllerpubkeylen); [CSID, controllerpubkey and controllerpubkeylen are returned values.]

COMMUNICATION BASICS The idevices IoT Infrastructure consists of many redundant bare-metal servers located at premium colocations in North America, Europe and China, connected to multiple Tier-1 bandwidth providers. The communication is based on UDP over IPv4, thus covering all existing consumer markets. The following table illustrates basic features of IoT/IP compared to the familiar TCP/IPv4 stack: Feature IoT/IP TCP/IP Address Space 128 bits 32 bits Address Authority Self-assigned by devices Infrastructure-assigned Address Exposure Private Public Compulsory Encryption Between Routers 256-bit None NAT Piercing Native None Storage Short term and medium term None The SDK is OS-neutral and has been tested on multiple firmware, handset, desktop and server platforms. The memory footprint is very small, enabling integration when the available space is very tight (130Kb code and 10Kb RAM on ARM architectures.)

CONDUIT Conduit enables real-time, low-latency, end-to-end communications. The SDK provides a rich functionality interface beyond the basic datagram mode, including reliable messaging, end-to-end encryption, connection hibernation, etc. The full description is available in the idevices SDK User Guide. The Conduit API provides for fast integration for all application models. The device can be a traditional server or client, or it can operate in custom modes. Connections can be datagram or reliable. The calls include: iot_connection_create(); iot_send(); iot_receive(); iot_connection_close(); ESTORAGE EStorage enables short-term (hours) to medium-term (days) retention of key-value records. EStorage is typically used for: Storing device log records for further analysis Capturing communication from ultra-low duty cycle devices Video streaming (both live and recording) Firmware updates The SDK provides additional functionality including reliable get and put, authenticated updates, etc. The full description is available in the idevices SDK User Guide.

DEVICE TO SERVER SECURITY The platform includes compulsory client<>iot server encryption with 256-bit ciphers with forward secrecy: END-TO-END SECURITY Conduit communications have additional SDK-provided, end-toend encryption with forward secrecy with a different cipher suite than the one used for client-server communication.

AUTHENTICATION All authentication scenarios are provided for: Mode Accessory Controller Use Case Actions 2-Way Authenticated Knows C s public key. Has fixed key pair. Knows A s public key. Has fixed key pair. Private pairing Each side verifies other by sending nonce. C creates ephemeral key pair, sends public key to A. A creates sesion key, sends to C via ephemeral key. 1-Way Authenticated Knows C s public key. Has no fixed key pair. Doesn t know A s public key. Has fixed key pair. Trusted controller. Many accessories talking to a trusted backend server (firmware updates). A verifies C with nonce, creates own key pair, sends public key to C. C creates session key, sends to A via A s public key. 1-Way Authenticated Doesn t know C s public key. Has fixed key pair. Knows A s public key. Has no fixed key pair. Many random controllers talking to a trusted accessory (weather station). C verifies A with nonce, creates own key pair, sends public key to A. A creates session key, sends to C via Cs public key. Ad Hoc Doesn t know C s public key. Has no fixed key pair. Doesn t know A s public key. Has no fixed key pair. VoIP/video conferencing C creates ephemeral key pair, sends public key to A. A creates session key, sends to C via ephemeral key.

Application Examples To illustrate IoT/IP Infrastructure integration scenarios, several different applications are described below, ranging from batteryoperated sensors to live video streaming. ULTRA-SHORT DUTY CYCLE Combination of CrossCast provisioning, EStorage and Conduit services can enable ultra-short duty cycles, resulting in low-energy budgets and extending battery life of full-power and full-range Wi-Fi devices to many years. These are typically environmental sensing (temperature, humidity, vibrations, etc.) One such example would be a Water Leak Detector. It is a battery-operated, low cost Wi-Fi device (with full power radio and range) that reports water presence every few hours. The negative messages are recorded to EStorage, and a separate process periodically scans these for non-reporting (malfunctioning) devices. The positive messages are additionally relayed via Conduit to the instant-messaging alert service. The projected battery life on 2 AAA batteries is 6+ years.

DUAL PROTOCOL DEVICES The idevices IoT Infrastructure, due to its small footprint, can be implemented as an additional transport layer, either in parallel with or under the existing one, to provide complete transparency to the application layer. For example, the idevices Switch product falls in this category. While it implements Apple HomeKit protocol, it can use the idevices IoT/IP Infrastructure if HomeKit s native remote access transport is not available. Any switching between the two is transparent to the user. HANDSET TO HANDSET RELAY There are many Bluetooth only devices that are locally operated with handset apps, and due to nature of Bluetooth connections, only one handset can access any device at one time. For the idevices, igrill, a Bluetooth grilling thermometer, a relay feature was added to the original Bluetooth -only app. This enables all handsets paired with a particular igrill to access it remotely, as long as at least one paired handset is in Bluetooth contact with the igrill. There were no changes to the user interface, and connectivity switched automatically. For example, if handset A has a local Bluetooth connection with the igrill acting as a relay, and handset B is remote, both have the same access. If B moves close to the igrill and A moves away, beyond Bluetooth range, the switch is automatic (B becomes relay) without any interruption.

VIDEO STREAMING The device has a USB connector and can accept modern USB cameras. The video stream is segmented and encoded in EStorage records with forward error correction. The controller, or multiple controllers, can access either the live video stream, or previously recorded footage.

Contact idevices To Learn More If you re interested in how The idevices IoT Infrastructre can help your brand get connected, contact us at: IoT@iDevicesinc.com or call: 800.277.3381 idevicesinc.com 1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback