Presentation is loading. Please wait.

Presentation is loading. Please wait.

MODULE 3 Prototyping and Designing the Software for IoT Applications.

Similar presentations


Presentation on theme: "MODULE 3 Prototyping and Designing the Software for IoT Applications."— Presentation transcript:

1 MODULE 3 Prototyping and Designing the Software for IoT Applications

2 Prototyping and Designing Software for IoT Applications: Introduction, Prototyping Embedded device software, Programming Embedded Device Arduino Platform using IDE, Reading data from sensors and devices, Devices, Gateways, Internet and Web/Cloud services software development. Programming MQTT clients and MQTT server. Introduction to IoT privacy and security. Vulnerabilities, security requirements and threat analysis, IoT Security Tomography and layered attacker model.

3 Prototyping Embedded device software First level in IoT architectural concept is gathering (data from devices/sensors) + consolidating (enriching). Second level is connection to the Internet. An IDE enables development of software for functions at first and second levels. IDE may also enable usages of the OS or RTOS functions at an embedded device. Boot loader firmware stores at flash/ROM of a microcontroller in a device and enables communication with a computer having an IDE.

4 The IDE, in general, consists of the libraries, compilers, RTOS, simulator, editor, assembler, debugger, emulators, logic analyzer, code burner. An IDE may be an open source. For example, Arduino has an open source IDE which is downloadable from the Arduino website. IDE enables the development of codes on a computer, and later on downloading (pushing) of codes on to embedded device, such as Arduino or microcontroller board. The code-burner places codes into flash memory or EEROM or EPROM. The specific application codes are thus embedded into the device.

5 Programming Embedded Device Arduino Platform using IDE Arduino board can be programmed using avr-gcc tools. The Arduino board has a pre-installed boot loader embedded into the firmware. Arduino programmer develops the codes using a graphical cross- platform IDE. Arduino provides simplicity.

6 IDE of Arduino board also has simplicity, is based on processing language and makes the programming easy. The board connects to a computer which runs the IDE. The boot-loader program hand overs the control and enables running of the loader, which loads the required OS functions and software into the system hardware and networking capabilities into the board.

7 The Arduino boot loader provisions for multitasking by the usage of interrupt handing functions for each task. Multitasking is done by assigning multiple values of a number n for the tasks (n > 0). When an instruction for interrupt; for example, INT n executes, then interrupt-handing function n is called for execution.

8 The IDE consists of a set of software modules, which provide the software and hardware environment for developing and prototyping the software for a specific device platform. First, a computer downloads an appropriate IDE version, as per the computer OS. A computer usually runs Windows or Mac OS or Linux.

9 The boot loader enables the computer to push the developed codes into a board using the Arduino IDE through a USB cable or a labeled serial port. Arduino boot loader need not initiate the upload of OS, as done in a computer where boot loader loads the OS from the secondary disk.

10 The Arduino IDE includes a C/C++ library. The library is called Wiring for a project of the same name with open source module at a website. The Wiring library functions make coding easy for the Arduino IO operations.

11 Development of the Codes Arduino IDE functions as a file editor for the codes using the Processing environment and library functions. Simplicity of Arduino is clear from the fact that only two functions are necessary to define executable program functions for the board, namely, setup ( ) and loop ( ). The function setup ( ) runs at the start and is used for initializing settings, The function loop ( ) has a program in endless loop using statement 'while (true) {statements ;}' which runs till power off.

12 Problem Programming for Arduino controlled traffic-control lights (TLs) at a road junction:

13 Arduino Uno board as an embedded device platform for the following project: Three TLs—Red, Yellow and Green needs to be controlled on each of the four north, east, south and west clockwise pathways. Let twelve GPIO pins on Uno connect twelve number externally connected LEDs, R 0, Y 0, G 0, R 1, Y 1, G 1, R 2, Y 2, G 2, R 3, Y 3, and G 3, (four sets of three R, G, Y LEDs each). The port LEDs represents the TLs during the prototype- development and testing-stage. How can the port LEDs be 0n-0ff programmed so that north and south pathways directed roads and traffic is switched on and east and west pathways traffic switched off?

14 First step is declaring the data types, constants, variables and functions used. Second and third steps are coding for setup ( ) and loop ( ).

15

16 Digitalwrite (ledR1, High); Digitalwrite (ledY1, Low); Digital write (ledG1, Low); Digitalwrite (ledR3, High); Digitalwrite (ledY3, Low); Digital write (ledG3, Low); };

17

18

19

20 Problem Programming for Arduino controlled traffic-control lights (TLs) ata road junction with control of on intervals:

21 Assume delays of 10 s each between successive states of LEDs and steady state for 30 s for a pair of pathways. Write the Function test ( ) to find that the software is functioning as programmed on the board. Assume that test function uses on-board LED at GPI0 pin 13 during the period of running of codes.

22

23

24

25

26 Reading data from the Sensors and Devices Using ADC Analog Input Using the Libraries Using the Timers Using Software Serial Library Using I2C Serial Protocol

27 Using Cloud Library Using an OS Using Multitasking Using Real-time Thread Scheduling Library

28 PROBLEM Programming of Arduino for usages of analog sensor devices at SPI port: A temperature sensor analog output is given to an SPI at Arduino through a 10-bit ADC and PISO. How will the data be read from the SPI input every hour into an Arduino board from the sensor? How will the one hour wait loop be programmed and how does the test performed by LED on-off states using a blinking program blink at each 3 s interval?

29 Solution Step 1 is declaring the data types, constants, variables and functions used. Second and third steps are coding for setupQ and loop(). Step 2 is as follows for setup () statements of the program for setting the board and parameters for measurement of sensed V. Step 3 is as follows for loop ( ) statements of the program for measuring the ADC input and parameters for the measurement of sensed V at successive interval. Step 4 includes a test ( ).

30 STEP-1

31

32 STEP-2

33 STEP-3

34 STEP-4

35 Programming Embedded Device Platforms for Internet Connectivity Using the Ethernet and WiFi Libraries Using IP Library Using Cryptographic Library Adding Security and Authentication Data Encryption and Decryption

36 Using the Ethernet and WiFi Libraries Arduino Ethernet Library and header files in the library enable the usage of Serial IO functions between Arduino SPI port, IO utility, Ethernet shield, Ethernet client, Ethernet server, DNS and UDP protocol functions.

37 Using IP Library IP library is used when a set of built-in codes and the codes which enable use of the functions of the library for creating stack for the TCP/IP protocols based communication are needed. Examples of IP library functions are (i) lwIP (lightweight Internet Protocol) which enables TCP/IP communication with the little memory requirements. (ii) uIP (micro Internet protocol) library functions enable TCP/IP communication with very little memory requirements.

38 Using Cryptographic Library Security of data from embedded device platforms is of high importance in web applications and services.

39 Adding Security and Authentication Securing Communication of Authentication Code (Secret Key) Security adds by communicating hash of Al or secret key (a text string) in place of communicating plain text string. A function, called hash function creates a fixed length string, called hash of the input string, for example of Al. The H(A1) uses the original string, say Al. User communicates H(A1) in place of original Al.

40 Data Encryption and Decryption Data needs protection from read and use by an in-between system. Encryption ensures the protection needs. Uses of standard algorithms, such as AES128, AES192, AES256 or DES enable the encryption and decryption.

41 DEVICES, GATEWAYS, INTERNET AND WEB/CLOUD SERVICES SOFTWARE-DEVELOPMENT Connected devices in IoT/M2M use the CoAP and LWM2M web- communication protocols and messaging-protocols, such as message- cache, Message Queue Telemetry Transport (MQTT), and Extensible Messaging and Presence (XMPP). MQTT is a publish/subscribe (Pub/Sub) protocol. The devices connect, network and communicate over the web. They use the communication gateway, SOAP, REST, RESTful HTTP and Web Sockets.

42 Five levels for software development for applications and services for IoT or M2M

43 Software, such as Eclipse IoT, enable the development of software for the first, second and third levels. The software enables the device gateways connectivity to the Internet and cloud server. Eclipse IoT enables open source implementations of IoT protocols. The implementable protocols include MQTT CoAP, OMA-DM and OMA LWM2M and Internet connectivity protocols

44 Use of Software Stack for an Intended Complete Solution Consider the software for higher levels. Each level has characteristic complexity and fragments. The connected devices use a variety of protocols, such as LWM2M, CoAP, MQTT, and methods for connecting to the web. Web communication uses the Gateway, SOAP, REST, RESTful HTTP and WebSockets functions. A stack is a full set, consisting of frameworks, applications and services that are minimum needs for intended complete solution.

45 End-to-End IoT Solutions with Java using Eclipse IoT Stack Open Services Gateway Initiative (OSGi) provides and maintains open standard specifications. OSGi describes the specification of management of Java packages/classes in a modular system, which enables the implementation of a complete and dynamic component model. A component means software which can reuse a core set of frameworks and services for provisioning the solutions. The components and applications deploy in the form of bundles and can be remotely installed, started, stopped, updated, and uninstalled without requiring system reboot.

46 The features of Eclipse IoT stack are: Provides open source specifications which are as per open OSGi standard specifications Provisions for simpler open source implementations, and programs, services and bundles development using the open source Java frameworks and services Consists of the components and frameworks for IoT solutions. The stack takes care of the complexity of creating IoT solutions and enables fast development of the solutions Provisions for open source technologies which enables easy programming in Java for the device platforms, and running the codes in JVM or Eclipse Concierge (a lightweight implementation of OSGi runtime)

47 Table : Eclipse implementations and frameworks included in Eclipse IoT stack

48 Enables usages of protocol functions provided in lightweight M2M (OMA M2M standard), MQTT (OASIS IoT standard), CoAP (IETF IoT standard) and standard network protocols. The functions provide the connectivity and interoperability of the device gateways Provisions the IoT gateway services for remote management and applications management Provisions for new solutions for devices connectivity to the Internet and the remote management and application management functions and APIs for using server or cloud provided functions Support of large number of institutions including Cisco and IBM Eclipse IoT stack includes device platform for physical/data-link and adaptation layers. Table gives the implementations and frameworks for (Gather + Consolidate) and local network and gateway software (connect) levels.

49 OSGi in addition to original focus, now has evolved specifications far beyond the gateways, such as eventing, configuration management, clock, crypto (aes, base64, sha-1), geolocation data, cloud and application servers and services for the connect and manage functions.

50 The example considered a smart umbrella as a device platform, which enables the umbrella, and behaves like living entity through computing. An embedded small device interacts with the weather web-service and mobile of the owner through the Internet.

51

52 Assume that an umbrella consists of an embedded device for an IoT weather application. The device application uses a mash of APIs as follows: When a start of the day event, say 8 a.m., ticks at the clock a callback() function executes and sends a client-request to the location server (Sequence 2), and pulls the location data (sequence 3). Sequences 2 and 3 find the location and generate event message on location change. Location API sends message for new location in case of device-location change (Sequence 4).

53 The umbrella ID, date, time and location stamps communicate on the day-start event to the weather API. An event, if generates an extreme weather warning, then a callback function executes. The warning can be by LED flashes at the device or by a text message on the mobile.

54 The weather web application at the umbrella is using number of APIs and callback functions. These are: Location API gets the name of the city from the location server. (Sequences 2 and 3). The weather web-API callback functions interact with the weather API for the weather service messages. The API subscribes to MSN or another weather Server. The server publishes weather messages for the subscribing clients (Sequence 5 to 8).

55 Weather service API sends service messages as a response which communicates over the Internet to the weather-client of the web API. The weather service also communicates in response the present and next two days predications, and expected maximum and minimum temperatures (Sequences 9 and 10). Umbrella mobile web API sends message for owner on mobile using NFC protocol (Sequences 11 and 13 in the figure).

56 Software development programming MQTT client and MQTT server A communication mode is pub-sub mod. MQTT protocol provides for three objects, MQTT clients at the devices MQTT broker MQTT clients at the applications

57 Connected devices, sensors nodes, network data points, Nimbits server, deployment at the device network nodes, and networked with the Nimbits Server (Paas, SaaS and IaaS services) at cloud for applications and services.

58 The Figure shows the connected street lights, publishing the sensed data and subscribing for the control data, and using MQTT clients during communication with the application layer. The Figure shows the MQTT clients controller. The figure also shows sequence 1,2,3,4 for the message exchange.

59 Introduction to IoT privacy and security International organisations are making a number of efforts towards ensuring that IoT design must ensure trust, data security and privacy. TRUST SECURITY PRIVACY

60 Trust is important. For example, consider the messages and video clips of the operations from the ATMs to server. A user places the trust in the bank that sensitive information will not be disclosed which can harm the user. When things communicate in an analogous manner, then trust of safe use of data exists.

61 Security is important. – For example, consider the ATM messages. They should communicate on Internet securely. The security distortions can lead to serious consequences. Privacy is important. – The video clips communicate on the Internet in a smart home security application. If the clips reach unrelated entities, it can lead to serious breach of home security.

62 VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS Privacy Message privacy means that the message should not reach into the hands of the unrelated entities. Privacy also means no interference or disturbance from other. IoT necessarily need privacy policy.

63 Vulnerabilities of IoT Vulnerability means weak without complete protection, weakness to defend oneself or can be easily influenced from surrounding unwanted things from itself. For example, sensors, machines, automobiles, wearable's, and so on. Each faces different kind of vulnerabilities and has complex security and privacy issues. Open Web Application Security Project (OWASP) has undertaken the associated security issues of IoT for the purpose of helping developers, manufacturers and consumers.

64 OWASP (Open Web Application Security Project) has identified top ten vulnerabilities in IoT applications/services as follows: Insecure web interface Insufficient authentication or authorization Insecure network services Lack of transport encryption/integrity verification Privacy concerns Insecure cloud interface Insecure mobile interface Insufficient security configurability Insecure software or firmware Poor physical security

65 Security Requirements IoT reference architecture is a set of three architectural view – Functional, – Information, and – Deployment & operational. Security is one of the functional groups (FG) of the functional view. FG for security consists of security functions between the application and device.

66 Security FG contains five sets of functions which are required for ensuring security and privacy. Large number of devices, applications and services communicate in IoT. Five functional components (FCs) of security are defined in IoT reference architecture. Following are five functional components (FCs): 1. Identity management (IdM) 2. Authentications 3. Authorisation 4. Key exchange and management 5. Trust and reputation.

67 Threat Analysis A threat-analysis tool first generates the threats and analyses a system for threat(s). Threat analysis means uncovering the security design flaws after specifying the stride category, data flow diagram, elements between that the interactions occurring during the stride, and processes which are activated for analysis. Stride means a regular or steady course, pace or striding means, passing over or across in one long step. Stride means taking a long step for dainty little steps.

68 Fig- Security function group components in functional view in IoT reference architecture

69 IoT SECURITY TOMOGRAPHY AND LAYERED ATTACKER MODEL Security Tomography Computational tomography means a computing method of producing a three-dimensional picture of the internal structures of an object, by observation and recording of the differences in effects on passage of energy waves impinging on those structures. Computational security in complex set of networks utilizes the network tomography procedures of identifying the network vulnerabilities. This enables design of efficient attack strategies.

70 Layered Attacker Model Fig- Layered attacker model and possible attacks using IETF six-layer modified model for loT/M2M

71 Layer 1 Attacks Solution Solution depends on the devices used. – For example, link-level provisioning of security uses—BT LE link level AES-CCM 128 authenticated encryption algorithm for confidentiality and authentication, and ZigBee at link-level security using AES-CCM-128.

72 Layer 2 Attacks Solution Programming the network switches to prevent internal node attacks during use of Spanning Tree Protocol (STP). Additional controls may include ARP inspection, disabling unused ports and enforcing effective security on VLAN's (Virtual LAN) to prevent VLAN hopping. VLAN refers to a group of end stations with a common set of requirements, independent of a physical location. VLANs have the same attributes as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment.

73 Layer 3 Attacks Solution Use of temper resistant router, use of packet filtering and controlling routing messages and packets data between layers 3 and 4 through a firewall reduces the risks.

74 Layer 4 Attacks Solution Port scanning method is a solution which identifies the vulnerable port. A solution is the opening of network ports and configuring effectively the firewall, and locking down ports only to those required. A solution is DTLS between layers 5 and 4. The DTLS (Datagram Transport Layer Security) has provisions for three types of security services, viz. integrity, authentication and confidentiality. A solution is include SASL (Simple Authentication and Security Layer) for security when using the XMPP protocol.

75 Layers 5 and 6 Attacks Solution we are looking primarily at application-level attacks which are results of poor coding practices. Assume an attacker injects the SQL input to extract data from the database (e.g. SELECT * from USERS). When the application fails to validate the injection, the query extracts the data.

76 Web applications/services can use HTTPS communication link. The features of S-HTTP (Secure HTTP) are as follows: Application-level security (HTTP specific) Content privacy domain header Allows use of digital signatures and encryption, various encryption options Server-client negotiations Cryptographic scheme is a property assigned for the link Specific algorithm is the value assigned Direction specification is done, one-way or two-way security

77 CISCO suggested layered framework provisions for following solutions: Layers 1-6: Role-based security Layers 1-4 Anti-temper and detection-based security Layers 1-6: Data protection and confidentiality Layers 1-6: IP protection


Download ppt "MODULE 3 Prototyping and Designing the Software for IoT Applications."

Similar presentations


Ads by Google