Securely Connected to the Internet of Things

Transcription

1 3

2 Wireless Technologies: Neratec is known as specialist in wireless technologies: WLAN, Bluetooth, Bluetooth Smart, RFID, NFC, EnOcean, Zigbee, GPRS, GPS,.. Embedded Products: Neratec develops products and cares about the whole product life cycle: starting from the product idea, going over to production and maintenance and ending with the end-of-life of the product. WLAN Products: Neratec has own WLAN products which have outstanding robustness and performance: Industrial Wireless LAN Stations, WLAN Outdoor Access Points, WLAN Module Customized Products: Neratec develops products based on customer specification, initiates and cares about the production, enables and provides Life-Cycle-Management and product support. Normally ODM products are based on a Neratec-Platform (e.g. Neratec Embedded Platform) Engineering Services: Based on our Know how we provide services like: Feasibility Studies, System Design, Specification, HW/SW Development, Project management, Verification, Validation & Certification Testing Quality: Due to the fact that one of our most important customers for our WLAN products is from the railway industries, Neratec is used to develop products which fulfill highest quality Introduction of Presenter: Adrian Freihofer: System Architect of the Neratec Embedded Platform Markus Hüppi: Platform Manager of the Neratec Embedded Platform 4

3 Before we can discuss about the risks and challenges related to IoT, we need to understand some basics. Agenda: Internet of Things (IoT) What is the IoT? What are its targets and requirements? Where are the challenges? IoT Framework How to realize the IoT today? How to cope with the IoT challenges? Device Life Cycle How does a Device Life Cycle look like? Why is a bullet prove IoT Framework essential? 5

4 6

5 Internet of Things (IoT), M2M, Industries 4.0 and Smart Factory are all buzzwords from today. They all are not only focusing the same target but are also based on the same concept: The networking of devices shall optimize processes and create an added value (= money) In the IoT many different devices (Sensors, Actuators, Controllers) are connected with each other and are able to exchange data (more or less real-time). This data (big data) can be used to provide new services which shall optimize processes and make our lives easier 7

6 A good Example is the heating system in your house. Itmakes sure it is comfortable warm in winter. However, it is not only about comfort. In Switzerland, the heating costs are not negligible. Even nowadays most heating controller work still very rudimentary. There is an outdoor temperature sensor and a heating curve which is programmed in the controller. Some heating system do not even have an indoor temperature sensor. 8

7 By help of the IoT, the comfort can be increased and the heating costs can be lowered. How it might work: Due to the data from MeteoSwiss, the heating controller knows, that in the afternoon a warm front is going to arrive. As consequence, the heating controller reduces the heating power in such a way, that overheating can be avoided. This mechanism does not only safe energy but also improves the comfort in the house. Based on the data from Calandawindthe heating controller can benefit from cheap energy at the time of energy overproduction. However, even though it sounds pretty easy, it is not at all. According to the IoT visionaries, the devices in the IoT will talk to each other without any barriers in the future. However, for the time being standards and protocols for such communication are missing. On of the major challenges is to guarantee a secure and reliable data exchangebetween the devices. Nevertheless, the IoT is not fiction. The solution from today just looks slightly different. 9

8 Neratec sees the IoT of today as follow: The IoT is not a network of devices but a network of Device Clouds. A Device Cloud consist of many devices and a server called cloud manager. The Device Cloud is a private network and is managed by an administrator. The administrator defines which devices are integrated into the cloud. He knows how the devices are functioning and how they need to be maintained. Finally, he defines which data are provided to the Internet (e.g. IoT) or to superior processes (e.g. ERP). This IoT solution based on a Device Clouds is not the IoT described by the visionaries where each device can freely talk to any other device but it is a first step towards the IoT. Much more important: It can be realized today. The Device Cloud has one characteristic which solves all the open issues in the IoT and this is the fact that somebody (the administrator ) is responsible for the Device Cloud and cares about: Data Security Reliability Maintenance Especially the maintenance of a device (e.g. Identification of failure, SW update,..) can not be delegated to the self-controlled IoT and must be under control of an administrator. Example: MeteoSwisshas to install, observe and maintain all its distributed sensors for being able to make a reliable weather forecast. Calandwindknows best, how to pitch the rotor blade to get highest performance Only the Heating Manufacturer itself shall release and deploy new SW for its controllers in the field This is the view of Neratec how the IoT looks today. However, we are sure it will look different in a couple of years. 10

9 A Device Cloud has many stakeholders who have different requirements. Here is the view of the user: He does normally not really care what s behind the Cloud as long as it works. Example Heating Controller: It has to be warm and efficient (= cheap)! 11

10 The Administrator of a Device Cloud has some burning questions like: How to provide the needed security against viruses, hackers? How to deploy SW-Updates in case of another Heartbleed? How to handle users with different access rights (e.g. User, operator, adminstrator,...)? 12

11 The boss makes an investment which shall pay-off in a certain time. This can onlybe achieved when the system: is stable, reliable and secure suits the customer needs 13

12 The developer is the onewho has to implement the Device Cloud in such a way, that it complies to all the requirements of all stakeholders (User, Admin, Boss,..). Furthermore, he is the one who has to guarantee that the system is not only working today but also tomorrow. In the Industries, life-cycles of 10 years and more are not uncommon. The maintenance of such a system over multiple years can become very complex and might cost a fortune if the life-cycle-maintenance is not cared about in detail at the very beginning. 14

13 Since devices such as the raspberry pi are available on the market, everybody is enabled to connect an embedded device to the Internet. However, the operation and the maintenance of a Device Cloud in a industrial environment is rather complex. Where the complexity to connect a raspberry pi to the internet is almost comparable to connect a PC to the internet, running a device cloud might be comparable to administrate a company network of PCs. 15

14 Devices which are connected to IoThave at least one common and complex property: Internet connectivity. To address this in a generic way Neratec developed a software framework which provides basic functionality of a Device Cloud. As already mentioned, a Device Cloud consist of embedded devices which are connected to a server (Cloud Manager) via Internet. Internet Connectivity is a complex requirement. But it is a generic requirement which demands for an IoTframework. The Neratecsoftware framework contains a basis implementationfor the embedded device as well as for the CloudManager. Further on the platform provides implementations for common services such as remote accessand SW Update functionality. To fulfill Industrial requirements not only the implementation matters. Processes are important as well. To implement complex SW development processes tools such as a build framework or a release helper are required and therefore part of the Neratec framework too. If embeddeddevices are connected to the internet a strategy to deal with external influences such as a hacker attack or a technology change is absolutely mandatory. In comparison to gadgets with Internet connectivity the life cycle of an industrial device is normally much longer. Industrial devices are often part of a complex infrastructure where exchanging one device is complex, risky and expensive. The requirements towards industrial devices can not be compared with commercial devices like smart phones. To realize Industries 4.0 a next generation of industrial embedded software is required. The software needs to be as agile as current IT solutions and the software needs to be maintainable for a long time. The focus of the Neratec IoTframework is on efficient maintenance even for huge deployments, on Internet Security and on long term software support. 16

15 Thus all of us have about the same idea, we start with an example setup. 17

16 Thispicture provides a graphical overview about the reference setup described on the previous slide. On the left side there are 1000 embedded devices. All of them are connected to the Cloud Manager via Internet. 18

17 The connection is realized with a VPN tunnel. The VPN tunnel (TLS) provides security as well as connectivity across NAT routers. The picture shows the physical connection to the internet via firewalls as well as the virtual connection provided by the VPN in parallel. Due to the VPN based architecture there is no need for listening network ports on the devices. This minimizes the risk for security holes. The initial device configuration which is required by the device to join to the VPN is generated by the Cloud Manager or a dedicated PKI/CA System. 19

18 The data provided by the devices can be processed and stored todatabases such as an ERP system. The Cloud Manager acts as a middleware pre-processing and serving the data e.g. to an ERP system. 20

19 The web based administration interface provided by a device can be accessed via VPN. The Cloud Manager acts as a http proxy for the devices. The proxy approach simplifies setup and maintenance. 21

20 The infrastructure is designed for many devices as well as for many users. This requires user authentication e.g.against an existing domain controller. A Kerberos based user authentication can be implemented on the proxy (Cloud Manager) or on the devices. 22

21 This figure gives an overview of the device architecture. The yellow part represents the application. The orange part represents the generic IoT platform. Normally the platform part exceeds size and complexity of the application. Further more, many companies have big know how and experience in the application but not in building an Internet enabled platform. Therefore, it is important to build upon a proven platform. A platform does not only consist of the components visible in the orange box. It also includes a sophisticated development processes, an automated build and test system and last but not least hardware which provides the needed functionality. The Neratec IoT platform is based on Yoctoproject which provides most of the components required for an IoT platform. 23

22 Several projects tried to add network connectivity to existing software running on a simple upand a limited operating system. This might work for devices connected to a well known network environment. In the IoT scenario, the devices are connected to the Internet. A secure design as well as SW-Update possibility are mandatory. This requires a full featured network stack as provided e.g. by Linux. Another reason to use a full featured network operating system like Linux is the possibility to add features later on. Often people have lots of ideas for additional services and features at the time they really realize how powerful Internet connectivity is. At this point it might be hard to explain that there are limitations which do not allow to implement a simple feature. Of course, a full featured Linux demands for appropriate hardware. However, the HW requirements are not so relevant anymore. The evolution of electronics has lead to powerful and cheap CPUs, Processors and RAM. State of the art SOCs provide at least a DDR2 RAM interface. The cheapest DDR2 memory chip which is available is 128MB and this enough to operate a full featured Linux. But Attention: An SOC which provides the needed HW resources and features is not automatically suitable to run Linux. To run Linux on a SOC, the SOC has to be supported by Linux. Hence, there are two options available: Either an SOC with Linux support is chosen or the Linux is extended that it supports the chosen SOC. Nevertheless, the second option is connected with vast effort and does normally not pay off. Therefore the first option is normally the way to go. Especially for projects where a few hundred devices are required, the costs for SW development often exceed the costs for the HW itself. It s important to choose a HW which is known to run Linux with minimal development effort. For the given IoT setup with a life cycle of 10 years one has to think about long term maintainability. This is not possible as long as support for a HW is not mainlined. 24

23 On the right side is a snapshot of the commit history of the latest Linuxkernel releases. For example: The difference between kernel version 3.14 and kernel version 3.15 are13720 patches. This patches were provided by 183 companies and additional individuals. We can conclude: The changes from release to release are huge and complex. Bad project example: Let s assume a project is based on a SOC which got support for kernel 3.10 (red dot) provided by the SOC vendor. Unfortunately the code can only be downloaded from SOC vendors home page and not from kernel.org. The vendor does not care about kernel updates he simply offers Linux support for kernel version Let s assume, there is a major technology change ongoing (e.g. support for a new IPv6 related feature). For whatever reason this feature is required on the devices. Kernel 3.15 would provide everything needed by the project. However, the Kernel 3.15 does not support the SOC used in the project. Porting SOC support from kernel 3.10 to kernel 3.15 is a complex task and almost impossible. The patches provided for kernel 3.10 are not compatible to kernel Back porting the IPv6 related changes from kernel 3.15 to kernel 3.10 is not possible as well. Good project example: Ifall parts of the code which is used by the project is part of the mainline kernel, a kernel update probably works automatically. Just pull the latest version of the kernel sources, apply the configuration of the previous kernel does the kernel update. Of course a system with an new kernel needs intensive testing. Conclusion: Choosing a HW with mainlined Linux support is crucial to protect the investment into an IoT cloud.it s not always simple to find out if a HW fulfils this criteria or not. Therefore, it is important to verify the quality of Linux support on the evaluation board. If it is not possible to get the evaluation board running by just using source code from kernel.org, the Linux support might be considered as insufficient. Currently, SOC vendors are still learning the process of mainlining their source code. There is definitively an increasing demand from user side for HW which is supported by mainline Linux. Since the code needs high quality to be merged into official kernel releases, mainlining is a time consuming process. Most SOC vendors are not able to push their code into mainline kernel during the HW development phase. Currently, for most new SOC mainline support is unavailable. Some SOCs get support over time. Others remain on a forked kernel provided for download from the SOC vendors homepage. 25

24 One of the main goalsof the Yoctoproject is mainlining the code of a complete embedded reference system. Especially for headless devices, the Yoctoproject is currently one of the most supported by SOC vendors. Apart from standardizing the code basis and defining the development process, Yocto has several advantages to realize projects as the example mentioned in this speech. 26

25 To summarize up we go trough a fictitious life cycle of an IoT device. 27

26 Given a life cycle of 10 years for devices with Internet connectivitycertain unexpected issues will pop up for sure... Shortly after the rollout of the first devices a bug in the project specific application needs to be fixed. This is not a big deal as long as we are able to recompile the application and we have a package based update procedure disposed. Later on a vulnerability getsknown. We have to patch a system library. This requires to be able to recompile the Linux distribution. We do not want to patch other things than just this lines of code containing the bug. Since Yoctoenables us to build a Linux Distribution 100% from source code, this is no problem. A new feature is requested. New features are possible at any time. After five years, a more cost effective HW is available on the market. A second generation of devices is developed and deployed. Both HW generations need to be supported by one SW. Therefore a major software update is required. To get support for the new HW, at least the kernel needs to be updated. The new kernel configuration is based on the old kernel configuration with additional features enabled. Since both HW platforms are supported by the mainline kernel this is mainly a matter of configuring the kernel without changing source code. Finally a system update is required to get readyfor IPv6. Since the Linux Distribution is a close as possible to the Yoctoproject, we have many choices to get this target reached. Probably the easiest approach is to pull the latest kernel from upstream and integrate it otthe locally developed modules again. Automated system tests are very important to verify that a new system is compatible to the old system. Yoctoprovides automated image tests. 28

27 Realizing industrial IoTsolutions is challenging for software engineers. The buzzwords IoT, M2M or Industries 4.0 merge the requirements of different device classes to a new device class which could be named Industrial IoT Device. The requirements to an IoT Device can be summarized as follow: The quality of SW must be higher then ever The complexity of a device with Internet connectivity and specific functionality is much higher compared to a device without Internet connectivity. However, Internet connectivity can be implemented in a generic way which demands for a generic platform. Internet requires compatibility between endless number of devices. This demands for open standards. One way to standardize SW is to provide an open implementation. The Internet is changing fast. Sometimes, technological changes have to be followed by connected devices. This requires flexible SW update possibilities. Updating SW is a complex task. It needs appropriate processes and frameworks. The application specific software needs to be integrated into the platform to support one common SW update process. Finally, an efficient test strategy is required to allow a fast release of a new SW version. For industrial applications an extended life cycle is mandatory. Exchanging an industrial device is normally not as simple as buying a new smart phone. Therefore industrial devices absolutlyneed long term software support. An IoTsystem has many stakeholders and many technical dependencies. Each dependency can turn out as a show stopper especially for the life-cycle-management. Therefore external dependencies have to be kept as low as possible. This is one of the main reason for following the Yoctoproject. The Yoctoproject allows to share generic parts of the SW between many projects. If the core of the SW is based on mainlined code, there is a high probability that latest updates from the community can be merged with reasonable effort. Since the source code is completely archived and the build system and the release process allow to reproduce the SW any time, even a small patch can be applied to solve an issue. 29

28 30

29 31