IoT - Systematic

Transcription

IoT - Systematic

INTERNET OF THINGS
Which network ? How secure ?
Which experimental tools ?
#IoT2015
WELCOME
GERARD MEMMI
Head of Networks and Computer Science
Department at Telecom ParisTech
#IoT2015
IoT: A grand vision
getting ‘concensus’
Institut Mines-Télécom
IT’S HUGE, BUT WHAT IS IT?
 80 Billion of smart things in 2020 (ZDNET 2013)
4
WHAT IS IOT?
 Kevin Ashton (MIT) first mentioned the Internet of Things in a
presentation he made to Procter & Gamble in 1999.
 The Internet of Things (IoT) is a general purpose system of “smart
things” (ubiquitous sensors and actuators) connected via the
internet
 The internet of things brings together people, process, data, and
« things » turning information into physical actions, and the other
way around; creating new capabilities for individuals, businesses
(commerce and industry), and eventually countries
5
Market Size (Cisco)
6
08/10/2015
Modèle de présentation Télécom ParisTech
Reference ModelS
7
08/10/2015
IOT-A, FP7
Alcatel Lucent (BE, FR),
CEA (FR),
CFR (IT),
CSE (GR),
FhG IML (DE),
Hitachi (UK),
IBM (CH),
NEC (UK),
NXP (DE, BE),
SAP (DE),
Siemens (DE),
Sapienza University of Rome (IT),
University of St. Gallen (CH),
University of Surrey (UK),
University of Würzburg (DE),
VDI/VDE-IT (DE),
VTT (FI)
8
08/10/2015
Freescale Reference Model
9
08/10/2015
CISCO-IBM-INTEL Reference Model
Levels
7
10
Collaboration & Processes
(Involving People & Business Processes)
6
Application
5
Data Abstraction
4
Data Accumulation
3
Edge Computing
2
Connectivity
1
Physical Devices & Controllers
Center
(Reporting, Analytics, Control)
(Aggregation & Access)
(Storage)
(Data Element Analysis & Transformation)
(Communication & Processing Units)
(The “Things” in IoT)
Edge
Sensors, Devices, Machines,
Intelligent Edge Nodes of all types
IoTWF Key Challenges
Challenges
Trends
Companies
‘Quadruple trust’ :security,
privacy, protection, safety
TLS, Authentication
All, IEEE
Interoperability,
heterogeneity
Updates & Legacy
Composition
Openness
IBM
Freescale
Scalability
IT, OT, CT convergence
True distibution, Edge/Fog
Computing,
RT analytics
Cisco, AGT,
Schneider
Sensor/actuator
Improvement, cost effectiveness,
energy saving
Schneider
Rockwell
Mobility
Use of tablet or smartphone as
control devices
Shell
Ease of use, QoE,
Acceptance
Smartphone as a remote control
‘Small steps’, ‘be intiutive’
VMWare
11
BM
IoT is transformational
Schneider
Major IT Standards Bodies Active in IoT
 Institute of Electrical and Electronics Engineers (IEEE):
www.ieee.org
 International Electrotechnical Commission (IEC): www.iec.ch
 International Organization of Standardization (ISO): www.ios.org
 International Society of Automation (ISA): www.isa.org
 International Telecommunication Union (ITU): www.itu.int
 Internet Engineering Task Force (IETF): www.ietf.org
 World Wide Web Consortium (W3C): www.w3.org
12
08/10/2015
References
 [email protected]
 EU-China Joint White paper on Internet of things
Identification, EU-China Advisory Group, 2014
 http://iotforum.org/wp-content/uploads/2014/09/120613-IoTA-ARM-Book-Introduction-v7.pdf
 http://www.staticcisco.com/assets/sol/dc/internet_of_everything.pdf
 IEEE-S A Internet of Things Ecosystems Study
13
08/10/2015
SECURITÉ
INTERNET DES OBJETS
Agenda
Part 1
 Welcome - Gerard Memmi, Institut Mines Telecom
 Round Table Usage requirements on network & security
privacy
Smart cities : Catherine Dehaene
TIC & Santé : Jacques Guichard
Animation : Stéphane Delouche, Cap Digital
 Technical session #1
Future space - Mathieu Boussard, Alcatel-Lucent Bell Labs
BREAK
 Technical session #2
Antoine Mouquet, Orange
 Elevator pitch
LUNCH / POSTER + DEMO + NETWORKING
ISE (SystemX) – P. Cincilla
RIOT (Inria) – E.Baccelli
Prove&Run – C.Pagezy
Spinalcom – S.Coulon
#IoT2015
15
Agenda
Part 2
 EU Research & Innovation agenda for IoT
T.Kleiner, Head of Unit-Network Technologies at European Commission
 Security & Privacy
Le respect de la vie privée - S.Petitcolas, CNIL
Les risques, menaces, recommandations et opportunités des objets
connectés - B.Morin, ANSSI
Security & Architecture - H.Ganem, Gemalto
SW aspects - C.Pagezy, Prove & Run
BREAK
 Projects & experimentation
Fiesta-IOT – Vivien Mallet, Inria
Jean-Luc Strauss, Altran
ITS Security – Pierpaolo Cincilla, SystemX
 Closing session
Jean-Pierre Tual, Président du GT Confiance Numérique et Sécurité
Thierry Houdoin, Président du GT Télécoms
Closing cocktail
#IoT2015
16
ROUND TABLE
Catherine Dehaene – President of Smart Cities working group
Jacques Guichard – Expert of the ICT&Health Commission
Stéphane Delouche – Cap Digital
#IoT2015
17
FUTURE SPACE
MATHIEU BOUSSARD
Alcatel-Lucent Bell Labs
18
#IoT2015
ANTOINE MOUQUET
Orange
19
#IoT2015
ELEVATOR PITCH
20
#IoT2015
ISE Demonstrator
ITS WC Bordeaux
Scenario
Future@systemx
Player 1
Player 2
OBU-1
Personal car
OBU-2
emergency or hacker
21
ISE Demonstrator
22
Communauté RIOT
(démo présentée par Cédric Adjih, chercheur
Inria)
The Internet
The Internet of Things
IoT Innovation?
• Hindered by proliferation of closed platforms
– incompatible silos
– locked-down hardware
• Need de facto standard open-source platform
•
•
•
•
an OS equivalent of Linux for IoT devices
community-driven, open-source
independent from vendors, hardware architectures…
interoperability & communication based on:
– standard, open-access specifications
RIOT: Thin-Waist Open-Source IoT
RIOT is an open source, low-power, small-footprint operating system
- Fits in ≈10k RAM, ≈100k ROM
- Linux-like API, but based on a micro-kernel fitting IoT device constraints
- IoT network stacks based on open standard low-power protocols (IPv6/6LoWPAN…)
Closed- & -source Applications
Core functionally equivalent
to Linux, based on:
- open-source,
- open-access protocol specs
- community-driven dev.
Other network
stacks
CoAP, LWM2M...
RPL, UDP …
IPv6, 6LoWPAN …
Open-Source Drivers Closed-Source Drivers
Peripherals (including network interfaces)
Lowpower MCU + radio or wired communications
RIOT
Third-party software
Hardware
IETF
Can’t run Linux? Run RIOT!
RIOT Supports Several Network Stacks
• RIOT supports several network stacks
• BSD-like ports for: OpenWSN, LibCoAP
• What's already there:
– Application layer (CoAP, CBOR), Transport layer (UDP,
TCP), Network layer (IPv6, 6LoWPAN, RPL, CCN-lite),
2929
Link layer (IEEE 802.15.4 and 802.15.4e support)
Portability :
https://github.com/RIOT-OS/RIOT/wiki/RIOT-Platforms
30 30
The RIOT community
• Open source community
• ~ (150) 250 forks on GitHub
https://github.com/RIOT-OS/RIOT
• ~ (150) 260 people on the developer mailing list: [email protected]
• Developers from all around the world ; Mentoring org. for GSoC
2015
• Support & discussions on IRC:
irc.freenode.org #riot-os
• ~ (500) 750 followers on Twitter
3131
Architecture – Application – watr.li
Californium
+ Play
RIOT APP
Display Node
COAP+HTTP
WebSockets
COAP
IPv6
IPv6
6LoWPAN
6LoWPAN
IEEE 802.15.4
IEEE 802.15.4
IPv4/IPv6
Ethernet
IPv4/IPv6
Ethernet
IoT Applications
RIOT in
FIT IoT-LAB open testbed (2700+ nodes) : https://www.iot-lab.info - part of https://onelab.eu
• RIOT : Comprehensive support for IoT-LAB M3 open node
•
Tutorials :
–
http://www.codeproject.com/Articles/840499/RIOT-Tutorial
–
https://github.com/iot-lab/iot-lab/wiki/Tutorial-about-RIOT-Operating-System-for-IOT-LAB-M3nodes
3535
SpinalCom
Local IoT nerve center
Editeur de solutions middleware dédiées IoT & Fog Computing
SpinalCom
Middleware pour les systèmes intelligents
DataBase
Analytics
Devices
Développement
User interfaces
Data Management
Connexion
SpinalCom
Fog Computing
Réactivité
Sécurité
SpinalCom
Autonomie
Démonstration
SpinalCom
Prototype : ceinture pour la mesure de positions forcées
Proto Raspberry
Proto Interface de collecte
40
DEMO / LUNCH / NETWORK
41
#IoT2015
EU RESEARCH &
INNOVATION AGENDA FOR IOT
T. KLEINER
Head of Unit-Network Technologies at EC
42
#IoT2015
Building a European
Internet of Things
ecosystem
Thibaut Kleiner*, Head of Unit, DG Connect, Network Technologies
High expectations for the IoT (Gartner, 2014)
•Globally, Gartner forecasts 26 bn devices online by 2020; ABI
Research puts that number at 30 bn; Cisco estimates about 50 bn
•McKinsey forecasts global IoT market in 2025 worth 2.5T€ – 6T€
•In EU28, IDC/TXT estimates IoT connections at 1.8 bn in 2013
and almost 6 bn in 2020 and IoT revenues at €307 bn in 2013 and
more than 1.1 T€ in 2020, including HW, SW and services.
€ 1,400,000
7,000
€ 1,200,000
6,000
€ 1,000,000
5,000
€ 800,000
4,000
€ 600,000
3,000
€ 400,000
2,000
€ 200,000
1,000
€0
Installed base million
Revenue million
0
2013
2014
2015
Source: IDC, 2014
2016
2017
2018
2019
2020
45
•Globally, Gartner forecasts 26 bn devices online by 2020; ABI
Research puts that number at 30 bn; Cisco estimates about 50 bn
•McKinsey forecasts global IoT market in 2025 worth 2.5T€ – 6T€
•In EU28, IDC/TXT (2015) estimates IoT connections at 1.8 bn in
2013 and almost 6 bn in 2020
•In EU28, IDC/TXT estimates IoT revenues at €307 bn in 2013 and
more than 1.1 T€ in 2020, including HW, SW and services.
€ 1,400,000
7,000
€ 1,200,000
6,000
€ 1,000,000
5,000
€ 800,000
4,000
€ 600,000
3,000
€ 400,000
2,000
€ 200,000
1,000
€0
Installed base million
Revenue million
0
2013
2014
2015
Source: IDC, 2014
2016
2017
2018
2019
2020
46
Needed=a sophisticated industry
ecosystem across vertical silos
and consisting of:
Vendors
providing
components
Suppliers
creating
solutions
Service
Providers
Enterprise
Users
47
Source: IDC/TXT, 2014
New business opportunities
combining IoT, cloud and big data
IoT
Big
Data
Cloud
Smart
Environments
Identified Smart Environments
Smart
Energy/
Utiltiies
Smart
Manufacturin
g
Smart
Government/
Smart
Transport
Smart Health
Smart Homes
Environment
Smart
Customer
Experience
Smart
Finance
48
From IOT research towards innovation
R&I agenda for the IoT
FP7- Ignition phase
2014-15 Building the eco-system
FP7 research results
(platforms,
ICT30: Building the
architectures,
eco-system, breaking 2016-17 Going to market
demonstrators)
silos CPS-IoT, Using
Deployment
platforms integrating WP16-17: Focus
devices, embedded
systems and network
technologies for a
multiplicity of novel
applications
+ ODI, FI-ware
accelerators, IERC,
standardisation etc.
Area on Internet of
Things will focus on
experimentation with
real-life solutions
being tested at large
scale with users
49
FP7: results and achievements
IOT ARCHITECTURES
IOT SOLUTIONS
• IoT Reference Architecture and Open
IoT platform
• Clouds of internet-connected objects,
Open source middleware framework
• Adaptive middleware for small
solutions
• Virtual objects and composite VO
semantics
• City infrastructure as a cloud service
(CIaaS)
• Future Internet PPP Generic Enablers
and platform approaches (FI-WARE,
FI-CORE)
• Open platforms ReAAL and
Universaal for home environment
(smart home)
• Cyber-physical systems (I4MS) for
manufacturing
• IP-based smart objects connectivity
with low power consumption
• Naming and identification systems
• Test-driven service creation
environment for business services
• Reliable communication and selfconfiguration mechanisms in industry
• Context-awareness, cognitive
framework object networking
• Knowledge-Social-Business
Experience Models
• Ubiquitous, secure location-based IoT
• Semantic interoperability approaches
• Embedded smart objects / Cyberphysical systems
• real-time measuring and decision
making solutions
FP7: results and achievements
IOT DEMONSTRATORS
• City-scale smart city experimental research facility in Santander
• Use-cases in e-Health, Smart Mobility, Smart Office, Smart Shopping, Smart Home,
Tourism, Smart Toys, Smart Agriculture
• IoT Use Cases in European Smart Cities (energy, environment, open data, transport,
security, water mgt., social communities, urban regeneration)
• Health & Safety monitoring & control system including semantic sensing information
processing
• Smart Campus platform for monitoring of municipality services, smart traffic and public
transportation management
• Social Connected TV combined with device management
• Eco-conscious cruise control for public transport
• Urban environment monitoring for lighting, noise, pollution, waste generation, energy
consumption
• Logistics Product Life-cycle Management
• Smart Manufacturing for textiles
• Smart Shopping pilot
• Smart Toys
• Smart Care / advancing active and healthy ageing
IOT eco system:
Devices, Applications and Business models
Courtesy: IERC 2015
DEVELOPERS/
IoT Data Services
MAKERS
INDUSTRY
M2M/IOT
Cloud Services
Big Data Analytics
IoT Applications
Device Connectivity
Platforms
Device Clouds
IoT Platforms
Social Services
Business
Applications
STARTUP/
ENTREPRENEURS
END USERS
Industrial
Systems &
Protocols
Human Interface
Sensors, Devices, Gateways, Equipment, Mobile
Assets
Home
Energy Healthcare
Industry
Signage
Tourism
Security
Automotive Transportation Environment
52
IoT raises privacy challenges
Opinion 8/2014 on the on Recent Developments on
the Internet of Things by the art. 29 DP WP
• Lack of control
• Lack of or low-quality consent
• Meshing of data and repurposing of original
processing
• Constant surveillance and monitoring of deviation
• Limitations on the possibility to remain
anonymous when using services
• Security breach becomes easiers
Existing frameworks: sufficient?
• Data protection principles apply;
• Expand the role of privacy impact assessments
(example of RFID)
• E-privacy
• More user-friendly contracts and Terms and
conditions ?
• Need for a Trusted IoT label?
• More needed? (ex: right to disconnect )
• => importance of testing with users
Cybersecurity as a pre-requisite
• Chrystler
• End-to-end security for the IoT
• Not only principles and standards but also
certification challenges
• Challenges for connected devices with low
computing power
• Example from some projects?
The European Commission invests heavily
in uptake of the Internet of Things
• 51 M€ EC research funding in
2015 for the creation of IoT
Innovation Ecosystems
• Over 100 M€ EC research funding
in 2016 for experimentation
through IoT Large Scale Pilots
• 35M€ research funding in 2017
on security, privacy and next
generation platforms
• Joint IoT research in international
cooperation: Japan (5M€), South
Korea (3M€), Brazil (9M€)
56
IoT-01-2016: Large Scale Pilots
Pilot areas:
•
•
•
•
•
Pilot 1: Smart living environments for ageing well (EU contr. up to 20 MEUR)
Pilot 2: Smart Farming and Food Security (EU contr. up to 30 MEUR)
Pilot 3: Wearables for smart ecosystems (EU contr. up to 15MEUR)
Pilot 4: Reference zones in EU cities (EU contr. up to 15MEUR)
Pilot 5: Autonomous vehicles in a connected environment (EU contr. up to 20 MEUR)
Total budget:
• 100 MEUR (funding rate: 70%)
Dates:
• Call opening:
20th October 2015
• Call deadline:
12th April 2016, 17.00
• Expected starting date:
January 2017
Other relevant pilots: Smart manufacturing; Water management
IoT-02-2016: IoT Horizontal activities (cont’d)
Scope:
• Co-ordination of and support to the IoT Focus Area: through mapping of pilot architecture
approaches; interoperability and standards approaches at technical / semantic levels;
requirements for legal accompanying measures; common methodologies for design, testing and
validation; federation of pilot activities and transfer
• Horizontal support: exploitation of security and privacy mechanisms towards best practices and a
potential label (“Trusted IoT”); legal support to relevant subjects; contribution to pre-normative
activities and to standardization. International cooperation with similar activities. Europe.
Exploitation of ICT & Art combination
• RRI-SSH support to IoT: Pilots shall be citizen-driven with existing / local communities at an early
stage. Two entities other than ICT technologies required (e.g. social sciences, psychology,
gerontology, economy, art, etc.)
Total budget:
• 4 MEUR (funding rate: 100%)
Dates:
• Call opening:
20th October 2015
• Call deadline:
12th April 2016, 17.00
• Expected starting date:
January 2017
IoT-03-2017: R&I on IoT integration and platforms
Scope:
•
•
•
Architectures, concepts, methods and tools for open IoT platforms integrating evolving sensing, actuating,
energy harvesting, networking and interface technologies. Platforms should provide connectivity and
intelligence, actuation and control features, as well as semantic interoperability across use cases and conflict
resolution.
IoT security and privacy. Advanced concepts for end-to-end security in highly distributed, heterogeneous and
dynamic IoT environments. Approaches must be holistic and include identification and authentication, data
protection and prevention against cyber-attacks at the device and system levels.
Proposals are expected to include two or more usage scenarios to demonstrate the practicality of the approach.
If appropriate existing platforms, such as FIWARE, CRYSTAL or SOFIA should be built on.
Total budget:
•
35 MEUR (funding rate: 100%)
Dates:
•
•
•
Call opening:
Call deadline:
Expected starting date:
08th December 2016
TBA
TBA
AIOTI
The Alliance for Internet of Things Innovation
o Building a European IoT innovation ecosystems across the
value chain /across silos, through open IoT platforms
o
o Forum for the EC to discuss with industry and to provide
policy guidance for IoT in the DSM
60
AIOTI –
Towards Europe-wide Ecosystems
• A new alliance to give Europe the lead in the field of IoT
• The IoT Voice of Europe
• Promoting European open platforms like FIWARE, Industrie
4.0, OpenIOT et al.
• Supporting the implementation of large-scale pilots
• Pooling resources across directorates, member states, regions
• Recommendations for LSP implementation as a
deliverable  October 2015
• A strategic initiative to help EC prepare future
IoT standardisation and Digital Policy
• A draft IoT Architecture Reference Model (Nov. 04)
• Feedback from Industry/Member States
61
300+ AIOTI Members already!
62
Alliance of Internet of Things Innovation
AIOTI Structure
63
The success of the Internet of
Things depends strongly on the
existence and smooth and
effective operation of global
standards.
• (ITU)
IoT SDOs and
alliances landscape
Service & App
P2413
AIOT
I
Open Automotive
Alliance
B2C
(e.g., Consumer
Market)
B2B
(e.g., Industrial Internet Market)
802
Connectivity
Source: AIOTI WG3 (IoT Standardisation) – Release 1
What IoT standards do we need?
• Complete value-chain:
• connectivity, middleware, service layer (data?)
• Enabling relationships among IoTs verticals.
• architectural frameworks
• reference implementations
• interoperability
• Working across areas:
• ontologies to be provided by the industry
segments themselves
• common reference architectures as a start
www.ec.europa.eu/digital-agenda/ICT2015
Thank you – and see you
in Lisbon!
Useful links
s
Follow us on Twitter
@NetTechEU
IoT
http://ec.europa.eu/digital-agenda/en/internet-things
Network Technologies
http://ec.europa.eu/digital-agenda/en/networktechnologies
http://www.aioti.eu
68
SECURITY & PRIVACY
69
#IoT2015
SECURITY & ARCHITECTURE
H. GANEM
Gemalto
70
#IoT2015
IOT security architecture
Herve Ganem
Sept 30 2015
Introduction
On sept 10 2015 The FBI made a public announcement to outline
the security risks related to IOT (*)
« Internet of Things Poses Opportunities for Cyber Crime”
•
•
•
•
72
What are IOT devices
How do they connect
What are the IoT Risks?
Recommandations for users
*Footer,
http://www.ic3.gov/media/2015/150910.aspx
20xx-xx-xx
Outline
Historical approach to security
End to End security and its various meanings
IOT security requirements
Credentials distribution models
Corporate
Provider/customer
delegated
Embedded clients threats and solutions
Strong credential storage
Trusted software stack
Proven reliable software stack
conclusion
73
Footer, 20xx-xx-xx
M2M security traditional approach:
one device and one server
Smart sensor
M2M server
Application A
WAN
LAN
Router/
Gateway/
Data concentrator
Application B
• Security is addressed between a
« designated » data source and « the » M2M
server
• Part of the transmission path is not secured
or secured using ad hoc solutions
• The design is not scalable, and not suited to
contexts involving multiple business actors
74
• Interoperability is poor
The need for interoperability leads to the concept of
M2M service platform
Device Application
(data destination)
Local area network
Wide area network
Device (data source)
Gateway
M2M service
platform
Application
(data destination)
• Interoperability: data destination can dynamically discover and receive
data from data source
•The M2M service platform helps disseminating data to authorized parties
•It exposes a number of services simplifying application development
•Benefits:
•Higher Interoperability
•simpler application development.
75
•Scalability
•drawbacks:
•Multiplication of ecosyustems (IOT jungle)
10/8/2015
IOT applications ; heterogeneity is the rule
IOT applications often involve several communication hops
Intermediate nodes may be controlled by different entities
Application A
Object 1
Application C
Application C
entities and secure every single hop
Goals: • Authenticate
of the communication path
•
•
Possibly secure communication from source to destination with
a single set of credentials
Manage authorizations (fine grain) in every node
Need for end to end security
• Secure each segment of the communication path
• Secure communication from source to destination with a
single set of credentials
76
Footer, 20xx-xx-xx
Real case example
IOT applications often involve several communication hops
Possibly not controlled by the same business entity
Database
storage
MQTT server
Application A
OneM2M
service Platform
WAN
LAN
Router/
Gateway/
Data concentrator
•
Smart sensor
77
Footer, 20xx-xx-xx
Application B
•
Different intermediate nodes may be controlled by different
business actors.
What security model may be used to manage credentials and
authorizations in a multipartite environment?
Credential distribution models
78
Footer, 20xx-xx-xx
The corporate security model
•
•
Benefits : simplicity; global control
Drawback: not scalable
corporate
server
Application A
WAN
LAN
Resource server
Authorization server
Smart sensor
79
Footer, 20xx-xx-xx
Corporate AAA server
The customer/supplier security model
Analogy with the security model used for mobile communications
M2M service provider 1
AAC server
AAC server
application
Device
•Most widely used security model
•Credentials managed by service provider and associated to a service delivery
•Each provider manages credentials and authorizations for its own customers
•No end to end security from source to destination
•No overall authorization management
80
10/8/2015
Emergence of the role of TSM in the customer/supplier model
The role Tusted Service Manager (TSM)
emerged to address the need of credential provisonning for mobile applications
AAC server
AAC server
TSM
Service provider
Secret owners
10/8/2015
•The TSM is able to provision secrets on security platforms it does not own
81
The delegated security model
Resource : generic term to designate anything requiring access control
Resource
server
Resource
server
Resource
server
Application A
AAC
WAN
LAN
Resource server
Authorization server
•
•
Intermediate nodes are seen as “resource servers”
They « delegate » authorization and credential management to a
separate authorization server
Benefits
• Holistic credential and access control management
• Possibility to outsource security management
• Highly dynamic credential distribution and revocation
82
Footer, 20xx-xx-xx
Embedded client security
83
Footer, 20xx-xx-xx
IOT devices features and associated threats
IOT devices are often computer and/or energy contrained
Security energy overhead does matter
Need for lightweight cryptographic algorithms
Usual « onion like » pile up of security layers increases energy consumption
IOT devices are often physically accessible
Physical attack on device may result in credential theft and device cloning
Physical or remote attack may result in installation of malware on the device
Malware installation on the device via physical or remote access
Physical access to device for maintenance purposes may be hard or
impossible
Remote management of devices including for credentials management
mandatory
84
Footer, 20xx-xx-xx
IOT embedded security solutions
Enhanced credential storage protection
Use of Embeded Secure Element reduce the possibility of device
cloning
Remote management of credentials inside the Secure element
TCO (Total cost of ownership ) must be in adequation with IOT
applications business model
Use secure boot chain to verify software executed on the device
Prevents the installation of malware on the device.
Requires tamper proof storage for root of trusts (i.e ESE, TPM)
High quality software chain
Reduce software vulnerabilities:
Buffer/heap overflow
Command injection…
85
Footer, 20xx-xx-xx
Conclusion
Trends for credentials distribution:
The need for end to end security for IOT communications is now generally
recognized
distribution of the credentials, in heterogenous possibly multipartite
environments
More dynamic distribution and revokation of the credentials.
Enablers for embedded Iot device security are:
Secured storage for credentials
Chain of trust for device software
Quality software stack.
Emergence of the role of trusted party
The role of the Trusted service manager is expanding
Trust management is a business segment in itself
86
Footer, 20xx-xx-xx
CHRISTOPHE PAGEZY
Prove & Run
87
#IoT2015
LE RESPECT DE LA VIE PRIVÉE
STÉPHANE PETITCOLAS
CNIL
88
#IoT2015
Stéphane Petitcolas– Ingénieur Expert à la CNIL
DE L'INFORMATIQUE NOMADE À
L'INFORMATIQUE AMBIANTE : LES
ENJEUX EN TERME DE VIE PRIVÉE
89
Nombre de dispositifs “connectés” selon CISCO
90
Observons les objets intelligents d’aujourd’hui…
…pour deviner vers où va l’intelligence ambiante
promise demain.
Quels risques de traçage des personnes ?
91
92
Le pass navigo
2009
1975
• Un numéro unique
• Personelle et infalsifiable
• Remplacée en cas de perte
• Un fichier clients
• Des statistiques réseaux fines
• Anonyme
• Rachat en cas de perte
• Pas de fichier clients
• Statistiques pauvres
?
?
?
100 %
2%
40 %
93
Dans la puce du pass navigo
Qui
Quand
Où
94
Les leçons du pass navigo
• Les actions de la CNIL
– Imposer une anonymisation des données collectées.
– Imposer l’existence d’un « pass anonyme »
• Mais il coûte 5 euros…
• Ce n’est pas de l’intelligence ambiante mais déjà de
l’intelligence dans les objets + des capteurs.
• Demain la reconnaissance faciale pour remplacer le pass
navigo ?
• Confort = traçabilité des personnes?
95
Les cartes bancaires sans contact
96
Les actions de la CNIL
• Participation aux groupes de travail autour des cartes
bancaires sans contact
• Demande de suppression du nom et de la date de validité
en lecture sur l’interface sans contact
• Mise en application de cette recommandation depuis
septembre 2012
• Suppression de la liste des transactions depuis mi 2013
97
La géolocalisation mobile WiFi
Serveur de
géolocalisation
A
A
B
A, B, C
C
B
45° 10' 0" N / 5° 43' 0" E
Place Victor Hugo...
D
E
F
G
C
98
Comment constituter une base de géolocalistion?
Méthode « ancienne »: faire travailler des employés
99
Comment constituter une base de géolocalistion?
Méthode « crowdsourcing »: faire travailler les utilisateurs
100
Les leçons des mécanismes de géolocalisation
• Des capteurs et des réseaux:
– Des usages impossibles à deviner à l’avance.
– Un boom du « crowdsourcing » à prévoir
• Que fait-on des données collectées:
– Transferts à des partenaires?
– Publicité?
– Quels droits (réels) pour les personnes?
101
Mobilitics : un projet de recherche pour mieux
comprendre les smartphones
Nombre d'applications utilisées durant l’expérimentation :
- Qui accèdent au réseau
Total : 189
176
93%
- Qui accèdent à l'UDID (identifiant unique Apple)
87
46%
- Qui accèdent à la géolocalisation
58
31%
- Qui accèdent au nom de l'appareil
30
16%
- Qui accèdent à des comptes
19
10%
- Qui accèdent au carnet d'adresses
15
8%
- Qui accèdent au compte Apple
4
2%
- Qui accèdent au calendrier
3
2%
• Accès réseaux nombreux et quasi permanents sans une information claire des utilisateurs
• quelques applications sont responsables de la majorité des accès aux données, avec une
intensité qui semble dépasser le seul besoin des fonctions de ces applications
• Certaines applications accèdent à des données sans lien direct avec une action de
l’utilisateur ou un service offert par l’application (récupération de l’identifiant unique, du
nom de l’appareil, de la localisation).
102
Mobilitics : un projet pour comprendre l’utilisation des
données à caractère personnel dans un téléphone
• 31% des applications utilisées ont cherché à accéder à la localisation
• 41 000 « événements » de géolocalisation au total,
• soit une moyenne de 76 événements par jour et par volontaire
• L’intensité de ces accès surprend.
103
Les objets connectés de demain
• Les compteurs intelligents
– Réflexion des groupes de travail Européen
sur la définition du périmètre des études d’impacts
• Le mouvement du « quantified self »
• Les Google Glass
104
Quels risques pour la vie privée?
010203945895966765:
Bracelet Jawbone
238405 505 509 05506:
Costume Hugo Boss taille 52
AD:2C:54:F2:AR:C3
Adresse Mac Wifi du
téléphone portable
0183394 84485 5950:
Carte bancaire sans contact
105
Un cadre européen pour les RFID
• Une recommandation de mai 2009 de la Commission
Européenne sur les RFID. Principes:
– Conduire des études d’impact sur les produits RFID.
– La désactivation des puces au point de vente dans la grande
distribution.
• Sauf exception si l’étude d’impact montre une absence de danger.
• Les études d’impact RFID: un instrument utile?
106
D’une identification ubiquitaire… vers un déséquilibre?
Adresse IP
IMEI
MAC Bluetooth
RFID Tag Number
UDID
MAC WiFi
Droit à
l’information
Droit
d’accès
Droit
d’opposition
Num. carte navigo
Cookie ID
107
Un exemple de traitement invisible : Les cookies
108
Quelles solutions ?
L’approche actuelle
Des solutions pour demain ?
• Déploiement produit / service
• Analyse d’impact / de risque
• Déclaration / contrôle CNIL
• Correction des problèmes
• Problème / Sanctions
• Déploiement produit /service
• Correction des problèmes
• Contrôle CNIL
• Approche « pansement »
• Approche « privacy by design »
109
Demain
ALORS?
110
Des tendances
• Chaque être humain aura des dizaines ou des centaines
de puces.
• La donnée personnelle va changer de nature:
– 1978: Nom, prénom, numéro de sécurité sociale, …
– 2013: Adresse IP, MAC, IMEI, Numéro de série, …
• Des traitements invisibles par milliers.
– un coût de stockage des données proche de zéro.
– sans frontières.
111
Enjeux
• Pour le monde de la recherche
– Sécurité des systèmes
– Anonymisation / pseudonymisation
– Minimisation des données
• Pour les industriels
– Sécurité des systèmes
– Le « Privacy by design »
– L’exercice effectif des droits des personnes
• Pour le monde du droit
– Une jungle d’expertise technologique?
112
[email protected]
113
PROJECTS &
EXPERIMENTATION
114
#IoT2015
FIESTA-IOT
VIVIEN MALLET
Inria
115
#IoT2015
JEAN-LUC STRAUSS
altran
116
#IoT2015
Internet of Things
Machine driven Big Data Solutions
Jean-Luc STRAUSS
30/09/2015
IN REBUS VERITAS
Altran Research 2009
117
117
Different Usages - Different Solutions
Process Control
Distributed
manufacturing manufacturing
« M2M »
Management
ERP
ERP
ERP
Planification
MES
MES
MES
Building Others
Home
ENTREPRISE
ERP
Others :
eHealth; Entertainment
BAS
HAS
BPM
HEMS
APP
Tools local
DCS
SCADA
SCADA
BacNet
Local
controls
PLC & RTU & EID
PLC & RTU & EID
PLC & RTU &
EID
DDC &
RTU
PLC &
RTU &
EID
Mediation
Origin of
data
Usages
Office apps on PCs
Things
Things
Things
Things
Things
Things
Data FROM
Things
Data FROM
Things
Data FROM
Things
Data FROM
Things
Data FROM
Things
Data FROM
Things
Controls & Commands
TO Things
Controls &
Commands TO Things
Controls &
Commands TO
Things
C&C TO
Things
C&C TO
Things
C&C TO
Things
Machines /
Devices
Machines /
Devices
Machines /
Devices
Mach /
Dev
Mach / Dev
Appliances /
Devices
physical
environnement
Physical
environnement
Physical
environnement
Physic.
Physic.
Physic.
Distributed systems
(process based)
Electric power generation;
oil refineries; water &
wastewater treatment;
chemical, food,
pharmaceuticals &
automotive production
Centralized control
(event based)
Water distribution;
wastewater collection;
oil & natural gaz
pipelines; electric power
grids; railway &
transportation systems;
etc ..
Data
Non Manufacturing
Asset Tracking: Rented
cars, ships, goods, fleets
City: lighting, traffic lights,
CCTV
Machine remote
monitoring & maintenance
Utilities Metering
Security & Identification
Environ. monitoring
Retail; Health care;
IT & Network
monitoring; ATM
Mostly
Local
HVAC
Lighting
Security
Safety
Elevators
Boilers /
Chillers
Access
Monitoring
Fire alarms
…
OT
SCADA: Supervisory Control and Data Acquisition
PLC: Programmable Logic Control
RTU: Remote Terminal Unit
EID: Intelligent Electronic Device
DCS: Distributed Control System
MES: Manufacturing Execution System
BAS: Building Automation System
HAS: Home Automation System
VERY LOCAL
Robots
manuf.& ctrl;
Car park ctrl;
Train ctrl
station
system;
Food prcssng;
Materials
handling
Machine tools
Colla-
or Cloud boration
Appl App
Appli
ianc lian
ance Social media apps on
e ce
PCs
Heating
Lighting
Security
Garden
watering
Shutters
Air
conditioning
White
appliances
Energy
Middleware
Transactional
systems
TransacExchange
tional
systems
systems
Social media;
Web; Desktop
Interface servers (Web, C/S
app, dematerialisation, ..)
Voice, music, feeds,
video, messages,
SMS,
Social Data
Transactional Data
Market Data
Public Data
People
People
Entertainment
Multi-media
Information
E-Health
R&D
Design
Marketing
Communications
General
Management
Sales
Procurement
SCM
ERP
Accounting
Personal
NETWORKS
C&C
systems
Service
Financials
Controls & Audits
CRM
HR
IT
HEMS: Home Energy Management System
OT: Operational Technology
118
Domains of Use are split in 3 main Categories
IoT Solutions belong to THREE MAIN CATEGORIES
In the Customer facing
category, Things are:
In the Machine-to-Machine
« M2M » category, Things are:
 locally deployed and actioned upon
 remotely distributed
 accessed via local networks with short
distance ranges
 accessed directly via usually long distance
networks
 managed with a simple local control
system, albeit control via Internet are
now commonly available
 Managed with one centralised level of
process control
In the context of Manufacturing,
the Operational technology
« OT » category, Things are:
 locally or remotely deployed
 accessed via local or long distance
networks
 managed through several levels of
process controls
119
Exemple: HOME: La Smart Life
Centrale
nucléaire
Centrale
charbon
Même principe quand il
s’agit des appartements
d’un immeuble
Parc Eolien Ferme solaire
De quartier De quartier
Centrale
de réserve
Centrale gaz
GTB Quartier
ou immeuble
Régulation énergétique
et partage EnR au
niveau du quartier
Détecteur
pluie vent
Réseau HTB RTE
Capteurs – détecteurs actionneurs divers
Photovoltaïque
Barrage hydroélectrique
BT
C/C réseau
Poste source
Solaire
Thermique
Ferme solaire
EnR ->
Antiinondation
climatisation
Réseau HTA ERDF
Parc Eolien
Prise capteur-actionneur
Poste de
transformation
Compteur
Linky
C/C réseau
CPL
Voletroulant
e-SANTE
Radiateur
Électr.
Commande
par
compteur
Opérateur
Comptage
Tableau
électrique
TV
Dect
Radiateur
à eau
EnR ->
Ballon eau
chaude
Différents cas
de chauffage
et eau chaude
ADSL
xBox
Gestionn.
alarmes
Par
électr.
Chaudière au gaz,
au bois, etc…
Opérateur
Internet
Wifi
EnR ->
C/C
Z_Wave
C/C
6LoWPAN
C/C
ZigBee
C/C
effacement BluetoothLE
cinéma
Youtube
Opérateur
production
énergie
Opérateur
agrégation
effacement
Opérateur
Multi-média
Réseau Internet
FO
Opérateur
Telco
LTE
marchands
LTE
Opérateurs
de services
Media
sociaux
Réseau
Opérateur Tél
Stockage
120
Lots of Things for lots of disjoint
function zones
Solutions can be categorized into 6 usages domains:
1. Entertainment: TV, radio, gaming, streaming music, video
2. Information & communication: telephone, Internet, social media,
3. Comfort: heating, lighting, air conditioning, shutters, vacuum
cleaners, garden watering, lighting, washing machines, boilers ….
Lots of (remote) controls
almost one per function
4. Security & Safety: video cameras, anti-intrusion detectors, smoke
detectors, …
2G/3G/4G
Operator
Network
5. Health: e-health devices, pedometers, quantified self, ..
6. Energy & utilities: water, gas, electricity meters, home energy box,
 Each domain may be futher split into different zones as solutions are usely
dedicated to one or few functions within a specific zone
 Each zone has developed its own eco-system of actors, technologies,
standards & business models with hardly any overlap hitherto
Local ENERGY
Supply
Solar panel; micro windturbine;

Garage
Shutters
Door Heating
Lighting
Hot
Watering
Cooling
Water
White
APPLIANCES
WSN
gateway
WSN
gateway
WSN
WSN gateway WSN
gateway
gateway

Electricity
distribution
Distribution
panel
eHEALTH

WSN
gateway
Gaz
distribution

PC
SECURITY
Smoke, CO², intrusion, motion,
flood detection; gaz leakage;
video monitoring; access
control
Alternative
ELECTRICITY
Service Provider
Meter
External
ELECTRICITY
SUPPLY
Electricity distribution systems
APPLIANCES
WSN
gateway

 Functions are usually actioned upon in-house and more and more
monitored and actioned upon at distance with smartphones: so distance is
becoming irrelevant as smartphones are becoming C&C devices
Local ELECTRICITY Supply
Thermal solar panel;
Heatpump;
gaz or wood boiler;

Tel
TV
Water
distribution
Other
Multimedia &
gaming
Pheripherals
INTRANET Network
Other Telecoms Network
External GAZ
SUPPLY
Gaz distribution systems
External
WATER
SUPPLY
Water distribution systems
OTHER
TELECOMS
INTERNET
CONNECTION
Other Telecoms Distribution
Media
Operator
Internet Access Network
Information
Provider
Telecom
Operator
121
Lots of protocols for lots of disjoint
function zones
Wireless sensors network
Telecom Operator
Tel & SMS
LTE 2/3/4
APPLICATION LEVEL
NETWORK LEVEL
PHYSICAL MEDIUM
Internet
gateway
2G/3G/4G
Operator
Network
Protocols being used
PAN
Internet
PAN related
Web server
Local remote
control acting as
C&C device
Local ENERGY
Supply
Typical zone architecture around one protocol set
Multimedia
Windows .
Upnp . DNLA .
Thread . Web
Pipes
BT
WIFI a/b/g/n
Thermal solar panel;
Heatpump;
gaz or wood boiler;
Dry
switch
Wires
Heating
Garage
Hot
Watering Door
Water
Thread
802.15.4
ZigBee
802.15.4
WSN
WIFI a/b/g/n
Multi
media
Somfy
IrDA
KNX
Pr Radio
Pr Radio
UPnP .
DNLA
Pr Radio
ProfiBus
RS485
twpairs
PLC
EIB/ Konnex
RSxx
BT
ModBus
RS485
EIB/ Konnex
PLC
EnOcean
Pr Radio
ANT+
Pr Radio
Pr appl
EHS/
Konnex
LIFI
Pr Radio
Thread
PLC
Delta Dore
X2D
Shutters
Lighting
Cooling xxxxxx
ZWave
WSN
X10
White
APPLIANCES
Pr appl
GSM
Alternative
ELECTRICITY
Service provider
Electricity
distribution
BT
Thread
WIFI
Thread
802.15.4
Electric Wires
Meter
Distribution
panel
WSN
LonWorks
RS 432
eHEALTH
twpairs
APPLIANCES
Gaz Pipe
Gaz
distribution
Insteon
Pr Radio
ANT+
WSN
twpairs WSN
WSN
WSN
gateway
KNX
gateway
gateway WSN
WSN gateway WSN
RS 432
gateway
gateway
gateway
Pr Radio
Delta Dore
X3D
WIFI ac
WIFI ac
PLC
PC
Remote mngt
Local mngt
LTE
WIFI
SECURITY
video monitoring; access
control
DNLA
UPnP
BT
HMI
cable
USB
HMI
HMI
DNLA
UPnP
cable
cable
BT
Tel
IrDA
cable
Pheripherals
WIFI
Wle:
Dect
External GAZ
Gaz distribution systems
SUPPLY Gaz Pipe
PLC
External
WATER
SUPPLY
Water Pipe
OTHER
TELECOMS
Ethernet
RJ45 wires
Water distribution systems
Water Pipe
Other Telecoms Distribution
Coaxial
ITU DVBx
Media
Operator
Satellite
Coaxial
TV
PLC IEEE P1905.1 / IEEE P1901.2
HomeGrid / HomePlug / ITU-T G.hn
Electr. wiring
Water
distribution
Other Multimedia
& gaming
INTRANET Network
WIFI a/b/g/n
Electricity distribution systems
External
ELECTRICITY
G.hnem /IEEE 1901
SUPPLY PLC: G3/ IUT-U
Electric Wire
Wire for metering
twpairs
Connection
to Intranet
Distant
Smartphone acting
as C&C device
WSN gateway
INTERNET
CONNECTION
Internet Access Network
FTTH
ADSL / VDSL
Fiber Optics
Tel wires
Information
Provider
Telecom
Operator
122
Lots of Telecom Media & Protocols
LONG DISTANCE
LoRA
LOW RANGE INDOOR
SigFox
6LowPAN
IEEE
802.16
WiMax
Thread
X10
IPSO
PSTN
WiMAX
Security
Insteon
Thread
DNLA
EnOce
an
DNLA
UPnP
Cellular /
Radio
KNX
UPnP
WinDows
MOCA
ModBus
Home
Grid
ZWave
Home
Plug
NFC
IEEE P1905.1
IAE
RS485
RS432
IEEE
802.3
Ethernet
xxxx
Twisted
wires
RJ45
Coax
RFID
IEEE
ITU-T
P1901.2
G.hn
CPL
ISO
IrDA NFC 18000
RFID
Electric
network
Local radio
ANT+
Proprietary
Monitoring
& tracking
services
WinDows
Zig
Bee
LIFI
IEEE
802.15.4
IEEE
802.15.7
visible
light
Blue
Tooth
WiFi
IEEE
802.15.6
Body
IEEE
802.11
a/b/g/n
WiFi
IEEE
802.11
ah
WiFi
DECT
IEEE
ULE
802.15.1
Bluetooth
DECT
Smart
3GPP
D2D
Small
Cell
3GPP
2G, 3G,
LTE
LTE
LTE
Telecom
operator
Internet
Local wireless
POTS
Tel
wires
Security
services
provider
ADSL
ISP
FO
FTTH
Satellite
ITU
DVBx
Satellite
operator
Coax
TV
Cable
operator
Electric
Network
From IT
From automation
From Telecom
From Energy
Physical Medium
Comfort
Consortium
Security
IEEE
P1901
CPL
« G3 »
ITU-T
G.hnem
Electricity
Operator
Media
operator
DR
operator
123
IoT: What for ? Why now ?
DRIVERS OF EVOLUTION
STATUS
The need for better decision-making & efficient
operations is accelerating
Since the dawn of Humanity, human
beings have
always tried to overcome the limitations of
their 5 senses, totally inadequate to help
them correctly understand their
environment, survive and develop safely,
 The huge pressure on entreprises to better manage the complexity of the modern world, to meet
the challenges of ever higher levels of performance, flexibility, efficiency, time-to-market, and to be
more competitive in an ever harsher globalized market.
 The new major regulations to cope with: energy savings, car safety, e-Health, etc..
 The fast growing new markets for connected Things: connected cars, eHealth, Smart Grid, ...
 The hope, even the faith, that technology will help discover new ways in providing everybody
with a better, more secure and safer life,
More signals, data, information have always been expected to
help alleviate the uncertainties generated by the hazardous
geographically distant present and the future.
Hence, human beings had to constantly develop new tools to
get an ever better knowledge about their environments,
Therefore, connected sensors & actuators have been used
routinely for several decades in countless Solutions, mainly
outside the realm of Information Systems.
Existing solutions seem to have reached their
structural limits
 designed and operated in vertical siloes by functions,
 hardly interoperable nor upgradable nor scalable,
 no security or privacy by design,
 still using lots of proprietary or specialized protocols
WHAT IS EXPECTED
 The hopes are focused on a new
approach, Internet
of Things,
based on what made Internet so
successful: freeing up the creativity for
generating more value by using a
limited set of global open standards in
an open approach to facilitate the
design of new service oriented
applications & tools.
 The business models are still to be
properly identified and may be elusive
for some times
More Business & Personal Value Creation
thru
1. More data for more context knowledge for
better decision making
2. More inter-operability for better processes
integration
ENABLERS
Lower costs
More capabilities
Smart Things
Big Data
Processing power
3. More intelligent actions for better controls on
the environment
124
IoT: How ?
1. Things, representing the physical world, are being promoted as
Full Members of Internet , alongside People and Applications: Internet
of Things
2. The Internet philosophy of OPENNESS enables Global InterOperability, security and privacy notwithstanding, so as to:
INTERNET
 Allow the direct interactions of any Thing, People, Application
 Facilitate the processing of all kinds of data together at all levels, using the same
BI & Big Data tools in order to get better comprehensive situation awareness,
enhanced actionable insights, better modelisations and more accurate prediction
capabilities
 Trigger the integration, at all stages, of all kinds of processes within and outside
the entreprise, vertically or horizontally
 In replacement of a situation where hardly inter-operable single function dedicated
vertical « stove-piped » solutions prevailed
Internet of Things solutions are structured around following components:
1. Using THINGS (sensors, actuators, tags) to cheaply extract ever more signals from the physical world, at
an unprecedented scale, in digital format (data),
2. TRANSMIT them via relevant networks to the right locations,
3. where they are PROCESSED with other types of available data, using modern Big Data tools, to generate
insightful knowledge, triggering the right decisions and timely actions
4. Operated In Managed & Secure ways
5. leveraging the successful Internet approach:
 The ubiquity and cheap aspects of the Internet Network
 The powerful standardised set of Internet protocols and software stacks for all types of interactions on all kinds of
devices
 The existing huge eco-system of Internet applications development environments and the huge number of expert
developers for fast applications development .
6. Things must be « equipped » with the right adapted Internet-based protocols & software stacks (typically
TCP/IP & SOA Web services) and more and more local intelligence.
125
A new holistic vision for representing and
interacting with the World
The ongoing Digitisation of the World
generates huge flows and sets of data representing the status and actions
of the physical world, the business related activities and the human
activities
Everything being DATA, the « World » can be processed by softwares in
almost limitless ways, far more flexible and open to creativity : That’s the
The Entreprise via the dematerialisation of information supports and
exchanges, the transactional applications and Office Automation data
(docs, mails, etc..)
The Public Offices and other Institutions producing huge sets of Open &
Market Data
People, via the data tracks they leave while Web browsing, socially
interacting, mailing, telephoning, storing & sharing pictures, playing games,
watching videos, accessing information, buying, positioning themselves, ..
The Physical World via the digital signals collected from Things
Softwerisation of the World
SMART GALAXY
(M Andreesen: « software is eating the world »)
SMART PLANET
Every IoT system, as processing data to manipulate the World, is
becoming an
SMART COUNTRY
Information System
sometimes called Cyber-Physical Systems
5G
Future
INTERNET
However, we are exchanging the old complexity of dealing with sets of
hardly interoperable solutions with a new complexity of linking and
integrating more and more entities everywhere, anytime, of any type.
There is a need to
Manage Complex Integrated Environments
a never ending layering up of sytems of systems
SMART
FACTORY
SMART
DEFENSE
SMART
CITY
SMART
UTILITY
SMART
RETAIL
SMART
TRANSPORT
SMART
HEALTH
SMART
BUILDING
SMART
CAR
SMART
HOME
SMART
ENERGY /
GRID
SMART HUMAN
SMART
AGRICULTURE
SMART GOV
SMART OBJECTS
126
Towards Home as a Service : integrated
management solutions ?
2G/3G/4G
Operator
Network
Local ENERGY
Supply
Thermal solar panel; Heatpump;
gaz or wood boiler;
Garage
Door
Watering
Heating
eHEALTH
Shutters
APPLIANCES
Electricity
distribution
Lighting
Hot
Water
Cooling
White
APPLIANCES
WSN gateway
WSN gateway
WSN gateway
WSN gateway
HAS
WSN gateway
WSN gateway
Distribution
panel
WSN gateway
HEMS
Other
Multimedia
& gaming
PC
Tel
SECURITY
video monitoring; access control
Meter
External
ELECTRICITY
SUPPLY
Gaz
distribution
External
GAZ
SUPPLY
Water
distributio
n
External
WATER
SUPPLY
TV
Pheripherals
Alternative
ELECTRICITY
Service Provider
INTRANET Network
OTHER
TELECOMS
INTERNET
CONNECTION
Home Automation System
127
Evolution of M2M architectures ….
M2M
Platform
…. Towards IoT, mainly as a way to help Telecom Operators develop a market for managed
M2M services platforms linking Applications to Things
128
Smart Building via Sharing & Integration
129
Category 3: OT & IT Convergence
OT side taking into account more
and entreprise & context data
events to yield more pro-activity
IT side taking into account more
and more real-time data & events
to yield more reactivity
ERP
MES
Management
level
KM
Management
level
DECIDE
PLM
Transactional
level
Supervision SCADA
level
HMI
DCS
Interface level
Control level
Entry level
Field level
RTU
PLC
IED
sensor
machine
actuator
130
The various layers of protocols for
interoperability
Internal Appl. +
Other Informations
Security & privacy
Manage
Secure
Things Management
Decide
Access
Network
CORE
NETWORK
AN.
Process
Analyse
Act
Orchestrate
PHYSICAL
WORLD
PLATFORM
External
Data
Distributed Decision Making
Semantics
Middlewares & other applications interactions modes
Things Design
Choice of Networks
Things Naming & Addressing
Things Data analysis
& Modelling
Integration in
Management
Processes &
Operational
Processes
131
Reference diagram
Manage
Orchestrate
Extended Entreprise
Secure
Orchestrate
Extended OT
Orchestrate
Local OT
OT
Global Security
Orchestrate
Extended IT
Other same company
entities operations
Social
Media
External
Data
IT
Long decision
making loop
MNGT
Entreprise
Upwards Process
Governance
PLM
Things organised in
various levels of local
connectivity and controls
LAN
Access
Networks
CORE
NETWORK
AN
ALY
Analyse
SIS
Long decision
Business
making loop
Corporate
Governance
Other DBs
/ ERPs
ANALYSI
Analyse
S
OT Management
Entreprise
Downwards Process
PAN or
FF
PHYSICAL
WORLD
Individual Things
with imbedded
network access
Third Parties
Commerce
Third Parties
Operations
Market Places
Requirements
for changes
gateway
Personal
Area Network
Factory
Floor
Potentials for Local Processing
 Distributed Decision making
 Pre-processing
 Acting: Command / Control
Planning
« Creation »
Modelisation
Development
Tests
Integration
Design
System Engineering +
Entreprise Architecture
Prototyping
Requirements
for changes
132
Issues & Challenges
Heterogeneity
Number of
Things
Interoperability
Volume of
data
Scalability
Complexity
of solutions
Processing
and mining
the data
Openness -> discoverable
Abstraction
virtualisation
Network, Naming,
Computing & Analysis
Capacities
Standards
Application, Telecom,
management
Middleware
Thing design
Adressing: IPv6
Lack of resources
Right business models
System
EngineeringDistributed Processing
Low energy
protocols
Energy
efficiency
Network
coverage
Naming, Resolution
and discovery
Multiplicity of things,
versions, systems, protocols,
interactions modes, etc..
Data modelling
Ambient Intelligence
Market
fragmentation
Convergent
solution ?
Real Time
Processing
Data Volume,
Variety & Volacity
mechanisms for predictable
and deterministic resource
management
Deterministics
Identity Management
ad-hoc architecture
central vs local processing
Modularity
Intelligent architecture
zeroconfig
Connection to
Internet
Upward compatibility
Remote update/upgrade
Wider surface of
attacks
Poor OT Security
practice
Dynamic changes
Reliability
 Noisy data
 Unreliable resources, local ; reliable
message transfer
 frequency jammings
Data
Management
Ownership of Data
Autonomic Objects
Discovery & resolution
mechanisms
Gateways
Global Access
Semantics
Management
standards
Timeliness of data
Cost of connectivity
Openess
Security &
Privacy
• Instantaneous thing state (sleep, ..)
programmability
• dynamic network (de)/attachement
• Mobility: roaming
Device
Management
Addressing
mobility
Highly distributed
Resilience
Manageability
Openness -> discoverable Noisy environment
Leightweight protocol
133
CORLA
134
Altran VueForge
135
IOT & Big Data integration
VueForge™ platform perspective
Process
Connectivity
Security
136
Device
Management
Business Logic
Real Time
External
Systems
Integration
Integration
Management and reporting
Massive Data processing &
Analytics
Security
137
138
VueForge™ PLAY Platform
Rapid-prototyping and a light-weight IoT, Cloud-based platform.
Zigbee, Bluetooth, NFC,
Telemetry, DSRC, RFID,
etc.
MQTT ,STOMP, AMQP,
OpenWire, WebSockets,
REST, etc.
Administration Front-End
139
Third parties
connectivity
VueForge™ Full Platform (MOON)
 Third party application integration
definition
 Third party application design,
integration and tests
Convergent connectivity
(integration, transport)
Enterprise connectivity
(integration, APIs)
 Transport solution architecture
definition
 Traffic & capacity modeling
 Transport solution performance
tests & optimization
 Network elements / Gateway
design & customization
Policy & charging rules
- Billing  Policy and charging rules
definition & management
 Charging and billing
solutions design
 Traffic policy management
140
Devices
management
 Device remote installation,
upgrade, back-up & restore
 Device remote monitoring,
alarm management
 Device Interoperability tests
 Business application integration
definition
 Business application design,
integration and tests
 Customer infrastructure design for
performance and reliability
Authentication, security,
monitoring
 Security audit
 Global security solution
Design, installation and
configuration
 Aging, Defense &
robustness testing
 Health monitoring
Platform management
services
Database
management
 MOON installation, upgrade,
back-up & restore
 MOON Fault, Configuration,
Accounting, Performance
 Self Optimizing services
 Data model definition
 Data access monitoring and
analysis
 Data replication &
import/export for business
client or end user
141
ITS SECURITY
PIERPAOLO CINCILLA
IRT SystemX
142
#IoT2015
ITS Security (ISE)
Pierpaolo Cincilla,
Brigitte Lonc, Paul Labrogere
C-ITS: Challenges and Opportunities
New Complexity
Vehicles communicate
and cooperate
New Applications
Lane Keeping
Entertainment
Adaptive Cruise Control
144
C-ITS: Challenges
C-ITS
Safety
Security
Mobility Management
Traffic Organization
145
C-ITS Security
Authenticity
Integrity
Non repudiation
Privacy
Confidentiality
Main Security Requirements
Attack Description
Attack Severity
Attack Probability
Risk Analysis
RACE
Evita
TVRA
146
C-ITS Privacy Issues
Tracking Avoidance
Personal Data Broadcast
(e.g. location, speed, …)
Data Protection
Compliance With
National / International Laws
147
ISE PROJECT
Cooperative safety and mobility applications depend upon data from other
vehicles and the infrastructure

Context


Vehicles exchange messages via ITS G5 / 802.11p
Broadcast/Geocast information to neighbor
vehicle dynamics info (position, speed, heading …)
complete perception of dynamic environment for
active safety and future autonomous cars
Trust




Security and privacy are paramount
Challenges



Trust
Build affordable ITS secured systems and enabling security
infrastructure (PKI)
Provide solutions to ensure scalability, security and safety
Methods and Tools to design and validate trustworthy ITS
systems
Partnership :
• French pilot of cooperative ITS (Scoop@F)
• Automotive Electronics and Software (ELA)
Financial
support:
Academic
support:
148
ISE PROJECT: SECURED INTELLIGENT TRANSPORT SYSTEMS
Cooperative safety and mobility applications depend upon data from other
vehicles and the infrastructure
ISE Objectives
ITS security requirements analysis and risk management
(day1 and future applications)
Dependability
 Security architecture design and development
and security
(on-board and off-board)
Adaptability
 PKI design & development
(performances, scalability)
 Definition of the security system certification
process
CRITICAL SOFTWARE
 Validation platform for security tests
Scalability
(penetration tests)
Providing software technologies

and processes for
dependable & secure
systems
Financial support:
Academic support:
149
ISE Architecture Overview
RCA
3G/4G
AA
EA
Backbone
Network
PKI
RSU
Roadside
ITS-S
gateway
ITS Service
Center
150
ISE PKI Architecture
RCA
Distribution Center
Manufacturer
EA
AA
ITS-S
151
ITS Embedded Architecture (ETSI/ISO)
On-Board Unit
FACILITY
SECURITY
CAM
DENM
SAM
SPAT
MAP
LDM
NETWORKING
NF
BTP
TSL req.
Sngl. msg.
HSM
TCP/UDP
GN
Enrl./Auth.
S
F
IPv6
S
N
Integrity
S
H
Crypto.
Storage
Rply. prtc.
ACCESS
802.11p
IN
Account.
3G/4G
SI
Plausibility
Misbehav.
Legend
Layer
Module
API
152
Dissemination
Contribution to the European
Telecommunications Standards
Institute
Contribution to the
Internet Engineering Task
Force (TLS specification)
ELA
Contribution to the security
system deployment (PKI)
SCOOP@F
Complementarity:
ELA --> In-Vehicle Security Solutions
ISE --> Inter-Vehicle Security Solutions
153
ISE Demonstrator
ITS WC Bordeaux
Scenario
Future@systemx
Player 1
Player 2
OBU-1
Personal car
OBU-2
emergency or hacker
154
ISE Demonstrator
155
156
C-ITS Architectures
ISO CALM
C2C-CC
IEEE WAVE
ETSI
C-ITS Public Key Infrastructure (PKI)
ETSI
C2C-CC
IEEE
Context: IRT-SystemX
Rail
infrastructures
Networks and
digital
infrastructures
Composites
materials
Digital Systems
Engineering
Materials
engineering
and metallurgy
Infectiology
Nanoelectronics
Aeronautics, space
et embedded systems
Strong links with competitiveness clusters, Co-localized staff, 50% founds by PIA
159
Context: IRT-SystemX
Value Creation by
Technology transfer
Fostering synergies between academic
and industrial communities
A worldwide center of excellence in Digital
Systems Engineering
160
CLOSING SESSION
JEAN-PIERRE TUAL
THIERRY HOUDOIN
President of the Digital Trust & Security WG
President of the Telecoms WG
161
#IoT2015

IoT - Systematic

Transcription

Documents pareils

Internet of Things (IoT) - Formation Continue UNIL-EPFL

Engins Roulants

4228 Holland Dr Des Moines, IA 50310 | Home for Sale | Real

NEOTION strengthens its partnership with M2M

NEOTION partners with M2M Solution for Neohome

Levée de fonds du temps des Fêtes Holiday Fundraising Campaign

view list

here - South Asian Women`s Community Centre

Iowa Directory - CommonBond Properties

Sign and Design: Script as Image in a Cross

here - South Asian Women`s Community Centre

Hockey night in Ottawa

nanoinside-ir t

PART II PART II: THE RATIONALE OF SMART SPECIALISATION

Cost-effective Ultra High-Speed ADSL2+

GGS Newsletter June 2011 - Gallatin Gateway School

SAMSUNG ELECTRONICS (UK) LIMITED SMART TV “REWARD