Cliquez pour modifier le style du titre
Transcription
Cliquez pour modifier le style du titre
CEA-Tech developments for safe and secure IoT ecosystems Marc Duranton [email protected] www.cea.fr & February 20th, 2015 Introduction to CEA Tech & CEA global organization Cliquez pour modifier le style du titre Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division (CEA Tech) Materials Sciences Division Life Sciences Division Mission DAM : France’s national security independence Mission DEN : France’s energy independence Mission DRT : French business’ economic competitiveness & © CEA. All rights reserved February 2015 |3 CEA Tech: Key figures Cliquez pour modifier le style du titre • Annual operating budget > 600 M€ • More than 50 HIGH-TECH START-UP VENTURES over the past 10 years • 600 PRIORITY PATENTS applications / year A strong growth based on corporate funding • 4,500 EMPLOYEES External funding CEA funding External funding + 15% / year • 500+ CUSTOMERS : CAC 40 and SBF 120 (40%) SMBS and START-UP (45%) INTERNATIONAL (15%) External funding + 13% / year Amounts in M€ Annual Budget & © CEA. All rights reserved February 2015 |4 CEA Tech: Mission Statement Cliquez pour modifier le style du titre Create innovation and transfer it to industry - Main goal: working with and for industry - CEA: state-owned research organization >80% of our budget comes from R&D contracts Looking for long-term partnerships Results-oriented : best effort to address partners issues Project-oriented : reactive and flexible Making our technology reach the market is our priority - Our concern: seeking fair solutions for both parties & © CEA. All rights reserved February 2015 |5 CEA Tech Research Institutes Cliquez pour modifier le style du titre Laboratory of Electronics and Information Technologies Staff: 1800, Budget: €280 M Laboratory of Integrated Systems and Technologies Staff: 700, Budget: €80 M Laboratoty of Innovation for new Technologies for Energy and Nanomaterial Staff: 1100, Budget: €180 M Solar & © CEA. All rights reserved February 2015 |6 CEA Tech and IoT & IoT : Many application domains Cliquez pour modifier le style du titre Smart Cities Smart healthcare Smart Transport Smart Utilities Smart Spaces Smart Shopping © iStockphoto & J.Gallon. Many opportunities & © CEA. All rights reserved February 2015 |8 IoT: some figures Cliquez pour modifier le style du titre Cisco predicts 50B of connected object by 2020 X-as-a-service New business models Estimated market value $2 trillion by 2020 Up-to 1 trillion sensors deployed Traffic grows by 25% per year 2020 2010 2003 50 billions Humans & © CEA. All rights reserved Source: CISCO, AT&T 2015 Connected objects February 2015 |9 • • • • The 4 challenges of IoT: Data deluge Energy consumption Dependability Interoperability & • • • • The 4 challenges of IoT: Data deluge Energy consumption Dependability Interoperability & IoT Challenge #1: Data Deluge Cliquez pour modifier le style du titre Source: Paolo Faraboschi, HP & © CEA. All rights reserved February 2015 | 12 IoT Challenge #1: Data Deluge Cliquez pour modifier le style du titre Solutions for Data Deluge New communication protocols Sporadic traffic, asynchronous, decentralized, low power Local based services Indoor ranging, positioning, anchor based/distributed Spectrum harvesting Spectrum scavenging, new bands (millimeter wave, white spaces), coexistence and sharing New Sensors Smart sensors, smart imagers, ultra low power sensor node & © CEA. All rights reserved February 2015 | 13 New Communication Protocol Cliquez pour modifier le style du titre Remote Management Security, Protocols, Software update… Security within the WSN & for connectivity Enterprise Cloud & Services Smart Buidling IP backbone Smart Home (e.g. Internet) Smart Grid Multi-access support & Mobility of WSN Low footprint networking and services stacks Industrial Networks In-vehicle WSN sensors & actuators Low-power radio 802.15.4, … IPv6 protocols for low power, robust & efficient networking in multi-hop and constrained WSN Others… WiSePRoM components WiSePRoM Software Platform by CEA Tech Make wireless sensor networks easy to deploy, secure and manage Wireless IP Sensor Network Protocols and & © CEA. All rights reserved Remote Management February 2015 | 14 Cliquez Power & Bandwidth Efficiency Remote & Simultaneous Software Update for groupsle of style sensors du / actuators pour modifier titre Reliability Runtime, seamless and modular software upgrade framework Software Upgrade Server (Linux / Android) IPv6 WiFi Internet/WSN Gateway Internet/WSN Gateway (Linux) WSN (6LowPAN) Reliable multicast WSN (6LowPAN) Complement & Integrated with ETSI M2M platform (OMA-DM) & Unicast WSN node Control server (software update + application server) Application Application Software update management WiSePRoM Internet/WSN Gateway Software update management Reliable Multicast Reliable Multicast Unicast UDP Unicast UDP IPv6 / 6LowPAN IPv6 / 6LowPAN IPv6 IPv6 802.15.4 MAC + PHY 802.15.4 MAC + PHY L1+L2 © CEA. All rights reserved L1+L2 February 2015 | 15 Local based services : IR-UWB for localization Cliquez pour modifier le style du titre Track items or individuals within a few centimeters… over long ranges SpoonPhone RF IC solution for consumer market • Frequency Band 3.2 à 8.8 GHz : 8 channels • BW : 500MHz to 1GHz, Data rate up to 5 Mbps • Range : up to 2000m, Ranging accuracy <4cm • Low Power & © CEA. All rights reserved February 2015 | 16 Sigfox : Utra Narrow band radio Cliquez pour modifier le style du titre Provides a unique global cellular connectivity solution, from the customers’ devices to their software applications RF IC solution for consumer market • ISM band 433/868/915 MHz • 100 bps to 1kbps • Sensitivity -140dBm • Global cellular connectivity at low power • Can support millions of connected devices & © CEA. All rights reserved February 2015 | 17 Spectrum harvesting : High data rate NFC Cliquez pour modifier le style du titre Solution to share and experience content locally with a mobile device Nokia World ’ 11 10s required to download 1 Gigabit of content from battery-less memory tags RF IC solution for consumer market • Coupling RFID and IR UWB • Data rate from 54 to 125 Mbps @ 30cm • Power consumption : 5mW • Low cost & © CEA. All rights reserved February 2015 | 18 New sensors Cliquez pour modifier le style du titre Characterization of RFID chips (impedance, sensitivity) at 800-1000 MHz Characterization of specific materials Design and test of custom tag antennas Simulation and characterization of read/write range performances at 8001000 MHz & © CEA. All rights reserved February 2015 | 19 • • • • The 4 challenges of IoT: Data deluge Energy consumption Dependability Interoperability & IoT Challenge #2: Energy consumption Cliquez pour modifier le style du titre Solutions for energy Energy efficient technology: FDSOI ULP IC design, ULP memories, resistive memories, power management, 3D integration, sense & react, optical interposer Energy Efficient server ARM 64 bit, FDSOI, Interposers, … Low Power Cyber Physical Systems Low power mixed IC design, adaptive matching technologies, low to zero power devices & © CEA. All rights reserved February 2015 | 21 IoT Challenge #2: Energy consumption Energy efficientle technology: Cliquez pour modifier style du FDSOI titre Demonstrated by CEA Tech and STMicroelectronics ISSCC 2014 Ultra-Wide Voltage Range (UWVR) operations: VDD=[0.39V – 1.3V] High-frequency: Fclk > 2.6GHz @ 1.3V Fclk > 450MHz @ 0.39V Fully Depleted – Silicon on Insulator Improved performance Improved performance-per-watt Adaption to variability of loads & © CEA. All rights reserved February 2015 Prototype chip from Beigné, ISSCC ‘14 UTBB-FDSOI performance gain versus conventional Bulk CMOS technology. Blue: no body biasing, Green: FBB = +1V. | 22 IoT Challenge #2: Energy consumption Silicon enablement platform CliquezThe pour modifier le style dumodel titre Design Center Industrial needs FOUNDRIES DKs Silicon Manufacturing SHOP ECO SYSTEM IC DESIGN PLATFORM ACCESS TO ADVANCED IPs EMULATOR & TEST PLATFORMS INDUSTRIAL MPW SHUTTLE EXPERTISE & SERVICES ONE STOP IPs Services Academics Innovative products Ideas Testchips Production CHAIN VALUE Pre-series line A single partner along product maturation & © CEA. All rights reserved February 2015 | 23 IoT Challenge #2: Energy consumption Energy efficient compute Cliquez pour modifier lenodes stylefor duservers titre Technology • • • FD-SOI 3D silicon integration 64-bit ARM Cores Interposer • • • • • Passive or active Mature technology node Application specific Medium volume Cost effective assembly Scalable approach: form micro-servers to HPC & © CEA. All rights reserved February 2015 | 24 IoT Challenge #2: Energy consumption Power Cyber Systems Cliquez pour modifier le Physical style du titre Responsive Power-Management Unit (PMU) Battery / Energy Leakage Harvester management Configuration Management Unit (CMU) Responsiveness Wake-up Radio Wake-up Sensors Wake-up Imager Wake-up Timers Energy control Wake-up Controller Advanced Programmable Wake-Up features Ultra Low Power Lightweight crypto Authent /Securit y Event/Energydriven Always-Responsive Sub-system & © CEA. All rights reserved February 2015 | 25 IoT Challenge #2: Energy consumption L-iotpour : a flexible architecture for IoT Cliquez modifier le style du nodes titre Power-Management Unit (PMU) Battery / Energy Harvester Wake-up Radio Wake-up Sensors Wake-up Imager Wake-up Timers Energy control Wake-up Controller Authent /Securit y Always-Responsive Sub-system CPU (Register) Memory (SRAM & eNVM) MCU Co-processing (RF, crypto, data fusion, imager) Configuration Management Unit (CMU) Radios Sensors Imager On-Demand Sub-system Adaptive Always-Responsive/On-Demand according to energy levels & © CEA. All rights reserved February 2015 | 26 IoT Challenge #2: Energy consumption /OnleDemand platform CliquezFlexible pourWake-up modifier style du titre Applicative Power-Management Unit (PMU) Battery / Energy Leakage Harvester management Application-driven CPU (Register) Processing/Communication power Memory (SRAM & eNVM) Integrity/Confidentiality MCU Co-processing (RF, crypto, data fusion, imager) Configuration Management Unit (CMU) Responsiveness Radios Sensors Imager On-Demand Sub-system & © CEA. All rights reserved February 2015 | 27 IoT Challenge #2: Energy consumption /OnleDemand platform CliquezFlexible pourWake-up modifier style du titre Adaptive Power-Management Unit (PMU) Battery / Energy Leakage Harvester management Configuration Management Unit (CMU) Responsiveness Advanced Power Management Unit Gain: POWER/100 Configuration for adaptivity Energy Harvesting & © CEA. All rights reserved February 2015 | 28 • • • • The 4 challenges of IoT: Data deluge Energy consumption Dependability Interoperability & IoT Challenge #3: Dependability IoT: thele Internet Cliquez pour modifier style ofduThreats titre Today security / privacy issues make the newspaper headlines Massive adoption of IoT by citizens relies on confidence in terms of security and privacy & © CEA. All rights reserved February 2015 | 30 IoT Challenge #3: Dependability Most of thepour IoT nodes are accessible attackers Cliquez modifier le styletodu titre Implementations must be secured-by-design Memory dump , reverse engineering, side channel analysis, bus probing… “Trustworthy computing (with software) cannot exist until we have trustworthy hardware to build it on” Dr. Dean Collins, Deputy Director, DARPA & © CEA. All rights reserved February 2015 | 31 IoT Challenge #3: Dependability Cliquez pour modifier le style du titre Solutions for Dependability Reliability Reliable communication systems for M2M, Privacy and trust. Criticity Real-time OS, dynamic compilation, critical cloud data processing, distributed computing, resource agnostic sensor networks Security Privacy and trust, authentication, scalable secure networks, lightweight crypto, homomorphic cryptocomputing & © CEA. All rights reserved February 2015 | 32 IoT Challenge #3: Dependability CEA Tech solutions security Cliquez pour modifier le stylefordu titre 1. Security assessment and certification 2. Hardware security for IoT nodes 3. Secure middleware solutions from sensors to gateways 4. Reliable and secure wired/wireless network technologies 5. Design of large scale deployment secured schemes & © CEA. All rights reserved February 2015 | 33 IoT Challenge #3: Dependability Security evaluation certification Cliquez pour modifier le and style du titre Certification ITSEF: licensed laboratory Common Criteria security evaluations up to the highest Evaluation Assurance Level (EAL7) on electronic components and embedded SW French certification scheme International banking schemes Security evaluation of embedded systems Software attacks Physical attacks Domains SmartCard Banking, Pay TV, e-Identity Automotive ECUs, body control, motor control & © CEA. All rights reserved February 2015 | 34 IoT Challenge #3: Dependability Network security analysis Cliquez pour modifier le styleand dutesting titre Analyze threats on industrial protocols Information system Detailed analysis of protocol specifications Implement attacks on wired / wireless multi-protocols industrial sensor networks Develop dedicated tools (SW + HW) to perform security tests Aggregator / Concentrator / Gateway Build security test-beds Analyze the criticality of attacks Propose security solutions Adapt existing solutions to match the industrial network context Develop new solutions & Sensors © CEA. All rights reserved February 2015 | 35 IoT Challenge #3: Dependability integration security Cliquez pourHardware modifier le styleofdu titre Secure design of components and systems Tradeoff Hardware implementation constraints Resistance to attacks Power consumption Size / volume Cost IoT dedicated cryptography Cost effective solution Tamper resistant chip design & Ultra low cost pairing © CEA. All rights reserved February 2015 | 36 IoT Challenge #3: Dependability Reliable communication for titre M2M Cliquez pour modifier lesystems style du Strong network security in resources-constrained wireless sensor networks (WSN) interconnected to larger infrastructures • • • • Lightweight IP security protocols adapted to the limited resources of WSN (power, CPU, memory…) Network access control Key Management Remote & adaptive management of WSN security • • • • • • Protect the data transmitted Protect the network infrastructure Authentication & network access control Dynamic key establishment Threat /Intrusion detection mechanisms in WSN Dynamic security adaptation to react to threats Trust management system for WSN Adaptive Security Management Secure software update for WSN • & Secure, reliable and resource-efficient sensor software update from a remote server © CEA. All rights reserved February 2015 | 37 IoT Challenge #3: Dependability hardened Cloud Cliquez pourSecurity modifier le style dusystem titre Secure cloud server end-to-end infrastructure prototype. USIM-based authentication and key establishment. HW-assisted on-the-fly memory encryption. By construction: hypervisor out of the TCB. Code & data confidentiality & integrity. A unique encryption key per VM. HW-assisted task switching. HSM: Hardware Security Module & CEA. All rights Computing reserved TCB:©Trusted Base February 2015 | 38 IoT Challenge #3: Dependability enforcement Cliquez pour modifierCriticity le style du titre Anaxagoros Hypervisor for mixed criticality apps. Spatial and temporal security. Resource lending as a design principle. « Day one » use of formal verification (Frama-C). Ability to virtualize Linux, OSEK and PharOS. & © CEA. All rights reserved February 2015 | 39 IoT Challenge #3: Dependability Secure Execution with Innovative Security Cliquez pour modifier le style duTradeoff titre How to be sure that the remote computing platform will not misuse your data? Current idea: a (micro-)processor processes only clear data What if a processor could work directly on encrypted data without having to disclose any secret? This is where the potential of homomorphic encryption emerges & © CEA. All rights reserved February 2015 | 40 IoT Challenge #3: Dependability Homomorphic Cliquez pour modifier le styleencryption du titre An homomorphic encryption system is a cryptosystem which, on top of allowing to encrypt and decrypt data, allows to perform (any) calculations in the encrypted domain. In essence, the « cryptocomputer »: Keeps its algorithm private. Can insert any (cleartext domain) data into the calculation. Has access to neither intermediate nor final calculations results. Such (secure) cryptosystems have been shown to exists in 2009. Although theoretically efficient, the first systems were totally impractical. But now, we are tackling the first real apps! & © CEA. All rights reserved February 2015 | 41 • • • • The 4 challenges of IoT: Data deluge Energy consumption Dependability Interoperability & IoT Challenge #4: Interoperability Cliquez pour modifier le style du titre Solutions for Interoperability Overcome the fragmentation of verticallyoriented closed systems Move towards open systems and platforms that support multiple applications. & © CEA. All rights reserved February 2015 | 43 IoT Challenge #4: Interoperability Today: Domain-centric, solutions Cliquez pour modifier levertical style du titre SmartHome SmartHealth SmartTransport - Monitoring medicine intake - Personalized diabetes assistance - Providing training tips -… SmartCity SmartShopping - Managing parking space - Lighting up a city efficiently - Monitoring Air Quality -… - Promoting carpooling - Minimizing taxi delays - Avoiding traffic jams -… - Monitoring and controlling - Saving energy comfortably - Interacting with appliances -… & Illustrations from the EU FP7 BUTLER project - Managing sparkdeals - Getting advice on buying goods - Retrieving discount -… ! © CEA. All rights reserved February 2015 | 44 IoT Challenge #4: Interoperability Tomorrow: Horizontal smartdu solutions Cliquez pour modifier le style titre HW/SW platforms & Illustrations from the EU FP7 BUTLER project © CEA. All rights reserved February 2015 | 45 IoT Challenge #4: Interoperability Holistic virtualization platforms of physical world Cliquez pour modifier lethe style du titre IoT is about managing resources: Network Heterogeneity and variability management Distributed resources (Linc) Device as a Service (SensiNact) Rapid prototyping and deployment: LINC • • Lightweight & distributed CEA Tech developed solution & Management of the unexpected Virtual sensors or resources Continuous integration • • © CEA. All rights reserved SensiNact Everything-as-a-service approach Fully OSGi compliant February 2015 | 46 IoT Challenge #4: Interoperability Cliquez pour modifier le sensiNact style duStudio titre sensiNact Studio: tool for IoT application development and deployment Deployment View Navigator View Properties View & DSL editor © CEA. All rights reserved Graphical Editor February 2015 | 47 CEA-Tech contribution to EU-Japan projects & EU-Japan ICTmodifier Cooperation Cliquez pour le style du titre Japan and the European Union are two key players in the ICT field IoT will require interoperability Scale of today’s global challenges requires that we work together more closely and effectively In conformity with the mutual interests and the research orientation of the EU and Japan Specific actions dedicated to EU-Japan partnership Specific calls for cooperative projects in H2020 & © CEA. All rights reserved February 2015 | 49 Cliquez ClouT: Cloud of Things for empowering the citizen in smart cities pour modifier le clout style du titre AT A GLANCE Project coordinator : Clout-EU: Levent Gürgen, CEA, France ClouT-JP: Yoshio Saito, NTT East, Japan Partners: ClouT-EU Engineering, Italy Universidad de Cantabria, Spain ST Microelectronics SRL, Italy Ayuntamiento de Santander, Spain Comune di Genova, Italy ClouT-JP NTT East NTT R&D Keio University Panasonic System Solution National Institute of Informatics Duration: 36 months Total cost: €2,32M for ClouT-EU €1 ,5M for ClouT-JP, funded by NICT Programme: FP7-ICT-2013- EUJapan Further information: http://clout-project.eu Dr Levent Gürgen CEA-LETI [email protected] +33 4 38 78 97 57 & © CEA. All rights reserved February 2015 | 50 Introduction to ClouT (Video) Cliquez pour modifier le style du titre & © CEA. All rights reserved February 2015 | 51 Cliquez pour First reference architecture and its implementation Main achievements at mid-term the project modifier le styleof du titre 10 use cases from 10 application domains Development of field trials in 4 pilot cities & © CEA. All rights reserved February 2015 | 52 Interactive city Fujisawa Regular Mode Cliquez pour modifier le style du titre Public City Database • Map • Tourism • Citizen Participation Private City Related Sensor Info. Company Database • Camera • NPO HP • Camera • Event Info. Database Public API ・Restrant Info. SNS • Local SNS • Twitter Store Info. • Coupon • Time Sales Sensor Info.. ・Interactive Street・Santander ・Illumination Sensor ・Train Info. Input Data from Sensor or Database Storage Daytime DB Nighttime ▼ ▼ Provide appropriate lighting for food and drink Enoshima Station × CautionMode RegularMode × Like! Info. From Sensor And Citizens Restaurant Day will sink in an hour. Next Departure Ofuna 15:15 Fujisawa 15:20 ・Shop/Tourism Info. ・Info. From Citizens ・Train/Station Info. & Anonymity ▼ ▼ Project the description of real time info. on the wall Project the production on the table Tourist Info. Center Street 【RegularMode】 Analysis ▼ ▼ ▼ ▼ Station Delivery ▼ ▼ Data Format Conversion Project the description of real time info. on the wall © CEA. All rights reserved Day will sink in an hour. February 2015 | 53 Interactive city Fujisawa Emergency Mode Cliquez pour modifier le style du titre Public City Database • Map • Tourism • Citizen Participation Private City Related Sensor Info. Company Database • Camera • NPO HP • Camera • Event Info. Database Public API ・Restrant Info. SNS • Local SNS • Twitter Store Info. • Coupon • Time Sales Sensor Info.. ・Interactive Street・Santander ・Illumination Sensor ・Train Info. Input Data from Sensor or Database DB ▼ ▼ ▼ ▼ Station Delivery Daytime Nighttime Provide appropriate lighting for food and drink Enoshima Station × CautionMode RegularMode × Like! Info. From Sensor And Citizens Restaurant Disaster prevention Weather information Out of Service Hill Anonimity ▼ ▼ Project the description of Emergency info. on the wall Project the production on the table Tourist Info.Center Street 【EmergencyMode】 & Analysis ▼ ▼ Storage ▼ ▼ Data Format Conversion Project the description of Emergency info. on the wall © CEA. All rights reserved Disaster prevention Evacuation Site Hill February 2015 | 54 Fujisawa Dashboard Cliquez pour modifier le style du titre ClouT Architecture Virtualized City Resources Recommended View Fuji Mt. and Sunset In 30 min, & © CEA. All rights reserved February 2015 | 55 ClouT: use case Cliquez pour modifier le style du titre & © CEA. All rights reserved February 2015 | 56 Mitaka Field Trial Scenario Cliquez pour modifier le style du titre Elderly people get information on the application (called “Paw Collection”) , will go out if they get motivated by the information and write comments for the other users to motivate to go to the place. The other users read comments of the facilities on Paw Collection ,that motivates them to go out. Going out support (Health promotion) Community Creation Revitalization Of City Environment New Paw Arrived Beautiful cherry! Paw readers Paw Users [STEP1] Write comments Paw) Registration Information (Paw) One reaction Reaction (Reaction Paw) [STEP4] Watch the “Reaction Paw” & [STEP2] Notice a paw to user who meets conditions. I visited I took photos too. [STEP3] Registered reaction of Paw(user action) as a “Reaction Paw” © CEA. All rights reserved February 2015 | 57 Paw Collection in Mitaka Cliquez pour modifier le style du titre We inspect how elderly people get motivated to go out by using Paw Collection. (IC-tags installed in 31 facilities in Mitaka City for this trial) We expect the effect such as health promotion , revitalization of the cities by going out. 牟礼コミュニティセンタ & © CEA. All rights reserved February 2015 | 58 Brand new H2020 project! Cliquez pour modifier le style du titre Santander FEderated interoperable SmarT ICT services deVelopment And testing pLatforms October 2014-September 2017 & © CEA. All rights reserved February 2015 | 59 Real-life testbeds, field trials - Japan Cliquez pour modifier le style du titre Large scale experimentation in real-life environments: Osaka train station Smart city, smart building Smaller scale, experimental platform at Osaka and Kansai area Smart POS, smart energy, smart health, smart transport, Osaka Osampo service(ISID) & © CEA. All rights reserved February 2015 | 60 Conclusion & Teaming EU-JP pour IoT du projets Cliquez pour modifier le style titre CEA Tech is developing innovative solutions covering most aspects of IoT Special focus on low energy and security CEA Tech allows its partners to access new technologies Design center supporting FDSOI technolgy Ultra low power IPs in sensing, computing and communicating Scalable middleware for networks of IoT nodes Secure and trusted solutions including homomorphic encryption Real-Time hypervisor and virtualization for mixed real-time criticality loads CEA Tech is a key player in EU-JAP cooperative projects on 5G, IoT and cloud technologies We wish to reinforce the current cooperation between CEA Tech and Japan with dedicated programs & © CEA. All rights reserved February 2015 | 62 Thank you for your attention [email protected] Centre de Grenoble 17 rue des Martyrs 38054 Grenoble Cedex Centre de Saclay Nano-Innov PC 172 91191 Gif sur Yvette Cedex