Internet of Things DC: June 16 Meetup - Digi International

36
Beyond Gadgets: Beyond Gadgets: The Industrial and Commercial Side of the Internet of Things Steve Mazur - Digi International, Inc. Internet of Things DC June 2014

description

Digi International slides from June 16, 2014 Internet of Things DC meetup.

Transcript of Internet of Things DC: June 16 Meetup - Digi International

Page 1: Internet of Things DC: June 16 Meetup - Digi International

Beyond Gadgets:Beyond Gadgets:  The Industrial and Commercial Side of the Internet of Things

Steve Mazur - Digi International, Inc.

Internet of Things DCgJune 2014

Page 2: Internet of Things DC: June 16 Meetup - Digi International

Topics

Technology TrendsM2M N t k d P d tM2M Networks and ProductsLED Street Light SystemWireless Security

2

Page 3: Internet of Things DC: June 16 Meetup - Digi International

Internet ConnectivityInternet Connectivity

• Half the world will have Internet access by 2020

• Ubiquitous Internet moves to 1/3

• Ubiquity drives dependency

Page 4: Internet of Things DC: June 16 Meetup - Digi International

Internet of Everything ElseInternet of Everything Else• Internet of Things today 

driven by consumersdriven by consumers– High adoption– Lower ASPs

• Everything Else– Security– Mobile Assets– Consumption Monitor– Device HealthDevice Health

Page 5: Internet of Things DC: June 16 Meetup - Digi International

Internet of Things / M2MInternet of Things / M2MTargets

Commercial Consumer

Driven by Driven byDriven by‐ Business outcome‐ Traditional ROI 

Metrics

Driven by‐ Convenience‐ Entertainment

Page 6: Internet of Things DC: June 16 Meetup - Digi International

Commercial Examples

Companies are ableCompanies are able to grow their business through the technology…

…and use the efficiencies gained to fund that growththat growth

Page 7: Internet of Things DC: June 16 Meetup - Digi International

Network Technologies & Methods

M2MM2M

7

Page 8: Internet of Things DC: June 16 Meetup - Digi International

M2M Wireless Networks

Satellite

Cellu

lar

ZigB

ee

WiFi

luetoo

th

S C Bl

Underlying Standard Proprietary LTE, …  802.15.4 802.11 802.15.1

Max Range/Coverage Global 98% of Pop 1.6km 250m 100mMax Range/Coverage Global 98% of Pop 1.6km 250m 100m

Architecture Star, Mesh Star Mesh Star Star

Transmit Power (dBm) 18 ‐ 38 23 ‐ 33 0 ‐ 18 3 ‐ 16 0 ‐ 20

Receive Power (mW) 225 ‐ 975 380 ‐ 1500 92 ‐ 148 330 150

Max Bandwidth (bps) 25K 25M 250K 600M 24M

Module Cost $70 ‐ $220 $10 ‐ $120 $5 ‐ $15 $5 ‐ $30 $5 ‐ $25

Optimized for Global Coverage Broadband, In‐Building Low Power Broadband Convenience

Page 9: Internet of Things DC: June 16 Meetup - Digi International

Licensed Broadband SpectrumM bil b db d t tl il bl d i th FCC i liMobile broadband spectrum currently available and in the FCC pipeline

Band Name Frequency Current Future

Below 700 MHz 600 MHz ‐ 70+

700 MHz 700 MHz 70 ‐00 00 0

Cellular 800 MHz 64 ‐

Federal 1700/1800 MHz ‐ 15+

PCS 1900 MHz 130 10

AWS 2.1 GHz 130 30

WCS 2.3 GHz 20 ‐

BRS/EBS 2.6 GHz 194 ‐

608 125+9

Page 10: Internet of Things DC: June 16 Meetup - Digi International

Unlicensed Broadband SpectrumM bil b db d t tl il bl d i th FCC i liMobile broadband spectrum currently available and in the FCC pipeline

Band Name Frequency Current Future

TV White Spaces Below 700 MHz 0‐150 +

ISM ‐ 900 MHz 902‐928 MHz 26 ‐

U li d PCS 1880 1930 MH 10Unlicensed PCS 1880‐1930 MHz 10 ‐

ISM – 2.5 GHz 2400‐2483.5 MHz 83.5 ‐

WiMax 3550‐3700 MHz 50 100WiMax 3550 3700 MHz 50 100

Public Safety 4940‐4990 MHz 50 ‐

WAS 5 GHz 5150‐5350 &  555WAS – 5 GHz 5470‐5825 MHz 555 ‐

WAS Extended 5350‐5470 & 5850‐5925 MHz ‐ 195

774.5 – 924.5 295+ 10

Page 11: Internet of Things DC: June 16 Meetup - Digi International

HetNet (Heterogeneous Network)P f l C bi i f Li d & U li d C ll l & WiFiPowerful Combination of Licensed & Unlicensed, Cellular & WiFi

• Foundation is Licensed Spectrum• Bandwidth rich Unlicensed• Bandwidth‐rich Unlicensed 

Spectrum around 5 GHz delivers extra Capacity, using Wi‐Fi to seamlessly offload (Hotspot 2 0)seamlessly offload (Hotspot 2.0)

• LTE Advanced in Unlicensed Spectrum harmoniously co‐exists 

hwith WiFi• Typically cell ranges

– Standard base station up to 35 km– Microcell is less than two km wide– Picocell is 200 meters or less– Femtocell is around 10 meters

11

Page 12: Internet of Things DC: June 16 Meetup - Digi International

M2M Products & ServicesGrowth Products & Services Example Vertical

Wireless GatewaysRF, ZigBee, Cellular

p

Energy

ARM Core Modules Cellular Routers

T t tiTransportation

Application GatewaysSmart Energy, ERT, M‐Bus

RF ModulesMedical

Tank Monitoring

12

Page 13: Internet of Things DC: June 16 Meetup - Digi International

XBee Modules & SystemsXBee Modules & Systems• XBee Types• Arduino UNO with XBee Shield

Page 14: Internet of Things DC: June 16 Meetup - Digi International

System Diagram for XBee PRO Programmable ModuleXBee‐PRO Programmable Module

XBee‐PRO ZB programmable module

XBee-PRO ZB module (S2B)Ember EM250

Freescale MC9S08QE32CPU

Programmable Option

I/O Interface

ADC 10 bit

UART

DIO

Memory

FLASH 32KB

RAM 2 KB

8-bit HCS08

Up to 50.33 MHz

Additional

Memory

ZB Firmware

Power ManagementUnit

Additional I/O Interface

I2C

PWM

RTC

UART 1

UART 2

ADC 12 bit

External I/O10 pins

External UART Lines

RTC

SPI

ADC 12 bit

DIO

Page 15: Internet of Things DC: June 16 Meetup - Digi International

What is Device Cloud?Cloud service for device connectivity, management, integration and scalability

Technology PillarsEnd‐User

ApplicationsDevice

ManagementBack‐OfficeSystems

Device Connectivity

Technology Pillars

Application Integration

Performance

Scalability

ReliabilityRemote

Security

Remote/

RemoteGateways /

Embedded Devices

Sensors/Devices

15

Page 16: Internet of Things DC: June 16 Meetup - Digi International

Device Cloud Platform

Internet Etherios Solutions

Firewalls

Device Aggregator

Cluster

Control CenterCluster

Private

VPNConcentrators Load

Balancers

CellularCarriers

MS SQLDatabase Cluster Cassandr

aLong Term

TerracottaCluster

Storage

To mated,duplicate ring

16

Page 17: Internet of Things DC: June 16 Meetup - Digi International

Solution ExampleSensor/

ConnectorAggregator/ Transformer Infrastructure ApplicationEquipment

Partner

DIA APIC ll l

Embedded Router

DIA API Cellular

17

Page 18: Internet of Things DC: June 16 Meetup - Digi International

Mesh System ‐yLED Street Lighting

owletowleti n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n gi n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n g

Page 19: Internet of Things DC: June 16 Meetup - Digi International

What is ZigBee?gThewireless mesh networking standard for monitoring & controlfor monitoring & control

– Based on IEEE 802.15.4 standard– Reliable & robust (self‐healing)– Interoperable (multiple vendors)Interoperable (multiple vendors)– Simple (self‐configuring)– Flexible (mesh topology)– Secure (built‐in AES Encryption)( yp )

Page 20: Internet of Things DC: June 16 Meetup - Digi International

Cellular or Fiber

Page 21: Internet of Things DC: June 16 Meetup - Digi International

owlet i n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n gowlet i n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n g

Page 22: Internet of Things DC: June 16 Meetup - Digi International

Network Nodes in ZigBee Mesh

Luminaire Controller• Interface = XBee Module• Router Configuration• ZigBee at 2 4GHz• ZigBee at 2.4GHz

Segment Controller = Connectport X • WAN to PAN connectivity (Cellular, Ethernet,…)• Owlet functionality programmed in PythonOwlet functionality programmed in Python

Page 23: Internet of Things DC: June 16 Meetup - Digi International

100mpole to pole distance

AntennaUp to Antenna& TX Power Options

Up to150 Nodesper SeCo

Page 24: Internet of Things DC: June 16 Meetup - Digi International

Pilot Installation “Powerline Solution“

54 dB48 dB

66 dBNoise

fluctuatesin mix grid‘s

LP 110

LP 116LP 109

LP 108

LP 107LP 103

LP 115

LP 114LP 112

LP 111LP 113

LP 1´17

LP 105

48 dB

54 dB 24 dB

g

LP 106

LP 100

LP 99

LP 97

LP 89LP 83 LP 93LP 87LP 85

LP 104LP 102

LP 95

LP 101

0 dB54 dB

54 dB54 dB 24 dB

LP 90LP 94

LP 96LP 91LP 89LP 83

LP 82 LP 88

LP 93

LP 86LP 84

LP 87

Attenuationhave to be

d

72 dB

36 dB54 dBexcellent

Knowledgeabout

Grid Structure

measured36 dB

54 dB

good

bad

no chance

excellent

Grid Structure

Page 25: Internet of Things DC: June 16 Meetup - Digi International

Pilot Installation “Proprietary RF Solution“

LP 110

LP 116LP 109

LP 108

LP 107LP 103

LP 115

LP 114LP 112

LP 111LP 113

LP 1´17

LP 10508

LP 106

LP 100

LP 99

LP 97

LP 89LP 83 LP 93LP 87LP 85

LP 104LP 102

LP 95

LP 101

LP 90LP 94

LP 96LP 91LP 89LP 83

LP 82 LP 88

LP 93

LP 86LP 84

LP 87

Channelsli it d

Bandwidthis limited in lowfrequency net‘s

Rangeis important in a non mesh net

are limited, e.g.868MHz/1 Ch.

Page 26: Internet of Things DC: June 16 Meetup - Digi International

Pilot Installation with a ZigBee mesh network

LP 110

LP 116LP 109

LP 108

LP 107LP 103

LP 115

LP 114LP 112

LP 111LP 113

LP 1´17

LP 10508

LP 106

LP 100

LP 99

LP 97

LP 89LP 83 LP 93LP 87LP 85

LP 104LP 102

LP 95

LP 101

LP 90LP 94

LP 96LP 91LP 89LP 83

LP 82 LP 88

LP 93

LP 86LP 84

LP 87

Channels

Plusself healingadv. routing

Rangeextended bymesh hopping

16 available &auto assigned

g

Page 27: Internet of Things DC: June 16 Meetup - Digi International

Antenna Selection: Range Tests

Range tests:

Transmit powerRange [meters] / Averaged of 5 measurementsDipole Whip Chip U FLTransmit power Dipole‐Antenna

Whip‐Antenna

Chip‐Antenna

U.FL‐Antenna

‐7dBm = 0.2mW 328.5 227.5 120.7 197.0

‐1dBm = 0 8mW 515 7 231 2 121 7 221 91dBm = 0.8mW 515.7 231.2 121.7 221.9

+3dBm = 2mW 665.1 441.1 102.0 304.7

Page 28: Internet of Things DC: June 16 Meetup - Digi International

Interference field tests – Coexistence WiFi / ZigBee

InterferenceField Tests

‘W C S i ‘

Relative decreasing baud rate [%]0 Hops 2 Hop 4 Hops 6 Hops

Baud rate without 100% 48% 29% 23%‘Worst Case Scenario‘ WLAN activity100% 48% 29% 23%

Baud rate with 100% WLAN activity  30% 24% 17%

InterferenceConsideration

‘Normal Case Situation‘

Page 29: Internet of Things DC: June 16 Meetup - Digi International

Wireless SecurityProtection against unauthorized access a comparison of the mostProtection against unauthorized access – a comparison of the most common approaches

FIPS 140‐2

IPSec VPNWPA2‐PSK

Smart Energy 1.x

ZigBee1.x

Page 30: Internet of Things DC: June 16 Meetup - Digi International

System SecurityS it i i d t t t i t i d tt k d t d t i t itSecurity is required to protect against misuse and attack, and to ensure data integrity

• Cryptographic security functions can beCryptographic security functions can be grouped into 3 main categories:– Encryption of packets prevents snooping by an– Encryption of packets prevents snooping by an unauthorized source.

– Message Integrity ensures that a packet has notMessage Integrity ensures that a packet has not been tampered with in transit.

– And Authentication verifies that the message isAnd Authentication verifies that the message is from a valid source.

Page 31: Internet of Things DC: June 16 Meetup - Digi International

NIST FIPS 140‐2Government‐approved Cryptography.  Our baseline.

• Agencies and Corporations are increasingly specifying FIPS 140‐2 le el 1 & 2 sec rit for ireless comm nicationslevel 1 & 2 security for wireless communications

• Developed by the National Institute of Science and Technology (NIST)

• Purpose is to establish the security requirements for cryptographic modules when Federal organizations use cryptographic‐based security systemsy y

• Avenues to achieve compliance:– Full validation by NIST– Integrate FIPS hardware or software module– Integrate OpenSSL FIPS Object Module

Page 32: Internet of Things DC: June 16 Meetup - Digi International

IPSec VPN PerformanceComparison of Implemented Security Functions to FIPS 140‐2.

Functions IPSec VPN FIPS 140‐2 Comment

Key Derivation Diffie‐Hellman HMAC.  See RFC 5996, Sec 2.14.

Approved.  See NIST SP 800‐135, Sec 4.1.2.

Key Agreement IKEv2 with Diffie‐Hellman Group 2.  See RFC 5996, Sec 3.4.

Not Approved but Allowed. See NIST SP 800‐57 Part 3, Sec 3.2

Encryption CBC‐AES with 128‐bit keys. See  Approved.  See NIST SP 800‐38A & FIPS Encryption RFC 5996, Sec 3.3.2. 140‐2 Annex A.

Authentication / Integrity

HMAC‐SHA1.  See RFC 4307, Sec 3.1.1.

Approved. See FIPS 180‐4, 198‐1, 140‐2 Annex A.

Peer Authentication RSA Digital Signature.  See RFC 5996, Sec 3.8

Approved.  See FIPS 186‐2, 140‐2 Annex A.

Page 33: Internet of Things DC: June 16 Meetup - Digi International

ZigBee PerformanceComparison of Implemented Algorithms to FIPS 140‐2.

Function ZigBee HSM FIPS 140‐2 Complianceg p

Key ExchangePre‐installed Master Key, thereafter SKKE; or ANSI X9.63‐2001 Public Key.

Approved.

Encryption AES‐CCM‐128 Approved. See NIST SP 800‐38C & FIPS PUB 140‐2 Annex A.

A d S FIPS PUB 198 1 &Authentication HMAC Approved. See  FIPS PUB 198‐1 & csrc.nist.gov/groups/STM/cavp

Integrity Matyas‐Meyer‐Oseas with AES‐128 Not Approved.g y 128 pp

Page 34: Internet of Things DC: June 16 Meetup - Digi International

ZigBee Smart Energy 1.x SecurityComparison of Implemented Security Functions in SEP 1.x to FIPS 140‐2.

Function ZigBee Smart Energy FIPS 140‐2 ComplianceFunction ZigBee Smart Energy FIPS 140 2 Compliance

Key Agreement CBKE‐ECMQV. See ZigBee SE Spec, Sec C.5.3.

Approved.  See FIPS 140‐2 Annex D & NISTSP 800‐56A

Encryption & Authentication

AES‐CCM‐128. See ZigBee SE Spec, Sec C.2.3.

Approved. See NIST SP 800‐38C & FIPS PUB 140‐2 Annex A.

Message HMAC ECDSA See ZigBee SE Approved See FIPS 198‐1 186‐3Message Authentication

HMAC, ECDSA. See ZigBee SE Spec, Sec C.4.2.2.7.

Approved. See  FIPS 198 1, 186 3.  However AES‐MMO reduces.

Message Hash AES‐MMO‐128. See ZigBee Spec, Sec B 6

Not Approved, due to collision resistance (64‐bit vs 80 for SHA‐1)Sec. B.6. (64 bit vs 80 for SHA 1)

Page 35: Internet of Things DC: June 16 Meetup - Digi International

WiFi PerformanceComparison of Implemented WPA2‐Enterprise Security Functions to FIPS 140‐2.

Function WiFi FIPS 140‐2 CommentFunction WiFi FIPS 140 2 Comment

Key Derivation Diffie‐Hellman HMAC.  See RFC 4306, Sec 2.14 Approved.  See NIST SP 800‐135.

Key Agreement Elliptic Curve Diffie‐Hellman (ECDH) Group 5.  See RFC 5996, Sec 3.4.

Approved. See ANSI X9.63 & NIST SP 800‐56A.

Encryption AES‐CCMP Approved.  See NIST SP 800‐38A & FIPS PUB 140‐2 Annex A.

Authentication / Integrity

HMAC‐SHA‐256. See RFC 4868, Sec 3.3.2

Approved. See FIPS PUB 198‐1 & 140‐2 Annex A.

Page 36: Internet of Things DC: June 16 Meetup - Digi International

THANK YOU!THANK YOU!