internet of things dc: june 16 meetup - digi international
DESCRIPTION
Digi International slides from June 16, 2014 Internet of Things DC meetup.TRANSCRIPT
Beyond Gadgets:Beyond Gadgets: The Industrial and Commercial Side of the Internet of Things
Steve Mazur - Digi International, Inc.
Internet of Things DCgJune 2014
Topics
Technology TrendsM2M N t k d P d tM2M Networks and ProductsLED Street Light SystemWireless Security
2
Internet ConnectivityInternet Connectivity
• Half the world will have Internet access by 2020
• Ubiquitous Internet moves to 1/3
• Ubiquity drives dependency
Internet of Everything ElseInternet of Everything Else• Internet of Things today
driven by consumersdriven by consumers– High adoption– Lower ASPs
• Everything Else– Security– Mobile Assets– Consumption Monitor– Device HealthDevice Health
Internet of Things / M2MInternet of Things / M2MTargets
Commercial Consumer
Driven by Driven byDriven by‐ Business outcome‐ Traditional ROI
Metrics
Driven by‐ Convenience‐ Entertainment
Commercial Examples
Companies are ableCompanies are able to grow their business through the technology…
…and use the efficiencies gained to fund that growththat growth
Network Technologies & Methods
M2MM2M
7
M2M Wireless Networks
Satellite
Cellu
lar
ZigB
ee
WiFi
luetoo
th
S C Bl
Underlying Standard Proprietary LTE, … 802.15.4 802.11 802.15.1
Max Range/Coverage Global 98% of Pop 1.6km 250m 100mMax Range/Coverage Global 98% of Pop 1.6km 250m 100m
Architecture Star, Mesh Star Mesh Star Star
Transmit Power (dBm) 18 ‐ 38 23 ‐ 33 0 ‐ 18 3 ‐ 16 0 ‐ 20
Receive Power (mW) 225 ‐ 975 380 ‐ 1500 92 ‐ 148 330 150
Max Bandwidth (bps) 25K 25M 250K 600M 24M
Module Cost $70 ‐ $220 $10 ‐ $120 $5 ‐ $15 $5 ‐ $30 $5 ‐ $25
Optimized for Global Coverage Broadband, In‐Building Low Power Broadband Convenience
Licensed Broadband SpectrumM bil b db d t tl il bl d i th FCC i liMobile broadband spectrum currently available and in the FCC pipeline
Band Name Frequency Current Future
Below 700 MHz 600 MHz ‐ 70+
700 MHz 700 MHz 70 ‐00 00 0
Cellular 800 MHz 64 ‐
Federal 1700/1800 MHz ‐ 15+
PCS 1900 MHz 130 10
AWS 2.1 GHz 130 30
WCS 2.3 GHz 20 ‐
BRS/EBS 2.6 GHz 194 ‐
608 125+9
Unlicensed Broadband SpectrumM bil b db d t tl il bl d i th FCC i liMobile broadband spectrum currently available and in the FCC pipeline
Band Name Frequency Current Future
TV White Spaces Below 700 MHz 0‐150 +
ISM ‐ 900 MHz 902‐928 MHz 26 ‐
U li d PCS 1880 1930 MH 10Unlicensed PCS 1880‐1930 MHz 10 ‐
ISM – 2.5 GHz 2400‐2483.5 MHz 83.5 ‐
WiMax 3550‐3700 MHz 50 100WiMax 3550 3700 MHz 50 100
Public Safety 4940‐4990 MHz 50 ‐
WAS 5 GHz 5150‐5350 & 555WAS – 5 GHz 5470‐5825 MHz 555 ‐
WAS Extended 5350‐5470 & 5850‐5925 MHz ‐ 195
774.5 – 924.5 295+ 10
HetNet (Heterogeneous Network)P f l C bi i f Li d & U li d C ll l & WiFiPowerful Combination of Licensed & Unlicensed, Cellular & WiFi
• Foundation is Licensed Spectrum• Bandwidth rich Unlicensed• Bandwidth‐rich Unlicensed
Spectrum around 5 GHz delivers extra Capacity, using Wi‐Fi to seamlessly offload (Hotspot 2 0)seamlessly offload (Hotspot 2.0)
• LTE Advanced in Unlicensed Spectrum harmoniously co‐exists
hwith WiFi• Typically cell ranges
– Standard base station up to 35 km– Microcell is less than two km wide– Picocell is 200 meters or less– Femtocell is around 10 meters
11
M2M Products & ServicesGrowth Products & Services Example Vertical
Wireless GatewaysRF, ZigBee, Cellular
p
Energy
ARM Core Modules Cellular Routers
T t tiTransportation
Application GatewaysSmart Energy, ERT, M‐Bus
RF ModulesMedical
Tank Monitoring
12
XBee Modules & SystemsXBee Modules & Systems• XBee Types• Arduino UNO with XBee Shield
System Diagram for XBee PRO Programmable ModuleXBee‐PRO Programmable Module
XBee‐PRO ZB programmable module
XBee-PRO ZB module (S2B)Ember EM250
Freescale MC9S08QE32CPU
Programmable Option
I/O Interface
ADC 10 bit
UART
DIO
Memory
FLASH 32KB
RAM 2 KB
8-bit HCS08
Up to 50.33 MHz
Additional
Memory
ZB Firmware
Power ManagementUnit
Additional I/O Interface
I2C
PWM
RTC
UART 1
UART 2
ADC 12 bit
External I/O10 pins
External UART Lines
RTC
SPI
ADC 12 bit
DIO
What is Device Cloud?Cloud service for device connectivity, management, integration and scalability
Technology PillarsEnd‐User
ApplicationsDevice
ManagementBack‐OfficeSystems
Device Connectivity
Technology Pillars
Application Integration
Performance
Scalability
ReliabilityRemote
Security
Remote/
RemoteGateways /
Embedded Devices
Sensors/Devices
15
Device Cloud Platform
Internet Etherios Solutions
Firewalls
Device Aggregator
Cluster
Control CenterCluster
Private
VPNConcentrators Load
Balancers
CellularCarriers
MS SQLDatabase Cluster Cassandr
aLong Term
TerracottaCluster
Storage
To mated,duplicate ring
16
Solution ExampleSensor/
ConnectorAggregator/ Transformer Infrastructure ApplicationEquipment
Partner
DIA APIC ll l
Embedded Router
DIA API Cellular
17
Mesh System ‐yLED Street Lighting
owletowleti n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n gi n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n g
What is ZigBee?gThewireless mesh networking standard for monitoring & controlfor monitoring & control
– Based on IEEE 802.15.4 standard– Reliable & robust (self‐healing)– Interoperable (multiple vendors)Interoperable (multiple vendors)– Simple (self‐configuring)– Flexible (mesh topology)– Secure (built‐in AES Encryption)( yp )
Cellular or Fiber
owlet i n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n gowlet i n t e l l i g e n t d i g i t a l s t r e e t l i g h t i n g
Network Nodes in ZigBee Mesh
Luminaire Controller• Interface = XBee Module• Router Configuration• ZigBee at 2 4GHz• ZigBee at 2.4GHz
Segment Controller = Connectport X • WAN to PAN connectivity (Cellular, Ethernet,…)• Owlet functionality programmed in PythonOwlet functionality programmed in Python
100mpole to pole distance
AntennaUp to Antenna& TX Power Options
Up to150 Nodesper SeCo
Pilot Installation “Powerline Solution“
54 dB48 dB
66 dBNoise
fluctuatesin mix grid‘s
LP 110
LP 116LP 109
LP 108
LP 107LP 103
LP 115
LP 114LP 112
LP 111LP 113
LP 1´17
LP 105
48 dB
54 dB 24 dB
g
LP 106
LP 100
LP 99
LP 97
LP 89LP 83 LP 93LP 87LP 85
LP 104LP 102
LP 95
LP 101
0 dB54 dB
54 dB54 dB 24 dB
LP 90LP 94
LP 96LP 91LP 89LP 83
LP 82 LP 88
LP 93
LP 86LP 84
LP 87
Attenuationhave to be
d
72 dB
36 dB54 dBexcellent
Knowledgeabout
Grid Structure
measured36 dB
54 dB
good
bad
no chance
excellent
Grid Structure
Pilot Installation “Proprietary RF Solution“
LP 110
LP 116LP 109
LP 108
LP 107LP 103
LP 115
LP 114LP 112
LP 111LP 113
LP 1´17
LP 10508
LP 106
LP 100
LP 99
LP 97
LP 89LP 83 LP 93LP 87LP 85
LP 104LP 102
LP 95
LP 101
LP 90LP 94
LP 96LP 91LP 89LP 83
LP 82 LP 88
LP 93
LP 86LP 84
LP 87
Channelsli it d
Bandwidthis limited in lowfrequency net‘s
Rangeis important in a non mesh net
are limited, e.g.868MHz/1 Ch.
Pilot Installation with a ZigBee mesh network
LP 110
LP 116LP 109
LP 108
LP 107LP 103
LP 115
LP 114LP 112
LP 111LP 113
LP 1´17
LP 10508
LP 106
LP 100
LP 99
LP 97
LP 89LP 83 LP 93LP 87LP 85
LP 104LP 102
LP 95
LP 101
LP 90LP 94
LP 96LP 91LP 89LP 83
LP 82 LP 88
LP 93
LP 86LP 84
LP 87
Channels
Plusself healingadv. routing
Rangeextended bymesh hopping
16 available &auto assigned
g
Antenna Selection: Range Tests
Range tests:
Transmit powerRange [meters] / Averaged of 5 measurementsDipole Whip Chip U FLTransmit power Dipole‐Antenna
Whip‐Antenna
Chip‐Antenna
U.FL‐Antenna
‐7dBm = 0.2mW 328.5 227.5 120.7 197.0
‐1dBm = 0 8mW 515 7 231 2 121 7 221 91dBm = 0.8mW 515.7 231.2 121.7 221.9
+3dBm = 2mW 665.1 441.1 102.0 304.7
Interference field tests – Coexistence WiFi / ZigBee
InterferenceField Tests
‘W C S i ‘
Relative decreasing baud rate [%]0 Hops 2 Hop 4 Hops 6 Hops
Baud rate without 100% 48% 29% 23%‘Worst Case Scenario‘ WLAN activity100% 48% 29% 23%
Baud rate with 100% WLAN activity 30% 24% 17%
InterferenceConsideration
‘Normal Case Situation‘
Wireless SecurityProtection against unauthorized access a comparison of the mostProtection against unauthorized access – a comparison of the most common approaches
FIPS 140‐2
IPSec VPNWPA2‐PSK
Smart Energy 1.x
ZigBee1.x
System SecurityS it i i d t t t i t i d tt k d t d t i t itSecurity is required to protect against misuse and attack, and to ensure data integrity
• Cryptographic security functions can beCryptographic security functions can be grouped into 3 main categories:– Encryption of packets prevents snooping by an– Encryption of packets prevents snooping by an unauthorized source.
– Message Integrity ensures that a packet has notMessage Integrity ensures that a packet has not been tampered with in transit.
– And Authentication verifies that the message isAnd Authentication verifies that the message is from a valid source.
NIST FIPS 140‐2Government‐approved Cryptography. Our baseline.
• Agencies and Corporations are increasingly specifying FIPS 140‐2 le el 1 & 2 sec rit for ireless comm nicationslevel 1 & 2 security for wireless communications
• Developed by the National Institute of Science and Technology (NIST)
• Purpose is to establish the security requirements for cryptographic modules when Federal organizations use cryptographic‐based security systemsy y
• Avenues to achieve compliance:– Full validation by NIST– Integrate FIPS hardware or software module– Integrate OpenSSL FIPS Object Module
IPSec VPN PerformanceComparison of Implemented Security Functions to FIPS 140‐2.
Functions IPSec VPN FIPS 140‐2 Comment
Key Derivation Diffie‐Hellman HMAC. See RFC 5996, Sec 2.14.
Approved. See NIST SP 800‐135, Sec 4.1.2.
Key Agreement IKEv2 with Diffie‐Hellman Group 2. See RFC 5996, Sec 3.4.
Not Approved but Allowed. See NIST SP 800‐57 Part 3, Sec 3.2
Encryption CBC‐AES with 128‐bit keys. See Approved. See NIST SP 800‐38A & FIPS Encryption RFC 5996, Sec 3.3.2. 140‐2 Annex A.
Authentication / Integrity
HMAC‐SHA1. See RFC 4307, Sec 3.1.1.
Approved. See FIPS 180‐4, 198‐1, 140‐2 Annex A.
Peer Authentication RSA Digital Signature. See RFC 5996, Sec 3.8
Approved. See FIPS 186‐2, 140‐2 Annex A.
ZigBee PerformanceComparison of Implemented Algorithms to FIPS 140‐2.
Function ZigBee HSM FIPS 140‐2 Complianceg p
Key ExchangePre‐installed Master Key, thereafter SKKE; or ANSI X9.63‐2001 Public Key.
Approved.
Encryption AES‐CCM‐128 Approved. See NIST SP 800‐38C & FIPS PUB 140‐2 Annex A.
A d S FIPS PUB 198 1 &Authentication HMAC Approved. See FIPS PUB 198‐1 & csrc.nist.gov/groups/STM/cavp
Integrity Matyas‐Meyer‐Oseas with AES‐128 Not Approved.g y 128 pp
ZigBee Smart Energy 1.x SecurityComparison of Implemented Security Functions in SEP 1.x to FIPS 140‐2.
Function ZigBee Smart Energy FIPS 140‐2 ComplianceFunction ZigBee Smart Energy FIPS 140 2 Compliance
Key Agreement CBKE‐ECMQV. See ZigBee SE Spec, Sec C.5.3.
Approved. See FIPS 140‐2 Annex D & NISTSP 800‐56A
Encryption & Authentication
AES‐CCM‐128. See ZigBee SE Spec, Sec C.2.3.
Approved. See NIST SP 800‐38C & FIPS PUB 140‐2 Annex A.
Message HMAC ECDSA See ZigBee SE Approved See FIPS 198‐1 186‐3Message Authentication
HMAC, ECDSA. See ZigBee SE Spec, Sec C.4.2.2.7.
Approved. See FIPS 198 1, 186 3. However AES‐MMO reduces.
Message Hash AES‐MMO‐128. See ZigBee Spec, Sec B 6
Not Approved, due to collision resistance (64‐bit vs 80 for SHA‐1)Sec. B.6. (64 bit vs 80 for SHA 1)
WiFi PerformanceComparison of Implemented WPA2‐Enterprise Security Functions to FIPS 140‐2.
Function WiFi FIPS 140‐2 CommentFunction WiFi FIPS 140 2 Comment
Key Derivation Diffie‐Hellman HMAC. See RFC 4306, Sec 2.14 Approved. See NIST SP 800‐135.
Key Agreement Elliptic Curve Diffie‐Hellman (ECDH) Group 5. See RFC 5996, Sec 3.4.
Approved. See ANSI X9.63 & NIST SP 800‐56A.
Encryption AES‐CCMP Approved. See NIST SP 800‐38A & FIPS PUB 140‐2 Annex A.
Authentication / Integrity
HMAC‐SHA‐256. See RFC 4868, Sec 3.3.2
Approved. See FIPS PUB 198‐1 & 140‐2 Annex A.
THANK YOU!THANK YOU!