M2M/IoT is rapidly growing and since its early days different “standard” protocols have emerged (e.g. OMA-DM, TR-069, MQTT, …) or are emerging (e.g. CoAP or Lightweight M2M). Understanding which protocol to use for which application can be intimidating, therefore we propose to give an overview of these protocols to help you understand their goals and characteristics. We’ll present common M2M use cases and why they usually require more than just one protocol ; we will also see whether CoAP associated with Lightweight M2M allows to forge “one protocol to rule them all”.
Report
Share
Report
Share
1 of 67
Download to read offline
More Related Content
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
2. Who am I?
Software Engineer at Sierra Wireless,
implementing various protocols for AirVantage
cloud service
Apache member, Eclipse IoT committer
Californium, Wakaama,
Leshan open-source Lightweight M2M server
Tinkerer: electronics, reversing, Linux
11. XMPP
Chat protocol based on XML recycled for IoT
XEP-0322 (PDF) Efficient XML Interchange (EXI) Format Standards - 2014-03-10
XEP-0323 (PDF) Internet of Things - Sensor Data - Experimental - 2014-04-07
XEP-0324 (PDF) Internet of Things - Provisioning - Experimental - 2014-05-21
XEP-0325 (PDF) Internet of Things - Control -Experimental 2014-04-07
XEP-0326 (PDF) Internet of Things - Concentrators - Experimental 2014-03-10
13. MQ Telemetry Transport
Killer protocol for M2M applications
Connect everything with a central broker
Content agnostic
Simplicity is MQTT feature #1
14. MQ Telemetry Transport
- a sensor pushes telemetry values on topics
greenhouse/42/temperature
greenhouse/42/humidity
greenhouse/42/luminosity
- actions are on another topic
greenhouse/42/open-the-roof
- payload format is free (json,binary,whatever..)
15. MQTT security
- Username and password
- TLS on top of the TCP stream
16. MQ Telemetry Transport @ Eclipse IoT
Write your first MQTT application today :)
Mosquitto lightweight broker
Moquette Java based broker
Paho clients Java, C/C++, Go, Python, Lua
Ponte bridge MQTT, CoAP and HTTP
Kura Java OSGi application framework
19. Web of things
IP address for everything!
6LoWPAN on 802.15.4, Bluetooth LE
Small IPv6 stack in battery powered devices
Create mesh network with RPL (RFC 6550)
20. Web of things
REST for everything!
Sensor will live for decades
Applications will evolve
Things should expose dumb REST API, put the
behaviour in mashup applications
24. CoAP
Co: Constrained
HTTP and TCP are not a good fit, use UDP
Low power networks
25. CoAP
AP: Application Protocol
RESTful protocol designed from scratch
Transparent mapping to HTTP
Additional features of M2M scenarios
GET, POST, PUT, DELETE
URIs and media types
Deduplication
Optional retransmissions
Observation, SMS
26. CoAP
Protocol structure
Binary protocol
● Low parsing complexity
● Small message size
Options
● Numbers with IANA registry
● Type-Length-Value
● Special option header
marks payload if present
27. CoAP
Discoverability
Based on Web Linking (RFC5988)
Extended to Core Link Format (RFC6690)
GET /.well-known/core
</config/groups>;rt="core.gp";ct=39,
</sensors/temp>;rt="ucum.Cel";ct="0 50";obs,
</large>;rt="block";sz=1280
;title="Large resource"
Decentralized discovery: Multicast Discovery
Infrastructure-based: Resource Directories
28. CoAP
Security
Based on DTLS (TLS/SSL for Datagrams)
Focus on Elliptic Curve Cryptography (ECC)
ECDH, ECDSA, AES
Hardware acceleration for IoT devices
29. Californium
CoAP @ Eclipse IoT
Pure Java library
DTLS PSK/RPK/X509
Unconstrained:
For large devices or cloud services
http://eclipse.org/californium
31. IoT/M2M protocol security
TLS for TCP (RFC 5246)
DTLS for UDP (RFC 6347)
Rolling your own is still not recommended :)
32. TLS/DTLS complexity?
It’s customizable:
X.509 certificate: certificate with chain of trust (CA & PKI)
Raw-Public-key: only private/public key
Pre-Shared-Key: symmetric keys without forward secrecy
33. TLS/DTLS complexity?
Arduino Uno can run CoAP/MQTT
But not in a secure way :(
ROM/RAM cost estimation for (D)TLS:
http://www.ietf.org/id/draft-ietf-lwig-tls-minimal-01.txt
36. (D)TLS Raw certificate mode
You need to add:
ASN.1 parser
X509 certificate check code
Revocation?
37. TLS for embedded
It’s still a challenge on some platform
IETF DICE working group https://datatracker.
ietf.org/wg/dice/
But weirdly TLS PSK is not used
Certificate revocation is also a mess for IoT
38. Open-source DTLS implementation
TinyDTLS: http://tinydtls.sourceforge.net
MIT licensed embedded friendly
Lua binding: https://github.com/sbernard31/luadtls
Eclipse Californium Scandium:
A Java implementation of DTLS
https://github.com/eclipse/californium.scandium
39. More security challenges ;)
Provisioning your key from the factory and
pushing them on the server...
... for million of devices with different keys
… and with the capability of changing the keys
over-the-air
41. Device management
Monitor, configure, secure, and update your
devices
All you need for operating a fleet of IoT devices
Not tied to your application
42. Interoperability is the key
You don't know yet what hardware will power
your IoT projects on the field
but you MUST be able to do management in a
consistent way
44. TR-069
Bidirectional SOAP API for :
broadband modems, gateway, set-top-boxes
Configure, monitor, firmware upgrades.
Yeah SOAP : HTTPS and XML :(
Not wireless friendly
45. OMA-DM
An Open Mobile Alliance standard for Device
Management
Targets mobile phone terminals but can be
used for M2M
Mean to be used by mobile network operators.
52. OMA-DM security flaws
Weak security (MD5-HMAC) on top of HTTP
Use full HTTPS for higher grade security
Complex to implement correctly, no streaming
due to HMAC
Unnecessary complex protocols is the safest
way to security holes
54. OMA Lightweight M2M
A reboot of OMA-DM but for M2M
Built on top of CoAP
REST API for device management
55. Lightweight M2M: API
Security
Device
Server
Connectivity monitoring
Connectivity statistics
Location
Firmware
The objects have a numerical identifier.
56. Lightweight M2M: URL
/{object}/{instance}/{resource}
Examples:
"/6/0" the whole position object (binary
record).
"/6/0/2" only the altitude.
57. Lightweight M2M: API
You can define your custom objects
Published or not
Structure is discovered using the CoAP link
object format (RFC 6690)
58. Lightweight M2M: bootstrap
Initial keying and configuration
Well defined security lifecycle
How to update credential and security scheme
Keying from factory, smartcard, or over-the-air
59. Lightweight M2M: bootstrap
Device can go out of factory with just BS
credential
When it goes live the BS server provisions the
DM keys
Future proof, and the BS server can be really
robust
61. More Lightweight M2M open source
Leshan A Java implementation of LWM2M
Server library based on Eclipse Californium
Server UI
http://github.com/jvermillard/leshan
63. Protocol convergence
M2M/IoT is not a simple problem
Security and provisioning are really the hardest
ones
Try hard to reduce the number of protocols to
make your life easier!
64. Burning in IoT hell: Mixing protocols
Cloud servers
OMA-DM
Radio module
2G/3G/LTE
ZigBee/6LowPan
WiFi, etc..
App1
Linux O/S
Supervisor
App2
App3
Low power
App
OMA-DM
MQTT/CoAP
Ad-hoc
TR-069
Network
Operator
65. LWM2M + CoAP
LWM2M provide device management and
security workflow for CoAP application using
the same protocol!
Huge simplicity and security win!
66. Key takeaways
Break silos: embrace the web-of-things
Think security first, it’s your biggest challenge
Use standards for device management and
keying
CoAP + LWM2M for your next IoT application!
67. Thanks!
Twitter: @vrmvrm
E-mail: jvermillard@sierrawireless.com
Creative Commons – Attribution (CC BY 3.0)
Microchip designed by Nicolò Bertoncin from the Noun Project
Cloud designed by James Fenton from the Noun Project
Secure by Charlene Chen from The Noun Project
Chat by Icomatic from The Noun Project
Microchip designed by Mario Verduzco from the Noun Project
Certificate designed by Charlene Chen from the Noun Project