provisioning iot with web nfc
play

Provisioning IoT with Web NFC Zoltan Kis (@zolkis), Intel - PowerPoint PPT Presentation

May 23, 2023 •496 likes •908 views

Provisioning IoT with Web NFC Zoltan Kis (@zolkis), Intel Background JavaScript APIs for IoTivity, Soletta W3C Web NFC editor Web access to hardware Earlier: Network management (DSL) Mesh radio networks DSP (AI applied in

  1. Provisioning IoT with Web NFC Zoltan Kis (@zolkis), Intel

  2. Background ✧ JavaScript APIs for IoTivity, Soletta ✧ W3C Web NFC editor ✧ Web access to hardware Earlier: ✧ Network management (DSL) ✧ Mesh radio networks ✧ DSP (AI applied in robotics) ✧ Mobile, enterprise, cloud

  3. IoT provisioning is complex Objective: make it easier for IoT solution developers https://newsroom.intel.com/press-kits/intel-iot-insights-2014/

  4. Agenda 1. IoT deployment scenarios 2. The Physical Web 3. OIC/OCF provisioning 4. End to end provisioning 5. Web NFC details and examples

  5. IoT deployment: sensors, connections, applications Smoke, fire, air pollution, CO Heating Cameras, motion detectors Ventilation Light sensors Energy management Temperature, CO2, Security humidity, barometer, air flow Emergency Biometric: HRM, EKG, ... Medical services

  6. Pivotal questions ✧ Who owns the data? ✧ Who can access the data?

  7. The Physical Web ✧ Any smart device can have a web address ✧ Interaction on demand ✧ Discovery through broadcasting ✧ Eddystone: message format ✧ 16 bit BLE service UUID ✧ URL ✧ Data model: BLE → http://bit.ly/1p73foZ , http://bit.ly/1UHwpcM https://github.com/google/physical-web https://google.github.io/physical-web/ → http://bit.ly/1ZQ8reS http://s.radar.oreilly.com/wp-files/2/2015/04/Physical_Web_How_it_Works.png

  8. The Physical Web and NFC are complementary Physical Web NFC Carrier BLE, WiFi (mDNS/UPnP/SSDP) Short range radio (13.56 MHz) Range ~10m/30ft ~10cm/4” Data Compressed URI (URI beacon) URL, text, MIME (tag or peer) Initiated by Device (broadcast) User (push and pull) Seen by All devices in range One device (in practice)

  9. Physical Web: discovery+CRUDN Server (Peripheral) Client (Central) bleno* noble* or Web Bluetooth** UUID notify read Characteristic Characteristic UUID UUID startAdvertising scanStart write state onReadRequest read onWriteRequest write subscribe onNotifyRequest notify onSubscribeRequest subscribe Create: with Web NFC** onStateChange onStateChange or Web USB** * https://github.com/sandeepmistry/bleno ** https://webbluetoothcg.github.io/web-bluetooth/ * https://github.com/sandeepmistry/noble ** https://w3c.github.io/web-nfc/ ** https://wicg.github.io/webusb/

  10. Topology: sensors to PC Local, private setup ✧ Sensor data is private ✧ Storage: local device

  11. Topology: sensors to PC or cloud Hybrid setup ✧ Sensor data is shared ✧ at sensor level ✧ via cloud federation ✧ Storage: ✧ private cloud or local device ✧ enterprise or public cloud ✧ Separate solutions → → separate provisioning. http://bit.ly/1X3xOIn

  12. Topology: sensors to gateway ✧ Hybrid setup with gateway ✧ Gateway can be a role (sensor to sensor topology) ✧ Separation of the solutions ✧ Separation of provisioning http://bit.ly/1X3xOIn

  13. Reality mix: sensors to gateway or cloud ✧ Multiple gateways possible ✧ Multiple topologies http://bit.ly/1X3xOIn

  14. How to provision all this “It is unlikely that one provisioning solution will fit all…” ✧ Make simplifying assumptions where possible ✧ Application dependent ✧ Move provisioning complexity towards the cloud service Note: normal operation should not need the cloud ✧ Devices implement simple mechanisms and follow rules dictated by cloud http://bit.ly/1X3xOIn

  15. OIC/OCF concepts: platform, device, resource Device ✧ Resource: di : ”08854960-736F-46F7-BEC2-9E6CBD61BDC9" ✧ smallest addressable entity Resource ✧ data container href : “/a/light1” rt : “oic.r.light” ✧ Device: the OIC/OCF stack if : "oic.if.a" status: “on” → contains resources dimmer: 50 → Modeled as /oic/d resource Resource href : “/a/light2” ✧ Platform: the hardware rt : “oic.r.light” → contains devices if : "oic.if.a" → Modeled as /oic/p resource status: “on” dimmer: 40 color: “red”

  16. OIC/OCF concepts: what needs provisioning CoAP, HTTP, XMPP → IP → WiFi or Bluetooth Connectivity oic://<deviceID>/<resourcePath> → IP address Identity, Addressing Discovery Multicast or unicast request on /oic/res RESTful requests on resources → Resource, CRUDN Access control Using /oic/sec/acl , /oic/sec/acm , ... Device management Using /oic/mnt

  17. OIC/OCF concepts: operations D iscovery: Device GET /oic/res? rt =”/oic/light” di : ”08854960-736F-46F7-BEC2-9E6CBD61BDC9" C reate: Resource PUT oic://088...DC9/a/light/1? rt =”/oic/light”... href : “/a/light1” rt : “oic.r.light” R etrieve: if : "oic.if.a" GET coap://192.168.0.5:5683/a/light/1 status: “on” dimmer: 50 U pdate: POST oic://088...DC9/a/light/1? status =”off” Resource href : “/a/light2” D elete: rt : “oic.r.light” DELETE oic://088...DC9/a/light/1 if : "oic.if.a" N otify: status: “on” GET oic://088...DC9/a/light/1? obs =0 dimmer: 40 color: “red”

  18. Taxonomy of discovery ➔ During provisioning: discover non-provisioned devices ◆ By OIC/OCF methods ◆ Or by local access to HW, using NFC, USB, ... ➔ During operation: discover configured devices and resources ◆ OIC/OCF: Multi/unicast request on /oic/res ◆ Google Physical Web: Bluetooth LE broadcast + scanning

  19. Taxonomy of IoT provisioning OIC/OCF standardized Application/service specific ✧ Configuring resources 1. On-boarding (OBT) ✧ Provisioning cloud services 2. Security provisioning (PT) 3. Configuration (OIC/OCF)

  20. Provisioning flow with NFC using a PD OIC 6. 4. 3. 5. 1. Open service web page 2. Tap NFC tags to PD 2. 3. Send data to service 1. 4. Service runs configuration HTTPS REST 5. Tap PD to Gateway 6. Finish by OIC method. Provisioning device (PD)

  21. Provisioning flow with NFC using a gateway 2. 1. REST API Server 3. OBT PT 1. Tap NFC tags to Gateway → transfer keys, parameters 2. Consult service, prepare bootstrap 3. Finish by OIC method.

  22. How to use NFC in OIC/OCF ✧ Onboarding ✧ Provisioning ✧ Configuration

  23. Step 1. OIC/OCF on-boarding ✧ Ownership Transfer Method ✧ Set up networking WiFi SSID, Bluetooth pairing etc ✧ Bootstrap next stage Provisioning Tool URI Credentials

  24. OIC/OCF Ownership Transfer Method (OTM) 1. Discover devices needing OTM 2. 2. OBT queries device ownership 3. Device returns /oic/sec/docxm resource including: 3. Ownership status, supported OTM, current deviceID 4. Establish DTLS session using a method: - “just works”: anonymous Diffie-Hellman Clean room network needed (MitM) → NFC 4. - “random pin”: PSK-based DH with PIN (out of band from device to OBT) → NFC - “manufacturer certificate”: signed Diffie-Hellman with manufacturer's certification 5. Deploy credential type → NFC - Symmetric: uses PRF to generate OwnerPSK - Asymmetric: owner's public key is deployed - Certificate 5. 6. Establish device owner and device ID 6. write /oic/sec/doxm and /oic/sec/pstat

  25. On-boarding with NFC tag { recordType: "json", mediaType: "application/json", data: { networkPreference: "wifi", init: { deviceID: "088...DC9", On-Boarding Tool (OBT) ... 1 rsaPublicKey: “-----BEGIN PUBLIC KEY----- … ” } } NFC tag content read by OBT 1. Read NFC tag to get pre-shared key and network preference for step 4 2. Establish dedicated, secure communication channel 3. Configure device ownership: device ID, update security resources 4. Set up networking (e.g. WiFi SSID, Bluetooth pairing etc) 5. Bootstrap configuration stage (server URI, credentials)

  26. On-boarding with NFC adapter { init: { deviceID: "088...DC9", certificate: “ … ”, configServerURL: "https://..." On-Boarding Tool (OBT) ... } 1-4 } NFC content pushed to device 1. Tap OBT to device to read keys and network preference for step 5 2. Establish dedicated, secure communication channel 3. Establish device ownership: device ID, update security resources 4. Tap OBT to device to write device ID, configuration server URI, credentials 5. Device: set up networking (e.g. WiFi SSID, Bluetooth pairing etc) 6. Bootstrap configuration stage using the server URI and credentials. http://bit.ly/1pR94Il http://bit.ly/1oqcVLD

  27. Step 2. Provisioning ✧ Establish secure communication channel with PT ✧ Initialize security resources (credentials, ACL, AMS) ✧ Initialize Configuration Source (URI) PT: Provisioning Tool ACL: Access Control List AMS: Access Management Service CMS: Credential Management Service Picture from OIC Security Specification 1.0

  28. Security provisioning with NFC adapter { init: { svc: { svcid:’’, crms:’’, ...}, cred: {credid:’’, type:’’, ...}, Provisioning Tool (PT) acl: { subj:’’, res:’’, perm: ‘’,..}, loc: { long:’..’ , lat:’..’}, ... 1-6 } } NFC content pushed to device 1. Create secure connection with Provisioning Tool as configured during ownership transfer (TLS using OwnerPSK) 2. Write /oic/sec/svc resource (BSS, AMS, CMS) 3. Write /oic/sec/cred resource (credentials) 4. Write /oic/sec/acl resource (access control lists) 5. Configure locally location, timezone, etc, or 6. Use configuration source and configure with OIC → see next http://bit.ly/1pR94Il http://bit.ly/1oqcVLD

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions tend to be specialized for specific scenarios. There is no resource provisioning model that supports all of these usage scenarios simultaneously

397 views • 14 slides
The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

NGI 2011 The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning in the F t Future Internet I t t Tobias Hofeld, Markus Fiedler and Thomas Zinner Hysteresis Hysteresis Hysteresis refers to

251 views • 10 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

scc : Cluster Storage Provisioning Informed by Application Characteristics and SLAs Harsha V. Madhyastha*, John C. McCullough , George Porter, Rishi Kapoor, Stefan Savage, Alex C. Snoeren, and Amin Vahdat UC Riverside* and UC San Diego Bourns

1.26k views • 96 slides
Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning &amp; WAP primer Forging Messages Demo: Remote provisioning Provisioning: Process and Issues Attack scenario and exploiting Final

713 views • 59 slides
Modern Provisioning and CI/CD with Terraform, Terratest &amp; Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest &amp; Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest &amp; Jenkins Duncan Hutty Overview 1. Introduction: Context, Philosophy 2. Provisioning Exercises 1. MVP 2. Testing 3. CI/CD 4. Refactoring 3. Coping with complexity &amp; scale

946 views • 49 slides
End-to-End Provisioning Workshop - Establishing Lightpaths - Scope and Objectives NRENs Local

End-to-End Provisioning Workshop - Establishing Lightpaths - Scope and Objectives NRENs Local

E2E Provisioning Workshop Amsterdam, The Netherlands 1-2 December, 2008 Peter Szegedi Project Development Officer szegedi@terena.org www.terena.org End-to-End Provisioning Workshop - Establishing Lightpaths - Scope and Objectives NRENs

94 views • 6 slides
E2E Provisioning Workshop Dr. Jan Gruntord CEO CESNET, Czech Republic, Member of GN3 Executive

E2E Provisioning Workshop Dr. Jan Gruntord CEO CESNET, Czech Republic, Member of GN3 Executive

E2E Provisioning Workshop Dr. Jan Gruntord CEO CESNET, Czech Republic, Member of GN3 Executive Committee jan.gruntorad@cesnet.cz E2E Provisioning Workshop Prague, November 29 - 30, 2010 Presentation Overview 1. CESNET Basic Data 2.

648 views • 15 slides
Falconieri: Remote Provisioning Service as a Service A new, modern, open source and cloud native

Falconieri: Remote Provisioning Service as a Service A new, modern, open source and cloud native

Falconieri: Remote Provisioning Service as a Service A new, modern, open source and cloud native remote provisioning service gateway. Matteo Valentini @_Amygos Intro: Remote Provisioning Service Theory Intro: What is it a Remote

476 views • 29 slides
Day 4 Cloud Resource Provisioning Plans Agenda for Today Cloud service providers offer cloud

Day 4 Cloud Resource Provisioning Plans Agenda for Today Cloud service providers offer cloud

Day 4 Cloud Resource Provisioning Plans Agenda for Today Cloud service providers offer cloud consumers a variety of service provisioning plans for computing resources. Today, we will look at these service provisioning plans that include

596 views • 34 slides
HEPCloud Resource Provisioning Anthony Tiradani OSG Blueprint Meeting 21 February 2018 HEPCloud

HEPCloud Resource Provisioning Anthony Tiradani OSG Blueprint Meeting 21 February 2018 HEPCloud

HEPCloud Resource Provisioning Anthony Tiradani OSG Blueprint Meeting 21 February 2018 HEPCloud Target Resources Fermilab HEPCloud instance currently supports provisioning compute resources. Delivered in the form of a glideinWMS pilot

485 views • 12 slides
Rich Identity Provisioning Agenda Introduction Research questions Related work RIP

Rich Identity Provisioning Agenda Introduction Research questions Related work RIP

Rich Identity Provisioning Agenda Introduction Research questions Related work RIP architecture Open source components Conclusion UvA-SNE-RP2 presentation 1 Rich Identity Provisioning introduction: trigger Digital

272 views • 13 slides
Provisioning guest accounts UMA approach Victoriano Giralt Central ICT Services University of

Provisioning guest accounts UMA approach Victoriano Giralt Central ICT Services University of

Provisioning guest accounts UMA approach Victoriano Giralt Central ICT Services University of Mlaga Cork May 18th, 2009 (CC) BY - NC - SA Victoriano Giralt Provisioning guest accounts Very Important Visitors How do we handle them? (CC)

826 views • 17 slides
Perceus A Cluster Provisioning and Management Toolkit Bill Strossman Bill Strossman What

Perceus A Cluster Provisioning and Management Toolkit Bill Strossman Bill Strossman What

Perceus A Cluster Provisioning and Management Toolkit Bill Strossman Bill Strossman What Perceus Is An open source cluster toolkit for provisioning and managing stateless or stateful clusters Highly scalable Highly flexible and

169 views • 14 slides
COAPS API A Generic Cloud Application Provisioning and Management API Why COAPS ? PaaS 1 Cloud

COAPS API A Generic Cloud Application Provisioning and Management API Why COAPS ? PaaS 1 Cloud

COAPS API A Generic Cloud Application Provisioning and Management API Why COAPS ? PaaS 1 Cloud consumer COAPS Needed Platform resources PaaS 2 Whats COAPS ? PaaS-independent approach for the provisioning and management of

339 views • 9 slides
Provisioning guest accounts UMA approach Victoriano Giralt Central Computing Facility

Provisioning guest accounts UMA approach Victoriano Giralt Central Computing Facility

Provisioning guest accounts UMA approach Victoriano Giralt Central Computing Facility University of Mlaga A May 5th, 2008 Victoriano Giralt Provisioning guest accounts Very Important Visitors How do we handle them? Victoriano

412 views • 15 slides
Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy

Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy

Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy &amp; University of Washington, USA Honolulu, May 25, 2011, ICSE 1 / 8 Clever tracking of windows by name (from a real story) public class MyWindow

674 views • 48 slides
Spatial coupling: Algorithm and Proof Technique Workshop on Local Algorithms - WOLA 2018 Boston,

Spatial coupling: Algorithm and Proof Technique Workshop on Local Algorithms - WOLA 2018 Boston,

Spatial coupling: Algorithm and Proof Technique Workshop on Local Algorithms - WOLA 2018 Boston, June 15th, 2018 1 Physics inspiration: nucleation, crystallization, meta-stability 2 Supercooled water Heat packs Sodium acetate , C 2 H 3 NaO 2

838 views • 45 slides
Hurwitz trees and deformations of Artin-Schreier covers Huy Dang University of Virginia May 16,

Hurwitz trees and deformations of Artin-Schreier covers Huy Dang University of Virginia May 16,

Hurwitz trees and deformations of Artin-Schreier covers Huy Dang University of Virginia May 16, 2020 Huy Dang (University of Virginia) Hurwitz trees and deformations of Artin-Schreier covers May 16, 2020 1 / 17 What is an Artin-Schreier

371 views • 17 slides
A New Approach to Assessing Model Risk in High Dimensions Carole Bernard (University of

A New Approach to Assessing Model Risk in High Dimensions Carole Bernard (University of

A New Approach to Assessing Model Risk in High Dimensions Carole Bernard (University of Waterloo) and Steven Vanduffel (Vrije Universiteit Brussels) ARIA meeting 2014, Seattle Carole Bernard A new approach to assessing model risk in high

587 views • 31 slides
Sample Complexity of ADP Algorithms A. LAZARIC ( SequeL Team @INRIA-Lille ) ENS Cachan - Master 2

Sample Complexity of ADP Algorithms A. LAZARIC ( SequeL Team @INRIA-Lille ) ENS Cachan - Master 2

Sample Complexity of ADP Algorithms A. LAZARIC ( SequeL Team @INRIA-Lille ) ENS Cachan - Master 2 MVA SequeL INRIA Lille MVA-RL Course Sources of Error Approximation error . If X is large or continuous , value functions V cannot be

988 views • 82 slides
Fast Radio Bursts with HIRAX Jeff Peterson FRB 110523 McWilliams Center for Cosmology Carnegie

Fast Radio Bursts with HIRAX Jeff Peterson FRB 110523 McWilliams Center for Cosmology Carnegie

Fast Radio Bursts with HIRAX Jeff Peterson FRB 110523 McWilliams Center for Cosmology Carnegie Mellon University, PiDsburgh PA USA First HIRAX The Lorimer Burst, 2007 Six-Meter Dish Built at CMU, tested at Durban SA The Lorimer Burst

794 views • 19 slides
Whats a Wiki anyway? Which Should I Choose? Tech Tools with Tine Webinar Series Presents:

Whats a Wiki anyway? Which Should I Choose? Tech Tools with Tine Webinar Series Presents:

Whats a Wiki anyway? Which Should I Choose? Tech Tools with Tine Webinar Series Presents: Wikis Collaborate on Your Documents / Project Plans / Your Life! Tine Walczyk May 17 th , 2013 tine@trainers-r-us.com Why a Wiki?

427 views • 22 slides
A New Prediction Capability for post-sunset Equatorial Plasma Bubbles Brett A. Carter 1,2 ,

A New Prediction Capability for post-sunset Equatorial Plasma Bubbles Brett A. Carter 1,2 ,

SPACE Research Centre A New Prediction Capability for post-sunset Equatorial Plasma Bubbles Brett A. Carter 1,2 , Endawoke Yizengaw 1 , John Retterer 1 , Kyle Wiens 3 , Simon Wing 4 , Keith Groves 1 , Ronald Caton 3 , Christopher Bridgwood 1 ,

553 views • 14 slides

More recommend