Identity of Things (IDoT)

IoT Central–Microsoft’s SaaS solution for IoT

April 25, 2017 AMQP, Analytics, Azure, Azure IoT Suite, Cloud Computing, Cloud Services, Cloud to Device, Communication Protocols, Connected, Connectivity, Device to Cloud, Emerging Technologies, HTTP 1.1, Identity of Things (IDoT), Intelligent Cloud, Intelligent Edge, Internet of Things, IoT, IoT Central, IoT Devices, IoT Edge, IoT Hub, IoT Privacy, IoT Security, Machines, MQTT, PaaS, SaaS, Stream Analytics No comments

Microsoft has today released their IoT SaaS offering for customers and partners called as “Microsoft IoT Central”.  IoT Central enables powerful IoT scenarios without requiring cloud solution expertise and also simplifies the development process and makes customers to make quick time to market solutions, making digital transformation more accessible to everyone without overhead of implement solutions end to end.

As per Microsoft :

“IoT Central provides an easier way to create connected products that propel digital business. Take the complexity out of the Internet of Things (IoT) with a true, end-to-end IoT software as a service (SaaS) solution in the cloud that helps you build, use, and maintain smart products.”

Benefits of IoT Central:

  • Proven platform and technology with enterprise grade security.
  • Reduced complexities of setting up and maintaining IoT infrastructure and solutions.
  • Building smart connected products with lesser cost  and lesser overhead would ensure higher customer satisfaction.
  • Quickly adapt to changing environments.

For those would need control on implementing end to end can still choose the PaaS solution Azure IoT Suite.

Below is a picture from @JanakiramMSV’s article from forbes.com, to help you have a high level look at all the IoT offerings from Microsoft.

az-iot

Sources:

IoT Security–Essentials–Part 01

February 1, 2017 Cloud to Device, Communication Protocols, Connected, Connectivity, Contrained Networks/Devices, Device to Cloud, Geolocation, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Tech-Trends No comments , , , , ,

Security(Cyber Security) is an essential requirement for any IoT platform or devices or end users and the communication infrastructure.  In order to achieve or design best possible security solutions,  to avoid some external entity or hacker gaining access to your IoT device or infrastructure, every architect or system designer should do Threat Modeling exercise.  As the system is designed and architected, we can minimize the exposure to external threats to our IoT architecture.

With this article I am trying to provide you relevant bits and pieces essential for your understanding:

What is Cyber Security?

As per WhatIs.com – “Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.”

To make it more clear and simpler – Cyber Security also known as Computer security, or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection.

What is Threat Modeling?

The objective of threat modeling is to understand how an attacker might be able to compromise a system and then make sure appropriate mitigations are in place. Threat modeling forces the design team to consider mitigations as the system is designed rather than after a system is deployed. This fact is critically important, because retrofitting security defenses to a myriad of devices in the field is infeasible, error prone and will leave customers at risk.

[Content courtesy:  Microsoft]

In order to optimize security best practices, it is recommended that a proposed IoT architecture be divided into several component/zones as part of the threat modeling exercise.

Relevant Important  Zones  for an IoT architecture  :

  • Device,
  • Field Gateway,
  • Cloud gateways, and
  • Services.

Each zone is separated by a Trust Boundary, which is noted as the dotted red line in the diagram below. It represents a transition of data/information from one source to another. During this transition, the data/information could be subject to Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege (STRIDE).

[Content courtesy:  Microsoft]

This diagram like below provides a full 360 view you any proposed solution:

iot-security-architecture-fig1

Summary of important Sections/Zones:

  1. The Device Zonerepresents a thing or device where device to device or local user physical access is possible.
  2. The Field Gateway Zone –  Field gateway is a device/appliance (Embedded/Hardware) or some general-purpose software that runs on a Physical Server, and acts as communication enabler and potentially, as a device control system and device data processing hub.
  3. The Cloud Gateway ZoneCloud gateway is a system that enables remote communication from and to devices or field gateways from several different sites across public network space, typically towards a cloud-based control and data analysis system, a federation of such systems.
  4. The Services Zone –  A “service” is  any software component or module that is interfacing with devices through a field- or cloud gateway for data collection and analysis, as well as for command and control. Services are mediators.

Once we identified threat boundaries we should be able to provide fail safe security measures each associated zones, to meet the business needs and global information exchange and data compliance  standards.  It is also important to design the product from the start with security in mind because understanding how an attacker might be able to compromise a system helps make sure appropriate mitigations are in place from the beginning.

In next session, we will go through Microsoft’s IoT Reference architecture and associated security measures been put together across each zones. 

Additional Resources:

Microsoft Azure IoT Suite–Provisioned solutions for Faster Time to Market IoT enabled solutions

January 7, 2017 Analytics, Azure, Azure SDK, Cloud Computing, Communication Protocols, Contrained Networks/Devices, Data Collection, Data Integration, Emerging Technologies, Identity of Things (IDoT), Internet of Things, Interoperability, IoT, PaaS, Performance, Predictive Analytics, Predictive Maintenance, Realtime Analytics, Reliability, Scalability, Self Driven Cars, Solutions, Stream Analytics, Tech-Trends, Windowz Azure No comments

Microsoft Azure IoT Suite Provisioned solutions will help you create your own fully integrated solutions tailored for your specific needs in the following 3 sections. Using these ready to consume solutions will accelerate your time to market IoT(Internet of Things) requirements.

image

  1. Remote Monitoring  – Connect and monitor your devices to analyze untapped data and improve business outcomes by automating processes.  For ex: As a car  manufacturing company, provide an option to customer to remotely monitor their car condition, and suggest if they need a re-fuel or oil change.
  2. Connected Factory – Anticipate maintenance needs and avoid unscheduled downtime by connecting and monitoring your devices. For ex: As a car manufacturing  factory and spare parts are essential for car manufacturing. Automated solutions can ensure timely availability of necessary spare parts inventory to meet daily, weekly or monthly manufacturing needs.
  3. Predictive Maintenance – Connect and monitor your factory industrial devices for insights using OPC UA to drive operational productivity.  For ex: As a car service support, you can get near real-time performance data from the cars manufactured by your company, predict the health of each components in a car and offer timely maintenance to their cars.  Send real-time reminders and notifications to customers. Their by ensuring higher satisfaction levels for customers and more business value to the organization as it attracts more sales and good customer feedback.

image

These solutions will help you to:

  1. Connect and scale quickly – Use preconfigured solutions, and accelerate the development of your Internet of Things (IoT) solution.

  2. Analyze and process dataCollect previously untapped data from devices and sensors, and use built-in capabilities to visualize—and act on—that data.

  3. Integration and Digital TransformationEasily integrate with your systems and applications, including Salesforce, SAP, Oracle Database, and Microsoft Dynamics, making it simple to access your data and keep your disparate systems up to date.

  4. Enhanced security Set up individual identities and credentials for each of your connected devices—and help retain the confidentiality of both cloud-to-device and device-to-cloud messages.

Useful Links:

IoT Jargons – Identity of Things (IDoT)

January 6, 2017 Communication Protocols, Connected, Connectivity, Emerging Technologies, futuristic, Geolocation, Human Computer Interation, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Programs, Robotics, Tech-Trends No comments

The Identity of Things (IDoT) is an area involves assigning universal unique identifiers (UUID) with associated metadata to devices and objects (things), to identify, connect and communicate effectively with other machines over the internet or within constrained local network.

The metadata included with the UUID characterizes the identity of an endpoint. Identity is an essential part of the Internet of Things (IoT), in which nearly anything conceivable can be tended to and organized for exchange of information on the web. In this specific cases, a thing can be anything – including both physical and sensible articles – that has a specific own identifier and the capacity to exchange information over a network.

Addressability and Reachability makes it possible for things/devices to be targeted and found. To make it addressable for  the Internet of Things, a thing must be globally uniquely identifiable(no other thing with same identity).

To make communication among things effective and secure, following are some of the essential considerations for identities of things:

  • Maintaining a Lifecycle:  IoT Devices should be capable of maintain a lifecyle depending on the use and duration of sustainability of the device. Hence IDoT should be capable of maintaining a history of changes happening to the device over its lifespan.
  • Maintaining Relationships:Identify also should provide a basic necessity to relate the device to other devices in the context as well as
  • Context-awareness: Identity and access management (IAM) for IoT entities should be context aware and grant access only limited to a specific context as required. This would avoid exploitation of devices incase of any cyber attack. 
  • Adequate Authentication: provide means of securely authenticating IoT identities.  This would ensure only authenticated entities can gain access to the IoT device.

All these essential features should help in obtaining a unique naming standards for IoT devices  or projects in your organization.

Internet of Things (IoT)–Introduction

January 5, 2017 Communication Protocols, Connected, Connectivity, Emerging Technologies, Geolocation, Human Computer Interation, Hype vs. reality, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Tech-Trends No comments

The Internet of things (IoT) is the inter-networking of physical devices, vehicles (also referred to as “connected devices” and “smart devices”), buildings, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to collect and exchange data.

  • The IoT allows objects to be sensed or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency, accuracy and economic benefit in addition to reduced human intervention.

IoT

“ Forecasts show an expected IoT universe with between 20 and 30 billion connected devices by 2020 “

Image result for Internet of Things

[Image Source: https://www.i-scoop.eu/internet-of-things-guide/]

IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine (M2M) communications and covers a variety of protocols, domains, and applications.

Some of the important IoT messaging protocols are:

  1. AMQP(Advanced Message Queuing Protocol) – An open standard application layer protocol for message-oriented middleware. The defining features of AMQP are message orientation, queuing, routing (including point-to-point and publish-and-subscribe), reliability and security.
  2. MQTT (Message Queueing Telemetry  Transport)- or MQ Telemetry Transport is a lightweight connectivity protocol geared for IoT applications. It is based on the TCP/IP stack which uses the publish/subscribe method for transportation of data. It is open-ended and supports a high level of scaling, which makes it an ideal platform for development of Internet of Things (IoT) solutions.
  3. HTTP/2 – Enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection.
  4. CoAP(Constrained Application Protocol) – CoAP is a web transfer protocol based on the REST model. It is mainly used for lightweight M2M communication owing to its small header size. It is designed especially for constrained networks and systems withing the Internet of Things paradigm, hence the name, Constrained Application Protocol.
    CoAP mimics HTTP in terms of user visibility, and from that standpoint, reading sensor values is essentially like making an HTTP request.
  5. XMPP(Extensible Messaging and Presence Protocol) – An open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data.

We will go through about them in detail in later posts.

That’s all for now. Keep reading.

Sources:

IoT Hub vs Event Hub–A quick comparison

December 11, 2016 Azure, Cloud Computing, Cloud to Device, Communication Protocols, Connectivity, Contrained Networks/Devices, Data Hubs, Device Shadow, Device to Cloud, Device Twin, Emerging Technologies, Event Hubs, HTTP2, Identity of Things (IDoT), Intelligent Cloud, Internet of Things, Interoperability, IoT, IoT Hub, IoT Privacy, IoT Security, Messaging, Microsoft, Performance, Protocols, Reliability, Scalability, Tech-Trends No comments

With this article I am trying to provide you a birds eye view comparison of IoT Hub and Azure Event Hub, so that some of you may stop feeling that there is nothing new in IoT Hub.

For the interest of this article, I put together a table with side-by-side comparison of some important features/desired features from an IoT Hub like platform.

Feature IoT Hub Event Hub
Communication Supports both device-to-cloud and cloud-to-device bidirectional communication Supports only device-to-cloud communication
State Management Can maintain device state using Device Twins and query them whenever needed. Not Supported
Protocol Support AMQP 1.1, AMQP over Web Sockets, MQTT 3.2, MQTT over Web Sockets, HTTP 1.1, Web Sockets. AMQP 1.1, AMQP over Web Sockets, HTTP 11 , Web Sockets only
Protocol Extensions Provides IoT protocol gateway a customizable implementation for industrial protocol channelling. Not Supported
Security Provides identity to each device and easily revocable through IoT Hub Device Management portal. Shared access policies with limited revocation capabilities are provided.
Monitoring/ Operations Provides a rich set of features through Device Management capability. Includes individually enable/disable or provision new device. Change security keys as needed. View/identify individual device problems easily. Does not provide individual performance metrics. Can provide only a high level aggregated metrics only.
Scalability Scalable to thousands/millions of simultaneous devices Limited number of simultaneous connections up to 5000 connections per Azure Service Bus Quotas. Event Hub provides a capability to partition your message to channel it in to associated Service Bus quotas.
SDK Support/ Developer Support Provides very good Integration SDK and developer support. Both Azure IoT  Device SDK and IoT Gateway SDK are the most essential kits provided for almost all devices/OS platforms. It also support all the latest programming languages such as C#, Node.js, Java and Python.
Also provides  direct MQTT, AMQP and REST based HTTP APIs.
Very detail oriented documentation provided.
.NET, Java and C apart from protocols such as AMQP, HTTP API interfaces.
Files/Images Upload Capability Supports IoT devices/solutions to upload files/images/snapshots to cloud and define a workflow for processing them. Not Available
Message Routing Very decent message routing capability is available out of the box. Up to 10 end points can be defined and Advanced Rules can be defined on how routing should occur. Requires additional programming and hosting to support as per the need.

From this comparison table, you can analyse that IoTHub is the right candidate for your IoT solution needs, as Event Hub lacking certain capabilities that are essential for an IoT Ingestion point. If you are only requiring to send messages to cloud and doesn’t require any fancy stuff as IoTHub provides, you can choose Event Hub.

Remember with more power comes more responsibility, that’s what IotHub intend to provide to you.

Hope this overview was helpful. Please feel free to comment or initiate a discussion any time. Please share your feedbacks on this article as well.