Author Archives: Mannpathak

IoT Domain Sub model– Functional Model

Definition

  • It defines the main functionality and their interactions.
  • It is based on following three principles or concepts:
    • Abstract:
      • It is not tied to any technology, application domain or implementation.
      • It does not explain different functional components that make up different functional groups.
    • Define Functional Groups and their interactions.
    • Functional View:
      • It defines runtime functional components of the system, that covers following aspects:
        • Responsibilities of functional components.
        • Default functions of functional components.
        • Main interfaces of functional components.
        • Primary interactions of functional components.

Functional Model defines two types of functional groups:

1. Longitudinal Functionality Group:

Functionalities are limited to that specific group only and are not required by any other functional groups. These functional groups are spread lengthwise in overall model and their interaction is also manly two way longitudinal.

Below are the 7 longitudinal Functional Groups:

  1. Application
  2. Service Organization
  3. IoT Process Management
  4. Virtual Entity
  5. IoT Service
  6. Communication
  7. Device

2. Transversal Functionality Group:

Functionalities are required to be implemented almost in all functional groups, therefore these are spread across all functional groups. Example: Security and Management

Below are the 2 transversal Functional Groups:

  1. Security
  2. Management

Brief explanation of above mentioned functional groups:

1. IoT Process Management Functional Groups:

  • It provides necessary functional aspects to integrate the specific concept of IoT system with business process. This helps enterprises to make sure IoT Sub-System adhering the common & new industry standards and best practices like BPMN 2.0 (Business Process Model and Notation). So that an isolated and proprietary “IoT” solution is not required to establish.
  • As the reliability and accountability of sensor data providing information of virtual entity along with processing capabilities of devices are major aspects of business process, IoT process management helps to hide the IoT specific implementation at lower level to enable smooth integration.
  • While practical realization is done then bu sines process policies covering permissions, prohibitions and obligation aspects; are required to address in IoT Process management.
  • IoT Process Management FG are dependent on Service Organization FG for the execution of business process by finding, binding and invoking specific services.

2. Service Organization Functional Groups:

  • It acts as communication hub among other Functional groups because its primary responsibility to composing (combining multiple basic services to get response of a request) and orchestrating services at various abstraction level so that requests coming from IoT Process Management FG or external application can link to right services as well also link with associated entities by utilizing Virtual Entity FG & IoT Service FG.
  • It also acts as brokerage of services so that Services can subscribe to other services available in system.

3. Virtual Entity Functional Groups:

It contains following functionalities :

1. It has functions for interacting with IoT System having multiple Virtual entities.

2. It also has functionalities for discovering and looking up services that provide information about Virtual Entities.

3. It also has functionalities to managing the static association & dynamic association of moving and non moving Physical entities(virtual entities).

4. IoT Service Functional Groups:

  • It contains functionalities to discover, look-up and name resolution of IoT Services.

5. Communication Functional Groups:

  • It contains various communication schemes based on technologies and also provides interfaces to interact with IoT Services FG.
  • These functional groups consider following aspects related to communication:
  • Data Representation
  • End to End path information
  • Addressing issues
  • Network Management
  • Device Specific features
  • Protocol Translation
  • Context Passing functionalities

6. Management Functional Groups:

  • It contains all functionalities that are required to govern any IoT System. It covers below four high level goals:

1. Cost Reduction: It should covers maximum use cases or users to avoid creation of different solutions for different use cases. It also covers the capturing of data to know the current cost.

2. Attending unexpected usage issues: It covers the knowledge of system state and strategies to address along with mitigation of unforeseen situations like: link failure, queue overload, devices are not working, introduction of error into system and emergency situation like stopping a train or moving complete system into energy saving mode.

3. Fault handling:

It covers to address the unpredictability of future failures that includes below goals:

  • Prediction of failures
  • Detection of existing failures
  • Reduction of effects of failures
  • Repair

4. Flexibility:

  • It covers to address the changes in requirements so no new system is required to prepare when user requirements change.
  • It also includes management of membership, ownership, their administration, defining rules & rights and accompanying information of the given entity to the IoT system.

7. Security:

It covers security and privacy of IoT system that includes:

  • Initial registration of client into system securely to make sure only legitimate clients are allowed to login into system.
  • Keeping user information protected and anonymous while accessing resources or services.
  • Legitimate interaction occurs between peers that are statically authorized or trusted to interact with each other.
  • Secure and data integrity protections.

IoT Domain Sub model– Information Model

Definition

  • It defines the structure of all information of Virtual Entities only at conceptual level and not at concrete level. In other words, it covers all aspects of adding information in the data. Here, structure covers attributes, relations and services that helps to know what, who, where, and when.
  • The detailed representation of information is not covered in this model.

This model covers following details (elements & their association) and of modelling of virtual entities:

1. Virtual Entity has attributes with name and its type.

  • Each virtual entity has a unique id or type i.e human, a car, or a temperature sensor.
  • A virtual entity can have zero to many attributes.

2. Attribute can have one or more values.

  • Each attribute has a name, a type (semantics) and one to many values.

3. Value has meta information(Meta data)

  • Value can further also have more values and each value has zero or many meta data. A virtual container keeps grouping of a value and associated zero or many meta data.

4. Meta Data might help to define other information like:

  • Time stamp (what time information is defined)
  • Location (Location where measurement took place
  • Quality (Quality of measurement) etc.

Meta data can itself have additional meta data i.e unit

5. Association between Virtual entity and Service description for specific attributes. Service allows to read attribute value or set the value based on changes in physical entity.

6. Services description describes services and associated interface. It also contains resource description that covers functionality of resource those are exposed by service.

7. Resource Description describes a resource and also contains description of device on which resource is hosted.

IoT Domain Model–A brief Introduction

Definition

A model that is a base of any reference model, that creates a model for any specific domain and in this case , it is an IoT domain.

Below are the work scope of this model:

  1. Define abstraction and not including real implementation
  2. Define Responsibilities
  3. Define relationship

Following are Sub-models of the IoT Domain model:

  • IoT Information Model
  • IoT Functional Model
  • IoT Communication Model
  • IoT Trust, Security and Privacy model

IOT Domain Model contains following entities:

  • User
  • Physical Entity
  • Virtual entity
  • Augmented Entity
  • Devices
  • Resource
  • Service

Description of Domain Model Entities

Devices

In the IOT Domain model, devices are technical artifacts that behave as interfaces between the digital (Virtual Entity) and physical (Physical Entity) world. Therefore, devices must have capabilities (like storage, computation & communication) to operate in the digital as well as physical world. Also resources available in devices also play a very critical role in overall operation.

Device Capabilities:

  1. Communication related capabilities are covered under Communication Model that is a sub-model of the Domain model. It covers:
    •  Type of data exchange (like identifier, identifier + data, sensor data or commands) is supported by device.
    • Support communication topology (like network, peer to peer etc.). It affects energy consumption, data collection frequency, and the amount of data transmitted. Location of Resources (on-device or on network) are also impacted based on communication capabilities.
    • It also affects the Security features.
  2. Computation Capabilities of devices have huge impacts on security features, and power resources.
  3. Storage capabilities of devices are also impacted as it determines firmware or software running on devices.

Resource

  • Resources are software components that provide special functionality. Please note that hardware are not considered as resources.

Example: Actuation, Storage Resources, processing information or services on cloud/network etc.

Here, Actuation allows to get information and also changes in digital or physical entities.

  • Resources are of two types:
  1. On-Device resources like sensor data retrieval or actuator to control the digital or physical world, storage with limited capacity.
  2. Network Resources like services on cloud to perform large data processing like data aggregation, computation or storage in cloud.

Services

IoT Services are technical services that define standard interfaces and hide complexity of accessing a variety of heterogeneous Resources.

Following services are classified based on their level of abstractions:

1. Resource level Services: These services are for on device resources or network resources to provide functionality and also handles following quality aspects:

  • Dependability
  • Security
  • Resilience(availability)
  • Scalability & Timeliness

2. Virtual Entity level services:

These services can be associated with a single or multiple virtual entity that gives access to attributes to read and update the values.

3. Integrated Services:

These services are composition of Resource level and Virtual entity level services.

Physical Entities

Physical entity can be a living being or any other item like car, store, logistic items, electronics appliances etc.

In IoT domain model, physical entities are identified by two ways:

1. Primary Identification: Based on natural features of entity like camera having sensor

2. Secondary Identification: Tags or labels based identification, like RFID tags or barcodes

Note: For virtual and augmented entity, please refer “IoT Reference Model – Domain Model Entities” article

IoT Reference Model – Domain Model Entities

To illustrate and build a reference domain model for a very generic scenario of any IOT solution; below table describes all the entities that are required to define by solution architect:

Entity
In Domain Model		Description
User– A human being or a service or an application or a software agent.
– Different types of users and associated roles are not included in the IOT Domain Model.
Physical EntityPhysical entity can be a living being or any other item like car, store, logistic items, electronics appliances etc.
Virtual entity– The digital representation of a physical entity is called virtual entity or digital artifacts.
– The same physical entity can be associated with several virtual entities.
– Virtual Entity has two basic properties:
1. This is the digital representation of a physical entity.
2. This is the synchronized representation of properties/aspects of physical entities.

A. Digital Representation:
– Each virtual entity has a very unique id.
– Virtual Entities can be classified into two types:
1. Active Digital Artifacts (ADA): Any running software, agents or services that access other Resources or Services.
2. Passive Digital Artifacts (PDA): Passive software like database entries.

B. Synchronized Representation:
It means that digital parameters of virtual entities represent characteristics of physical entities. Therefore, change of either entity (virtual/physical) will affect the other. Example: Manual locking the door will change the property/parameter of home automation software (virtual entity). Similarly, triggering the event to lock the door in home automation software will also triggered electric lock of door (physical entity).
Augmented Entity– Composition of one virtual entity and associated physical entity.
– Actually, it enables every object to become part of the digital process.
– It is also regarded as a “thing” in the Internet of Things.
DevicesBasically, it is either an extension of virtual entities or extension of physical entities. Here, extension means generating a paired couple of virtual and physical entities. It means a device that bridges both virtual and physical entities. To build such devices, we have to provide or add capabilities like monitoring, sensing, actuation, computation, storage and processing.

– In IOT Domain, there are 3 types of such devices:
1. Sensors
2. Tags
3. Actuators
Resource– These are the software components that enable virtual entities to interact with physical entities.

– There are two types of resources identified:
1. On-Device Resources:
Resources deployed on physical devices like executable for accessing, processing and storing information, or controlling actuators.

2. Network Resources:
Resources deployed on a network like back end or cloud.

– Virtual entities can also be associated with Resources to enable interaction with associated physical entities.
Service– In case of heterogeneous resources, a service is required to provide open and standard interfaces so that interaction with resources & devices associated with Physical entities can be achieved.
– A virtual entity can be associated with one service or multiple services.
– Multiple instances of a service are also possible in the model.
Table 1.0

Note: Here, Interaction can be done by calling services that either retrieve information or act on a physical entity to meet the goal of the user.

Interaction can be done between:

  1. Human User and Physical entities.
  2. As well as between Active Digital Artifact and Physical entity.

IoT – Basics of a reference model

Q 1. Why do we need an IoT Reference model?

To establish a common understanding for building IoT architecture of complete IoT systems.

It is based on below requirements:

  • Independent from any technologies or use-cases.
  • Support for Cross Platforms.
  • To define components involved and their structures (attributes & relationship) for any IoT system.
  • Do not define how the components are represented.
  • To define functionalities to interact with instances and managing related information.
  • To handle communication in heterogeneous IoT environments.
  • To define handling of Trust, security and privacy

Q 2. What is the IoT Domain model?

A model that is a base of any reference model. Below are the work scope of this model:

1. Define abstraction and not including real implementation

2. Define Responsibilities

3. Define relationship

It is a model that addresses requirements mentioned in question 1.

Q 3. What are the Sub-models of the IoT Domain model?

  • IoT Information Model
  • IoT Functional Model
  • IoT Communication Model
  • IoT Trust, Security and Privacy model

IoT – Implementation of various security techniques to address real threats

Real ThreatsSecurity Techniques
Messages can be read by anyone on the internet.Various symmetric encryption techniques to make sure only sender and receivers can understand the message.

Examples:
– Advanced Encryption Standard(AES)
– Data Encryption Standard(DES)
Unencrypted or encrypted messages can be altered by anyone on the internet.Various Integrity protection techniques like Hash based solutions to detect alteration in messages.

Examples:
– SHA256 MAC
Stealing encryption key on the internet and calculating fixed keyPublic private key infrastructure based techniques make sure that keys used for encrypting the message are not fixed and random for each session. Along with it, it also makes sure that message encryption key cannot be steal by anyone by using asymmetric public and private key concepts.

Examples:
– Rivest, Shamir and Adleman (RSA)
– Elliptic Curve Cryptography (ECC)
Unauthorized access and illegal control of network and system resourcesAuthentication and Authorization techniques to make sure only authenticated users with valid credentials are allowed to enter into networks. Along with it, an adequate permission mechanism to set various authorization levels like admin, super admin, user level access, group level access, role based access control (RBAC) and attributes based access control (ABAC).

Example:
– oAuth (Open Authorization)
Physical attacks of devices computing, memory and storage devicesIn build security techniques to make sure you have a secure run time execution environment, secure RAM or ROM and Secure storage for any physical attacks.
Table 1.0

IoT – Common security in wireless communication Technologies

TechnologiesSecurityDrawbacks
ZigBeeThree types of security: Control and managing who or what can view or use resources. Encryption Integrity
It provides security by assigning a mandatory network key to each device for proper authorization.		Network key assigned to different devices are fixed and cannot be changed later.
BluetoothIt provides encryption of data between sender & receiver.It has some common threats like blue jacking & bluesnarfing.

Blue Jacking: Sending unsolicited message in the form of business card, messages, or pictures. It does not steal any information from recipient device.

Bluesnarfing: It is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and on some phones, users can copy pictures and private videos.
Radio Frequency Identification (RFID)It provides encryption of data supporting AES & DES symmetric algorithm.– It does not provide security to read information from tags because tags give information without verifying the authentication of reader. The attacker can make his own reader to collect
information.

– Even attacker can change the cipher text that leads to data integrity issue.
Wireless Sensor Network(WSN)It provides encryption of data.There are several attacks in WSN, such as
– Denial of Service (DOS)
– Distributed DOS (DDOS)
Wireless Fidelity (Wi-Fi)Authentication and Authorization mechanism– There is no proper encryption mechanism that may cause to change the message by attacker.

– Eavesdropping & monitoring data
Table 1.0

IoT Layered Architecture – Security Threats

1. Perception Layer:

  • Eavesdropping: Stealing the information transmitted between sender & Receiver.
  • Node Capture: Getting full control of node like gateway node. That way all types of data including key used to build secure connection along with data in memory.
  • Fake Node & Malicious node: Adding not a valid or real node to occupy network bandwidth and hardware resources of real node. That causes destruction of whole network.
  • Replay attack: By eavesdropping between sender & receiver, an intruder capture the very basic identity of sender and start behaving like he is a real sender such that receiver gets impression that data is coming from real sender. That way intruder can send his or her desired command to receiver.
  • Timing attack: Intruder tries to observe the time consume between request and response that way tries to understand what types of queries are sent, what type of algorithms are used.

2. Network Layer:

  • Denial of Service (DoS) attack: Consume whole network bandwidth such that authentic user are not allowed to consume services.
  • Main-in-The-Middle (MiTM) attack: An attacker intercepts between sender & receiver and change the data of communication such that both sender & receiver believe that they are getting data from each other only.
  • Storage attack: Altering the information stored in storage devices or on cloud specially when multiple types of people are involved into replication of stored data.
  • Exploit attack: Taking advantages of security vulnerability, weak algorithm, poor hardware or bad programming helps attacker to retrieve precious information.

3. Application Layer:

  • Cross site scripting attack: Adding client side malicious script like java-script to change the actual code and execute the code what attacker wants to execute.
  • Malicious Code attack: A code inside the software itself causes damage of overall system. Such type of code is very hard to detect with even anti virus code.

4. Support Layer:

  • Denial of Service (DoS) attack: As describe above.
  • Malicious inside attack: Attack happens with the help of someone inside the network with valid authorization.

5. Processing Layer:

  • Exhaustion attack : To exhaust the system resources like battery & memory consumption.
  • Malwares attack : In the form of viruses, spyware, adware, Trojans horses and worms.

6. Business Layer:

  • Business Logic attack: Due to flaw in programming like poor coding, password recovery mechanism, poor validation & bad encryption techniques.
  • Zero-Day attack: Security issues in application and vendor is not aware about it.

IoT Platform – MainFlux

Description

  • It is on premise and cloud (or hybrid) based IoT Platform that provides:
  1. Device management
  2. Data aggregation and data management
  3. Connectivity and message routing
  4. Event management
  5. User Interface
  6. Core analytics
  • It is developed by considering following three main entities:
  1. Users : These are real users who can access and manage resources (CRUD).
  2. Things : These are devices & applications part of the IoT solution.
  3. Channels : These are communication channels to exchange messages.
  • It uses *NATS as a main messaging system.
  • It can be run on gateway as well as on cloud at the same time. It provides below services to deploy on gateway for having communication with MainFlux on cloud.
  1. Agents: It is a service to manage a gateway that is connected to MainFlux on cloud. It allows you to send commands to the gateway and receive responses.
  2. Export: It is a service that allows sending messages from one MainFlux cloud to another. It also allows sending messages from the gateway to MainFlux cloud.
  • MainFlux provides following major functionalities:
  1. Provisioning: It is a configuration of IoT Platform for creating & setting-up different entities (users, channels & things).
  2. Messaging: Publishing messages from things to channels using protocols (HTTP/MQTT/CoAP/WebSocket)
  3. Storage: Supporting multiple databases (CassandraDB/MongoDB/InfluxDB/PostgreSQL) to store messages.
  4. Security: Establishes secure connections when users or things are communicating with other entities proper certificates are required to set.
  5. Authentication: Using keys or TLS mutual authentication.
  6. Authorization: Setting policies to control permissions for users, things and channels. Mainflux uses *Ory Keto server.
  7. Group based authentication: Allows group based authentication for users & things.
  8. Bootstrap: Supports self restarting process based on conditions set. Devices can trigger bootstrapping if conditions are matched.
  9. Tracing: Supports for generating profiling and monitoring applications as well as helps in debugging. Mainflux uses the *Jaeger tracing framework. It also uses Grafana, Prometheus and OpenTracing for instrumentation purposes.
  10. Twin Services: Supports digital twins functionality.
  11. Benchmarking: To generate large traffic & measure performance third party tool MZBench is used.
  12. Container-based deployment using Docker and Kubernetes.

MainFlux architecture contains following services mentioned in table 1.0

ServiceDescription
usersThis service provides APIs to Manages users by allowing following major activities: New Account Registration Obtaining access tokens and verify them
thingsThis service provides APIs to manage resources (things & channels) by allowing following activities: Provision new things Create new channels Connect things and channels
http-adapterThis service provides APIs to send messages.
mqtt-adapterThis service provides MQTT APIs to send messages.
coap-adapterThis service provides CoAP APIs to send messages.
opcua-adapterThis service provides OPCUA APIs to exchange data. This sits between Mainflux IoT System & OPC-US server.
lora-adapterThis service provides Lora APIs to exchange data. This sits between Mainflux IoT System & OPC-US server. It uses MQTT protocols.
mainflux-cliThis service provides APIs for command line interface. Cli makes it easy to manage users, things, channels and messages.
Table 1.0

*NATS : It is an open source messaging system. It provides servers and also has client libraries (multiple languages) for interacting with servers. It is scalable and high in performance. It is also used in cloud based solutions.

*OPCUA(OPC Unified Architecture) is an open standard to exchange data from sensors to cloud applications. It is cross platform.

*Ory Keto is a permission and authorization server.

*Jaeger tracing system is an open-source tracing system for microservices

Is it open source?

Yes

https://github.com/mainflux/mainflux

Supported Messaging & Security protocols

  • HTTP/HTTPS
  • MQTT
  • WebSocket
  • CoAP
  • TLS

Supported Networks

  • BLE
  • Ethernet (eth0)
  • LoRaWAN

Supported technologies & tools

  • Docker
  • Kubernetes
  • Swagger

Supported Languages

  • Go
  • *Protobuf (Protocol Buffers)

*Protobuf : It is a mechanism that allows us to serialize and de-serialize data. It is language & platform neutral so that different programs written in different languages on different platforms can send & receive data without writing additional code. It has its own compiler and specification.

Supported Databases

  • CassandraDB
  • MongoDB
  • InfluxDB
  • PostgreSQL

Supported OS

Supports all major OS

Domains where it is used and can be used

Applicable in all domains where IoT solution can be implemented.

IoT Platform – OpenRemote

Description

  • OpenRemote IoT platforms enables connecting various network connected assets/entities/things to mobile and Web application.
  • OpenRemote platform architecture is split among following 6 major categories of IoT Solutions:
  1. Frontend
  2. Services (Manager)
  3. Agents
  4. Security
  5. Edge Gateway
  6. Console

Below table describes solutions provided by OpenRemote for above mentioned categories:

IoT Solution CategoriesFeatures/Tools provided by OpenRemote
FrontendFrontend simplifies creation and development of user interfaces that includes:
– Web Components & Templates for developing
browser based application & administration tool.
– Smartphone Apps for both Android & iOS

It also has some dedicated/pre-built frontend applications like:
– Multi tenancy based monitoring dashboard
– Home automation/Smart City based control panel
– Mapping all assets on map using asset model.
Services (Manager)Manager provides APIs of services or *headless applications to monitor & administrate the system. It provides following services:
– Asset management service
– State & Historical Data service
– Rules Engine
– Event Processing Engine
– Messaging Service
– Streaming Service

It provides APIs for following technologies:
– REST based HTTP APIs
– Websocket event based APIs
– MQTT event or protocol based APIs

Rules engines allows to write and understand the rules written using:
– Groovy
– JavaScript
– JSON
AgentsIt links the external devices or services with OpenRemote system. Agents supports proprietary and open standard protocols. It contains following two major components:
– Device Management
– Protocols Adapter
SecurityIt provides pre-integrated Keycloak based Identity & access management security that includes:
– Authentication (multi tenants authentication),
Single sign-on etc and also supports OAuth
authentication.
– Authorization
– Identity Management
Edge Gateway– It is a OpenRemote manager that connects to central
OpeRemote manager using Websocket API with proper
authentication mechanism.
– It also supports Keycloak identity management
solution.
– Edge Gateway has very limited hardware.
ConsoleIt is native mobile applications those are used by OpenRemote Web Component.
Table 1.0

* Headless Application functions without frontend or it exposes APIs.

Is it open source?

Yes

https://github.com/openremote/openremote

Supported Messaging & Security protocols

  • HTTP
  • *KNX (Konnex)
  • MQTT
  • *Simulator
  • *SNMP (Simple Network Management Protocol)
  • Serial
  • TCP
  • UDP
  • SSL
  • TLS

Note:

*KNX is OSI-based network communications protocol that is primarily designed and developed for building & home automation. And it is managed by the KNX Association.

*Simulator: It simulates a connection to an external services so that development can be done without the availability of actual

*SNMP manages & monitors of devices connected in network.

Supported Networks

  • Bluetooth Mesh
  • Z-Wave
  • LoRa etc.

Supported technologies

  • Websocket
  • Velbus( A home automation system)
  • Docker
  • NodeJS
  • REST

Supported Languages

  • Java
  • TypeScript
  • Groovy
  • CSS
  • Swift
  • Kotlin

Supported Databases

  • PostgreSQL with GIS and JSON extension

Supported OS

  • Supports all major operating systems

Domains where it is used and can be used

  • Energy Management
  • Asset Management
  • Smart City & Mobility