IoT - State of the art
Popular IoT applications
- Home automation, Smart cities.
- Wearables, Healthcare, Automotive...
Popular IoT protocols and standards
- Application level: MQTT, XMPP, AMQP. CoAP.
- Networking level: 6LoWPAN, RPL. DTLS.
Focus of this talk
Home automation using MQTT
Home automation using MQTT
A quick MQTT overview
- MQTT is based on a publisher/subscriber model.
- MQTT clients use TCP/IP to connect to a Broker.
- Brokers perform message-passing between clients and can usually be chained in a hierarchical way.
- There is a MQTT-SN specification for low-end devices.
Home automation using MQTT
Architecture basics
- Sensors:
room/temperature
, outside/humidity
.
- Commands:
room/radiator
, garage/door
.
- All devices are using a MQTT broker connected to Internet.
Privacy requirements
- Some data may be shared publicly:
outside/humidity
.
- Some data may be shared to a trusted set of people or systems:
garage/door
, room/temperature
.
- Some commands need to be protected:
room/radiator
.
- Some commands need to be secure:
garage/door
.
A 2FA would be a good thing.
Home automation using MQTT
Connecting our home to the IoT
- Naming:
my_home.domain.name/<location>/<device>
.
- Security: SSL/TLS required for MQTT requests from Internet.
Well, it was easy, wasn't it?
End of the story?
.NOPE.
DNS and SSL/TLS concerns
Both share the same usage flaw.
Enter the Blockchain
The Blockchain
- Made famous by cryptocurrencies, especially Bitcoin.
- In cryptocurrencies, acts as a ledger for transactions.
- Integrity is ensured by the network. No SPOF.
Why does it work?
- The mining process rewards people for maintaining the ledger's integrity. Mining is computational power-hungry.
- In cryptocurrencies, everyone in the network is motivated by the same incentive, i.e. getting money.
- It works because everyone is a bit greedy and that the "silent majority" outperforms the "few villains".
It looks like a very negative view of human nature, but...
TRUST < GREED
History has proven that relying on the "good will" of a few ones, just doesn't work.
Decentralization matters
Yes, all that stuff looks interesting, in theory at least...
But who cares ?
January 2015 - IBM and Samsung unveil ADEPT
Autonomous Decentralized Peer-to-Peer Telemetry
Using a
Blockchain with
Ethereum,
Telehash for communication, and
BitTorrent.
How does it work?
Twister is a fully decentralized Twitter clone.
- A Blockchain stores the full list of User Handles.
- User profiles are stored in a DHT (Kademlia).
- Posts are stored within BitTorrent swarms.
- DMs are encrypted, other messages are not.
Mapping into MQTT concepts
...and addressing security and privacy as well, while we're at it...
- A Handle is used instead of a Domain Name.
- MQTT's pub/sub model fits nicely with Twi[st]ter's one.
Now, what?
Here is some food for thought (and the Q & A session):
- Secret sharing.
Secret keys are hard to protect. Storing a key into a device makes it a SPOF, so let's split the key into parts and store those parts across multiple devices... Hint: ssss.
- Adaptive security.
NFC payments are prone to errors, but limited to a maximum amount. It's a matter of risk versus consequences.
Let's extend this principle to give a proper response to a given situation, using a Quorum.
Now, what?
- Cryptography and low-end devices.
Cryptography is costly. Do we need strong cryptography, when EFT standards still use DES (2-TDES, 112-bit key length) ? Hint: DUKPT.
- Blockchain and incentive issues.
Blockchains quickly become huge. Would a distributed Blockchain storage be possible or relevant? What about integrity? Use another Blockchain for this purpose ?
Generally speaking, what would be good incentives for non-cryptocurrencies-related Blockchains ? Example: DNSChain.