HOW TO OVERCOME CHALLENGES OF SMART IOT DATA SYSTEM DESIGN STANDARDS STEP OVER EACH OTHER HOW TO STAY IOT HEALTHY? USE IN-MEMORY SECURITY
Real World Connected Systems Magazine. Produced by Intelligent Systems Source
Vol 18 / No 6 / June 2017
Computing Forecast: Cloudy Today, Foggy Tomorrow
An RTC-Media Publication RTC MEDIA, LLC
SAFE RELIABLE SECURE
T R U STED S O F T WAR E F OR E M B E DDED D E V I CE S For over 30 years the world’s leading companies have trusted Green Hills Software’s secure and reliable high performance software for safety and security critical applications. From avionics and automotive, through telecom and medical, to industrial and smart energy, Green Hills Software has been delivering proven and secure embedded technology. To find out how the world’s most secure and reliable operating systems and development software can take the risk out of your next project, visit www.ghs.com/s4e
Copyright © 2016 Green Hills Software. Green Hills Software and the Green Hills logo are registered trademarks of Green Hills Software. All other product names are trademarks of their respective holders.
Real World Connected Systems Magazine. Produced by Intelligent Systems Source
GETTING READY FOR IOT 24
3.0 Are you Prepared for the Future with IoT? Greg Deffenbaugh, Avaya
PERSPECTIVE ON STANDARDS 26
4.0: Wireless Communications Standards: The Battle for the IoT by Richard Edgar, Imagination Technologies
SECURITY ON FOG COMPUTING
06 Computing Forecast: Cloudy Today, Foggy Tomorrow
5.0: Interview of Wind River
5.1: How to stay IoT Healthy with Inmemory Security?
by John W. Koon
by Jeff Shiner, Micron Technology
The Fight Over 5G
5.2: How Prepared are Utilities for Looming Cybersecurity Threats? by Rick Enns, Trilliant
WHAT IS FOG COMPUTING? 06
1.0: Computing Forecast: Cloudy Today, Foggy Tomorrow by John W. Koon
1.1: Fog Computing for the Internet of Everything by Warren Kurisu, Mentor Graphics
UNDERSTANDING THE FOG AND EDGE COMPUTING ARCHITECTURES 18
2.0: How to Overcome Challenges of Smart IoT Data System Design by Toby McClean, ADLINK Technology
26 Wireless Communications Standards: The Battle for the IoT
RTC Magazine JUNE 2016 | 3
PUBLISHER President John Reardon, firstname.lastname@example.org Vice President Aaron Foellmi, email@example.com
EDITORIAL Editor-In-Chief John Koon, firstname.lastname@example.org
ART/PRODUCTION Art Director Jim Bell, email@example.com Graphic Designer Hugo Ricardo, firstname.lastname@example.org
ADVERTISING/WEB ADVERTISING Western Regional Sales Manager John Reardon, email@example.com (949) 226-2000
Integrated Rack Level Systems Elma integrates 19â€? COTS components from Cisco, Dell and others into our equipment racks, providing fully configured and tested turnkey systems. As your single source supplier, Elma provides component life cycle management, documentation, spares support and design services.
Eastern U.S. and EMEA Sales Manager Ruby Brower, firstname.lastname@example.org (949) 226-2004
BILLING Controller Cindy Muir, email@example.com (949) 226-2021
TO CONTACT RTC MAGAZINE: Home Office RTC-Media, 940 Calle Negocio, Suite 230, San Clemente, CA 92673 Phone: (949) 226-2000 Fax: (949) 226-2050 Web: www.rtc-media.com Published by RTC-Media Copyright 2017, RTC-Media. Printed in the United States. All rights reserved. All related graphics are trademarks of RTCMedia. All other brand and product names are the property of their holders.
4 | RTC Magazine JUNE 2017
The Fight Over 5G by John Koon, Editor-In-Chief
On April 10, 2017, ATT made an offer to buy Straight Path Communications (STRP) for $95.63 per share in an all-stock deal worth $1.25 billion. Before the AT&T offer, Straight Path’s stock was trading around $36 (April 7) for over a year. On April 25, Straight Path announced it received another offer of $104.64 per-share offer from another telecommunications company. The new deal was estimated to be 1.31 billion. Straight Path’s share went up 6.4 percent to $118. On May 11, the deal was closed with $184 per share and Verizon was the winner - five times the trading price on April 7, 2017 and was worth $3.1 billion. Additionally, Verizon will pay a termination fee of $38 million to AT&T on Straight Path’s behalf. Prior to the acquisition, Straight Path was worth around $400 million with less than 20 employees. Who is Straight Path and why the bidding war? One of the key elements in the wireless future is 5G which provides high-speed, low-latency and low-cost connection which will support IoT, big data and analytics. This fifth generation of wireless technology (sometimes referred to as mobile networks) is the next big things after the 4G LTE we have today. It is faster, much faster, in the order of 10Gbps download using millimeter wave band in the range of 20-60GHz. Some says that range may go up to 300GHz. Needless to say, all major carriers such as AT&T, Verizon and T-Mobile are going after the 5G. Straight Path, a start-up company, owns 28 GHz and 39 GHz millimeter wave spectrum. The figure shows the spectrum owned by Straight Path, crown jewels of 5G. Verizon is taking the lead in building its wireless and online empire. It first acquired AOL then Yahoo. At the end of March, it launched the first Low-power WAN (LPWAN) nationwide, M1 Network. With Straight Path, Verizon is positioning itself to
Verizon paid 5 times the going rate to acquire Straight Path, a start-up company, which owns the 28 GHz and 39 GHz millimeter wave spectrum. The spectrum map shows what Straight Path owns.
be the king of 5G. Some analysts commented the $3.1 billion price tag might be too high. Only time will tell how it is going to play out. No doubt 5G is where everyone is heading. With the purchase of Straight Path, Verizon has already started building the fiber optic ground work. Milan-based Prysmian Group, specializes in energy and a telecom cable system has been awarded a $300 million Verizon contract to build a 5G network. Its North America Prysmian Group with 10 plants employing more than 2.000 people will be doing most of the work. (US revenue was $1.4 billion in 2016). Expect to see more investment in this technology from the carriers, hardware vendors and integrators. Behind the 5G activities is a bigger scheme – Fog Computing. As Cloud Computing started 15 years ago, Fog will take this to the next level. It covers connections of the cloud, edge devices, sensors and wearables. The OpenFog Consortium backed by Cisco,
Microsoft, IBM and the like will drive this forward. Everything under the sun will come under Fog – IIoT, LPWAN, connected cars application, medical devices, edge computing and analytics. A Fog spec has been released on February 2017 (downloadable for free). As the wireless world expands, Fog will grow, low-power WAN will expand and so do cyber threats. In this issue, we have invited experts to explain Fog, Edge, LPWAN and how to protect ourselves from cyberattacks. Additionally, an expert will explain the different standards.
RTC Magazine JUNE 2017 | 5
1.0 WHAT IS FOG COMPUTING?
Computing Forecast: Cloudy Today, Foggy Tomorrow Cloud computing has changed the landscape of the computing technology. In 1988, a little known, Menlo Park based company called Google used its cloud strategy to beat Microsoft. In April this year, its parent company, Alphabet, has surpassed the $800 billion mark in market value compare with Microsoft’s $521 billion. An emerging technology, Fog Computing, promises to cause further disruption. by John Koon, Editor-In-Chief
What is Fog Computing and how it relates to the growing IoT phenomenon? By now we are all familiar with Internet-of-Things (IoT). The forecast of the number of IoT connection will reach billions in the next few years. Smart sensors and devices will be connected to the servers to provide insights on operations. This will increase productivity of every aspect of our lives. But it is easier said than done. If something goes wrong, who is to blame? Who is really in charge here? It seems to make sense to have a universal standard to provide guidance and have a certification program in place to guarantee everything will work accordingly. 6 | RTC Magazine JUNE 2017
This is exactly what OpenFog Consortium is set out to do. In February of 2017, the non-profit organization has published its first “OpenFog Reference Architecture for Fog Computing” and has provided a clear definition of what Fog computing is. The documentation is downloadable for free from the organization’s website. www.openfogconosrtium.org.
Definition: Fog Computing is a horizontal, system-level architecture that distributes computing, storage, control and networking functions closer to the users along a cloud-to-thing continuum.
Figure 1 The OpenFog architecture spans the continuum from Cloud to Things. Image courtesy: OpenFog Consortium
Fog computing is an extension of the traditional cloud-based computing model where implementations of the architecture can reside in multiple layers of a network’s topology. However, all the benefits of cloud should be preserved with these extensions to fog, including containerization, virtualization, orchestration, manageability, and efficiency. Figure 1. The basic idea is to have a set of universal specification/ standards to guide the development of computing relating to connectivity and communication. Behind the organization are a group of technology companies and research academies including ARM, Cisco, Dell, Intel, Microsoft and Princeton University. According to Helder Antunes, chairman of OpenFog and senior director of corporate strategic innovation group of Cisco, Fog Computing is gaining momentum worldwide. Photo 1. Currently it has 57 members reside in 15 countries. Japan, China and the European regions are very committed. The Chinese government has made investment in the development of Fog Computing. The one-stop shop approach of providing continuity of cloud to edge to devices has attracted the attention of IoT product and service manufacturers. Dr. Mung Chiang, a
founding board member and an Authur LeGrand Doty professor of electrical engineering of Princeton University has extensive experience in researching fog and cloud, is taking the lead in educating the industry and academies of the technologies. In the future, Chiang wishes to see all segments in the industry and more academia to participate in the development of OpenFog. Photo 2. When OpenFog first, Princeton was the only academic founding member. Microsoft is a founding member of the OpenFog Consortium. According to Jerry Lee, Director of Product Marketing, Data Platform and IoT of Microsoft, “Azure IoT Edge is the evolution of the Azure IoT Gateway SDK, which you can get started today on Azure IoT GitHub page. Azure IoT Edge is the new name for our open-source and cross-platform support for building custom logic at the edge, and the newly announced features will be available later this year.” Photo 3.
The Big Picture IoT touches every aspect of our lives; so will Fog Computing. The major areas benefited by Fog Computing include manufacturing, healthcare, agriculture, transportation, automotive,
RTC Magazine JUNE 2017 | 7
1.0 WHAT IS FOG COMPUTING? smart cities and energy (oil/gas and other smart grids). The common theme under Fog Computing is connectivity and secure communication. Smart manufacturing, Industry 4.0, a European standard promoting the future of manufacturing is an example. This new smart manufacturing called Industry 4.0 promises massive opportunities and it has captured the attention of the industrial world and the developing countries. According to a 2015 European Union paper, Industry 4.0 was intended to provide rapid transformation to manufacturing to reverse the decline in industrialization to a targeted 20% growth. This is significant. To accomplish this, it requires Fog Computing. Many Fortune 500 companies are standing behind Fog Computing. Cisco, a supporter of Fog, has recently introduced an IoT software platform, Cisco Jasper Control Center, at the IoT World Forum focuses on data delivery of IoT, Connected Car and Mobile Enterprise. In the case of connected cars, the solution would enable auto makers to collect performance data from automobiles without having the owner seeing an auto mechanic. When services need to be done, a notice can automatically be sent to the owner and the service department. Additionally, new software updates can be downloaded remotely without any disruption. “These new platform solutions provide better Quality of Service and help users gain productivity,” according to Macario Namie, head of IoT strategy, Cisco Jasper. Separately, Excelfore (Molex is a major investor), a non-OpenFog member, has also announced a new initiative with multiple auto makers called eSync Alliance to provide similar solutions.
The 5G Factor
Photo 1 Helder Antunes, Chairman of OpenFog and senior director of corporate strategic innovation group of Cisco, is seeing Fog Computing gaining momentum worldwide.
Photo 3 Jerry Lee, Director of Product Marketing, Data Platform and IoT of Microsoft, pointed out that Azure IoT Edge was an evolution of the Azure IoT Gateway SDK.
8 | RTC Magazine JUNE 2017
Photo 2 Mung Chiang, a founding board member and an Authur LeGrand Doty professor of electrical engineering of Princeton University is taking the lead in educating the industry and academies of the technologies.
5G is the foundation of Fog Computing. It provides speed 100 times faster than what 4G LTE can offer. Its super speed allows future connected and driverless cars to access data fast and in real-time to make driving decisions. All major carriers are moving ahead with 5G. Verizon with the acquisition of Straight Path is taking the lead. Additionally, Verizon is testing 5G in 11 cities today by offering 5G to pilot customers in the metropolitan cities including Ann Arbor, Atlanta, Bernardsville (NJ), Brockton (MA), Dallas, Denver, Houston, Miami, Sacramento, Seattle and Washington, D.C. to prove that the gigabit broadband will indeed deliver its expected performance. This is done with Verizon’s 5G Technology Forum (5GTF) partners. Potentially this will create new opportunities to the whole ecosystem. Additionally, early this year, Verizon and Ericsson jointly announced the pre-commercial pilot run with the goal to fine tune the end-to-end 5G network using existing Verizon infrastructure and add new wireless technologies to it. Arun Bansal, Head of Business Unit Network Products at Ericsson, says: “Ericsson 5G Radios have been providing multi-gigabit speeds into subscriber locations by using advanced radio techniques. For example, beamforming can be used to find the best path for the 28GHz radio signal to reach the user.” The new 5G technologies with higher bandwidth and lower latency in the core and radio network allow operators to provide new services to their customers and create new opportunities. The Ericsson Mobility Report cited that there would be 550 mil-
Photo 4 Sven Schrecker, Chair of the Industrial Internet (IIC) Security Working Group, has led the effort to counter cyber threats.
BRING THE FUTURE OF DEEP LEARNING TO YOUR PROJECT. With unmatched performance at under 10W, NVIDIA Jetson is the choice for deep learning in embedded systems. Bring deep learning and advanced computer vision to your project and take autonomy to the next level with the NVIDIA Jetson™ TX1 Developer Kit.
Ready to get started? Check out our special bundle pricing at www.nvidia.com/jetsonspecials Learn more at www.nvidia.com/embedded © 2016 NVIDIA Corporation. All rights reserved.
lion 5G subscriptions globally in 2022 with 25% in N. America, the largest share.
The biggest challenge ahead There will be challenges ahead as more and more smart sensors and devices connected together. The biggest is cyber threats worldwide. Attacks are occurring daily with some logging one billion attack attempts a day. This is not to be under estimated. Take a look at the recent WannaCry attacks in May this year. It happened before the weekend and yet many were unaware of the attack until Monday when they returned to work. This reached over 150 countries and 200,000 systems. Many organizations like the national railway in Germany, the largest phone company in Spain and Fed EX were affected. This should serve as a grave warning to all. The industrial Internet Contortion with founding members including IBM, Bosch, GE, Schneider Electric, SAP and the like are pushing for better cybersecurity. It is taking the initiative in promoting better Industrial Internet including better security by providing the Industrial Security Framework (IISF), an in-depth cross-industry-focused security framework. This was a comprehensive paper developed by international security experts from the Industrial Internet Consortium in September of 2016. Its three objectives are Drive industry consensus, promote IIoT security best practices and accelerate the adoption of those practices. Sven Schrecker, Chair of the Industrial Internet (IIC) Security Working Group, has led the effort to counter cyber threats. By working with multiple consortia worldwide, Schrecker hopes to lead the industry to develop better software and product policy to increase security. As chair of the working group, he also oversees the five subgroups with tasks including Security Liaisons, Security Editors, Security Applicability, Testbed Security and Trustworthiness. Photo 4.
Example of a Fog Computing Food Chain There are two major developments occurring in parallel. One is the high-bandwidth low-latency 5G delivering gigabit speed. The other is low-speed, low-power LTE called the low-power wide area network (LPWAN). While the ecosystem involves network gear manufacturers, software developers, device and silicon makers, ultimately everything builds on silicon. The largest silicon maker, Intel, has fought for years to gain traction in the wireless space. After trying to build its own teams and
10 | RTC Magazine JUNE 2017
acquiring wireless firms, Intel has not been able to show success. With projected IoT connection in the billions, the opportunity will come from the IoT and LPWAN device market. The company to watch is Qualcomm who pioneered the 3G and 4G/LTE development. Qualcomm has been building wireless LTE modem chips in high volume, thanks to Appleâ€™s successful iPhone business. The future of computing will be Fog and 5G development. Qualcomm with its experience in cell phone modem and LPWAN, is positioning itself as the leader in both 5G and LPWAN. Additionally, it is also trying to carve out a piece of the embedded market segment which has long been dominated by Intel, with its Snapdragon product lines. The Company is currently shipping over 300 million chips in the IoT market and over 30 OEM designs are using its MDM9206 multimode modem chip. Qualcommâ€™s strategy is to continue to build products for the LPWAN (Cat M1 and NB1) market. Recently, Qualcomm has added to the Snapdragon 5G modem family the 5G New Radio (NR) multi-mode chipset solutions compliant with the 3GPP-based 5G NR global system. As a partner of Verizon, Qualcomm also has its own ecosystem members including IPS Group, Linknyc, Gemalto, Sierra Wireless, ATT, Telit, Simcom, Honeywell and more. These ecosystem members would continue to build devices based on the Qualcomm silicon. With a healthy food chain (carrier, silicon, software and devices) in place, Fog, 5G and IoT will continue to gain momentum.
Next-Gen Platform of DC-DC Converters F O R M I L I TA RY & H I G H R E L I A B I L I T Y A P P L I C AT I O N S • -40 to +105°C Operation (optional -55°C) • Compliant with Military Transient Standards • Integrated Soft Start and LC Filter • Synchronization Circuitry
8 Watts: MGDD-08 Series
• Ultra Wide input ranges - 4.5-33VIN Range (45V ≤ 100ms transient) - 9-60VIN Range (80V ≤ 1sec transient) • Dual isolated / unbalanced outputs for 3.3 ~ 50VOUT • DO-160 & MIL-STD-704 compliant • MTBF >1.2M Hrs @ 40°C per MIL-HDBK-217F
• High Power Density / Compact Size • No optocouplers for high reliability • MIL-STD-461 Compliant with Filter • Encapsulated with Metallic Enclosure
27.5mm / 1.083” 27.5mm / 1.083” 27.5mm / 1.083” V Trim V Trim Sync -VOUT 1 Sync 1 -V 19.3mm UVLO Set +VOUTOUTV1Trim 19.3mm UVLO Set 1 +V 0.76” OUT -VIN Sync -VOUT-V2OUT 1 0.76” 19.3mm -VInput IN 2 1 UVLO FilterSet -V +V 2OUT +VOUTOUT Filter 0.76” Input 2 2 +VOUT -V +VIN-VIN OUT +VIN Input Filter +VOUT 2 +VIN
Height: 8.0mm / 0.315” Tall 32.7mm / 1.287” 32.7mm / 1.287”
20 Watts: MGDD-21 Series
• Ultra Wide input ranges - 4.5-33VIN Range (45V ≤ 100ms transient) - 9-60VIN Range (80V ≤ 1sec transient) • Dual isolated & unbalanced outputs for 3.3 ~ 50VOUT • DO-160 & MIL-STD-704 compliant • MTBF >1,060kHrs @ 40°C per MIL-HDBK-217F
26.1mm 26.1mm 1.03” 1.03” 26.1mm 1.03”
32.7mm / 1.287” Sync Sync UVLO Set UVLOSync Set -VIN -VIN UVLO Set V Trim Input Filter V Trim Input-V Filter -VOUT 1 +VIN IN -VOUT V1 Trim +VIN Input Filter +VOUT 1 1 +VOUT -V +VIN -VOUT 2OUT 1 2 -VOUT+V +VOUT 2OUT 1 2 2 +VOUT -V OUT
Height: 8.0mm / 0.315” Tall +VOUT 2
150 Watts: MGDS-155 Series
• Ultra Wide input ranges - 9-45VIN Range (50V ≤ 100ms transient) - 16-80VIN Range (100V ≤ 100ms transient) - 150-480VIN Range • MIL-STD-1275, MIL-STD-704 & DO-160 Compliant • Single outputs from 3.3 ~ 28VOUT • MTBF >490kHrs @ 40°C per MIL-HDBK-217F
57.9mm / 2.28” 57.9mm / 2.28”
57.9mm / 2.28” 36.8mm 36.8mm 1.45” 1.45” 36.8mm 1.45”
-VIN -VIN Sync Sync-V IN Sync On/Off On/Off +VIN +VIN On/Off
-VOUT -VOUT Sense (-) Sense (-) -VOUT V Trim V Trim Sense (-) Sens (+) Sens (+)V Trim +VOUT +VSens OUT (+)
Height: 12.7mm / 0.50” Tall
Visit our website for detailed product specifications & application notes
w w w . g a i a - c o n v e r t e r. c o m
1.1 WHAT IS FOG COMPUTING?
Fog Computing for the Internet of Everything As the IoT/IIoT quickly expands into the Internet of Everything, new demands are placed on the existing cloud-based model. With today’s centralized cloud, concerns arise as billions of connected devices flood both private and public networks with seemingly an infinite amount of raw data. The industry is quickly realizing that the cloud-centric model must evolve to meet the growing needs of businesses. by Warren Kurisu, Director of product management. Mentor Graphics
What is the answer? Fog computing, a decentralized architectural model that pushes the intelligence of data processing out of the cloud and brings compute resources and application services closer to the ground, or to the edge of the IoT network. Fog computing addresses the demand for more high-speed processing and analytics and improves overall network/system responsiveness. The fog also addresses security issues, a major concern within the IoT. This article discusses the IoT market landscape and the fog infrastructure, and how the motive, means, and opportunity exist today for businesses to make a strategic shift to Fog Computing. Also discussed is a technical architecture for a fog implementation, as well as the requirements for a smart device to successfully participate in the fog strategy.
A Rapidly Changing Landscape It wasn’t too many years ago that the terms “cloud” and “IoT” started to permeate our vocabulary. It’s amazing how quickly
we are now facing the challenge of evolving our infrastructure to handle the Internet of Everything. IHS forecasts that the installed base of connected things will grow from 15.4 billion devices in 2015, to 30.7 billion in 2020, and 75.4 billion in 2025. For perspective, it’s interesting to compare that number to the projected world population (Figure 1). Although these statistics account for everything that is connected, including mobile phones and computers, the massive growth will come from other “things” such as connected cars, smart homes, smart grids, wearables, industrial equipment, medical equipment, and anything else that can be connected and collect data. But, it’s not just about the devices – it’s also about the data. According to Cisco Systems, the amount of data created by these devices in 2015 was 145 zettabytes (ZB), and will reach 600 ZB by 2020. (Note: a zettabyte is one billion terabytes or 1021 bytes.) With regards to IoT and cloud, at least one part of the problem is very obvious. If all of the data storage, processing,
Figure 1 The number of connected devices is growing exponentially, reaching 75 billion connections in 2025 averaging 9 devices per person.
12 | RTC Magazine JUNE 2017
Rugged, reliable and resilient embedded computing solutions Whatever the operational environment—aerial, space, ground or submersible— WinSystems has you covered with a full line of embedded computers, I/O cards, cables and accessories. Our rugged, reliable and resilient single board computers are capable of processing a vast array of data for controlling unmanned systems, machine intelligence, mission management, navigation and path planning, From standard components to full custom solutions, WinSystems delivers world-class engineering, quality and unrivaled technical support. Our full line of embedded computers, I/O cards, and accessories help you design smarter projects offering faster time to market, improved reliability, durability and longer product life cycles. Embed success in every application with The Embedded Systems Authority!
EBC-C413 EBX-compatible SBC with Latest Generation Intel® Atom™ E3800 Series Processor EPX-C414 Quad-Core Freescale i.MX 6Q Cortex A9 Industrial ARM® SBC
Single Board Computers | COM Express Solutions | Power Supplies | I/O Modules | Panel PCs
SCADA SCADA SCADA ENERGY
817-274-7553 | www.winsystems.com
TRANSPORTATION TRANSPORTATION TRANSPORTATION TRANSPORTATION IOT AUTOMATION IOTAUTOMATION AUTOMATION AUTOMATION TRANSPORTATION ENERGY
ASK ABOUT OUR PRODUCT EVALUATION! 715 Stadium Drive, Arlington, Texas 76011
PX1-C415 PC/104 Form Factor SBC with PCIe/104™ OneBank™ expansion and latest generation Intel® Atom™ E3900 Series processor
1.1 WHAT IS FOG COMPUTING?
Figure 2 An example of a fog-computing environment. Manufacturers and businesses can deploy IoT sensors in a number of innovative ways. Once a system collects data, fog devices (which also includes nearby gateways and private clouds) perform dynamic data analytics. (Source: A. Dastjerdi and R. Buyya, “Fog Computing: Helping the Internet of Things Realize its Potential,” IEEE Computer, 49(8), August 2016.)
and analytics were to be cloud-based, the sheer amount of data that would need to be transmitted would choke the networks. There are other problems as well. If all decision making were to happen in the cloud, the latencies would be too high for any real-time decision making; how many network hops exist between your device and cloud? Also, the costs of transport could also be an issue; how many dedicated connections would a business require to ensure connectivity? Finally, reliability and security are also concerns; how do I ensure fast failover and how do I protect critical information?
Fog Computing: A Working Definition Before discussion continues further, it might be useful to define the term Fog Computing. As you might imagine there are many and varying descriptions. One very succinct definition comes from a recent IEEE publication entitled “Fog Computing: Helping the Internet of Things Realize its Potential.” In this article, the author describes Fog computing as “A distributed paradigm that provides cloud-like services to the network edge. It leverages cloud and edge resources along with its own infrastructure. In essence, the technology deals with IoT data locally by utilizing clients or edge devices near users to carry out a substantial amount of storage, communication, control, configuration, and management. The approach benefits from
14 | RTC Magazine JUNE 2017
edge devices’ close proximity to sensors, while leveraging the on demand scalability of cloud resources” (Figure 2).
A Fog Computing approach provides the following benefits: • Lower latencies: fewer network hops means that time-sensitive data analytics and system responses can be executed within appropriate time constraints. • Managed Bandwidth: local processing reduces the core network load. • Increased Reliability: systems close to the edge can be designed for fast failover. • Storage Management: data can be stored in the most appropriate place, and only critical information from the fog would need to be sent to the cloud.
Is the Embedded Industry at an Inflection Point? Is the industry at an inflection point – with all the billions of devices and zettabytes of data swirling about? At the recent ARC Industry Forum in Orlando, Florida, where visionaries and leaders from the world’s leading industrial companies came together to discuss current and future trends and issues, a few key takeaways emerged:
• Businesses are now at various stages of implementing their cloud strategies. They range from startups who have built brand new infrastructure, to those who are still trying to figure out how to get data from their brownfield devices. • There is a lot of data to be distributed and analyzed – and a desire to gather even more to progress the field of advanced analytics. • Security is top of mind. All participants are concerned about how to implement security in this world of connected devices. Overall, it appears the table is now set for advancement. Companies have the motive, means, and opportunity to advance their cloud-based architectures. Motive: For competitive reasons, businesses are now defining new business models that change the rules of the game. This could include 3D printing a car in a local factory, or converting a business from selling a product to that of selling a service. Means: By leveraging high-performance connectivity, increasing compute power, and implementing security technologies, businesses can integrate powerful new devices into their
Figure 3 The various layers of a fog-computing architecture. (Source: A. Dastjerdi and R. Buyya, “Fog Computing: Helping the Internet of Things Realize its Potential,” IEEE Computer, 49(8), August 2016.)
factories or into their systems to effectuate these new business models. Opportunity: As the business and technology landscapes rapidly evolve and infrastructures are being upgraded, businesses can implement strategies to take full advantage of the capabilities and standardization that enable the IoT and Fog Computing.
Fog Computing: Key Requirements The overall Fog Computing architecture is feature-rich. After all, the concept of Fog Computing is to bring cloud-like services to the network edge. Figure 3 illustrates what a fog architecture includes. The various layers of the fog architecture ensure that data storage, processing, and analysis occur at the most appropriate place in the infrastructure, to ensure that requirements are satisfied relating to bandwidth, latency, reliability, and scale.
How Mentor Enables Fog Computing At Mentor Graphics our strength and depth of experience lies within the lower two layers of the visual seen in Figure 3. These layers are enabled by Mentor’s industry-leading embedded portfolio, designed and developed to enable world-class edge devices and gateways. From the perspective of these two lower layers; Mentor meets critical key requirements by providing software tools and runtime environments that are: • Scalable: IoT sensors range from tiny, battery-powered devices with basic processing capabilities and connectivity to more fully-featured Linux-based devices and gateways, each with the ability to scale data storage and processing as required by the fog architecture. Today’s designs are now consolidating edge functionality on complex, heterogeneous System on Chip (SoC) architectures, with a mix of real-time operating systems (RTOS) and Linux capabilities. • Connected: These devices must be able to connect “east/ west” to the network of connected devices and “north” to the higher layers in the system, and directly to the cloud. Ethernet and wireless (Wi-Fi, Bluetooth, etc.) are a must, along with support for industry-specific protocols such EtherCAT, OPC-UA, and Data Distribution Service (DDS). Cloud protocols including HTTP, MQTT, and CoAP are also required. • Secure: Mentor’s platforms can enable security from pow-
RTC Magazine JUNE 2017 | 15
1.1 LOW-POWER CELLULAR WIDE AREA NETWORK ACCELERATES IOT ADOPTION
Figure 4 Fog compute platform, gathering distributed data for real-time presentation and analysis. Data can be pushed to the cloud for off-line access and advanced analytics.
er-on, authenticating every bit of code that gets subsequently loaded and executed on the system. This enables security of data at rest, data in use, and data in motion. Securing a system in this manner provides assurances that the data in the fog architecture can be trusted.
It’s all About the Smart Device It’s been noted that the Industrial IoT (IIoT) begins at the smart device level. These devices, which must be scalable, connected, and secure, are the basis on which cloud and fog architectures are built. One such example, demonstrated by Mentor at last year’s ARM Technology Conference, is a distributed medical application. The demo consisted of a patient monitor, which aggregated and processed data from a distributed set of sensors collecting patient electrocardiogram (ECG), blood pressure, and pulse information (Figure 4). The data communication was enabled by Real Time Innovations’ Connext DDS integrated with both Mentor Embedded Linux and Nucleus RTOS. This distributed data can be captured, stored, and analyzed locally, and used to generate real-time patient alarms and events. Critical patient information could then be sent up to the cloud for remote monitoring, clinic access, or advanced analytics.
Conclusion As the number of connected devices and data grows exponentially; solutions are required to ensure that data storage, data transmission, analytics and system response is optimized from the edge device to the cloud. We are now in a transition where businesses are moving from a planning phase to implementing their cloud strategies where Fog Computing is quickly gaining favor among various industries and businesses. Mentor Embedded has spent decades building an indus16 | RTC Magazine JUNE 2017
try-leading portfolio which can be leveraged to build smart devices that enable a cloud and fog strategy, and address some of the issues that today’s businesses are facing. Author Bio: Warren Kurisu is the director of product management in the Mentor Graphics Embedded Systems Division, overseeing the embedded runtime platform business for the Nucleus RTOS, Mentor Embedded Linux, virtualization and multicore technologies, safety certified runtimes, graphics and development tools. Warren has spent nearly 30 years in the embedded industry, both as an embedded developer and as a business executive, working broadly in industries including aerospace, networking, industrial, medical, automotive, and consumer. Warren holds a master’s degree in Electrical Engineering from the University of Southern California and a Master of Business Administration from the University of California at Berkeley. www.mentor.com
Ultra-High Bandwidth Recording Solutions
Get There in Record Time! Turnkey Recording Solutions Record at up to 10 GB/s Up to 96 TB SSD Storage
StoreRack Low Cost Turnkey Prototype Platform
StoreBox Compact, Rugged, Deployable
StorePak & StoreEngine VPX Blades for Customized Recording Platforms
2.0 UNDERSTANDING THE FOG AND EDGE COMPUTING ARCHITECTURES
How to Overcome Challenges of Smart IoT Data System Design Designing a good IoT data system is easier said than done. As more and more IoT devices are connected every day, the communication becomes more and more complex. Moving away from cloud-only architectures is a necessary step toward connecting the unconnected and solving an array of problems. by Toby McClean, Chief Solutions Architect, ADLINK Technology
Ours is an age of promise – and in many cases, of promise fulfilled. “Smart” technology is developing everywhere: smart factories, smart healthcare, smart energy, and smart cities. Things once in the purview of sci-fi are unfolding before our eyes. The Internet of Things (IoT) and Industrial IoT (IIoT) are expanding exponentially, and with them, billions of data-producing devices. It has been reported that by 2020, the total number of sensors is expected to reach 50 billion.
Challenges and more challenges Technology comes with challenges. The amount of data these systems generate is staggering. Within industries such as manufacturing, energy and transportation, the amount of data being produced, distributed, consumed and acted upon is measured in zettabytes. Architects of IIoT systems are quickly realizing that cloud-only architectures are not equipped to handle this
Figure 1 The convergence of Information, Operations and Communications Technologies has relied on edge and fog computing to enable the construction of flexible data transfer architecture for real-time analysis and action-based Industrial IoT applications.
18 | RTC Magazine JUNE 2017
titanic load of data. Relying solely on the cloud for IIoT systems creates serious issues related to physical constraints (bandwidth, latency, and connectivity), economic constraints (cost) and safety and security (reliability, privacy, security, regulatory compliance).
Communication of legacy equipment In addition, architects of industrial automation systems, such as smart factories, are also faced with an added challenge. They are tasked to create a smart architecture where a wide range of legacy devices— which were originally designed to function in a siloed environment— now must communicate with each other within the IIoT system. These devices may be mechanical and have no digital footprint whatsoever or may have been designed to function in a siloed environment. This challenge is widespread in the world of manufacturing. Some estimates suggest that 90 percent of factory assets remain unconnected to a network (Source: PwC Internet of Things in Manufacturing 2015 report). This means that these assets are either mechanical devices that require construction of a bridge to overcome the analog-to-digital, as well as physical, divide, or that these devices are providing information to vast silos that are locked up tightly instead of being shared freely within the organization. Why is this? First, disparate systems must speak the same language before they can effectively interact. Putting this in human term, imagine an engineering team trying to get a complex project underway
despite each member speaking a different language: Portuguese, Mandarin Chinese, Turkish, etc. Unfortunately, this “Tower of Babel” scenario is all too real regarding legacy factory assets. But that’s not the only problem. Once these assets do connect to the network infrastructure, the organization still runs into bandwidth and data security concerns. That’s where edge and fog computing enter the fray.
Are Your OpenVPX Handles Breaking?
Superior Rugged Metal Claw If you are ready for a more robust handle/panel solution, come to Pixus! Our OpenVPX handles feature a metal engagement claw and rugged design that ensures the highest reliability. Ask about our new rugged horizontal extruded rails with thicker material for OpenVPX and high insertion force systems today!
RTC Magazine JUNE 2017 | 19
2.0 UNDERSTANDING THE FOG AND EDGE COMPUTING ARCHITECTURES Powerful solutions working in tandem Edge and fog computing are major advances in solving these issues. As the name suggests, edge computing moves data and processing away from centralized points to the outer periphery of the network. This allows sensors and other devices to become “smart” without being connected to the internet. Security cameras at one time were notoriously “dumb” and could make decisions only by sending data to a centralized source. Now they possess inner intelligence: knowing when to begin recording, when to adjust focus, when to change light settings, etc. But the edge, by itself, can’t solve all the many issues surrounding the IIoT. Fog computing is the other half of the equation. Fog computing enables data, compute, storage and applications to be distributed in the most logical, efficient manner between the data source and the cloud. It exists within the edge-to-cloud and cloud-to-edge continuum and brings
the entire range of computing functions normally within the cloud closer to the data-generating device itself, maximizing bandwidth, boosting efficiency, reducing latency and enhancing security, increasing reliability and maintaining costs. Edge and fog computing also interpret and facilitate normalization of data streams coming from legacy equipment so these assets can work in concert within the smart factory. Data processing occurs from the factory floor level, quickly and efficiently. Network integrity remains strong, downtime shrinks and productivity expands. The fog mediates information, sending appropriate data to the cloud when necessary, and performing processing and sending it back to the device’s edge. See Figure 1.
Critical technologies Such technologies as edge and fog computing are essential in a “smart” world. Mobile devices are everywhere – we’ve wit-
Figure 2 ADLINK and PrismTech have partnered with Intel and IBM to develop Vortex Edge, an integrated predictive maintenance solution providing industrial-grade hardware, intelligent data normalization middleware and robust business analytics software.
20 | RTC Magazine JUNE 2017
Transform your business with the Internet of Things. Start with powerful solutions from Dell Designing Internet of Things (IoT) solutions can unlock innovation, increase efficiencies and create new competitive advantages. But in an emerging marketplace of mostly unknown and untested solutions, where should you start? Start with a proven leader in technology solutions: Dell. Leveraging over 32 years of IT expertise and 16 years of partnering directly with operational technology leaders, weâ€™ve recently expanded our IoT portfolio to include Dell Edge Gateways and Dell Embedded Box PCs. Coupled with Dell data center, cloud, security, analytics and services capabilities, these powerful solutions can help you connect what matters and accelerate your IoT return on investment.
Dell Edge Gateway 5000
Dell Embedded Box PC 5000
Dell Embedded Box PC 3000
Learn More at Dell.com/IoT Today ÂŠ2016 Dell Inc. All rights reserved. Dell and the Dell logo are trademarks of Dell Inc. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
2.0 UNDERSTANDING THE FOG AND EDGE COMPUTING ARCHITECTURES nessed an explosion in recent years. These smart devices require near-instantaneous transfer of data in many cases. For example, a smart vehicle can’t wait for data processing to occur at the cloud level. All that computing must happen in the blink of an eye as the moving autonomous vehicle communicates with city infrastructure and other vehicles. When the difference between milliseconds and microseconds is so meaningful, edge and fog computing fill the gap. One of the reasons that we can now develop these real-time computing scenarios is because of the enhancements in low-power, high performance processing, storage capabilities and reliable networking functions in IoT gateways and fog compute nodes -- all at a reasonable price. In addition, the emergence of software-defined automation, transforming specialized hardware into software, creates an opportunity for convergence and consolidation, and data distribution services (DDS) make
Figure 3 Comparison of total three year management and processing costs of AWS Cloud + dedicated network vs. SIM hardware + AT&T cellular network + AWS Cloud vs Edge + AWS + dedicated network with 95% of Edge data reduction (200 miles).
22 | RTC Magazine JUNE 2017
it easy to ingest and normalize data from disparate devices into usable information. Working in conjunction with IoT gateways (data conversion and connectivity), edge and fog computing can revolutionize factory operations and city infrastructure. Street lighting is a prime example of the latter. IoT gateways turn traditional lights into smart lights that illuminate, dim and switch off in response to sensor data. This helps reduce a city’s energy expenditures and promotes a substantial degree of energy efficiency.
The boon of predictive maintenance and quality analytics One important area in which fog and edge computing have a significant (and money-saving) impact is that of predictive maintenance and quality analytics. Before the advent of this concept, factories had to wait for equipment to break down, or perform maintenance checks that may not have been necessary. Furthermore, if manufacturing processes were making out-ofspec products, it often wasn’t immediately apparent. Resources sometimes went to waste on improperly produced items discovered at the end of the line. Or even worse, they ended up in the hands of displeased customers. See Figure 2. With edge and fog computing, IoT gateways can ingest and act upon the data. Combined with a predictive maintenance and quality analytics solution, the gateway can receive the data, recognize that conditions suggest a coming failure—such as an improperly manufactured item or an equipment breakdown—or a required inspection is due and an appropriate response can be executed. The end goal is to send alerts out before any malfunctions take place, even to schedule maintenance at times when the equipment will be least busy. Doing so avoids the unnecessary costs of preventative maintenance, which is the current approach calling for a regular program of scheduled maintenance on devices regardless of necessity. While this may save a company from losing revenue in the event of equipment failure, it also comes with avoidable costs. According to reports, predictive maintenance is up to 20 percent more cost effective than the scheduled maintenance of traditional manufacturing. Imagine a malfunction in a conveyor belt roller. Such a failure can grind the process to a halt and cost a company millions. The predictive maintenance enabled by edge and fog computing can alert an engineer before such a costly failure occurs. As a
corollary, there’s no need to shut down the conveyor needlessly for routine checks. That adds up to a significant revenue savings as resources are diverted elsewhere. The technology also allows performance monitoring of many machines, simultaneously, giving a full picture of how the manufacturing process is faring.
Benefits of analytics at the edge The ability to perform analytics at the edge can reduce costs and improve operations in a number of ways. In a 2016 update to Wikibon’s The Vital Role of Edge Computing for IoT study based on an IT project with AT&T and AWS, the study found that a hybrid Cloud & Edge Computing architecture, where 95% of data was processed on the Edge, was just 15% the cost of an AWS Cloud-only solution and 33% the cost of a combined solution of SIM and AT&T cellular hardware with AWS Cloud processing. See Figure 3. In addition, edge computing allows for easier data management. Within the IIoT architecture, sensors are gathering large amounts of data, some of which is only valuable for a short period of time. With analytics at the edge, only the crucial data gets saved to cloud facilities, which reduces data storage costs. Analytics at the edge also decreases network traffic, since not all the data needs to be distributed to the cloud. In addition, latency is decreased because the data is now analyzed closer to where it’s being produced rather than being transmitted to an off-site facility. Availability and self-sufficiency also increase because there’s no reliance on a cloud or data center connection. For example, analytics are able to continue in the event of a network outage. Finally, security is improved since, in the example of a smart factory, the data doesn’t leave the factory floor to travel outside the firewall.
critical technology will help accommodate this new growth. It will make possible all the benefits we’re anticipating with the IIoT and smart factories, transportation and more. Author Bio: Toby McClean has more than 10 years of experience developing software development tools for Distributed Real-time and Embedded (DRE) software systems. He frequently presents at conferences on subjects relating to increasing developer productivity and system quality in DRE systems. Toby holds a M.C.S. in Software Engineering and a B.C.S. in Business and Management Systems from the Carleton University. www.adlink.com
Future growth inevitable There can be little doubt the expansion of smart technology will continue at a rapid pace for years to come. As factories, healthcare, energy and even cities themselves become more intelligent, more connected to the IoT, the need for edge and fog technology will grow accordingly. The proliferation of all these sensors—and data that’s being produced—is inevitable, both in daily life and in the business world. By unburdening the cloud and allowing critical processing to occur close to the sensors and devices themselves, this
RTC Magazine JUNE 2017 | 23
3.0 GETTING READY FOR IoT
Are you Prepared for the Future with IoT? The electronic media world we live in seems to create chaos out of order. Content is created for the sole purpose of saying something new or provocative to try to generate “clicks” and “views”. These efforts often make simple things seem complex. Providing network and data security in today’s environment is a very complex problem. We don’t need any artificial complexity to make the solution more difficult. by Greg Deffenbaugh, Corporate Solution Technologist in the Office of the CTO, Avaya
IoT is not new Fundamentally, the Internet of Things (IoT) is the natural evolution of a physical network consolidation. Look at the wiring diagrams for a building constructed 20 years ago. You would see diagrams for the data network and the phone network with termination at every workspace in the building. In addition, you will have diagrams for the security system controlling door access and motion detectors, diagrams for analog security camera wiring, emergency paging systems, temperature sensors and plenum controls. Sharing a common cable plant across dissimilar systems makes financial sense. Wireless infrastruc-
24 | RTC Magazine JUNE 2017
ture (4G/5G, WLAN, BLE, etc.) provides an alternative physical media that enables mobility and in some cases eliminate the needs for cables. Independent of the media, the key is to get the systems to share the infrastructure without lateral interference. Software Defined Networking (SDN) and Quality of Service (QoS) make this feasible today.
Things are small super-Computers The phrase “Internet of Things” is catchier than “Internet of small super-Computers”. However, (although IoT devices may have vastly more compute power than some old mainframes) the reality is, most “things” we are connecting to our networks
are computers running common operating systems. This is another natural evolution. It doesn’t make sense to have our engineers write low level code or even higher level functions when they can be purchased inexpensively. Common operating systems, communication protocols, and programming tools have been the enabler for the explosion of applications. Further, putting compute resources at the “edge” enables distributed data processing reducing the amount of data that must be managed by the network and reduces application server compute requirements increasing solution scalability.
The digital world is not a friendly place At a time when we are adding hundreds of devices to our network and millions of devices to the internet we have a very active antagonist group working against us. The threats take multiple forms from Denial of Service (DoS) attacks, to making copies of sensitive or valuable information, to ransoming access to our information. We have highly publicized examples of IoT infrastructure being compromised; take for example Target stores where customer credit information was stolen via the HVAC system, or the Distributed DoS attack on Dny which was enabled by digital video recorders and IP cameras. The latter is a great example of the two-edged sword of technology evolution: IP cameras provide a lot more functionality than the old analog ones, the intelligence in the camera can do image recognition at the edge which eliminates the need to upload the entire video stream to a central processing system, greatly reducing network traffic. However, the processing power also allows antagonists to load and execute malware. Securing an IoT implementation is a difficult problem. There is no silver bullet. It requires diligence and rational thought. The reality is you can’t make your environment 100% secure; the infrastructure is too complex and dynamic. The WannaCry threat is a good example; all it takes is one person to open an email attachment and your environment is compromised.
How to protect your business
when device types had their own physical network, devices could only affect like-devices. In today’s common network infrastructure, the network is only as secure as the least secure service. Target would never have granted external access to their PCI network, but in reality that is what they did when they granted access to the HVAC network without adequate security. Traditional VLANs work great for minimizing broadcast traffic impacts and optimizing hardware utilization but they weren’t designed as a security mechanism. The Shortest Path Bridging (SPB/IEEE 802.1aq) provides the ability to simply and securely segment your network. Fourth, monitor your devices for abnormal behavior. Passwords can be discovered, MAC addresses can be spoofed - assume that the device on the end of the cable will be compromised. Network traffic from every “at-risk” device needs to be controlled and monitored; white-list the acceptable communication devices and service from each IoT device, monitor the IoT device traffic and raise alerts when the device attempts to execute services not on the white-list. Securing an IoT environment is a very complex task. The keys to success are to keep concepts simple and implement security in layers. An IoT deployment means you are adding computers to your network with minimal intrinsic security that are expanding your network threat profile. Assume they will be compromised and implement technology to minimize damage and expedite detection. Author Bio: Greg Deffenbaugh is a Corporate Solution Technologist in the Office of the CTO at Avaya, focusing on Wi-Fi Location Based Services, IoT/IoE and Software Defined Storage Networking. Greg has spent the last 32+ years working in real-time systems, software development, and technical sales, including 18 years in enterprise storage, including both SAN and NAS technologies. www.avaya.com
A layered approach, called defense-in-depth, is required to minimize exposure and control damage. Defense in Depth was conceived by the US National Security Agency (NSA). Their assumption is that the network will be breached, so the objective is to put obstacles in the way to delay access to critical information and allow for detection. First, assume the device that you are putting on your network is not secure. Most devices today have minimal security coded into the solution, even if the manufacturers tried to create a secure device, the dynamic nature of the threat profile would have them constantly chasing the latest threats. Second, secure the device’s access to the network. At a minimum, replace all factory issued passwords with high quality ones. Device authentication based on MAC address or MAC address ranges can also help to address plug replacement breaches. Third, provide secure network segmentation. In the days
RTC Magazine JUNE 2017 | 25
4.0 PERSPECTIVE ON STANDARDS
Wireless Communications Standards: The Battle for the IoT The Internet of Things (IoT) is dependent upon devices connecting and therefore wireless communications are vital. However with so many wireless standards available, how do you know which one to use? This article explores the various standards that are available. by Richard Edgar, Imagination Technologies
The success of the Internet of Things (IoT) depends upon every device being connected to the rest of the world, and wireless communications will be the predominant method used to achieve this. With so many different wireless standards available, which one should be used? Since they are on virtually every mobile phone today, communication technologies such as cellular, Wi-Fi and Bluetooth are very well known. There are also several other technologies, some old and some new, which offer an alternative for IoT applications. Depending on the application, factors such as range, data requirements, security and power demands, battery life and the target market will dictate the choice of one or some combination of these technologies. 26 | RTC Magazine JUNE 2017
When selecting a wireless standard, power consumption is a key consideration. Will your device be battery powered or will it be plugged into a wall? Battery powered devices must conserve as much energy as possible to limit the necessity to change or recharge the battery. The type of battery that will be used is also an important consideration. If you want to run the device from a coin cell battery and not change it for a couple of years (for example a temperature sensor), then your choices will be much different than if you expect the device to be charged regularly (for example a watch). Data rate is also an important consideration. How much data will need to be communicated between the device and the userâ€™s phone, the cloud, or a central hub? Certain wireless commu-
The New Genie™ Nano. Better in every way that matters. Learn more about its TurboDrive™ for GigE, Trigger-to-Image Reliability, its uncommon build quality… and its surprisingly low price.
USD *Taxes & shipping not included
» GET MORE GENIE NANO DETAILS AND DOWNLOADS: www.teledynedalsa.com/genie-nano
4.0 PERSPECTIVE ON STANDARDS to know which is best for your application. Let’s look at some the options, and how they relate to your care-abouts for your specific device.
IEEE 802.11 / Wi-Fi
Figure 1 As IoT grows, more and more standards will have overlap areas and potential specification conflicts. This will get worse.
Wi-Fi connectivity is often an obvious choice for developers, particularly given the pervasiveness of Wi-Fi in the home and in many consumer environments. Wi-Fi can offer data rates from 1 Mbps through to several Gbps, at ranges up to 300m, depending on the IEEE standards used. The major challenge for Wi-Fi and IoT is the limited battery life of Wi-Fi enabled devices. The WiFi vendors are working hard to reduce the power consumption of Wi-Fi with new features and standards, but this will take a while to emerge in Wi-Fi silicon available on the market. The newest IEEE 802.11ah standard – which uses the 915 MHz spectrum, can provide a data rate as low as 300 kbps at a range up to 1 km with new features to extend the battery life to months and even years. Standard: IEEE 802.11
nications technologies provide much higher throughput than others, so the proper design choice here is critical. For example, multimedia streaming applications will require much higher throughput than fitness trackers. Depending upon the desired distance of transmission and physical location of the devices, frequency and transmission power heavily figure into the design decision. The frequency at which a device communicates will affect the device’s ability to penetrate walls and buildings as well as the overall distance the signal can travel. In general, lower frequencies can penetrate walls and buildings better than higher frequencies. In addition, you need to consider over what distance the device will need to send data. Depending on your application, you may need long range (km) for example a remote agricultural monitor; or medium range (metres) for the example in the Smart Home; or short range (centimetres) for example a fitness tracker. Lastly, it’s important to look at the network topology or how the devices connect with one another to provide the user with data or the ability to control their environment. Will there be a central hub with which all devices will communicate? Will the devices talk directly to the user’s mobile device? Or will every device talk to one another in a mesh configuration? With so many connectivity options available, it’s difficult
28 | RTC Magazine JUNE 2017
Frequencies: 2.4GHz and 5GHz bands with 915 MHz becoming available Range: Up to 300m – and up to 1km with IEEE 802.11ah Data Rates: From 1 Mbps to 7 Gbps
Bluetooth One of the major short range communication standards, Bluetooth has become very important in many consumer product markets. It is expected to be the dominant technology for wearable products in particular. Bluetooth connects wireless accessories with smartphones or tablets and can be used as an Internet gateway. Wearable heart-rate monitors uploading their data to cloud-based servers or phone-controlled door locks sending status information to security companies are just two examples of the many IoT applications that can be implemented using this technology. The Bluetooth Low-Energy version (BLE – or Bluetooth Smart) is a significant protocol for IoT applications as it offers a similar range to Bluetooth with a significant reduction in power consumption. However, Bluetooth Smart/BLE is not really designed for file transfer, and is more suitable for small chunks of data. It has a major advantage for personal devices over many competing technologies given its widespread integration in
Embedded/IoT Solutions Connecting the Intelligent World from Devices to the Cloud Long Life Cycle · High-Efficiency · Compact Form Factor · High Performance · Global Services · IoT
IoT Gateway Solutions
Compact Embedded Server Appliance
Network, Security Appliances
High Performance / IPC Solution
SYS-5018A-FTN4 (Front I/O)
SYS-6018R-TD (Rear I/O)
4U Top-Loading 60-Bay Server and 90-Bay Dual Expander JBODs
Front and Rear Views SYS-5018A-AR12L
SC946ED (shown) SC846S
• Low Power Intel® Quark™, Intel® Core™ processor family, and High Performance Intel® Xeon® processors • Standard Form Factor and High Performance Motherboards • Optimized Short-Depth Industrial Rackmount Platforms • Energy Efficient Titanium - Gold Level Power Supplies • Fully Optimized SuperServers Ready to Deploy Solutions • Remote Management by IPMI or Intel® AMT • Worldwide Service with Extended Product Life Cycle Support • Optimized for Embedded Applications
Learn more at www.supermicro.com/embedded © Super Micro Computer, Inc. Specifications subject to change without notice. Intel, the Intel logo, Intel Core, Intel Quark, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries. All other brands and names are the property of their respective owners.
4.0 PERSPECTIVE ON STANDARDS smartphones and many other mobile devices. The latest version via its Internet Protocol Support Profile will allow Bluetooth Smart sensors to access the Internet directly. Standard: Bluetooth 4.2 core specification Frequency: 2.4GHz (ISM) Range: 50-150m (Smart/BLE) Data Rates: 1Mbps (Smart/BLE)
6LoWPAN 6LoWPAN (IPv6 over Low power Wireless Personal Area Networks) is intended for devices featuring very low power consumption and limited processing performance. It is meant to provide IoT connectivity even for very small devices such as coin cell operated sensors. The standard only defines an efficient adaptation layer inserted between the 802.15.4 data link layer and the TCP/IP stack. There is still no comprehensive standard for the entire protocol stack. In addition, certification programs for 6LoWPAN solutions do not exist yet. Due to the multiple optional modes available in the data link layer, different manufacturers can develop solutions that are not interoperable at the network layer. Nonetheless, these solutions can be designated as 6LoWPAN
Figure 2 NFC, Wi-Fi, Bluetooth, ZigBee and LTE are all part of your smart home. Who will win?
30 | RTC Magazine JUNE 2017
networks, and 6LoWPAN devices residing in different networks can communicate via the Internet as long as they use the same Internet application protocol. 6LoWPAN devices are also able to communicate with any IP-based servers or devices on the Internet, including Wi-Fi and Ethernet devices. The 6LoWPAN communication protocol is still quite new. Initial installations operate in the 2.4GHz, 868MHz and 916MHz ISM bands. With the advantages provided by the 802.15.4 technology (mesh network topology, large networks, reliable communication and low-power operation) and by the IP communication technology, 6LoWPAN is in a favorable position to provide further impetus to the growing market of sensors with cloud connectivity, as well as low-data-rate applications and energy-sensitive applications. Standard: RFC6282 Frequency: (adapted and used over a variety of other networking media including Bluetooth Smart (2.4GHz) or ZigBee or low-power RF (sub-1GHz) Range: N/A Data Rates: N/A
Standard: ZigBee 3.0 based on IEEE802.15.4
A very new IP-based IPv6 networking protocol aimed at the home automation environment is Thread, based on 6LowPAN. Launched in mid-2014 by the Thread Group, the royalty-free protocol is based on various standards including IEEE802.15.4 (as the wireless air-interface protocol), IPv6 and 6LoWPAN, and offers a resilient IP-based solution for the IoT. Designed to work on existing IEEE802.15.4 wireless silicon, Thread supports a mesh network using IEEE802.15.4 radio transceivers and is capable of handling up to 250 nodes with high levels of authentication and encryption. A relatively simple software upgrade should allow users to run thread on existing IEEE802.15.4-enabled devices.
Standard: Thread, based on IEEE802.15.4 and 6LowPAN Frequency: 2.4GHz (ISM) Range: N/A Data Rates: N/A
Zigbee Conceived as a mesh network, ZigBee (which also uses IEEE 802.15.4) mainly operates in the 2.4GHz ISM band, but it supports the 868MHz and 916MHz ISM bands as well. While ZigBee can reach a data throughput of up to 250kbps, data rates tend to be much lower in practical applications. Short active phases separated by long power-down intervals enable several years of operation with a single coin cell battery. The standard is maintained by the ZigBee Alliance. It defines the protocol layers above the 802.15.4 data link layer and provides several application profiles. ZigBee has become particularly successful in smart grid applications. Although an IP specification exists for the ZigBee standard, it is detached from the common profiles of the main application areas and has not reached widespread adoption yet. ZigBee networks require an application-level gateway for cloud connectivity. Implemented as a node, the gateway is part of the ZigBee network while it simultaneously executes the TCP/IP stack via Ethernet or Wi-Fi. ZigBee PRO and ZigBee Remote Control (RF4CE), among other available ZigBee profiles, are targeting applications that require relatively infrequent data exchanges at low data-rates over a restricted area and within a 100m range such as in a home or building.
Range: 10-100m Data Rates: 250kbps
NFC NFC (Near Field Communication) is a technology that enables simple and safe two-way interactions between electronic devices, and especially applicable for smartphones, allowing consumers to perform contactless payment transactions, access digital content and connect electronic devices. Essentially it extends the capability of contactless card technology and enables devices to share information at a distance that is less than 4cm. Standard: ISO/IEC 18000-3 Frequency: 13.56MHz (ISM) Range: 10cm Data Rates: 100â€“420kbps
SigFox An alternative wide-range technology is SigFox, which in terms of range comes between Wi-Fi and cellular. It uses the ISM bands, which are free-to-use without the need to acquire licenses, to transmit data over a very narrow spectrum to and from connected objects. For many M2M applications that run on a small battery and only require low levels of data transfer, Wi-Fiâ€™s range is too short while cellular is too expensive and also consumes too much power. SigFox addresses this using a technology called Ultra Narrow Band (UNB) and is designed to handle low data-transfer speeds of 10 to 1,000 bits per second. Standard: SigFox Frequency: 900MHz ange: 30-50km (rural environments), 3-10km (urban R environments) Data Rates: 10-1000bps
LoRa LoRaWAN targets wide-area network (WAN) applications and is designed to provide low-power WANs with features specifically needed to support low-cost mobile secure bi-directional communication in IoT, M2M and smart city and indus-
RTC Magazine JUNE 2017 | 31
4.0 PERSPECTIVE ON STANDARDS trial applications. Optimized for low-power consumption and supporting large networks with millions and millions of devices, data rates range from 0.3 kbps to 50 kbps. Standard: LoRaWAN Frequency: Various ange: 2-5km (urban environment), 15km (suburban R environment) Data Rates: 0.3-50 kbps.
Looking to the future of IoT Many of the emerging applications that will require IoT communications will rely upon the efficient transfer of information between devices, often using cloud based applications. However, in many instances this will result in a high level of unnecessary data communications. Using a more localised communications hub can often be more efficient in terms of latency. Fog Computing can be an excellent choice to support efficient inter-device communications.
As is obvious, no matter the type of connectivity used, there is always a cost in sending all the data to the cloud in terms of bandwidth, storage, latency and cost. Thus, there is general a trend to make the edge node/gateway more intelligent, and Fog Computing can enable this by extending the cloud to where things are. There is multi-fold advantage in using such a model since it can lead to lower cost and power, ultra-low latency, and real-time analytics, as well as advanced security at the edge. Selecting the correct communications standard for your application will be a key decision in how your solution will interact with other devices and people. Often, there will be no simple “one standard will fit all” solution and a combination of wireless communications will be needed to make sure your solution can interact with the outside world. For many applications we will see a combination of standards from 802.15.4 with 6LoWPAN to Bluetooth Smart (LE) to Bluetooth 4.0 to Wi-Fi. At Imagination, we supply IP for multiple communications standards, and we often provide them in various combinations, customised to meet the customer’s specific needs. Our Ensigma Whisper family of connectivity IP for IoT supports multiple standards, and they are designed to be configurable to support future standards as well. Author Bio: Richard Edgar joined Imagination in 2011 as Director of Communications Technology. He is responsible for developing the strategy and roadmap for the company’s Ensigma communications IP portfolio, which covers an ever-expanding number of technologies including Wi-Fi and Bluetooth, plus a broad range of digital radio and broadcast standards. Edgar is a pioneering technologist in the wireless industry, involved since the early days of Wi-Fi. www.imgtec.com
32 | RTC Magazine JUNE 2017
Flash Storage Array with 200TB capacity in four removable canisters
50TB data in each 7 Lb. removable canister
• 100Gb Inﬁniband or Ethernet connections • MIL-STD 810 and 461 tested • Two versions: airborne and ground • 4U rackmount unit
5.0 SECURITY ON FOG COMPUTING
How to Fight Cyber Threats? Interview of Tim Skutt, Director of Security Portfolio at Wind River. Tim Skutt is Director, Security Portfolio at Wind River. He is focused on directing Wind River’s product capabilities for security and applying Wind River’s security products to meet customer system objectives. Tim has over 25 years of experience and extensive expertise in security and safety partitioning (MILS and ARINC 653), secure Linux, virtualization, Android, and real-time Tim Skutt, Director, Security operating systems. His Portfolio at Wind River work experience includes 11 years at GE Aviation designing real-time, safety critical avionics and vetronics solutions, 7 years at Motorola designing cellular, radio, and multimedia communications systems, as well as work on airborne persistent surveillance systems and with the US Department of Energy Nuclear Reactor Analysis Division.
1. We are seeing more and more cyber attacks in the news. It is worse if you add the unreported incidents. As we move forward with more IoT connections and more schemes such as ransomware, do you anticipate that cyber threats will stay at the same level, get worse or get much worse? By its sheer increase in volume, cyber threats are primed to grow as more devices become connected. IoT connected devices (in many cases, very basic or commonplace products) are often not built with cybersecurity in mind. We’re seeing 30% annual growth of IoT-enabled devices [Gartner, 2015], which is about five million new devices every day. And there has been nearly a
34 | RTC Magazine JUNE 2017
150% jump in DDOS attacks over the course of 2015.[Akamai, 2016]. In IoT, there’s also the issue of diversity in devices and interfaces. Many of the techniques used to combat cyber-attacks effectively in the traditional enterprise space leverage the enterprise’s relatively uniform platform capabilities and interfaces. The homogeneous enterprise environment simplifies the defender’s job. In IoT, however, devices range from extremely resource constrained microcontrollers to more flexible gateways, to server class control stations. Adding to this is a multitude of industry specific interfaces. This diversity results in an explosion of the threat surfaces for IoT systems. The challenge is exacerbated by an IoT developer community that is not typically as well equipped for security, and security tools that, in general, have not yet distilled the diversity into more scalable management frameworks.
2. How to achieve 100% cyber security? While it’s never possible to ensure 100% security, there are some key methods to provide protection against all but the most determined and well financed nation-state attackers. To begin with, design with security in mind from the very beginning for new systems. Adopt a security development process that identifies and characterizes the risks in your system. This will help you prioritize your efforts. Then build your products on strong foundational components: - Hardware platforms that provide secure boot, unique identity, and a hardware root of trust - Software platforms that leverage hardware by extending secure boot to the operating system and run-time components, and that implement robust cryptography, authentication, access control, and network protection Cybersecurity doesn’t stand still - even the best solution today will need updates to respond to new threats. It is important to incorporate a secure management capability that can update your devices to keep security current throughout their lifetime.
We also need to recognize there are many devices already deployed that will likely participate in our IoT systems. It’s important to have a strategy for these devices. They can be protected by interposing a security gateway between them and potential threats. The gateway can be a physical device, or it can be a virtual gateway running on the same hardware platform. By adhering to best practices and anticipating security concerns, companies can combat against cyber threats. It is essential to marry strong security technologies with solid security best practices; this combination is needed for optimal security.
3. What solutions or services does your company provide in helping customers to fight cyber threats?
Our Helix Device Cloud and CarSync offerings provide device management and update solutions enabling security management and monitoring of ecosystems of devices. These products incorporate security within their architecture as well as in their infrastructure operations. Wind River’s Professional Services addresses comprehensive security approaches by combining extensive security expertise with its industry leading secure operating systems, middleware, test capabilities, and partner software and solutions. Drawing from expertise across a diverse range of industries, Wind River’s Professional Services can help from the very beginning with a detailed assessment of device security capabilities and requirements, and then continue to offer assistance throughout development and sustainment to ensure product success.
Wind River has a combination of proven offerings and expertise to arm customers with top strategies and technologies to deliver secure devices and systems, and counter the most sophisticated attacks of today and tomorrow.
4. I n view of the cyber insecurity situation we face today, what advices would you give to our readers (developers, system integrators and project managers) to be better equipped?
Our operating system products, both our VxWorks RTOS and Wind River Linux product lines and our market specific offerings based them, include foundational security capabilities for devices and communications. These foundations include secure boot and initialization, robust cryptography, authentication and access control, and network security. Our products also incorporate additional security capabilities to address security management and monitoring, VPN, IDS/IPS, remote attestation, and more.
Once again, it’s critical to reinforce the importance of using strong, proven security technologies (appropriate for the project at hand) AND solid security practices. Since the security landscape changes quickly, it’s also important to incorporate solutions that will enable adaptation over time. And finally, successful IoT systems often require the operation of “things” within an IT environment, so it is important to ensure IT stakeholders are involved early and to choose solution providers with expertise in the integration of “things” in the IT environment.
We extend these foundational and advanced operating system security capabilities in our integrated platform products such as Wind River Pulsar Linux and our Titanium Cloud portfolio. These solutions incorporate binary updates and solutions focused on management and monitoring of the platform infrastructure.
RTC Magazine JUNE 2017 | 35
5.1 SECURITY ON FOG COMPUTING
How to stay IoT Healthy with In-memory Security? Memory-based security solutions are key in making end-to-end IoT device management more secure and affordable as manufacturers race to get these devices to market. by Jeff Shiner, Director of IoT Solutions at Micron Technology
How can we ensure a single vulnerability in one networked device doesn’t take an entire organization offline? The technology industry is still reeling from the massive WannaCry cyberattack, which left individuals and IT teams struggling to patch devices running ubiquitous Microsoft operating systems containing a known vulnerability. The attack took a toll on businesses like Telefonica and the U.K.’s National Health System (NHS), when it not only infected computers, but in NHS’s case may also have affected other connected devices like MRI scanners, blood-storage refrigerators, and operating theatre equipment. Unfortunately, this isn’t an isolated event. Consider that— • Last fall malware called Mirai commandeered DVRs, IP cameras and devices around the world to launch a major malware campaign, which included a distributed denial of service (DDoS) attack that knocked Twitter, Reddit and other major sites offline after it impacted domain name system (DNS) provider Dyn • Earlier this year, hackers targeted the emergency siren system in Dallas, setting off wailing alarms across the city, and pointing to gaps in the cyber defenses of civil infrastructure As the Internet of Things results in more valuable and numerous targets for cybercriminals to target, we need to take a proactive approach to the situation and plan accordingly. The number of connected devices is forecasted to hit 50 billion in 2020, according to Sage Business Researcher. This number has been increasing at a staggering rate: it was less than 25 billion in 2016 and less than 10 billion in 2012. Manufacturers have been racing to get IoT devices to market which, in some
36 | RTC Magazine JUNE 2017
cases, has reduced security to a lower priority. Compounding the issue is the lack of IoT standardization – especially when compared to the uniformity in the personal computer (PC) and smartphone markets. IoT designs are hampered by scattered approaches to security implementations driven in turn by a variety of system, semiconductor and software level options that when combined, exponentially complicate the issue. The bottom line: increasing security for one set of IoT devices doesn’t translate to better security for billions of others. There are efforts in place to set up security frameworks that guide OEM’s to develop appropriate levels of security into designs. The groups driving these initiatives promote integration of important security components for both hardware and software, designing for defense in depth layered security, as well as other strategies to take advantage of many latest known solutions. One good example of these efforts can be seen in a document created by the Industrial Internet Consortium (IIC) called the Industrial Internet Security Framework (IISF). In addition, the Federal Trade Commission (FTC) has also been trying to address threats, like in 2015 when it urged IoT companies to adopt security best practices. Despite these efforts vulnerabilities remain critical especially for those companies outside the Fortune 100 which can’t afford robust cybersecurity staff or budgets and are hampered by a lack of uniformity in off-the-shelf IoT security solutions.
Solution: “Security By Design” including Memory An easy-to-implement, and potentially more secure approach to this challenge, might unexpectedly be found in one of the
biggest vulnerabilities of current IoT systems: code storage memory. By leveraging memory technology in a creative new way and combining it with cloud-based capabilities, stronger security promises to be created. In more advanced security attacks, malicious code has been written to non-volatile memory. This typically happens to devices at or near the edge of networks: the end-points or “things” in IoT. Once infected, these devices can be organized to act as a larger botnet with other devices or to act individually on a target system. Many of these attackers are exploiting known security gaps published today and are always looking for new “Zero Day” vulnerabilities to leverage. Other common attack strategies in late 2016 emerged with the Mirai-based botnet attacks that took advantage of IoT devices like DVR’s, IP cameras and home routers that were all shipped with default insecure settings. At their peak, these created a DDoS to various sites including Twitter, Amazon, Reddit and ironically, KrebsOnSecurity. In both attack strategies above, long term solution for the device OEM can translates to major hardware and software redesign and deployment of devices and cloud solutions to monitor the integrity of the device as well as remediate if the device has been compromised. But where there is a weakness there can also be an opportunity. If critical code stored in memory can be cryptographically authenticated and become part of the DNA of that IoT device, combined with complimentary capabilities in the cloud, a hacker’s ability to implant malware on a device can be severely limited both through end-to-end authentication and cryptographic firmware management. For years, a set of functions called “roots of trust” (RoT) has been used to increase security in networks. RoT’s offer security
services that typically reside in a trusted compute module and can be safely used by an operating system to verify the identity and health of a device, basically confirming that device belongs on the network and is not infected. To date, the burden of providing this type of security has fallen on CPUs, SoCs and hardware security modules (HSMs). Unfortunately, even using components like these with the safeguards they provide, hackers still can attack at levels below the logic components in an IoT device and “brick” or halt that system. As attacks increase in sophistication, Advanced Persistent Threats (APTs) are becoming a larger concern as hackers focus efforts on planting their code into the memory of the IoT device beyond the logic of the device. By adding security to more parts of a solution, aka “defense in depth,” and ensuring that memory is part of the equation, security stands to improve. This approach also promises to be relatively simple, low-cost and low-impact allowing a greater touch to IoT devices already impacted today by various attacks.
One Approach to Memory-Based Security Micron Technology is pursuing an approach that places two elements directly in memory: device ID and a small cryptographic processing capability. These elements then combine to produce information that enables a cloud computing resource to confirm the identity and health of the memory and its data. This can strengthen security at the lowest levels of boot and off-load work from CPUs, SoCs and HSMs. This approach is exemplified in the recently announced security partnership between Microsoft and Micron. Together, the companies focus on two key aspects that simplify how customers can implement security to enable health and identity of IoT devices. The first step involves creating an end-to-end secure connection that is built into standard hardware and enables customers to bring up system capabilities simply with software development kits (SDKs). By leveraging a new standard within the Trusted Computing Group (TCG) called DICE, or Device Identity Composition Engine, Microsoft’s Azure IoT cloud and Micron® Authenta™ Technology help ensure that only trusted hardware gains access to the IoT cloud. This solution approach is expected to provide new security benefits for IoT devices by verifying both identity and health in the hardware where critical code is typically stored. This identity enables Azure IoT Hub to verify the device as “good”
RTC Magazine JUNE 2017 | 37
5.1 SECURITY ON FOG COMPUTING or “bad” and take the next appropriate action such as enabling more advanced functionality like device health attestation and provisioning, as well as allowing an administrator to securely remediate the device if compromised in the field. Not only does authentication of IoT devices in memory provide a unique level of protection at the lowest levels of boot, but this approach also leverages standard flash memory sockets that already exist in billions of IoT devices. Leveraging Authenta enabled Micron flash memory in current and legacy designs, companies can enable new security functions with software modifications. Further simplifying the software resources requirements, both Microsoft and Micron offer core middleware with software development kits (SDKs) to enable these solutions at the host in Azure, at gateways and even at end-points. This solution is aimed at making it much easier to provide secure IoT cloud management and connectivity for new platforms and devices, as well as the ability to retrofit legacy system. No security may be perfect, but there are ways to enhance security by adding significant defense in depth. This is true now more than ever, especially with the rise of IoT and the increase in the number of vulnerable devices at the edges of networks.
38 | RTC Magazine JUNE 2017
New solutions like the one being built by Microsoft and Micron will make end-to-end device management more secure and affordable. Monitoring and managing the health of the IoT device is one of the most complex decisions companies will make, and the goal of quickly filling known security gaps and making the cost of a hack outweigh the benefits to the hacker is formidable. Leveraging cybersecurity best practices and newly forming ecosystems should begin to make security implementations more effective and affordable for many companies. Author Bio: Jeff Shiner is the segment marketing director for the Embedded Business Unit at Micron Technology. Jeff joined Micron in 2015 focused on the Internet of Things (IoT). In this role, he is actively involved in driving Micron’s strategy and market develop initiatives targeted at emerging and existing markets that will benefit from the explosion in growth from the IoT. Jeff has 19 years’ experience in the semiconductor industry. Before joining Micron, he held various sales, marketing and business development positions at AMD, Spansion and Cypress Semiconductor. He holds a bachelor degree in industrial engineering from Texas A&M University. www.micron.com
5.2 SECURITY ON FOG COMPUTING
How Prepared are Utilities for Looming Cybersecurity Threats? It’s clear that the threat of cyberattacks is a top-of-mind issue for most utilities in the world today. To prevent a security related catastrophe, it is crucial to understand the three most vulnerable systems at the utility: communications security, operation security and hardened head end system security. by Rick Enns, Technical Architecture Director, Trilliant
It’s clear that the threat of cyber attacks is a top-of-mind issue for most utilities in the world today. In Utility Dive’s annual State of the Electric Utility Survey, more than 600 utility professionals said cyber and physical security are the most pressing concerns for their companies, with 72 percent saying it is either “important” or “very important.” To prevent a security related catastrophe, it is crucial to understand the three most vulnerable systems at the utility: communications security, operation security and hardened head end system security.
Communications security Communications security protects the messages and processes going back and forth between field devices and the head end system. There are three different sectors in a utility communications network: • Smart grids monitor and control the energy distribution systems and connect devices such as transformers, line monitors and line closures. The security concerns here are the authentication, authorization and integrity of the communications.
• S mart metering systems provide data communication and control for meters. Here, consumer information must be kept confidential to prevent fraud and to authenticate and authorize critical commands such as disconnects. • S mart city systems provide services outside of energy; street light management is one of the first such services deployed by utilities. The security concerns with these systems tend to be similar to those for smart grid services. In all three sectors, the common communication system must be able to separate the security credentials used from the network resources needed to supply the services. One service cannot be allowed to compromise the other. •C ommunication security must: Protect data privacy and not disclose sensitive data during transmission and while traveling through a network. Encryption prevents a hack of sensitive data and protects privacy. •P rotect data integrity with cryptographic message integrity checks so that the data transmitted by the source cannot be modified without detection.
Figure 1 This diagram shows the generic security between a field device and a utility head end system. The device uses end-to-end security between itself and the head end system that includes encryption, authentication, authorization and data integrity protections.
RTC Magazine JUNE 2017 | 39
5.2 SECURITY ON FOG COMPUTING • Authenticate devices on the network and enable them to authenticate each other before communicating data or commands. In the past, this has been done with passwords or shared secret keys, but this is weak. More advanced systems use public/private key pairs, Public Key Infrastructures (PKI) and cryptographically protected certificates to authenticate devices. See figure 1. To stop a hacker from scaling an attack from the field, the device can be designed to make compromise expensive for the attacker.
Operational security Operational security ensures that the system and its components are secure in all stages of its lifetime: manufacturing, installation, operations and maintenance and decommissioning. Manufacturing - The utility must know that a device is manufactured by a legitimate source; manufacturer device certificates are used to authenticate that the device was manufactured by an authenticated source. Installation - The utility must authenticate that the installed device has come from an authenticated source, including that the device belongs to the utility and that there is a work order for its installation. A certificate can be used to authenticate the
device, and the system’s device data base verifies that it is authorized to join the network. Operations – Once a device has been commissioned it is ready to operate in the network and to securely interact with the utility’s applications. However, to maintain security the system must provide various functions: • Security credentials need to be changed periodically to keep them secure. Operators need efficient tools to change keys and certificates. • Certificates and keys need to be changed in the case of a compromise. • When device firmware flaws are found, the utility needs to securely update the device. Firmware updates are a critical security function, and the utility and the device must authenticate the firmware image and its integrity. • The operator needs to monitor the security of the system to detect attacks. Field devices must detect, log and report security events to provide a comprehensive record of the event. • If devices are taken out of service and not supervised properly, they can become a tool to hack the system. To prevent
Figure 2 The generic Smart Grid Head End System manages the Field Device Network and the field devices, gathers the field device data and makes it available to utility applications and utility users.
40 | RTC Magazine JUNE 2017
this, the system must securely decommission the device which entails removing all the cyber credentials and sensitive customer information as well as updating the system’s device data bases to show that the device is decommissioned and no longer authorized to be on the network. Security protocols must be based on standard protocols and methods because proprietary technologies are not thoroughly vetted and may contain flaws that are easily exploited. However, not all standards-based security systems are equal. How a utility uses the security standards can affect how well the security architecture scales to manage millions of devices. The system should use the standards-based protocols carefully so that the security can be easily managed. For example, cyber security certificates need to be revocable in case they are compromised. The system provider must deal with the case where several thousand devices certificates need to be revoked if a manufacturing site is compromised. Issuing thousands of certificate revocations may not be practical, so the PKI architecture must be designed to deal with this in an efficient manner through certificate chains where only revoking a manufacturing batch certificate gets the job done.
The hardened head end system This is the most important asset to protect in a utility/IoT system because an attack against it can affect the entire system. Traditionally the head end systems have been protected by a secure perimeter consisting of firewalls and user access control. However, more secure systems need to provide defense inside the secure perimeter. The head end system needs to be hardened to make attacks inside the perimeter more difficult. See figure 2. The head end system is a valuable target for a hacker because a compromised head end system can be used to control multiple field devices that can adversely affect the utility’s core business interests. There are three phases of an attack: Penetration, Exploration and Exploitation. In the penetration phase the attacker tries to access the systems controls and sensitive data by getting past the secure perimeter of the system, which is maintained by technologies such as firewalls, user access control systems, virus and malware scanning and network segmentation architectures. However, a utility should never rely only on a secure perimeter. Many attacks can circumvent the perimeter, for example when the attack tricks an entity’s employee into compromising the system
from within. Therefore, the head end system also needs internal protections. In the exploration phase of an attack, the hacker maps the system to identify the services, the users, the databases and the services the internal network supports. This information is then used to identify to the best path disrupt the utility’s business or the most valuable information to steal. The head end system needs to be hardened to detect when the system is being explored and to make this exploration hard. Security data analytics can be deployed to look for irregular user activities and traffic patterns. Security deception tools can trap a hacker’s exploration activities and identify the source of the attack within the system. Stopping an attack at the exploration stage is crucial because it prevents the damage that awaits when the attacker starts to exploit the system. The exploitation phase of the attack is when the hacker launches an attack that damages the utility. The hacker may use knowledge of the system to affect service to customer or to steal customer information. In either case there is a significant impact to the utility. Head end system protections can be employed to limit the scope of the attack such as security data analytics, which can be used to detect anomalous behaviors in the field device, grid controls and throttle commands. Analytics can also be used to detect the exfiltration of data. These techniques limit the attack and its damage, but they only have an effect after the exploitation has started. As long as cyberattacks continue to be a top concern among utilities, the industry must use this knowledge and understanding of how the three most vulnerable systems at a utility work in order to prevent a security related catastrophe. Author Bio: Rick Enns has been the Technical Architecture Director at Trilliant for more than six years. He has developed and continues to develop a number of system level designs for HAN, NAN and WAN and security life cycle best practices. www.trilliantinc.com/
RTC Magazine JUNE 2017 | 41
ADVERTISER INDEX GET CONNECTED WITH INTELLIGENT SYSTEMS SOURCE AND PURCHASABLE SOLUTIONS NOW Intelligent Systems Source is a new resource that gives you the power to compare, review and even purchase embedded computing products intelligently. To help you research SBCs, SOMs, COMs, Systems, or I/O boards, the Intelligent Systems Source website provides products, articles, and whitepapers from industry leading manufacturers---and it's even connected to the top 5 distributors. Go to Intelligent Systems Source now so you can start to locate, compare, and purchase the correct product for your needs.
Company...........................................................................Page................................................................................Website Critical I/O.............................................................................................................................17......................................................................................................... www.criticalio.com Dell..............................................................................................................................................21..................................................................................................................... www.dell.com Elma........................................................................................................................................... 4...................................................................................................................www.elma.com Gaia............................................................................................................................................. 11...........................................................................................www.gaia-converter.com Green Hills Software..................................................................................................... 2......................................................................................................................www.ghs.com Intelligent Systems Source.....................................................................................38............................................................... www.intelligentsystemssource.com NVIDIA.................................................................................................................................... 9............................................................................................................... www.nvidia.com One Stop Systems.........................................................................................................33.................................................................................... www.onestopsystems.com Pentek.....................................................................................................................................44............................................................................................................www.pentek.com Pixus Technologies....................................................................................................... 19.................................................................................www.pixustechnologies.com Supermicro..........................................................................................................................29................................................................................................. www.supermicro.com Teledyne Dalsa.................................................................................................................27.......................................................................................... www.teledynedalsa.com TQ...............................................................................................................................................43................................................................................www.embeddedmodules.net WinSystems.........................................................................................................................13.................................................................................................www.winsystems.com
RTC (Issn#1092-1524) magazine is published monthly at 940 Calle Negocio, Ste. 230, San Clemente, CA 92673. Periodical postage paid at San Clemente and at additional mailing offices. POSTMASTER: Send address changes to RTC-Media, 940 Calle Negocio, Ste. 230, San Clemente, CA 92673.
42 | RTC Magazine JUNE 2016
Experience Real Design Freedom
Only TQ allows you to choose between ARM®, Intel®, NXP and TI • Off-the-shelf modules from Intel, NXP and TI • Custom designs and manufacturing • Rigorous testing • Built for rugged environments: -40°C... +85°C • Long-term availability • Smallest form factors in the industry • All processor functions available
For more information call 508 209 0294 www.embeddedmodules.net
Unfair Advantage. 2X HIGHER performance
4X FASTER development
Introducing Jade™ architecture and Navigator™ Design Suite, the next evolutionary standards in digital signal processing.
Kintex Ultrascale FPGA
Pentek’s new Jade architecture, based on the latest generation Xilinx® Kintex® Ultrascale™ FPGA, doubles the performance levels of previous products. Plus, Pentek’s next generation Navigator FPGA Design Kit and BSP tool suite unleashes these resources to speed IP development and optimize applications. •
Streamlined Jade architecture boosts performance, reduces power and lowers cost Superior analog and digital I/O handle multi-channel wideband signals with highest dynamic range
Built-in IP functions for DDCs, DUCs, triggering, synchronization, DMA engines and more
Board resources include PCIe Gen3 x8 interface, sample clock synthesizer and 5 GB DDR4 SDRAM
Navigator Design Suite BSP and FPGA Design Kit (FDK) for Xilinx Vivado® IP Integrator expedite development
Applications include wideband phased array systems, communications transceivers, radar transponders, SIGINT and ELINT monitoring and EW countermeasures
Jade Model 71861 XMC module, also available in VPX, PCIe, cPCI and AMC with rugged options.
Navigator FDK shown in IP Integrator.
See the Video!
www.pentek.com/go/rtcjade or call 201-818-5900 for more information
All this plus FREE lifetime applications support! Pentek, Inc., One Park Way, Upper Saddle River, NJ 07458 Phone: 201-818-5900 • Fax: 201-818-5904 • email: firstname.lastname@example.org • www.pentek.com Worldwide Distribution & Support, Copyright © 2016 Pentek, Inc. Pentek, Jade and Navigator are trademarks of Pentek, Inc. Other trademarks are properties of their respective owners.