Approaches on Internet of Things Solutions
Approaches on Internet of Things Solutions
Cristian TOMA, Cristian CIUREA, Ion IVAN
Department of Economic Informatics and Cybernetics
Bucharest University of Economic Studies
Piata Romana 6, Bucharest
firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Journal of Mobile, Embedded and Distributed Systems 5(3) 124-129
Abstract: The Internet of Things (IoT) ecosystem is presented with its features and particularities in the first section of the paper. In the second section are presented the technical terminology and how inter-domain technologies such as: Internet/Semantic and Middleware, RFID/NFC and Smart Objects-embedded devices are linked together. The paper shows an implementation of the authentication procedure with a proximity tag/card implemented in Java SE, in the third section. The conclusions are presented in the fourth section and they describe the opportunity to develop a proof of concept project, which may have multiple implementations.
Key-Words: Sensors Authentication, IoT (Internet of Things), Supply Chain Management Security
1. IoT (Internet of Things) Ecosystem Intro
The concept of Internet of Things (IoT) is related to uniquely identifiable objects and their virtual representations in a structure similar with the Internet . This new concept is an innovative solution to realize a quantitative analysis of all the things that surround us. A prerequisite needed for the Internet of Things is the radiofrequency identification (RFID). If all objects and people in real life were equipped with identifiers and smart-tags, they could be managed and inventoried by computers .
People have limited time, attention and accuracy, so that they are not very good at capturing and storing information about all the things from the real world (even if we include 2D barcodes used for Automatic Data Acquisition applications). An alternative view on IoT, from the Semantic Web perspective, focuses instead on making all things addressable by the existing naming protocols, such as URI (this refer to other things than those electronic, smart, or RFID-enabled). The objects themselves can be referred for the moment by other agents, for example by powerful centralized servers acting for their human owners, without conversion.
In  is considered that the Internet of Things is the network of physical objects that contain integrated technology to communicate and sense or to interact with their internal states or the external environment.
The Internet of Things is a revolutionary concept that is for the moment at the beginning, in the incipient phase, but which will become in few years an important research subject.
Figure 1 below present the concept of Internet of Things and the connection between all involved components.
For the development of all the applications of the Internet of Things is compulsory to develop a range of technologies and solutions, in which free and open software plays an important role, providing both hardware architecture and open source software, such as development environments, that allows the development of open source applications for the Internet of Things.
2. IoT Technical Details
The IoT is composed of many sensors, application platforms, user platforms, and so on, creating a community ecosystem. A sensor is a component that collects and delivers information about things in a specified area. By building a shared common platform such as IoT will create a richer ecosystem for all the people, by enabling the development of innovative systems to focus on the value-added of the human physical touch points of connected objects and the services that manage these objects .
The Internet of Things means to connect in realtime people and objects from the real physical world together in a network of sensing, reasoning, and action. The IoT connects people and things together with software products and applications.
A Smart Object contains IoT data and information, also metadata and software agent code resources, such as application software event handler. Samples of Smart Objects are embedded devices such as Rasberry Pi, Arduino, BeagleBone/Ninja Blocks. The data model for broad interoperability is represented by the Smart Object API.
The Smart Object API is represented by a Semantic Web application for the Internet of Things that provides linked-data interactions between application software agents and IoT endpoints, sensors and user devices, which are pluggable in real-time .
The IoT vendor silos provide high level cooked APIs from cloud services of Smart Object API, enabling integration of IoT resources from top to bottom of the stack. The IoT of today means no interoperability and existence of many vertical and horizontal silos.
The Smart Object API supports the concept of a Smart Gateway, which is working as a Smart Object intermediate for devices on the network, adding semantic descriptors and offering a service interface for the device representation on the Internet. Sensors and gateways must be programmed for each service they need to interact with.
IoT applications consist of sensors and actuators end points, user device end points, and application software that connect the endpoints in the representation of a directed graph. We can also build a graph of resources consisting of Smart Objects connected to services and other Smart Objects, based on the related IoT ontologies, and the Smart Object API .
The interoperability and interdependence between multiple devices is becoming a common characteristic because people are trying to build their own Internet of Things by getting all their smart devices to be connected in the cloud. The IoT needs a standard to interact with other devices and this standard must enable software for easier interaction.
The actual Internet of Things consists of many different sensor networks and protocols, connected to special cloud services and offering access through smart mobile devices and browser applications. It is unusual for these separate silos to cooperate or interact one with each other .
Figure 2 describe the Internet of Things tech items grouped on three main categories: Internet – Protocols – Middleware, Sensors – RFID, Embedded Devices – Smart Objects.
The Internet of Things has many applicability areas and fields, such as the healthcare sector, the retail sector, transportation services, educational services, industry and so on.
Due to the large applicability of Internet of Things, experts agree that the opportunities presented by the Internet of Things are endless, as it becomes easier and easier to bring physical objects online. A practical example is represented by different smart devices connected on a social network for machines that will help homes to save energy .
Figure 3 presents the simplified schema of IoT home saving energy example.
As we can see from Figure 3, the online network of physical objects is realized by using RFID tags and some other types of sensors. By implanting these tags inside a physical object, the object gives the power to be monitored and controlled remotely through the Internet, with the help of a smartphone. This eliminates the need for human people to constantly enter and monitor data. Instead, objects can work directly with each other and can collaborate without the need for a person to link them together .
3. Smart Tags/Cards for Things Authentication and Data Integrity
In a retail or supply chain management integrated solutions, RFID – vicinity/proximity tags or cards will be attached to the products and things, in order to store data and metadata about the products. The sensors will read or modify the data stored in RFID labels attached to the things. In order to provide authentication and data integrity, the solution will have an authentication procedure that requires minimum of processing and power consumption, but in the same time it will be strong enough to avoid security pitfalls.
The minimum authentication model will require a mechanism similar with CRYPTO1 from Mifare 1K/4K proximity cards and a higher secure model would be inspired from Sony FeliCa cards and VISA/Mastercard DDA (dynamic authentication) procedure from banking cards (MULTOS or Java Card).
Mifare DESFire tags/cards have only contactless interface for communications and they are fully compliant to the ISO/IEC14443A (1-4). They have 7 bytes UID (“Double Size UID”) and from point of view of CPU & OS, there are the following features:
- Asynchronous CPU core
- (3) DES coprocessor
- Fixed Command Set
- No Customer ROM codes
The Mifare DESFire file-system is able to handle:
- up to 28 application / card
- up to 16 files / application
- up to 14 keys / application
- 1 master-key for card maintenance
- Plain, (3)DES encrypted, or MAC-ed data transmission
- On-Chip Backup management
This section presents an authentication procedure specific to Mifare DESFire tags/cards that have certain particularities and requirements. An improved procedure should be sufficient for RFID tags/cards authentication and it is presented as Java source code statements for non-sensitive operations (the complete source code may be obtained from the authors):
The data and meta-data for products/things might be stored in files inside the file system memory layout and they will be encrypted with the session key negotiated during the authentication procedure.
We can mention also the need of security outside the authentication, especially in the banking field, where are some applications that do not require users' authentication. Generally, these applications are accessed internally, by the bank employees, and the access is provided from other applications, based on single-sign-on principles. In such situations, the security must be ensured through restricted access rights on mainly resources and by monitoring users' access with the help of log files .
In 2020 there is estimation that will be 50 billion IoT devices in the market. At least all the consumers of “Java enabled” and Embedded Linux smart objects will be in the main target group for open source solutions. The smart objects are processing the data collected from sensors and for instance, from RFID tags/cards. The authentication process is an important approach taking into account NFC and RFID domains expansion.
Besides the authentication process of RFID tags/cards by the IoT sensors, the paper represents the basic know-how for developing a proof of concept that will demonstrate how the RFID/NFC tags/cards are written with meta-data information, and then periodically tags/cards area read by RFID/NFC reader/writer devices (sensors), in order to do the things tracking. The obtained information is securely and collaborative aggregated into a unified data model and processed using distributed computing methodologies over “big data”.
The proof of concept project results may include:
- The formal models, architecture, REST/Web-services/communications protocols and M2M data-structures;
- The beta version of the software libraries that implement products/services tracking and clustering:
- sensor control using devices SDKs; the reading/writing of the data formats from/in RFID vicinity/proximity tags/cards and optionally, reading 2D barcodes of the products/services;
- “big data” processing and semantic parsing, via distributed computing model and implementation, using embedded devices/boards (Internet of Things „smart objects‟, e.g. Raspberry-PI board) for cloud micro-instance deployment and standard PCs/laptops;
- secure communications from sensors to „smart-objects‟ via IoT Service Gateways.
During the development of the proof of concept project, we estimate that we will create pre-requisites to offer Java implementation for Smart Object API, to enhance the existing security and communications protocols for REST Interface/Web-services, and improvement of M2M/IoT data models plus value added services for existing and new IoT deployed “silos”-es.
Parts of this paper were presented by the authors at 6th International Conference on Security for Information Technology and Communications (SECITC'13), June 25-26, 2013, Bucharest, Romania.
- Cristian Toma, Cristian Ciurea, Ion Ivan – Authentication Issues for Sensors in IoT Solutions, Proceedings of the 6th International Conference on Security for Information Technology and Communications (SECITC'13), June 25-26, 2013, Bucharest, Romania, ASE Printing House, ISSN 2285-1798, ISSN-L 2285-1798.
- Wikipedia, Internet of Things, Available at: http://en.wikipedia.org/wiki/Internet_of_Things
- Open Smart Cities I: Open Source Internet of Things, Available at: http://observatorio.cenatic.es/index.php?option=com_content&view=article&id=807:open-smart-cities-i-open-internet-of-things&catid=94:tecnologia&Itemid=137
- Michael Koster, Data models for the Internet of Things, Available at: http://iot-datamodels.blogspot.ro/
- Tom Vu, The Internet of Things: Inspiration and Requirements, Available at: http://blog.makezine.com/2013/04/18/the-internet-of-things-inspiration-and-requirements/
- Chad Brooks, The Internet of Things: A Seamless Network of Everyday Objects, Available at: http://www.livescience.com/38562-internet-of-things.html
- Ion Ivan, Cristian Ciurea – Security Aspects of Collaborative Banking Systems Applied in Economy, Journal of Mobile, Embedded and Distributed Systems, Vol. 3, No. 4, 2011, ISSN 2067–4074.