WIXLIB

Internet of ThingsDecoding the IoT EcosystemJad El Cham October 2017 RIPE75 Tutorial

Who’s joining the gameJad El Cham RIPE75 October 20172

The outlook for 2020? Predictions for number of connected devices๏ Gartner: 20.4 Billions๏ IHS: 30.7 Billions๏ Cisco: 50 Billions๏ Intel: 200 BillionsJad El Cham RIPE75 October 20173

Value CreationRevenueCitizen Experience4500 New CompaniesJad El Cham RIPE75 October 2017Jobs56000 New JobsProductivityCost Control10.5B Revenues / year4

Overview The business background The IoT Ecosystem From sensor to data challenge The IoT Data Flow IoT Access Technologies IoT Security ChallengesWill not cover: Smart Device’s IoTJad El Cham RIPE75 October 20175

Use cases and OpportunitiesSmart water/gas meteringPublic lightingSmart buildingSmart parkingAssets TrackingSmart Agriculture, i.e. leakdetection and irrigationWater level andflood managementFault managementSecurity services, i.e.Smoke detectorsSmart energy and fastdemand responseWaste managementTraffic managementSource: CiscoJad El Cham RIPE75 October 20176

The IoT challengeHoJad El Cham RIPE75 October 2017w7

The IoT Data FlowSiteThingsNodes andGatewaysJad El Cham RIPE75 October 20178

The IoT Data FlowSiteThingsNodes andGatewaysJad El Cham RIPE75 October 2017NetworkConnectivityBackbone(IP?)9

The IoT Data FlowSiteThingsNodes andGatewaysNetworkConnectivityBackbone(IP?)Cloud / DCDataIngestionDataAnalysisProcessesand PeopleIoT EnablerJad El Cham RIPE75 October 201710

The IoT Data Flow - SiteSiteThingsNodes andGateways Part of Operational Technology Things can be sensors with analog or digital outputs Sensors are powered by the IoT nodes or power sources Encoding can be done using MQTT, CoAP, etc. Many sensors (Things) can be connected to an IoT node Many IoT nodes can be connected to an IoT GatewayJad El Cham RIPE75 October 201711

The IoT Data Flow - NetworkSiteNodes andGatewaysThingsNetworkConnectivityBackbone(IP?) Challenge of transporting the data on a massive scale Impact on the battery / power source of the source device Low Power Wide Area (LPWA) as an IoT Enabler Possible Deployment scenarios today: SigfoxLoRaWANNB-IoT, LTE-M, 5G(?)WiFi 3/4GZigbee 3/4GJad El Cham RIPE75 October 201712

IoT Access Technologies LandscapeLongRange2G4G3GHigh5GLowLoRaWAN CostBandwidth ower ConsumptionModule e1901.2PLCSignal esIndustrialSmart CitiesAgricultureTransportationsAssets management Power consumption very sensitive toendpoint Low data rate applicationsMobilityB-LEWeightLPWA-lessUse Cases supportLongRangeWi-Fi.b, .g,.nSigFoxHigh Open technology – Ecosystem forsolutionSource: Cisco / ActilityJad El Cham RIPE75 October 201713

The IoT Data Flow - NetworkNetworkThingsNodes andGatewaysConnectivityBackbone(IP?)Technology Decision FactorJad El Cham RIPE75 October 201714

IoT Access ScenariosJad El Cham RIPE75 October 201715

What is 5G?Source: InterDigitalJad El Cham RIPE75 October 201716

What 5G is The hyper-connected vision๏ Blend of pre-existing technologies (2/3/4G, WiFi, etc.) for higher coverage andavailability๏ Key differentiator being greater connectivity as an enabler for M2M and IoT๏ May include a new radio technology to enable low power, low throughput fielddevices Next-generation radio access technology๏ More of a traditional ‘generation-defining’ view๏ Specific targets for data rates and latency being identified๏ Easier determination of whether a technology is 5G or not The two views described are regularly taken as a singleset and hence views are grouped togetherJad El Cham RIPE75 October 201717

What 5G isSource: QualcommJad El Cham RIPE75 October 201718

Technology Requirements for 5G90% reduction inNetwork energy99.999% Availability100% CoverageJad El Cham RIPE75 October 201719

Use cases for 5GExtreme throughputMulti-gigabits per secondJad El Cham RIPE75 October 2017Ultra-low latency1ms E2E latencyUniform experiencemuch more capacity20

Use cases for 5GPower EfficientLow complexityMulti-year battery lifeLow device and network costJad El Cham RIPE75 October 2017Long rangeDeep coverage21

Use cases for 5GHigh reliabilityUltra-low latencyExtremely low loss rate1ms E2E latencyJad El Cham RIPE75 October 2017High availabilityMultiple links for redundancy and mobility22

Implications of 5G on Operators Operators need to overcome a series of challenges if the5G benefits are to be realised 5G spectrum and coverage implicationsBelow 1 GHz: longer range for massive IoT1 GHz to 6 GHz: wider bandwidths for enhanced mobile broadband and mission controlAbove 6 GHz (mmWave): extreme bandwidths, shorter range for extreme mobilebroadbandFrom wide area macro to local hotspot deploymentsSupport for diverse network topologies (D2D, Mesh,etc.)Jad El Cham RIPE75 October 201723

Implications of 5G on Operators Operators need to overcome a series of challenges if the5G benefits are to be realised 1 ms LatencySource: GSMA Intelligence / Euro-5GJad El Cham RIPE75 October 201724

Roadmap for 5GBy the second half of 2017 the focus of our work will shift to Release 15, to deliver the first setof 5G standards - including new work as well as the maturing of the LTE-Advanced Prospecifications.www.3gpp.orgJad El Cham RIPE75 October 201725

The IoT Data Flow - Cloud / DCCloud / DCThingsNodes ataAnalysisProcessesand People Big Data applications for IoT Many solutions by Cloud Software Providers Interface for humans to understand the data and interactwith it Automated processes based on the input received Machine Learning, AI, M2MJad El Cham RIPE75 October 201726

IoT Applications ModelsIoT Data Services and AppsManufacturing / Utility / Oil & Gas / Transportation / Healthcare / Cities / RetailIoT Data Platform (IoT Cloud)IoT FabricDevices / Sensors / Actuators / Silicon / Device SecurityJad El Cham RIPE75 October 201727

IoT Services yManagementJad El Cham RIPE75 October 2017SECURITYApplicationsIntegration withother SystemsData streamingbetween clouds28

Fog ComputingSiteThingsNodes (IP?)Cloud / DCDataIngestionDataAnalysisProcessesand PeopleCloud Computing Computing done on the IoT Gateway Linux OS gateways and nodes, local computing possible Reduce the chatter on the transmission medium Push some intelligence towards the edgeJad El Cham RIPE75 October 201729

Mist ComputingSiteThingsMistComputingNetworkNodes oud / DCDataIngestionDataAnalysisProcessesand PeopleCloud Computing Some decisions taken at the source Discard useless information Data processed faster at destination Processing done on the level of the sensorsJad El Cham RIPE75 October 201730

IOT Security101

IoT Security Landscape No one definition of IoT๏ Internet connected device๏ Characterised by a constantly growing network of connected devicesand actuators that can sense or interact with their internal states orthe external environment (Europol - iOCTA)๏ Smart Devices๏ Consumer Devices / Industrial Control Systems๏ Emerging concept describing a wide ecosystem whereinterconnected devices and services collect, exchange and processdata in order to adapt dynamically to a context (ENISA)Jad El Cham RIPE75 October 201732

IoT Security Challenges Many more devices on the network Lack of security updates and patches for remediation byvendors Weak or no encryption / Data Protection Devices running old services with vulnerabilities Lack of computing power on many IoT devices Security by design not a concern to some vendors Lazy consumers Undocumented hard coded passwordsJad El Cham RIPE75 October 201733

IoT Security Impact Devices become part of an IoT botnet Devices are bricked or destroyed Health related impact (connected medical devices) Compromised privacy Data theft Full networks compromise APTsJad El Cham RIPE75 October 201734

Access to IoT Devices If an IoT Device is not accessing the internet, it does notmean that it is not accessible from the Internet!!! Port Forwarding UPnP: Universal Plug and Play, widely used today, whenyou buy a device, it tells your router to expose the devicefrom the internet dynamically 275 000 IP cameras exposed to the internet today withoutusers knowing it because of UPnPJad El Cham RIPE75 October 201735

IoT Victims Victims can be:๏ Unauthenticated devices๏ Devices with default credentials๏ Devices with strong password but with weak security embeddedcomponents๏ Devices with a backdoor account that grants privileged access๏ Devices with old firmware๏ Devices that do not contain fixes to security vulnerabilities๏ ANY DEVICEJad El Cham RIPE75 October 201736

DEMOAccess to IoT Devices

Vulnerability Research Statistics - ICS80DOSRCEFile ManipulationAuth bypass / weak encryptionPath traversalDisable account72# of RCEManipulationbypass / PathweakDisabletraversalencryptionaccountType of VulnerabilityJad El Cham RIPE75 October 2017Source: Kaspersky LAB ICS CERT - H1 201738

Vulnerability Research Statistics - ICS70Patched63Not Patched# of Vulnerabilities56495447423528211470PatchedNot PatchedSource: Kaspersky LAB ICS CERT - H1 2017Jad El Cham RIPE75 October 201739

Vulnerability Research Statistics - ICSPercentage of all infected ICS computers40ManufacturingEngineeringEducationFood & ufacturingEngineeringEducationFood & BeverageEnergyIndustryJad El Cham RIPE75 October 2017Source: Kaspersky LAB ICS CERT - H1 201740

Vulnerability Research Statistics - ICSPercentage of ICS computers affected20InternetMailRemovable Mediawin restoreNetwork18161415,5121086423,9 3,60,7 0,50InternetRemovableMailwin restoreMediaNetworkSource of Vulnerability - EuropeJad El Cham RIPE75 October 2017Source: Kaspersky LAB ICS CERT - H1 201741

Vulnerability Research Statistics - ICSPercentage of ICS computers affected25InternetRemovable MediaEmail ClientsWindows BackupArchives Backup232020,41815131089,653,9300,9 esBackupBackupSource of Vulnerability - WorldJad El Cham RIPE75 October 2017Source: Kaspersky LAB ICS CERT - H1 201742

How do we protect ourselves? Exposedevices to the internet only if you need it; useVPN when possible Place IoT Devices on a separate VLAN Always change default credentials Turn off UPnP Always update devices to latest firmwareswith latestsecurity patches Select carefully your cloud services Give preference to known vendors Digital hygiene across the network, not only IoT devicesJad El Cham RIPE75 October 201743

IoT security efforts and initiatives Community effort - i.e AIOTI , Project OWASP for the IoT BCP - Best Current Practices for Securing Internet of Things (IoT)Devices draft-moore-iot-security-bcp-01 GovernmentalRegulation - Internet of Things Cybersecurity GovernmentalGuidelines - US DHS Strategic Principles forImprovement Act of 2017securing IoT IoTSecurity Guidelines - GSMA IoT Security Guidelines &Assessment PublicAwareness - IoT Security focused workshops andconferencesJad El Cham RIPE75 October 201744

Smart CitiesToday

Nice - Connected Boulevard Congestionreduced by30% Airpollution and noiselevels reduced by 25% Savings between 20 and80 % in areas such asstreet lighting and lightmanagement Parkingincomeincreased by 30%Image credit: Flickr Better citizen experienceJad El Cham RIPE75 October 201746

Dubai - Smart City 40%of city centre trafficcaused by parking issues Driverless transport set tobe common in 2020 1000 government servicessmart by 2017 Potential investment valueof AED 17.9 billion by2019 250 000 Smart meters forElectricity and WaterJad El Cham RIPE75 October 201747

San Francisco - Connected City The goal is to achieve a10% Shift Shift 10% of single-occupiedvehicles to public transit Reduce10%intransportation emissions Reduce accidents andfatalities by 10% Reduce 10% in resident’sspending on transportation Image credit: Curbed IM PhotoRepurpose unused trafficlanes for a better CXJad El Cham RIPE75 October 201748