IoTivity Architecture Ashok Subash Samsung Electronics R & D Institute Bangalore
1 Agenda
• IoTivity Overview • IoTivity Architecture • IoTivity Base Layer & APIs • IoTivity Primitive Services & APIs • IoTivity Roadmap
2 IoTivity Overview OCF Topologies Supported
• An open source software framework implementing OCF Standards OCF Client OCF Server • Ensures seamless device-to-device P2P Direct connectivity to address emerging needs of IoT OCF Client OCF Client
• Licensed under Apache License XMPP/ Cloud STUN/ TURN/ICE Version 2.0 CoAP over TCP OCF Intermediary • Available on TIZEN, Android, Arduino, Gateway Gateway Linux(Ubuntu) Platforms
OCF Servers OCF IoTivity OCF Servers Cloud based (Standards) (Open Source) Remote Access intelligent Services
3 IoTivity – High Level Architecture Rich Device Key Goals Consumer Enterprise Industrial Automotive Health …. APIs Common Solution (C/C++/Java/JS) Established Protocols Service Layer Security & Identity Lite Device Device Low-Power Data Standardized Profiles Management Management Management Sensing/Control Application Interoperability Resource Resource Encapsulation Innovation Opportunities Container Base Layer Necessary connectivity Base Layer Messaging Security
Discovery Messaging Security Discovery IoTivity Profiles IoTivity Framework IoTivity Connectivities*
4 IoTivity Base Layer & APIs
5 Discovery Subsystem
Client announce resource multicast COAP C C OCF “OCF/server” listen OCF [ port 5683 ] Server COAP Server Client HTTP Gateway C C COAP C [ Figure 1 ] Multicast announcement over Wi-Fi / Ethernet Server Discovery within Constrained local network multicast find Environment listen resource [ port 5683 ] OCF OCF Internet Server unicast response “OCF/server” Client Connectivity Discovery Description Mechanism CoAP
[ Figure 2 ] Multicast/Unicast over WiFi / Ethernet WiFi & IP Multicast CoAP Multicast Port: 5683 • Open IETF Standard (RFC 7252) Ethernet (Assigned by IANA) • Compact 4 Byte Header advertise scan (over IP) CoAP Secure Port: 5684 • UDP (Default), SMS, TCP OCF service OCF service IP Unicast Precondition: Support • Strong DTLS Security OCF OCF over UDP OIC Server Address & Port are find resource • Asynchronous Subscription Server Client known • Built-In Discovery response “OCF/server” Bluetooth Using Scan & OCF Specific Service UUID (EDR & Advertise [ Figure 3 ] Advertise/Scan over BLE/BT BLE) CoAP: Constrained Application Protocol IANA: Internet Assigned Numbers Authority
6 Discovery – Finding a Resource
Function Call Flow Sequence Diagram
Application
1 6 OCPlatform::findResource(host, “/light/1”, OCF Light Light Fan connectivityType, resourceHandlerCb); Client 192.168.1.11 192.168.1.12 192.168.1.21 C++ API (SDK) GET /oc/core?rt=light (IP multicast) OCDoResource(resourceHandle, OC_REST_GET, “/light/1”, GET /oc/core?rt=light 2 5 0, payLoad, connectivityType, qos, &cbData, (multicast) headerOptions, numOptions); Sends a GET /oc/core?rt=light C API (SDK) multicast (multicast) CASendRequest(endPoint, requestInfo); JSON/CBOR query Encode/ OCStack Decoder //Devices that matches the query answers as indicated below ACK,CONTENT Connectivity Abstraction CoAP IoTivity IoTivity IoTivity Device Device Device ACK, CONTENT
3 Multicast
4
7 Messaging - Connectivity Abstraction
Resource Model CA Control Component - Target network selection, interface control & monitoring CA API - CoAP message serialization & parsing CA Control
Network CoAP Blockwise Interface - Block-wise messaging flow control Config. Protocol Transfer Controller Transport Adapter Component Transport Adapter - Data transmission over UDP, TCP, BLE(GATT), BT(SPP) & NFC IP BLE BT TCP NFC Adapter Adapter Adapter Adapter Adapter - Secure data exchanging using DTLS
Platform Adapter Platform Adapter Component
Ubuntu Android Tizen Arduino Interface Interface Interface Interface - Wi-Fi, Ethernet and BLE - Android Wi-Fi, BLE and BT Ubuntu Android Tizen Arduino - Tizen Wi-Fi, BLE and BT - Arduino Wi-Fi, Ethernet and BLE Legend
CA Component CA Module External
Ubuntu Android Tizen Arduino
8 Messaging - Remote Access over XMPP
STUN/ Signaling DM TURN Server Server
GW/Proxy RA Server
S1 S2 S3 (LW) (LW) (cRA)
C1 Local subnet (RA) Feature - Remote client discover & securely interface with resource servers when not on same subnet - Adheres to access control policies - End-to-End Secure Device Type Use Case Light weight (LW) Device Accessible within subnet. No RA, require GW/proxy device for access Constrained RA (cRA) RA access for non latency-sensitive, low BW applications Endpoint RA Endpoint (RA) Full RA access
9 Messaging – CoAP over TCP
TCP and TLS Transport for the CoAP CoAP Default transport - UDP. 3rd Service 3rd Service • Reliable delivery, simple congestion control & flow 3rd Service 3rd Service control • Provided by the message layer of CoAP CoAP over TCP Benefits .
CoAP CI(*) Server RD(**) Server • To integrate well with existing enterprise infrastructure, • Ability to work with existing NAT boxes • Advanced Congestion Control algorithms • Integration with Web Environment CoAP over TCP for Cloud extension Resources should be registered to the Resource Directory Service for discovery
* CI : Cloud Interface ** RD : Resource Directory
10 Message Switching
To Pass IoTivity messages through heterogeneous network Uses DSDV* routing algorithm Table-driven routing scheme for ad-hoc mobile network Uses CoAP Option
*Destination-Sequenced Distance-Vector Routing
Source Source Address Destination Destination Address Multicast Length Length Sequence No. 1 Byte Length specified in Source 1 Byte Length Specified in Destination 1 Byte Length Length
11 Programming IoTivity Base APIs Steps Involved • Registering a Resource • Finding a Resource OCF Client OCF Server • Querying a Resource State ISV Client IoTivity Client Client Server Server IoTivity ISV Server App SDK Wrapper OCStack OCStack Wrapper SDK App • Setting a Resource State ocresource.get(callBack) • Observing Resource State clientWrapper.get(callBack) OCDoResource Application Profiles GET /light/1 Call entity handler Call OCResource Call OCResource IoTivity Services Return code Return code Return code ACK, CONTENT IoTivity Base API wrapperAsyncCallbackFunc Base Layer asyncResultHandler
Resource Messaging Discovery Security Introspection Connectivity Abstraction Querying a Resource State: Sequence Diagram
12 IoTivity Security
13 Security Features & Architecture
Key Functionality
1) Onboarding Resource Introspection (RI) layer PM C API 2) Ownership Transfer Secure Resource Manager (SRM) Provisioning Manager (PM) 3) Provisioning layer 4) Access Control Ownership Provisioning Resource Policy Engine Transfer Manager Database Secure Virtual Manager (RM) (PE) (OTM) Manager (PDM) Provisioning Provisioning Database Database Manager Persistent (Admin Device) Storage Secure Resource Provider (SRP) Interface (PSI)
Ownership Transfer Ownership Transfer Credential(Key)/ Connectivity Abstraction (CA) layer Credential(Key) ACL Provisioning Provisioning DTLS modules, etc. DTLSDTLS modules, modules, etc. etc.
X Security Subsystem Architecture Resource Access Access Denied over DTLS Resource Client Client (Provisioned) Server (Provisioned) (Un-Provisioned)
14 *Platform Hardening not part of the OCF Specs & IoTivity Implementation IoTivity Primitive Services & APIs
15 Purpose of Primitive Services
Provides easier and simpler APIs for App developers (Heavy Lifting done by Framework) Soft Sensor Manager Multi-Phy Protocol Easy Setup Bridge Mostly designed to run on Smart or Controller devices
Notification Simulator Uses the Iotivity Base APIs Service Primitive
Resource Services Scene Applications Directory Manager
Resource Resource Server Primitive Services Container Resource Builder Broker IoTivity Base
16 Resource Encapsulation
Resource Module Description Container Resource Broker • Remote Resource Presence check (regardless of Remote Server supporting Resource Encapsulation presence feature)
Resource • Provide consistent reachability management for discovered resource of Client Wrapper Server interest Builder Resource Resource Resource Cache Broker Cache • Maintains last information of Remote Resource (regardless of Remote Server is observable) • Data Centric API (Send/Recv Message Getter/Setter, Data Cache) IoTivity Base Server Builder • Att. setter to provide easy way to create resource • Changes “msg Handling” to “Data Setting” for users • Monitors value of attributes so that notify-back for observation whenever attribute has changed
17 Protocol Bridge using Resource Container • Integrates non-OCF resources (Bundle) • Handles dynamic loading of resource Maps OCF to bundles & dynamic creation of resources 2. Loads resource Hue light bundles hueLight.cpp • Supports C++ .so files & Java .jar files OCF hueToOCF.so light • Common configuration for bundles and interface configured resources
OCF light interface OCF bridge (with resource container)
OCF 1. Loads Designed to work devices with non light configuration interface OCF devices containerConfig.xml (resource instance Enables control of legacy devices specific configuration) which are already in market with existing APIs using a OIC complaint device
18 Scene Manager Helps Users to create a Scenario or Scene for controlling “ “Away Home” Scene Multiple IoT devices & their functionality LED Bulb e.g. Away Home – All Lights turned off, Doors locked 15 C Watching Movie – Living Room lights off, TV On, Speaker On Thermostat Door Lock
0. Discover1. Create Scene 2. Add Scene to 3. Add SceneAction 4. Execute Resources Collection Resource SceneCollection to Scene Scene Scene List URI:/oic/SceneList
Scene URI:/oic/SceneCollection/1 Collection Scene Manager
Scene URI:/oic/SceneMember/1 Member Resource Encapsulation
Scene URI: /oic/SceneMember/2 Member IoTivity Base Resource Model
19 Low Power Management – Resource Hosting Solution Problem Offloads request/data handling from remote clients Reduces the power consumption of resource constraint device
How many subscriptions thin device could Thin Device enhances its lifetime delegating its support with its constrained system resource subscriber to richer hosting device resource?
Hosting(Rich) device Thin(Light) device Subscription User/Consumer Thin(Light) device
Subscription User/Consumer
20 Low Power Management – Resource
Directory - Constrained device that needs to sleep and can not respond to multicast discovery queries Device 2 hosts RD and responds on behalf of device 1 & 4. • Discovery of RD server Device 1 Unicast response by device 2 with resources of 1, 2 and 4. • Publish Resource to RD • Update / Delete Resource
Device 2 Device 3
Publishes resources to Resource Directory
Multicast query request
Device 4
21 MultiPhy Easy Setup • Mediator E.g., UI-capable Smartphone • Enrollee E.g., Out-of-box and UI-less Thing • Enroller E.g., WiFi AP, Zigbee Coordinator
Scenario
Enroller
Actively connects to Collect Enroller’s Enroller information (via③ WiFi, BT, BLE, Zigbee, (e.g.,① SSID, Credential) etc)
Push Enroller’s information (via WiFi, BT, BLE, Zigbee, etc) ② Enrollee Mediator
22 Simulator Service Simulating different OCF resources Feature OCF resources • Server Thermostat Simulates - OCF resources can be simulated, Using resource model definition (RAML) files. Fan - Manages creation, deletion, request handling and notifications Light for OCF resources. Service Provider • Client - Searching for different types of resources available in the network. Sending different requests to verify features supported by OCF resources - Sending different types of requests both manual and Remote OCF automatically and displays the response payload received. resources Modify Temp erature
Speed Increase
Power Off Client Controller
23 IoTivity Roadmap
24 • Scene Manager • Direct Pairing March 2016 IoTivity • Support for NFC 1.1.0 • IoTivity Cloud Support
• CoAP-HTTP Proxy • Integration with Thread connectivity Sep 2016 IoTivity 2.0 • Notification Service
• Cloud to Cloud Interface • Pub-Sub Not finalized IoTivity 2.1 • DDS Messaging Support
25 Appendix
26 IoTivity – Deeper View
Smart Home Automotive Health Application Application …. Application
APIs (C/C++/Java/Web)
Non-OCF Device Service Layer ETC Protocol Device Management Low-Power Mgmt Data Management
Scene Device conf. Resource Resource Soft Sensor Protocol Manager Directory Hosting Bridge Sensing/Control Easy Setup Noti. Service Application
Resource Encapsulation Resource Container Base Active Resource Resource Resource Bundle Configura Discovery Broker Cache Builder Loader tion File Messaging Security
Base Layer SRM CoAP DTLS Discovery Messaging Security
Resource CoAP Message Blockwise Provisioning Discovery Introspection Messaging Switching Transfer Manager Resource Introspection Application Messaging Multicast Device Connectivity Remote CoAP Component Function Call Discovery Presence Abstraction Access /TCP DTLS SRM Multicast/Scan Module Callback
27 Messaging - CoAP Messaging Message Architecture IETF Standard, RFC 7252, Constrained Application Protocol Web transfer protocol for use with constrained nodes & constrained network. Designed for M2M scenarios Request/response (piggyback style) interaction between application endpoint
Description (Reference: https://tools.ietf.org/html/rfc7252)
28 Setting a Resource State – Sequence Diagram
OCF Client OCF Server
ISV Client Client Client Client Server Server Server ISV Server App SDK Wrapper OCStack OCStack Wrapper SDK App ocresource.put( attributeMap, callBack) inProcClient.setResourceAttributes (Attributes, callBack) OCDoResource PUT /light/1 Call entity handler Call OCResource InProcClient.put(attributeMap) Return code Return code Return code ACK, CHANGED wrapperAsyncCallbackFunc asyncResultHandler
29 Observing Resource State
OCF Client OCF Server
ISV Client Client Client Client Server Server Server ISV Server App SDK Wrapper OCStack OCStack Wrapper SDK App ocresource.observe inProcClient.observe
OCDoResource GET /light/1 Call entity handler Call OCResource InProcClient.observe Return code Return code Return code ACK, CONTENT wrapperAsyncCallbackFunc
asyncResultHandler Change Event OCNotifyObservers OCNotifyObservers CON, CONTENT asyncResultHandlerwrapperAsyncCallbackFunc
30 Onboarding & Provisioning Call Flow
31 Secure Communication
Cipher Suites & Mechanism Client Server Supported ClientHello CoAP HelloVerifiedRequest (cookie) Request / Response Message ClientHello(cookie) - Authentication: Pre-Shared keys (PSK) ServerHello DTLS Certificate or Certificate ServerKeyExchange CertificateRequest ServerHelloDone - Message Confidentiality & UDP ClientCertificate Integrity: TLS_PSK_AES_128_CCM_8 ClientKeyExchange CertificateVerify IPv4/IPv6 ChangeSipherSpec Finished - Replay protection: MAC includes sequence number 802.11 or 802.3 ChangeCipherSpec Finished - Scalability : tiny-DTLS for Constraint Device
32 Resource Container
1. startContainer (config.xml) Resource Container • Integrates non-OCF resources
Resource (Bundle) Resource instance1 Resource instance2 PrimResServer
API instance3
6. create resource servers config.xml • Handles dynamic loading of ResourceContainer Bridge IoTivity ResourceContainerBundleAPI resource bundles & dynamic
2. load with dlopen() 4. retrieve resource 5. register bundle creation of resources 3. activate bundle configuration resources • Supports C++ .so files & ProtocolBridgeBundle.jar ProtocolBridgeBundle.so SoftSensorBundle.jar ProtocolBridge ProtocolBridge Java .jar files Bundle Activator Bundle Activator Bundle Activator Connector Connector • Common configuration for ProtocolBridge ProtocolBridge ProtocolBridge ProtocolBridge ProtocolBridge ProtocolBridge SoftSensor SoftSensor SoftSensor Resource 1 Resource 2 Resource n Resource 1 Resource 2 Resource n Resource 1 Resource 2 Resource n bundles and configured resources
33 Notification Service
Notification Service Rich Notification Delivery (Text, Audio, Video) Uniform Notification Information across platforms (Linux, Android, Tizen) Notification Notification Notification Delivery acknowledgement from Producer Consumer consumer to producer
Resource Encapsulation
IoTivity Base
34