Iotivity's Architecture

IoTivity Architecture Ashok Subash Samsung Electronics R & D Institute Bangalore

1 Agenda

• IoTivity Overview • IoTivity Architecture • IoTivity Base Layer & APIs • IoTivity Primitive Services & APIs • IoTivity Roadmap

2 IoTivity Overview OCF Topologies Supported

• An open source software framework implementing OCF Standards OCF Client OCF Server • Ensures seamless device-to-device P2P Direct connectivity to address emerging needs of IoT OCF Client OCF Client

• Licensed under Apache License XMPP/ Cloud STUN/ TURN/ICE Version 2.0 CoAP over TCP OCF Intermediary • Available on TIZEN, Android, Arduino, Gateway Gateway Linux(Ubuntu) Platforms

OCF Servers OCF IoTivity OCF Servers Cloud based (Standards) (Open Source) Remote Access intelligent Services

3 IoTivity – High Level Architecture Rich Device Key Goals Consumer Enterprise Industrial Automotive Health ….  APIs Common Solution (C/C++/Java/JS)  Established Protocols Service Layer  Security & Identity Lite Device Device Low-Power Data  Standardized Profiles Management Management Management Sensing/Control  Application Interoperability Resource Resource Encapsulation  Innovation Opportunities Container Base Layer  Necessary connectivity Base Layer Messaging Security

Discovery Messaging Security Discovery IoTivity Profiles IoTivity Framework IoTivity Connectivities*

4 IoTivity Base Layer & APIs

5 Discovery Subsystem

Client announce resource multicast COAP C C OCF “OCF/server” listen OCF [ port 5683 ] Server COAP Server Client HTTP Gateway C C COAP C [ Figure 1 ] Multicast announcement over Wi-Fi / Ethernet Server Discovery within Constrained local network multicast find Environment listen resource [ port 5683 ] OCF OCF Internet Server unicast response “OCF/server” Client Connectivity Discovery Description Mechanism CoAP

[ Figure 2 ] Multicast/Unicast over WiFi / Ethernet WiFi & IP Multicast CoAP Multicast Port: 5683 • Open IETF Standard (RFC 7252) Ethernet (Assigned by IANA) • Compact 4 Byte Header advertise scan (over IP) CoAP Secure Port: 5684 • UDP (Default), SMS, TCP OCF service OCF service IP Unicast Precondition: Support • Strong DTLS Security OCF OCF over UDP OIC Server Address & Port are find resource • Asynchronous Subscription Server Client known • Built-In Discovery response “OCF/server” Bluetooth Using Scan & OCF Specific Service UUID (EDR & Advertise [ Figure 3 ] Advertise/Scan over BLE/BT BLE) CoAP: Constrained Application Protocol IANA: Internet Assigned Numbers Authority

6 Discovery – Finding a Resource

Function Call Flow Sequence Diagram

Application

1 6 OCPlatform::findResource(host, “/light/1”, OCF Light Light Fan connectivityType, resourceHandlerCb); Client 192.168.1.11 192.168.1.12 192.168.1.21 C++ API (SDK) GET /oc/core?rt=light (IP multicast) OCDoResource(resourceHandle, OC_REST_GET, “/light/1”, GET /oc/core?rt=light 2 5 0, payLoad, connectivityType, qos, &cbData, (multicast) headerOptions, numOptions); Sends a GET /oc/core?rt=light C API (SDK) multicast (multicast) CASendRequest(endPoint, requestInfo); JSON/CBOR query Encode/ OCStack Decoder //Devices that matches the query answers as indicated below ACK,CONTENT Connectivity Abstraction CoAP IoTivity IoTivity IoTivity Device Device Device ACK, CONTENT

3 Multicast

7 Messaging - Connectivity Abstraction

Resource Model CA Control Component - Target network selection, interface control & monitoring CA API - CoAP message serialization & parsing CA Control

Network CoAP Blockwise Interface - Block-wise messaging flow control Config. Protocol Transfer Controller Transport Adapter Component Transport Adapter - Data transmission over UDP, TCP, BLE(GATT), BT(SPP) & NFC IP BLE BT TCP NFC Adapter Adapter Adapter Adapter Adapter - Secure data exchanging using DTLS

Platform Adapter Platform Adapter Component

Ubuntu Android Tizen Arduino Interface Interface Interface Interface - Wi-Fi, Ethernet and BLE - Android Wi-Fi, BLE and BT Ubuntu Android Tizen Arduino - Tizen Wi-Fi, BLE and BT - Arduino Wi-Fi, Ethernet and BLE Legend

CA Component CA Module External

Ubuntu Android Tizen Arduino

8 Messaging - Remote Access over XMPP

STUN/ Signaling DM TURN Server Server

GW/Proxy RA Server

S1 S2 S3 (LW) (LW) (cRA)

C1 Local subnet (RA) Feature - Remote client discover & securely interface with resource servers when not on same subnet - Adheres to access control policies - End-to-End Secure Device Type Use Case Light weight (LW) Device Accessible within subnet. No RA, require GW/proxy device for access Constrained RA (cRA) RA access for non latency-sensitive, low BW applications Endpoint RA Endpoint (RA) Full RA access

9 Messaging – CoAP over TCP

TCP and TLS Transport for the CoAP  CoAP Default transport - UDP. 3rd Service 3rd Service • Reliable delivery, simple congestion control & flow 3rd Service 3rd Service control • Provided by the message layer of CoAP  CoAP over TCP Benefits .

CoAP CI(*) Server RD(**) Server • To integrate well with existing enterprise infrastructure, • Ability to work with existing NAT boxes • Advanced Congestion Control algorithms • Integration with Web Environment CoAP over TCP for Cloud extension  Resources should be registered to the Resource Directory Service for discovery

* CI : Cloud Interface ** RD : Resource Directory

10 Message Switching

 To Pass IoTivity messages through heterogeneous network  Uses DSDV* routing algorithm  Table-driven routing scheme for ad-hoc mobile network  Uses CoAP Option

*Destination-Sequenced Distance-Vector Routing

Source Source Address Destination Destination Address Multicast Length Length Sequence No. 1 Byte Length specified in Source 1 Byte Length Specified in Destination 1 Byte Length Length

11 Programming IoTivity Base APIs Steps Involved • Registering a Resource • Finding a Resource OCF Client OCF Server • Querying a Resource State ISV Client IoTivity Client Client Server Server IoTivity ISV Server App SDK Wrapper OCStack OCStack Wrapper SDK App • Setting a Resource State ocresource.get(callBack) • Observing Resource State clientWrapper.get(callBack) OCDoResource Application Profiles GET /light/1 Call entity handler Call OCResource Call OCResource IoTivity Services Return code Return code Return code ACK, CONTENT IoTivity Base API wrapperAsyncCallbackFunc Base Layer asyncResultHandler

Resource Messaging Discovery Security Introspection Connectivity Abstraction Querying a Resource State: Sequence Diagram

12 IoTivity Security

13 Security Features & Architecture

Key Functionality

1) Onboarding Resource Introspection (RI) layer PM C API 2) Ownership Transfer Secure Resource Manager (SRM) Provisioning Manager (PM) 3) Provisioning layer 4) Access Control Ownership Provisioning Resource Policy Engine Transfer Manager Database Secure Virtual Manager (RM) (PE) (OTM) Manager (PDM) Provisioning Provisioning Database Database Manager Persistent (Admin Device) Storage Secure Resource Provider (SRP) Interface (PSI)

 Ownership Transfer  Ownership Transfer  Credential(Key)/ Connectivity Abstraction (CA) layer  Credential(Key) ACL Provisioning Provisioning DTLS modules, etc. DTLSDTLS modules, modules, etc. etc.

X Security Subsystem Architecture Resource Access Access Denied over DTLS Resource Client Client (Provisioned) Server (Provisioned) (Un-Provisioned)

14 *Platform Hardening not part of the OCF Specs & IoTivity Implementation IoTivity Primitive Services & APIs

15 Purpose of Primitive Services

 Provides easier and simpler APIs for App developers (Heavy Lifting done by Framework) Soft Sensor Manager Multi-Phy Protocol Easy Setup Bridge  Mostly designed to run on Smart or Controller devices

Notification Simulator  Uses the Iotivity Base APIs Service Primitive

Resource Services Scene Applications Directory Manager

Resource Resource Server Primitive Services Container Resource Builder Broker IoTivity Base

16 Resource Encapsulation

Resource Module Description Container Resource Broker • Remote Resource Presence check (regardless of Remote Server supporting Resource Encapsulation presence feature)

Resource • Provide consistent reachability management for discovered resource of Client Wrapper Server interest Builder Resource Resource Resource Cache Broker Cache • Maintains last information of Remote Resource (regardless of Remote Server is observable) • Data Centric API (Send/Recv Message Getter/Setter, Data Cache) IoTivity Base Server Builder • Att. setter to provide easy way to create resource • Changes “msg Handling” to “Data Setting” for users • Monitors value of attributes so that notify-back for observation whenever attribute has changed

17 Protocol Bridge using Resource Container • Integrates non-OCF resources (Bundle) • Handles dynamic loading of resource Maps OCF to bundles & dynamic creation of resources 2. Loads resource Hue light bundles hueLight.cpp • Supports C++ .so files & Java .jar files OCF hueToOCF.so light • Common configuration for bundles and interface configured resources

OCF light interface OCF bridge (with resource container)

OCF 1. Loads  Designed to work devices with non light configuration interface OCF devices containerConfig.xml  (resource instance Enables control of legacy devices specific configuration) which are already in market with existing APIs using a OIC complaint device

18 Scene Manager Helps Users to create a Scenario or Scene for controlling “ “Away Home” Scene Multiple IoT devices & their functionality LED Bulb e.g. Away Home – All Lights turned off, Doors locked 15 C Watching Movie – Living Room lights off, TV On, Speaker On Thermostat Door Lock

0. Discover1. Create Scene 2. Add Scene to 3. Add SceneAction 4. Execute Resources Collection Resource SceneCollection to Scene Scene Scene List URI:/oic/SceneList

Scene URI:/oic/SceneCollection/1 Collection Scene Manager

Scene URI:/oic/SceneMember/1 Member Resource Encapsulation

Scene URI: /oic/SceneMember/2 Member IoTivity Base Resource Model

19 Low Power Management – Resource Hosting Solution Problem  Offloads request/data handling from remote clients  Reduces the power consumption of resource constraint device

How many subscriptions thin device could Thin Device enhances its lifetime delegating its support with its constrained system resource subscriber to richer hosting device resource?

Hosting(Rich) device Thin(Light) device Subscription User/Consumer Thin(Light) device

Subscription User/Consumer

20 Low Power Management – Resource

Directory - Constrained device that needs to sleep and can not respond to multicast discovery queries Device 2 hosts RD and responds on behalf of device 1 & 4. • Discovery of RD server Device 1 Unicast response by device 2 with resources of 1, 2 and 4. • Publish Resource to RD • Update / Delete Resource

Device 2 Device 3

Publishes resources to Resource Directory

Multicast query request

Device 4

21 MultiPhy Easy Setup • Mediator  E.g., UI-capable Smartphone • Enrollee  E.g., Out-of-box and UI-less Thing • Enroller  E.g., WiFi AP, Zigbee Coordinator

Scenario

Enroller

Actively connects to Collect Enroller’s Enroller information (via③ WiFi, BT, BLE, Zigbee, (e.g.,① SSID, Credential) etc)

Push Enroller’s information (via WiFi, BT, BLE, Zigbee, etc) ② Enrollee Mediator

22 Simulator Service Simulating different OCF resources Feature OCF resources • Server Thermostat Simulates - OCF resources can be simulated, Using resource model definition (RAML) files. Fan - Manages creation, deletion, request handling and notifications Light for OCF resources. Service Provider • Client - Searching for different types of resources available in the network. Sending different requests to verify features supported by OCF resources - Sending different types of requests both manual and Remote OCF automatically and displays the response payload received. resources Modify Temp erature

Speed Increase

Power Off Client Controller

23 IoTivity Roadmap

24 • Scene Manager • Direct Pairing March 2016 IoTivity • Support for NFC 1.1.0 • IoTivity Cloud Support

• CoAP-HTTP Proxy • Integration with Thread connectivity Sep 2016 IoTivity 2.0 • Notification Service

• Cloud to Cloud Interface • Pub-Sub Not finalized IoTivity 2.1 • DDS Messaging Support

25 Appendix

26 IoTivity – Deeper View

Smart Home Automotive Health Application Application …. Application

APIs (C/C++/Java/Web)

Non-OCF Device Service Layer ETC Protocol Device Management Low-Power Mgmt Data Management

Scene Device conf. Resource Resource Soft Sensor Protocol Manager Directory Hosting Bridge Sensing/Control Easy Setup Noti. Service Application

Resource Encapsulation Resource Container Base Active Resource Resource Resource Bundle Configura Discovery Broker Cache Builder Loader tion File Messaging Security

Base Layer SRM CoAP DTLS Discovery Messaging Security

Resource CoAP Message Blockwise Provisioning Discovery Introspection Messaging Switching Transfer Manager Resource Introspection Application Messaging Multicast Device Connectivity Remote CoAP Component Function Call Discovery Presence Abstraction Access /TCP DTLS SRM Multicast/Scan Module Callback

27 Messaging - CoAP Messaging Message Architecture  IETF Standard, RFC 7252, Constrained Application Protocol  Web transfer protocol for use with constrained nodes & constrained network.  Designed for M2M scenarios  Request/response (piggyback style) interaction between application endpoint

Description (Reference: https://tools.ietf.org/html/rfc7252)

28 Setting a Resource State – Sequence Diagram

OCF Client OCF Server

ISV Client Client Client Client Server Server Server ISV Server App SDK Wrapper OCStack OCStack Wrapper SDK App ocresource.put( attributeMap, callBack) inProcClient.setResourceAttributes (Attributes, callBack) OCDoResource PUT /light/1 Call entity handler Call OCResource InProcClient.put(attributeMap) Return code Return code Return code ACK, CHANGED wrapperAsyncCallbackFunc asyncResultHandler

29 Observing Resource State

OCF Client OCF Server

ISV Client Client Client Client Server Server Server ISV Server App SDK Wrapper OCStack OCStack Wrapper SDK App ocresource.observe inProcClient.observe

OCDoResource GET /light/1 Call entity handler Call OCResource InProcClient.observe Return code Return code Return code ACK, CONTENT wrapperAsyncCallbackFunc

asyncResultHandler Change Event OCNotifyObservers OCNotifyObservers CON, CONTENT asyncResultHandlerwrapperAsyncCallbackFunc

30 Onboarding & Provisioning Call Flow

31 Secure Communication

Cipher Suites & Mechanism Client Server Supported ClientHello CoAP HelloVerifiedRequest (cookie) Request / Response Message ClientHello(cookie) - Authentication: Pre-Shared keys (PSK) ServerHello DTLS Certificate or Certificate ServerKeyExchange CertificateRequest ServerHelloDone - Message Confidentiality & UDP ClientCertificate Integrity: TLS_PSK_AES_128_CCM_8 ClientKeyExchange CertificateVerify IPv4/IPv6 ChangeSipherSpec Finished - Replay protection: MAC includes sequence number 802.11 or 802.3 ChangeCipherSpec Finished - Scalability : tiny-DTLS for Constraint Device

32 Resource Container

1. startContainer (config.xml) Resource Container • Integrates non-OCF resources

Resource (Bundle) Resource instance1 Resource instance2 PrimResServer

API instance3

6. create resource servers config.xml • Handles dynamic loading of ResourceContainer Bridge IoTivity ResourceContainerBundleAPI resource bundles & dynamic

2. load with dlopen() 4. retrieve resource 5. register bundle creation of resources 3. activate bundle configuration resources • Supports C++ .so files & ProtocolBridgeBundle.jar ProtocolBridgeBundle.so SoftSensorBundle.jar ProtocolBridge ProtocolBridge Java .jar files Bundle Activator Bundle Activator Bundle Activator Connector Connector • Common configuration for ProtocolBridge ProtocolBridge ProtocolBridge ProtocolBridge ProtocolBridge ProtocolBridge SoftSensor SoftSensor SoftSensor Resource 1 Resource 2 Resource n Resource 1 Resource 2 Resource n Resource 1 Resource 2 Resource n bundles and configured resources

33 Notification Service

Notification Service  Rich Notification Delivery (Text, Audio, Video)  Uniform Notification Information across platforms (Linux, Android, Tizen) Notification Notification  Notification Delivery acknowledgement from Producer Consumer consumer to producer

Resource Encapsulation

IoTivity Base