VersaSense

Secure Plug-and-Play Sensing and Control for the Industrial (IIoT)

The Internet of Things (IoT) is revolutionizing industry by vastly expanding and simplifying the real-time monitoring and control of infrastructure, assets and processes. By connecting and converging Operational Technology (OT) and Information Technology (IT) the Industrial IoT (IIoT) is leading the way to the fourth industrial revolution, often referred to as Industry 4.0 or Industrie 4.0. This whitepaper provides a an introduction to the VersaSense IoT Fabric and the VersaSense IoT Cloud Services, a set of wireless IIoT products and services that radically reduce the total cost of ownership for industrial sensing and control systems.

Danny Hughes, Chief Technical Officer Guy Vancollie, Chief Marketing Officer VersaSense NV, Leuven, Belgium. 1. IIoT Deployment Challenges 3 2. Plug and Play Sensors and Actuators 3 2.1 Ultra low power plug-and-play peripherals 3 2.2 Efficient and modular wireless software updates 4

3. IoT Network Technologies 4 3.1 SmartMesh IP, an ultra-reliable low power mesh network 5 3.2 LoRa, a long-range low power network 5

4. Connecting the IoT to Business Logic 6 4.1 Data access APIs 6 4.2 Out-of-the-Box Connectors 6 4.3 VersaSense IoT Cloud Services 7

5. IoT Security 7 6. Conclusion 8 7. Next Steps 8 8. References 9 1. IIoT Deployment Challenges 2. Plug and Play Sensors and Actuators The IoT promises large efficiency gains across a Gathering the right sensor data and controlling wide range of industries. However, effectively industrial equipment requires the integration of deploying Industrial IoT technologies remains specific sensors or actuators with a wireless IoT challenging for the following reasons: device. Until recently, the state-of-practice in sensor and actuator integration was based upon Gathering the right data: The first challenge in the design of custom circuit boards for each deploying an Industrial IoT network is integrating application. This is a slow and expensive the right set of sensors and actuators, also process that requires a team of embedded called peripherals, to interface with the physical hardware and software engineering specialists. world. Traditional sensing and control solutions Recently, a range of extensible embedded require hardware and software integration platforms have emerged such as: [07] efforts, which dramatically increase project costs and Grove [08]. However these platforms have and time-to-market. They also demand two key shortcomings. First, integrating these specialized embedded development skills. sensors with the wireless device still requires Section 2 describes how the VersaSense embedded software specialists and second, solution addresses this challenge by introducing these sensors are not ready to deploy in low power plug-and-play sensors [01]. industrial scenarios due to a lack of enclosures, calibration and power management support. Choosing the right network: IoT networks offer a spectrum of trade-offs in terms of: range, The VersaSense IoT Fabric is the first Industrial reliability, bandwidth and power consumption. IoT solution to offer true plug-and-play sensors The VersaSense IoT Fabric offers a choice of that require no configuration and no embedded two industry-leading networks, an ultra-reliable hardware or software development. To achieve 802.15.4e wireless mesh network based on this, VersaSense has made two key SmartMesh IP™ [02] and LoRa™ [03], a low contributions: ultra low power plug-and-play power wide area (LPWA) network. Section 3 sensors and a flexible modular software stack. analyses the trade-offs of each network and discusses the suitability of these networks for supporting different applications. 2.1 Ultra low power plug-and-play peripherals Integrating the IoT with business logic: The Mainstream computing systems have simplified VersaSense product line builds upon a collection peripheral integration by making peripherals of standards-based network protocols. This self-describing or ‘Plug-and-Play’ (PnP) in facilitates the seamless integration of the schemes like Universal Serial Bus (USB), which VersaSense solution with existing network are increasingly used within IoT solutions. infrastructure and software systems. The However, USB is prohibitively energy hungry, VersaSense solution also provides efficient data reducing the battery lifetime of Industrial IoT archiving, visualization and alerting, while also devices from years to weeks. integrating with 3rd-party platforms such as the Microsoft Azure IoT Suite [04], Amazon AWS IoT The VersaSense solution introduces a plug-and- Platform [05], GE Predix Industrial Internet play approach [01,20] that encapsulates Platform [06] and Siemens MindSphere IoT embedded sensors and actuators, with a Operating System [10]. This is described in standard physical connector and a unique Section 4. identifier, informing the wireless device which software driver it must install. This approach Securing your IIoT deployment: While IoT enables the integration of many existing sensors networks offer great business opportunities, their that communicate using: UART, SPI, I2C, ADC close integration with industrial processes or GPIO signals. Automatic sensor integration demands strong security. The VersaSense occurs in seconds and eliminates months of solution builds upon certified security standards development effort. in cryptography, key management and authentication to offer an IIoT solution with security that is second to none. Section 5 provides an overview of the security model implemented by VersaSense. Fig. 1 shows a range of plug-and-play sensors 2.2 Efficient and modular wireless alongside VersaSense Wireless Devices and an software updates Edge Gateway. Each wireless device supports up to three VersaSense sensors. Fig. 2 VersaSense sensors integrate with a deeply compares the energy consumption of modular software stack running on the wireless VersaSense against the low power Maxim device, which enables autonomous and wireless MAX3421E embedded USB host chip [9]. driver deployment and updates. The state of practice in wireless software updating for the IoT is based on the replacement of full software images. However, this is a slow and battery- sapping process.

Rather than replacing the complete software image of the wireless device when a new sensor driver is required, VersaSense introduces lightweight and efficient driver ‘components’ that can be individually installed, managed and removed.

Our prior research [11] analyzed a range of representative industrial cases and demonstrated that, modular driver updates reduce the energy required for software Fig. 1: A range of plug-and-play sensors and updates by over five times compared to full actuators alongside VersaSense Wireless image replacement. Devices and a VersaSense Edge Gateway.

3. IoT Network Technologies IoT networks offer a spectrum of trade-offs in terms of range, reliability, bandwidth and power consumption. The VersaSense IoT Fabric offers a choice of two industry-leading networks, an ultra-reliable 802.15.4e wireless mesh network based on SmartMesh IP™ [02] and LoRa™ [03], a low power wide area (LPWA) network. Table 1 summarizes the key features of each network.

Fig. 2: VersaSense sensors vastly reduce energy consumption in comparison to USB in all application scenarios (log/log plot).

As shown in Fig. 2, the VersaSense solution only consumes energy when peripherals are changed; by connecting or disconnecting them. When changing peripherals once per week, the VersaSense solution consumes 10 million times less power than USB. In all scenarios, VersaSense sensors increase battery life by orders of magnitude compared to embedded USB. Table 1: Network Feature Comparison often sensors report data. We experimentally evaluated the VersaSense SmartMesh IP SmartMesh IP LoRa 868MHz devices [20] in a dynamic application scenario with periodic sensor plug events, average data Range 350M 15KM rates of 1 message every 8 seconds and a mesh network of 32 SmartMesh IP devices, resulting Topology Extensible Star in a battery life of 10 years using the standard Mesh 4200mAh VersaSense battery pack (the longest Data rate at 10 packets per 1 packet every lifetime possible given battery shelf-lives). max. range second per 15 seconds device Reliability in fixed and mobile networks: Data rate at 10 packets per SmartMesh IP provides unparalleled reliability min. range 26 packets per second gateway for static networks by providing redundancy in time, frequency and space [02]. Time Battery life, Synchronized Channel Hopping (TSCH) 1pkt per 10s, ~1 year max tx power ~10 years mitigates the problems of interference and multi- (battery shelf path fading, while multiple redundant paths Battery life, life limit) ~10 years provide robustness against blocked signals. This 1pkt per hr, (battery shelf results in over 99.999% reliability for static max tx power life) networks. SmartMesh IP's "blink" mode allows Reliability 99.999% ~ 99% for mobile nodes to produce data as they travel across the network, providing support for Mobility Low rates of High rates of mobility at lower data rates. support mobility and mobility and throughput throughput 3.2 LoRa, a long-range low power network 3.1 SmartMesh IP, an ultra-reliable low LoRa from Semtech [03] is designed to be power mesh network extremely long range and robust against SmartMesh IP [02] from Analog Devices interference and multipath fading. LoRa is based combines the performance of IEEE802.15.4 on an ISM-band physical layer with CHIRP Time Synchronized Channel Hopping (TSCH) at Spread Spectrum (CSS) modulation. At the data link layer, LoRa uses Carrier Sense Multiple 2.4 GHz (ISM*), with IP integration using Access with Collision Avoidance (CSMA/CA). In IPv6/6LoWPAN. Europe LoRa runs at 863-870MHz, 902-928MHz in the US and 779-787MHz in China. Range and Topology: The per-hop range of SmartMesh IP is around 350m in ideal Range and Topology: The per-hop range of conditions. SmartMesh IP follows an extensible LoRa is around 15KM in ideal conditions. mesh topology, which means that every wireless LoRaWAN networks follow a simple star SmartMesh IP device is also a router. Not only topology, where every wireless LoRa device does this extend the range of the mesh network, must be within range of one or more powered it provides redundancy that can deliver wire-like gateways. The gateways themselves serve as packet forwarders that are coordinated by a end-to-end reliability. A SmartMesh IP mesh can LoRa server. Public LoRa networks are already cover very large areas, such as an entire office widely deployed. It is also possible to deploy a building, a factory or a street. private LoRa network.

Data rate vs battery life: Each SmartMesh IP Data rate vs battery life: The power device can send up to 10 packets per second, consumption of a LoRa device is determined by each containing up to 90B of application its transmit power and Spreading Factor (SF), payload. The SmartMesh IP network gateway, which determines modulation redundancy and can handle up to of 26 packets per second hence robustness. To achieve maximum range, coming from the network. The battery lifetime of both transmit power and spreading factor should be maximized. In this configuration, a wireless a SmartMesh IP network is related to the LoRa device is capable of transmitting at a topology and size of the mesh along with how maximum rate of 0.3bps. In short range 4. Connecting the IoT to Business Logic scenarios, transmitting at low power and with a low SF, speeds of up to 27 kbps are possible The true value of IoT data can only be realized [15]. We experimentally evaluated the 868MHz by transforming raw sensor data into actionable VersaSense LoRa device [16] at its maximum business intelligence. The VersaSense IoT range settings (SF12 and transmit power of Cloud Services accomplish this by providing a 14.1dBm) and found that transmitting a sensor state-of-the-art solution for open data access, reading every 60 minutes resulted in a battery storage, visualization, alerting and monitoring. lifetime of 9.3 years using our standard 4200mAh battery pack. 4.1 Data access APIs Reliability in fixed and mobile networks: The The VersaSense Edge Gateway (M01) exposes reliability of LoRa is proportional to its range standards-based data representations that are from the gateway. We found it was possible to accessible via a mix of APIs: achieve ~95% reliability within the range bounds described above [02]. LoRa performs equally ● IETF CoAP [13]: is a widely-used IoT reliably whether deployed in fixed or mobile interaction model that provides REST-like operations within the resource constraints networks. of the IoT. The CoAP API provides consistent low-level access to sensors and Table 2: Mapping Applications to Networks actuators while ensuring interoperability through compliance with the IPSO Alliance Network Recommendation [14] data model, which describes how sensor and actuator data should be Industrial process SmartMesh IP due to high represented. monitoring and reliability and throughput control demands. ● REST [17] (REpresentational State Transfer) is a standard for building Production line SmartMesh IP due to high distributed applications, that is pervasively monitoring data rate and battery life demands. used in web, cloud and ERP systems. The REST API provides full access to all IoT Building energy B o t h n e t w o r k s o f f e r resources while enabling easy integration monitoring and advantages depending on with existing business systems. management data rate and range requirements. ● Web Sockets [18] is a widely used standard for building event based systems Smart farming and LoRa due to long range such as web pages. The Web Services API precision requirements. agriculture provides the lowest possible barrier to entry when embedding live sensor data Fleet management LoRa due to long range and into web pages, dashboards and streaming (e.g. taxis, delivery good mobility support. applications. vehicles) VersaSense provides the right set of open and Site monitoring LoRa due to long range and standards-based APIs, eliminating the cost and asset tracking good mobility support. and effort of embedded development, while guaranteeing full access to IoT resources.

The right wireless network should be carefully 4.2 Out-of-the-Box Connectors selected based on application requirements. Table 2 shows how common IoT applications The VersaSense solution provides a range of map to specific wireless network technologies. default connectors that integrate with 3rd- party platforms such as the: Thanks to the consistent and open VersaSense • APIs, both LoRa and SmartMesh IP networks Microsoft Azure IoT Suite [04] • can be seamlessly combined in your Amazon AWS IoT Platform [05] • applications to take advantage of the benefits GE Predix Industrial Internet Platform [06] of both networks. • Siemens MindSphere IoT Operating System [10]. 5. IoT Security This allows the greatest possible freedom in connecting your IoT data to providers of data The VersaSense approach to security combines analytics solutions. certified cryptography, to guarantee confidentiality and integrity, with next generation key management and certified code updates to 4.3 VersaSense IoT Cloud Services provide best-in-class security. Table 3 shows The VersaSense IoT Cloud Services provide the how each link in the VersaSense system is core tools that are necessary to store, visualize secured. and process IoT data. Our approach is based on Key management: the AES cryptography that is the TICK [19] software stack. used to secure communication between the Data archiving: The VersaSense IoT Cloud wireless devices and edge gateways are based Services build on Influx, an open-source time on symmetric (i.e. shared) key cryptography, series database [19], which is optimized for the due to its efficiency in embedded computing rapid and robust storage and retrieval of time systems [12]. It is therefore essential to securely series data. Time-series databases far distribute key material between the gateway and outperform traditional relational databases for wireless devices. The state of practice in key typical IoT queries, allowing them to scale to distribution is to use a well-known join key to support many thousands of IoT devices per distribute unique session keys for each device. Common join keys are used in popular IoT cloud instance. protocols such as ZigBee Light Link (ZLL) and Analysis and Visualization: The VersaSense Home Automation Profile (HAP) [21]. However, visualization solution builds on Grafana [23], an this approach is fundamentally insecure against open source analysis and visualization suite. attackers who sniff packets when nodes are Grafana provides easy-to-configure tools for commissioned [22]. VersaSense goes further visualizing IoT data using a wide range of than these approaches by embedding a NIST- graphical widgets as shown in Figure 4. Grafana certified random key generator in every gateway, also supports the export of data in formats such that can be used to securely manage keys at the as excel-compatible spreadsheets. client’s site. This eliminates the join-time security hole and ensures that clients retain full on-site control of their security.

Fig. 4: A Grafana dashboard showing live IoT Fig. 5: Key generation and distribution in the data in a range of custom graph widgets. VersaSense solution eliminates join-time security holes. Alerting: Kapacitor [19] provides a simple, yet powerful system for configuring alerts based Certified software updates: While wireless upon IoT data and trends. Kapacitor connects software updates are essential for the IoT, they easily to all core communication channels must be supported by strong security to prevent including email, SMS and Slack to support rapid the injection of malware or other forms of management responses to changing operational tampering with software updates. VersaSense conditions. uses code certification to protect against tampering with software updates. The VersaSense IoT Cloud Services enable scalable data storage, customizable business dashboards and flexible alerts, all through an easy to configure interface that requires no programming. Table 3: Cryptographic protection on each To enable practical experimentation with the communication link in the VersaSense system. VersaSense technology, VersaSense has created an evaluation and development kit, Network Recommendation which provides everything that is needed to evaluate VersaSense products in real-world SmartMesh IP NIST-certified AES-128 applications. This kit is available through our connection from running in CCM mode. global distributor DigiKey: wireless device to gateway https://www.digikey.com/en/supplier-centers/v/ versasense?WT.z_cid=sp_1737_supplier LoRa connection LoRa alliance standardized from wireless AES-128 running in CTR For a more detailed description of technologies device to gateway mode. related to VersaSense, we refer readers to the IP connection from SSL using 256b public key references on: plug-and-play peripherals [01], gateway to cloud. cryptography with OAuth 2.0 the efficiency of modular embedded software authentication on the cloud [11], VersaSense networking [16, 20] and and the gateway. security [12].

To discover how VersaSense could help your business to deploy the Industrial Internet of 6. Conclusion Things (IIoT), contact: [email protected]. The VersaSense IoT Fabric enables the effective deployment of IoT technologies across a wide range of industrial applications, including process and facility monitoring, building energy management, precision agriculture, logistics, as well as many others.

The VersaSense solution radically simplifies the adoption of the Industrial IOT by delivering truly plug-and-play sensors and actuators that operate at ultra low power [01] and communicate seamlessly using best of breed network technologies for extreme reliability [02] or long range [03] operation. The VersaSense IoT Cloud Services transform this raw data into actionable business intelligence and supports connection with leading data analytics platforms [04,05,06,10].

7. Next Steps Sometimes words are not enough to describe how simple and straightforward it is to deploy the VersaSense plug-and-play sensors and actuators. Check out our videos on the Youtube VersaSense channel to see how easy it can be to get started with the IIoT: https://www.youtube.com/channel/ UCbTe58O6d68-iUaj9AobrOg 8. References [14] J. Jimenez, M. Koster, H. Tschofenig, IPSO Smart Objects, IPSO Alliance, available online at: NOTE: the VersaSense solution is based on the www.ipso-alliance.org/wp-content/uploads/2016/01/ award-winning MicroPnP technology. The products ipso-paper.pdf also used to be called MicroPnP but have since been re-branded to VersaSense. Many of the reference [15] F. Adelantado et al., Understanding the limits of documents will still be referring to the old names. LoRa-WAN, in IEEE Communications Magazine, Jan. 2017. [01] F. Yang, N. Matthys, R. Bachiller Soler, S. Michiels, W. Joosen, D. Hughes, µPnP: Plug and play [16] G.S. Ramachandran, F. Yang, P.W. Lawrence, S. peripherals for the Internet of Things, 10th European Michiels, W. Joosen, D. Hughes, MicroPnP-WAN: Conference on Computer Systems, Bordeaux, Experiences with LoRa and its Deployment in DR France, 2015. Congo, COMSNETS, Bengaluru, India, 4-8 Jan 2017.

[02] T. Watteyne, L. Doherty, J. Simon, K. Pister, [17] Web Services Architecture, World Wide Web Technical Overview of SmartMesh IP, 7th International Consortium. 11 February 2004. 3.1.3 Relationship to Conference on Innovative Mobile and Internet the World Wide Web and REST Architectures. Services in , Taichung, Taiwan, 2013. [18] RFC6455, The WebSocket Protocol, https:// tools.ietf.org/html/rfc6455 [03] LoRa Alliance Technology (4th June 2017), www.lora-alliance.org/What-Is-LoRa/Technology [19] B. Raseel, An Introduction to TICK stack for IoT, online at: www.zymr.com/introduction-tick-stack-iot/ [04] Microsoft Azure Cloud Platform (4th June 2017), https://azure.microsoft.com/en-us/ [20] N. Matthys, F. Yang, W. Daniels, S. Michiels, W. Joosen, D. Hughes, T. Watteyne, µPnP-Mesh: the [05] Amazon IoT Cloud Platform (4th June 2017), plug-and-play mesh network for the internet of things, https://aws.amazon.com/iot/ IEEE 2nd World Forum on Internet of Things, pages 311-315, Milan, Italy, 14-16 December 2015. [06] Predix Industrial Cloud Platform (4th June 2017), https://www.ge.com/digital/predix [21] D. Gislason, ZigBee applications, Profiles, online at: eetimes.com/document.asp?doc_id=1278223 [07] Arduino & Genuino Products (4th June 2017), https://www.arduino.cc/en/Main/ArduinoBoardUno [22] T. Zillner, ZigBee exploited, the good, the bad and the ugly, available online at: https:// [08] Seeed Grove Sensor System (4th June 2017), www.blackhat.com/docs/us-15/materials/us-15-Zillner- www.seeedstudio.com/Grove_Sensor ZigBee-Exploited-The-Good-The-Bad-And-The- Ugly.pdf [09] MAX3421E USB Peripheral and Host Controller with SPI Interface Data Sheet (4th June 2017), [23] Grafana - the open platform for analytics and maximintegrated.com/en/products/interface/ monitoring (4th June 2017), https://grafana.com controllers-expanders/MAX3421E.html

[10] Siemens MindSphere (13th June 2017), https:// www.siemens.com/global/en/home/products/software/ mindsphere.html

[11] G. S. Ramachandran et al., "Measuring and Modeling the Energy Cost of Reconfiguration in Sensor Networks," in IEEE Sensors Journal, vol. 15, no. 6, pp. 3381-3389, June 2015.

[12] K. Pister, J. Simon, WP004 - Getting Security Right in Wireless Sensor Networks, Dust Networks® Product Group, Linear Technology®. available online at: www.linear.com/docs/44216

[13] RFC 7252 - The Constrained Application Protocol (CoAP) - IETF Tools, available online at: https:// tools.ietf.org/html/rfc7252

Copyright © 2017 by VersaSense® N.V. All rights reserved. VersaSense® and MicroPnP™ are trademarks or registered trademarks of VersaSense® N.V. The product specifications and system requirements are subject to change without notice. Technology-2.3-WP-Dec’17