iot systems: architectures, models, guidelines iot standards: a … · 2019-10-23 · strategy,...
TRANSCRIPT
Presented by: For:
© ETSI 2019
23.10.2019
IoT Systems: Architectures, Models, Guidelines
Emmanuel Darmois ETSI IoT Week 2019
IoT Standards: a Global ApproachThe ETSI Specialist Task Force 547
© ETSI 2019 2
IoT: A Complex Picture
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 3
The intrinsic complexity of IoT have a profound impact on IoT Standardisation and how standards are actually used
How to Make Decisions in a Fragmented Standards Landscape?
Pervasive ICT technologies, Multiple Point Solutions (e.g. protocols)Sector‐specific solutions (and silos), Cross‐sector system deployment
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 4
Standards are only a part of the picture
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
Standards Open Source Regulation
Industry Stakeholders Research
Skills Strategies Organisations
© ETSI 2019 5
Addressing IoT Systems Complexity
Dealing with IoT characteristicsHigh‐level issues in support of strategy
Extensive Stakeholders InvolvementTechnical strategyDeployment modelsIntegration of/with legacy
Specific technical challengesInteroperabilityPrivacySecurity
Integrating some important aspectsStakeholders and roles
From diverse viewpointsStrategy, empowerment, technology, …
Potentially conflicting requirementsReference Architecture
Shared understandingDocumented technical choices
Support to the non‐specialist involvedGuidelines for decision and usageTeaching material
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 6
ETSI Specialist Task Force (STF) 547A global approach to IoT Systems
A framework for IoT standardisationAddressing interoperability across IoT domainsFocusing on major aspects:
(Semantic) InteroperabilityA end‐user focused approach to PrivacyMethods and techniques for Secure IoT
Whose essential objectives are toIdentify guidelines and best practicesBuild a bridge for potential designers / implementers of IoT systemsProvide comprehensive material for information, teaching/learning and demonstration with a very practical usage and implementation perspective
Co‐funded by the European CommissionETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 7
ETSI STF 547A Set of Coordinated Deliverables
Seven Technical ReportsPrivacy; Standards Landscape and best practices TR 103 591 ✅Security; Standards Landscape and best practices TR 103 533 ✅Guidelines for using Semantic Interoperability in the industry TR 103 535 ✅Plugtests™ preparation on Semantic Interoperability TR 103 537 ✅Strategic / technical approach on how to achieve interoperability / interworking of existing standardized IoT Platforms TR 103 536Teaching material; Part 1: IoT Security TR 103 534‐1 ✅Teaching material; Part 2: IoT Privacy TR 103 534‐2 ✅
A Special Report SR 003 680“Guidelines for Security, Privacy and Interoperability in IoT System Definition; A Concrete Approach”Added as a means to promote a high‐level view of the STF workDedicated to all stakeholdersIllustrated by relevant use cases
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 8
Major issues addressed
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 9
Privacy
The challenge of Privacy in IoTIoT is an example of hyper connectivity and distributed controlAppropriate safeguards are needed to ensure that individuals’ right to privacy is effectively protected
Box ticking does not guaranty effective protectionSome of the challenges in ensuring privacy in practice:
Identifying the entire chain of stakeholders that have responsibilities in relation to processing of personal dataUnderstanding the role of the contextHow stakeholders need to think of Privacy as part of design not an afterthoughtRaising awareness that protection of privacy is mandatory: GDPR forms binding law, not just a standard
The Technical Report proposes an approach that suggestsReinforcing the role of human users Putting privacy concerns at the heart of IoT
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 10
PrivacyBest Practices and Training Material
Standards Landscape and Best Practices TR 103 591The role of Standards under GDPRUse cases for IoT PrivacyIoT Privacy Standards LandscapeIoT Privacy Guidance and Best Practices
IoT Privacy Guidance pursuant to current Best PracticesIoT framework principles pursuant to the GDPRProposed guidelines on meeting GDPR principlesExisting guidelines: the paradigm of privacy by design
Training material TR 103 534‐2Covers
What is Privacy and Data Protection; use cases analysisThe novelties of GDPRRisk assessment and risk mitigation
GDPR is mandatoryAn effective protection of privacy and (personal) data protection requires technical and organizational measuresOrganizations need to deliver documented and continuous proof of appropriate levels of protection
No new standards or regulation needed on privacy but:There is a significant gap in application of privacy protection in generalAny new IoT standard should be adapted to GDPR
Standards do not mean to serve as a presumption of conformity with the GDPR,New standards will have to interoperate with the rest of the legislative acts pertaining to the IoT ecosystem and beyond.
Need for new codes of conduct and certificationAccountability tools embraced by the GDPR, also highly relevant for the IoT
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
Some take‐aways
© ETSI 2019 11
SecurityFrom IoT to Secure IoT
Identify where devices sit on the acceptable risk scaleHighly risk averse:
All devices have to identify themselves and their function to their attached correspondentsAll data passed from device to device has to be visible only to identified and authenticated, and authorized partiesAll data protected against malicious manipulation (e‐signature or MAC)
Less risk averseUse secure nodes as security anchors and liability anchors; Allows for devices without security processing
Apply Security Principles to IoTGeneral Security Guidance and Best Practices
Provide security functions when required by lawProvide mitigations to quantified risk Know who is acting on your device and why (security in depth)
Specific (Cryptography) Security Guidance and Best PracticesSecurity should be centred on the key (and not on the algorithm)Key management rigour determines system vulnerability
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 12
SecurityBest Practices and Training Material
Standards Landscape and Best Practices TR 103 533Snapshot of IoT security (standards) landscapeRegulatory Context: GDPR, NIS Directive, Cybersecurity PackageIoT Specific Security Guidance and Best Practices
GSMA, DCMS, ENISA, ECSO and other industry guidelinesGeneral Security Guidance and Best Practices
Defence in DepthSecure by DefaultDesign for assurancePrivacy by Design
Training material TR 103 534‐1Covers risk analysis, cryptography basics, trust modelling …Example of why it is useful
An IoT vendor is not certain to know how the IoT thing will be deployed, therefore has to make educated guesses to assure security. Hence the need to train everyone in the supply chain in security.
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
AIOTI
ENISA
ITU‐T
NIST
OASIS
TCGTrusted Computer Group
oneM2M WG4
ETSI SmartM2M
ETSI ITS WG5
ETSI SmartBAN
ETSI EP eHealth
ETSI ERM
The IoT Security Landscape
© ETSI 2019 13
Semantic Interoperability
The Semantic Interoperability ChallengeAdopt the most flexible adapted of many approachesMake sure this is used in the industry, not just labs
High expectationsMarket drivers
Improving existing services, providing new ones; public policy support, …Expected benefits
Continuous solution integration/operation, efficient data exposure, centralized management of heterogenous IoT infrastructure, …
Difficult road aheadA complex landscape
Glossary, Dictionary, Taxonomy, Thesaurus, Topic map, Meta data repository, Microformat, OntologyVarious level of adoption
With a preference for “static” approaches, due in particular to the skills of the developers
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
Source: IoT‐EPI
© ETSI 2019 14
Semantic InteroperabilityGuidelines and Best Practices
Guidelines for SI in the industry TR 103 535State of the art of semantic interoperability
Semantic approaches; Classification systems; OntologiesExisting solutions from academia, standards and industry
Semantic interoperability adoption analysisNeed; Adoption Status; Market Drivers and InhibitorsThe ontology problem
Guidelines for using Semantic Interop. in the industryStrategy guidelines (for high‐level decision making)Technical guidelines (for IoT system designers and developers)
Guidelines for SI Plugtests TR 103 537Requirements for testing Semantic InteroperabilityTest configurationsExamples of possible test scenarios
Market inhibitorsLack of familiarity with semanticLack of killer applications and successful use casesComplexity and immaturityUncertainty regarding scalability and performanceDifficulty to perceive immediate value
The ontology problemNo generally accepted upper‐ontology in useMany fragmented knowledge nichesThe ontology integration nightmare
Guidelines are proposedStrategic: decision, investment, promotion, …Technical: use upper ontology, reuse domain ontology, adapt the development process, …
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
Key take‐aways
© ETSI 2019 15
Are Standardised Platforms ready for prime‐time?
DefinitionAn IoT Platform can be defined as an intelligent layer that connects the things to the network and abstract applications from the things with the goal to enable the development of services. […] An IoT platform facilitates communication, data flow, device management, and the functionality of applications. The goal is to build IoT applications within an IoT platform framework. (Source: IoT‐EPI)
ExpectationsTo mask the heterogeneity of devicesTo handle and simplify communicationTo support (end‐to‐end) data flowsTo provide generic services to the applications built on top of it
ChallengesVersatilitySemantic InteroperabilityFlexible deployment modelsOpen and efficient implementationsSupport of non‐functional properties (e.g., security)
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
Source: eclipse.org
© ETSI 2019 16
Standardised PlatformsGuidelines and Best Practices
Strategic / technical approach on how to achieve interoperability/interworking of existing standardized IoT Platforms TR 103 536
An IoT Platforms LandscapeAnalysis Framework; Maturity; ClassificationStandardised IoT Platforms
Some examples: oneM2M, OCF, Apache
Interoperability: Strategy & Technical approachesThe case of Industrial IoT
Challenges of IIoTUsing Standardised Platforms in IIoT
Connectivity; Semantic Interop.; Virtualisation; Data …Platform adoptionA review of IIoT Platforms
Guidelines and recommendations
Lessons learnedStill fragmented & immature landscapeProprietary platforms are not a panaceaOpen platform adoption in the Enterprise is (even more) complexThe key role of integrationA growing role for standardised solutionsSemantic Interoperability is a key issue and enabler to open platform adoptionMany issues related to platform adoption are cultural
ConclusionStandardised platforms can be consideredStrategy choices (proprietary vs standardised, development organisation, training, …) are as important as technical ones
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
Key take‐aways
© ETSI 2019 17
Conclusions
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 18
STF 547 OutcomeGeneric and detailed recommendations and guidelines
A Special Report to summarise the STF findings in a simple manner SR 003 680 Not just for the technology happy few (and the standards literate)Focused on guidance for all sorts of stakeholders
Major issues addressed in the form of Q&A Generic guidelines based on those from the Technical Reports
Illustrated by relevant use caseseHealth; Smart Buildings; Industrial IoT; IoT‐based Mission Critical Communications
To be approved mid‐December, published January 2020
7 Technical ReportsAddressing major topics with a guidelines and recommendations perspective
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 19
The STF: a contribution to the landscape evolution
Where we areAll Technical Reports approved
Overall publication date: 08/2019All published but one (in a few days)
Special ReportSR Target approval date: 11/2019
Promotion / DisseminationDelivery Workshop (December/January)Involving actors beyond standardisation
Expected impactContributions to ETSI TCs
ETSI SmartM2M, ETSI CIM, …
Information, dissemination3GPP, oneM2M
Contributions to AIOTI5G & IoT, gaps, Semantic Interop, HLA
Input for further STF (e.g., IA for IoT)
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach
© ETSI 2019 20
Thank you for your attention!
STF547: https://portal.etsi.org/STF/STFs/STFHomePages/STF547
Contact Details: Emmanuel [email protected]+33 6 3151 5393
ETSI IoT Week 2019 – IoT Standardisation – A Global Approach