iot systems: architectures, models, guidelines iot standards: a … · 2019-10-23 · strategy,...

Presented by: For:

© ETSI 2019

23.10.2019

IoT Systems: Architectures, Models, Guidelines

Emmanuel Darmois ETSI IoT Week 2019

IoT Standards: a Global ApproachThe ETSI Specialist Task Force 547

© ETSI 2019 2

IoT: A Complex Picture

ETSI IoT Week 2019 – IoT Standardisation – A Global Approach

© ETSI 2019 3

The intrinsic complexity of IoT have a profound impact on IoT Standardisation and how standards are actually used

How to Make Decisions in a Fragmented Standards Landscape?

Pervasive ICT technologies, Multiple Point Solutions (e.g. protocols)Sector‐specific solutions (and silos), Cross‐sector system deployment


© ETSI 2019 4

Standards are only a part of the picture


Standards Open Source Regulation

Industry Stakeholders Research

Skills Strategies Organisations

© ETSI 2019 5

Addressing IoT Systems Complexity

Dealing with IoT characteristicsHigh‐level issues in support of strategy

Extensive Stakeholders InvolvementTechnical strategyDeployment modelsIntegration of/with legacy

Specific technical challengesInteroperabilityPrivacySecurity

Integrating some important aspectsStakeholders and roles

From diverse viewpointsStrategy, empowerment, technology, …

Potentially conflicting requirementsReference Architecture

Shared understandingDocumented technical choices

Support to the non‐specialist involvedGuidelines for decision and usageTeaching material


© ETSI 2019 6

ETSI Specialist Task Force (STF) 547A global approach to IoT Systems

A framework for IoT standardisationAddressing interoperability across IoT domainsFocusing on major aspects:

(Semantic) InteroperabilityA end‐user focused approach to PrivacyMethods and techniques for Secure IoT

Whose essential objectives are toIdentify guidelines and best practicesBuild a bridge for potential designers / implementers of IoT systemsProvide comprehensive material for information, teaching/learning and demonstration with a very practical usage and implementation perspective

Co‐funded by the European CommissionETSI IoT Week 2019 – IoT Standardisation – A Global Approach

© ETSI 2019 7

ETSI STF 547A Set of Coordinated Deliverables

Seven Technical ReportsPrivacy; Standards Landscape and best practices TR 103 591 ✅Security; Standards Landscape and best practices TR 103 533 ✅Guidelines for using Semantic Interoperability in the industry TR 103 535 ✅Plugtests™ preparation on Semantic Interoperability TR 103 537 ✅Strategic / technical approach on how to achieve interoperability / interworking of existing standardized IoT Platforms TR 103 536Teaching material; Part 1: IoT Security TR 103 534‐1 ✅Teaching material; Part 2: IoT Privacy TR 103 534‐2 ✅

A Special Report SR 003 680“Guidelines for Security, Privacy and Interoperability in IoT System Definition; A Concrete Approach”Added as a means to promote a high‐level view of the STF workDedicated to all stakeholdersIllustrated by relevant use cases


© ETSI 2019 8

Major issues addressed


© ETSI 2019 9

Privacy

The challenge of Privacy in IoTIoT is an example of hyper connectivity and distributed controlAppropriate safeguards are needed to ensure that individuals’ right to privacy is effectively protected

Box ticking does not guaranty effective protectionSome of the challenges in ensuring privacy in practice:

Identifying the entire chain of stakeholders that have responsibilities in relation to processing of personal dataUnderstanding the role of the contextHow stakeholders need to think of Privacy as part of design not an afterthoughtRaising awareness that protection of privacy is mandatory: GDPR forms binding law, not just a standard

The Technical Report proposes an approach that suggestsReinforcing the role of human users Putting privacy concerns at the heart of IoT


© ETSI 2019 10

PrivacyBest Practices and Training Material

Standards Landscape and Best Practices TR 103 591The role of Standards under GDPRUse cases for IoT PrivacyIoT Privacy Standards LandscapeIoT Privacy Guidance and Best Practices

IoT Privacy Guidance pursuant to current Best PracticesIoT framework principles pursuant to the GDPRProposed guidelines on meeting GDPR principlesExisting guidelines: the paradigm of privacy by design

Training material TR 103 534‐2Covers

What is Privacy and Data Protection; use cases analysisThe novelties of GDPRRisk assessment and risk mitigation

GDPR is mandatoryAn effective protection of privacy and (personal) data protection requires technical and organizational measuresOrganizations need to deliver documented and continuous proof of appropriate levels of protection

No new standards or regulation needed on privacy but:There is a significant gap in application of privacy protection in generalAny new IoT standard should be adapted to GDPR

Standards do not mean to serve as a presumption of conformity with the GDPR,New standards will have to interoperate with the rest of the legislative acts pertaining to the IoT ecosystem and beyond.

Need for new codes of conduct and certificationAccountability tools embraced by the GDPR, also highly relevant for the IoT


Some take‐aways

© ETSI 2019 11

SecurityFrom IoT to Secure IoT

Identify where devices sit on the acceptable risk scaleHighly risk averse:

All devices have to identify themselves and their function to their attached correspondentsAll data passed from device to device has to be visible only to identified and authenticated, and authorized partiesAll data protected against malicious manipulation (e‐signature or MAC)

Less risk averseUse secure nodes as security anchors and liability anchors; Allows for devices without security processing

Apply Security Principles to IoTGeneral Security Guidance and Best Practices

Provide security functions when required by lawProvide mitigations to quantified risk Know who is acting on your device and why (security in depth)

Specific (Cryptography) Security Guidance and Best PracticesSecurity should be centred on the key (and not on the algorithm)Key management rigour determines system vulnerability


© ETSI 2019 12

SecurityBest Practices and Training Material

Standards Landscape and Best Practices TR 103 533Snapshot of IoT security (standards) landscapeRegulatory Context: GDPR, NIS Directive, Cybersecurity PackageIoT Specific Security Guidance and Best Practices

GSMA, DCMS, ENISA, ECSO and other industry guidelinesGeneral Security Guidance and Best Practices

Defence in DepthSecure by DefaultDesign for assurancePrivacy by Design

Training material TR 103 534‐1Covers risk analysis, cryptography basics, trust modelling …Example of why it is useful

An IoT vendor is not certain to know how the IoT thing will be deployed, therefore has to make educated guesses to assure security. Hence the need to train everyone in the supply chain in security.


AIOTI

ENISA

ITU‐T

NIST

OASIS

TCGTrusted Computer Group

oneM2M WG4

ETSI SmartM2M

ETSI ITS WG5

ETSI SmartBAN

ETSI EP eHealth

ETSI ERM

The IoT Security Landscape

© ETSI 2019 13

Semantic Interoperability

The Semantic Interoperability ChallengeAdopt the most flexible adapted of many approachesMake sure this is used in the industry, not just labs

High expectationsMarket drivers

Improving existing services, providing new ones; public policy support, …Expected benefits

Continuous solution integration/operation, efficient data exposure, centralized management of heterogenous IoT infrastructure, …

Difficult road aheadA complex landscape

Glossary, Dictionary, Taxonomy, Thesaurus, Topic map, Meta data repository, Microformat, OntologyVarious level of adoption

With a preference for “static” approaches, due in particular to the skills of the developers


Source: IoT‐EPI

© ETSI 2019 14

Semantic InteroperabilityGuidelines and Best Practices

Guidelines for SI in the industry TR 103 535State of the art of semantic interoperability

Semantic approaches; Classification systems; OntologiesExisting solutions from academia, standards and industry

Semantic interoperability adoption analysisNeed; Adoption Status; Market Drivers and InhibitorsThe ontology problem

Guidelines for using Semantic Interop. in the industryStrategy guidelines (for high‐level decision making)Technical guidelines (for IoT system designers and developers)

Guidelines for SI Plugtests TR 103 537Requirements for testing Semantic InteroperabilityTest configurationsExamples of possible test scenarios

Market inhibitorsLack of familiarity with semanticLack of killer applications and successful use casesComplexity and immaturityUncertainty regarding scalability and performanceDifficulty to perceive immediate value

The ontology problemNo generally accepted upper‐ontology in useMany fragmented knowledge nichesThe ontology integration nightmare

Guidelines are proposedStrategic: decision, investment, promotion, …Technical: use upper ontology, reuse domain ontology, adapt the development process, …


Key take‐aways

© ETSI 2019 15

Are Standardised Platforms ready for prime‐time?

DefinitionAn IoT Platform can be defined as an intelligent layer that connects the things to the network and abstract applications from the things with the goal to enable the development of services. […] An IoT platform facilitates communication, data flow, device management, and the functionality of applications. The goal is to build IoT applications within an IoT platform framework. (Source: IoT‐EPI)

ExpectationsTo mask the heterogeneity of devicesTo handle and simplify communicationTo support (end‐to‐end) data flowsTo provide generic services to the applications built on top of it

ChallengesVersatilitySemantic InteroperabilityFlexible deployment modelsOpen and efficient implementationsSupport of non‐functional properties (e.g., security)


Source: eclipse.org

© ETSI 2019 16

Standardised PlatformsGuidelines and Best Practices

Strategic / technical approach on how to achieve interoperability/interworking of existing standardized IoT Platforms TR 103 536

An IoT Platforms LandscapeAnalysis Framework; Maturity; ClassificationStandardised IoT Platforms

Some examples: oneM2M, OCF, Apache

Interoperability: Strategy & Technical approachesThe case of Industrial IoT

Challenges of IIoTUsing Standardised Platforms in IIoT

Connectivity; Semantic Interop.; Virtualisation; Data …Platform adoptionA review of IIoT Platforms

Guidelines and recommendations

Lessons learnedStill fragmented & immature landscapeProprietary platforms are not a panaceaOpen platform adoption in the Enterprise is (even more) complexThe key role of integrationA growing role for standardised solutionsSemantic Interoperability is a key issue and enabler to open platform adoptionMany issues related to platform adoption are cultural

ConclusionStandardised platforms can be consideredStrategy choices (proprietary vs standardised, development organisation, training, …) are as important as technical ones


Key take‐aways

© ETSI 2019 18

STF 547 OutcomeGeneric and detailed recommendations and guidelines

A Special Report to summarise the STF findings in a simple manner SR 003 680 Not just for the technology happy few (and the standards literate)Focused on guidance for all sorts of stakeholders

Major issues addressed in the form of Q&A Generic guidelines based on those from the Technical Reports

Illustrated by relevant use caseseHealth; Smart Buildings; Industrial IoT; IoT‐based Mission Critical Communications

To be approved mid‐December, published January 2020

7 Technical ReportsAddressing major topics with a guidelines and recommendations perspective


© ETSI 2019 19

The STF: a contribution to the landscape evolution

Where we areAll Technical Reports approved

Overall publication date: 08/2019All published but one (in a few days)

Special ReportSR Target approval date: 11/2019

Promotion / DisseminationDelivery Workshop (December/January)Involving actors beyond standardisation

Expected impactContributions to ETSI TCs

ETSI SmartM2M, ETSI CIM, …

Information, dissemination3GPP, oneM2M

Contributions to AIOTI5G & IoT, gaps, Semantic Interop, HLA

Input for further STF (e.g., IA for IoT)


© ETSI 2019 20

Thank you for your attention!

STF547: https://portal.etsi.org/STF/STFs/STFHomePages/STF547

Contact Details: Emmanuel [email protected]+33 6 3151 5393


iot systems: architectures, models, guidelines iot standards: a … · 2019-10-23 · strategy,...

Documents