Internet of Everything&

WebRTC09/2014

03/2015

Cisco - IoE

• Cisco defines Internet of Everything (IoE) as bringing together people, processes, data, and things to make networked connections.

• The network plays a critical role in the IoE - it must provide an intelligent, manageable, secure infrastructure that can scale to support billions of context-aware devices.

IoE - Issues

There are five principal issues that are going to have to be resolved.

IoE - Issues(cont.)

• Connectivity• Identity• Manageability• Data Storage• Security and Privacy

My vision of what an IoE network platform should look like

IoE Stack

IoE Stack(cont.)

The IoE Stack addresses a design model to handle connectivity, identity, manageability, data storage, security and privacy issues.

Connectivity

• Interactive Connectivity Establishment (ICE) is a standardized mechanism for establishing peer-to-peer communication between software agents running behind NAT firewalls.

• In a distributed and heterogeneous IoEscenario, this mechanism comes handy for interconnecting people and devices inside and outside the enterprise boundaries.

Connectivity(cont.)

• STUN server discovers the public IP address of the client as well as identify the type of NAT in use.

• TURN server acts as a relay or proxy for the data session.

Identity

• A modern Identity Management System is an enabler for networked people and devices.

• A new OpenID Connect authentication standard can be implemented across virtually any application or service.

• A trusted OpenID Connect Identity Provider can ensure identity across people and IoT devices.

Identity Provider

• An Identity Provider (IdP) is a trusted place issuing identification information after credential validation.

• OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, developed by the OpenID Foundation.

Identity Provider(cont.)

• OpenID Connect standard was designed to cover B2B, as well as B2C scenarios. It combines the simplicity of OAuth 2.0 and the decentralized architecture of OpenID. It is more powerful when used in combination with User-Managed Access (UMA) standard.

• UMA leverages OpenID Connect to enable safer B2B/B2C information sharing while preserving privacy.

Manageability

• An essential part of managing trust and security in the IoE world is an Identity and Access Management.

• One of the ways to manage meshed network connections between people and devices is through the Identity-Based Network.

Manageability(cont.)

• WebRTC - a free open project authored by Google, now being drafted as an API definition by the W3C, enables for real-time, peer-to-peer video, audio, and data transfer between browsers.

• In order for a WebRTC application to set up a connection, its nodes need to exchange some information.

• The signaling server is used to coordinate this communication.

ManageabilityPublish/Subscribe Relationships

• Publish Subscribe (Pub/Sub) design pattern is becoming crucial for distributed signaling systems.

• There are a few different communication protocols and implementations supporting Pub/Sub, such as XMPP, AMQP, MQTT and Faye.

ManageabilityPublish/Subscribe Relationships (cont.)• By properly implementing OAuth2

authorization mechanism into Pub/Sub systems, users can authorize publishing and subscription requests.

• In this way users should be able to manage their connections and relationships with customers, partners and devices.

Data Storage

• WebRTC IoT Hub is a device running an agent that resides on premises and can be paired with a variety of sensors as well as third party connected devices/agents.

• The collected data are processed, encrypted and stored on the Hub device and periodically backup through cloud data storage services.

Security and Privacy

• Datagram Transport Layer Security (DTLS) is used to provide communications security and privacy for datagram protocols.

• DTLS allows datagram-based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

Security and Privacy(cont.)

• The WebRTC Data Channel technology uses a peer-to-peer architecture that provides privacy measures, which in combination with Identity Relationship Management assure that confidential information can be accessed only by authorized parties.

• DTLS encrypted data channel ensures security for all participants.

Conclusion and next steps

Conclusion:• Presented trust-to-trust communication is a

better fit for the distributed nature of cloud computing and has intrinsic privacy-preserving properties.

Next steps:• Evaluate the Identity-Based Network architecture

as an IoE backbone.• Develop a prototype software system.

Business Opportunities

Homes and Offices:• Monitoring – smoke and water leak detector,

energy monitor.• Centralized control – cameras, door locks,

thermostats, lighting and small appliances control.

Business Opportunities(cont.)

SOHOs, SMEs and Enterprises:• Data sharing – email, FTP and Managed File

Transfer alternative.• Collaboration – document management,

project management, virtual data room, sales portal, supply chain collaboration, science & research teams collaboration, product design and development (engineering) collaboration.

Business Opportunities(cont.)

Manufacturing:• Proactive maintenance - machines that predict

failures and trigger maintenance processes autonomously.

• Connected Supply Chain - tracking, monitoring and reporting of inventory, parts and products as they move through the supply chain.

Business Opportunities(cont.)

Healthcare:• Patient monitoring - remote, continuous

monitoring of a patient's health.• Network-of-care - interconnected physicians,

hospitals, clinics and medical devices.• Telehealth - the delivery of health-related

services and information to treat patients remotely.

Thank you!

Igor Zboran: plus.google.com/+IgorZboran

Featured links:• igi64.github.io/ioe• twitter.com/igi64