M2M and IoT Protocols: MQTT, ALLJOYN, DDS and COAP: Why, Where and When

Geoff Brown, CEO

geoff.brown@m2mi.com @M2MiCorp @GeoffreyBrown

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

Quick Intro Cyber Security and Privacy Expert–  M2M and IoT Pioneer, Based at NASA Research Park –  Founder & CEO of The Machine-To-Machine Intelligence (M2Mi) Corporation ( 9 years ) –  Open Standards Advocate : OASIS MQTT Secretary & Chair of security sub-committee –  Former Chair of DoD W2CoG –  OASIS, Industrial Internet Consortium, SGIP, World IoT Forum (steering Committee) –  Built world’s largest pure play M2M and IoT global application platform –  Chair Silicon Valley CTO Professionals –  Chair Silicon Valley Network & Infrastructure Group

2

•  Gartner Cool Vendor 2014, Connected World Top 100 •  Available for trial and purchase via the IBM Cloud Marketplace

Inventor of 5G Telecommunications

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

The Protocols

3

The Protocols (why, where and when):–  MQTT –  ALLJOYN –  DDS –  COAP (WebofThings)

Guidelines:–  Listen –  Security & Privacy #1 – Is the most important delta –  There is no #1 protocol, each is applicable to difference and compatible use-case –  I enjoy and appreciate all the M2M and IoT protocols –  An explanation of M2M and Internet of Things and Web of Things

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

   

   

   

Cybersecurity Compliance Hierarchy

4

Enterprise  Security  Requirements  • IP  Management  • DDoS/DoS  Mi0ga0on  • Web  Applica0on  Firewalls  • Firewall  Zones  • Fine  Grained  Roles  and  privileges    • Proof  of  device  iden0ty  and  source  • Encryp0on  of  data  at  rest  and  in  transit  

Infrastructure  Protec6on    • Database  Server  Isola0on  • Two-­‐Factor  Authen0ca0on  Access  • Firewall  Management  • Fully  Managed  An0virus  Protec0on    • IDS  • Log  Monitoring  and  Management  • Con0nuous  backup  

Governance  and  Regula6ons  SOX,  HIPPA/MDDS,  PCI,  FISMA,  FIPS  

NIST    Cybersecurity    Framework  

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

Oil and Gas use-case

5

Id:  23,  Line:  2   Id:  67,    Tank:  empty  

Id:  22,  Pressure:  5  

Id:  7,    Diesel:  45  

Id:  38,    Level:  157  

Id:  893,    GPS:  -­‐121,54  

Id:  2240,    Temp:  23  

Id:  12070,    Flow:  567  

Id:  32111,    Volume:  64  

Processing   Distribu0on   Sta0on  Infrastructure   Fleet  Services  Extrac0on  

SECU

RITY

 

Data  Gathering  :  Connec0vity  Services,  Message  Collec0on,  Data  Parsing,  Context  Crea0on      

FlowChains  :  Data  Transforma0on,  Aggrega0on,  Analysis,  Aler0ng,  Even0ng,  Visualiza0on,  Privacy  Management  

VISIBILITY

 Applica6on  SOA   M2Mi  Dashboards  Repor6ng  Services  Data  Store  

Opera6ons,  Safety,  Sales  and  Enterprise  Applica6ons  

   

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

M2Mi : Where does all the data go?

6

Id:  67,    Tank:  empty  

Id:  7,    Diesel:  45  

Id:  38,    Level:  157  

Id:  893,    GPS:  -­‐121,54  

Id:  32111,    Volume:  64  

Processing   Distribu0on   Sta0on  Infrastructure   Fleet  Services  Extrac0on  

18500   250MB 2500   20MB 8000   10MB 48000   35MB 160000   5MB

4517GB 49GB 78GB 1641GB 781GB

0.31TB 13.2TB 1.34TB 0.17TB 6.01TB

Raw DataINGEST  (6.9TB)  

Intelligence DataREAL  TIME  PROCESS  (75.7TB)  

Application DataANALYSIS  (529.6TB)  41.3TB 0.21TB 0.08TB 5.77TB 0.37TB

230,311 MSGs/ sec 50

Ave KB/ MSG

237,000 devices 143 MB/sec streaming

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

Crypto for M2M & IoT Protocols

7

•  Simon&  Speck  submided  and  accepted  by  ISO  Standards  Body  29192-­‐2  Speck  :  hdp://en.wikipedia.org/wiki/Speck_(cipher)      Simon  :  hdp://en.wikipedia.org/wiki/Speck_(cipher)  

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

Crypto for M2M & IoT

8

*  Triathlon  of  Lightweight  Block  Ciphers  for  the  Internet  of  Things  

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

Speck

9

#include  <stdint.h>      #define  ROR(x,  r)  ((x  >>  r)  |  (x  <<  (64  -­‐  r)))  #define  ROL(x,  r)  ((x  <<  r)  |  (x  >>  (64  -­‐  r)))  #define  R(x,  y,  k)  (x  =  ROR(x,  8),  x  +=  y,  x  ^=  k,  y  =  ROL(y,  3),  y  ^=  x)      void  encrypt(uint64_t  *pt,  uint64_t  *ct,  uint64_t  *K)  {        uint64_t  i,  B  =  K[1],  A  =  K[0];        ct[0]  =  pt[0];  ct[1]  =  pt[1];            for(i  =  0;  i  <  32;  i++)        {              R(ct[1],  ct[0],  A);              R(B,  A,  i);        }  }  

Reference  code  of  encryp0on  of  Speck  variant    with  128  bit  block  size  and  key  

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

Cryptanalysis Performance

10

SPECK : Differential cryptanalysis can break 17 rounds of Speck128/128 with 2113 data, 222 bytes memory and time complexity of 2113. Rectangle attack can break 18 rounds of Speck128/192,256 with 2121.9 data, 2125.9 bytes memory and time complexity of 2182.7. SIMON : Differential cryptanalysis can break 46 rounds of Simon128/128 with 2125.6 data, 240.6 bytes memory and time complexity of 2125.7 with success rate of 0.632

COPYRIGHT © 2015 MMACHINE-TO—MACHINE INTELLIGENCE (M2MII) CORPORATION

Conclusions

11

The Protocols:–  MQTT –  ALLJOYN –  DDS –  COAP

Guidelines:

–  Security & Privacy #1 – Is the most important delta –  There is no #1 protocol, each is application to difference and compatible use-case –  The use-case drives the protocol choice not the other way around

Questions Geoff Brown, CEO

geoff.brown@m2mi.com @M2MiCorp @GeoffreyBrown