USING NFC TO CONNECT, COMMISSION AND CONTROL IOT DEVICES Brian Romansky TrustPoint Innovation Technologies
Advancing Near Field Communication Technology
MANAGING EMBEDDED DEVICES
Advancing Near Field Communication Technology 2
Pairing a device with one (or more) communications platforms Challenges: § There are many different connectivity
options, not all devices support all types of connectivity
§ Policies and capabilities of infrastructure systems are not the same everywhere
Connect
Setup an identity and role for a device Challenges: § Most applications require authenticity
and privacy § Configuring and managing a large
number of devices is complex
Commission
Manage a device directly Challenges: § Most control functions are only
available through a remote interface § What do you do if you need
immediate or emergency access? § How do you recover if the remote
service is unavailable?
Control
COMPETING CONNECTIVITY OPTIONS
Advancing Near Field Communication Technology 3
LAN Short Range Communicating Devices
Low Power WAN Long Range w/ Battery Internet of Objects
Cellular Long Range w/Power Require Network Operator
§ Well established standards
§ Good for: - Mobile devices - In-home - Short range
§ Not good: - Long range - Battery life
§ Well established standards
§ Good for: - Long range - High data-rate - Coverage
§ Not good: - Battery life - Cost
§ Emerging PHY solutions
§ Good for: - Long range - Long battery - Low cost
§ Not good: - High data-rate
EXAMPLES OF NFC APPLICATIONS TODAY
Advancing Near Field Communication Technology 4
NFC SETUP EXAMPLE
Advancing Near Field Communication Technology 5
● Remote-Control Light Bulb § Low-cost device § Difficult to access once it is installed § No power available prior to installation
● Tap to configure § Passive read-write tag on bulb § Tap bulb to IoT Gateway for setup § Gateway reads bulb ID and capabilities,
then writes configuration data to the tag § After installation and initial power-on, controller in
bulb reads configuration information from the tag § Gateway / Bulb establish secure connection
MEDIATED SETUP USING CELL PHONE
Advancing Near Field Communication Technology 6
● Reasons for Mediated Setup: § For many devices, tapping a gateway may be impractical § In some applications, a user may need to configure a large number of devices § Commissioning of devices may require additional information, not known to the gateway § Cell phone (or other NFC-enabled device) can load parameters, collect additional
commissioning data, and then act as a proxy to configure additional devices
● Steps § Tap Gateway to obtain configuration information (or login to administrative account on cell
phone and download configuration information) § Tap device to configure – cell phone acts as a proxy for the IoT Gateway to connect and
commission the device
MORE COMPLEX EXAMPLES
LoRa Device Setup § Device-specific network key required to
connect device to a network § Application key is needed to pass data
to a service provider § Service-specific TLS or MQTT
certificates may be needed to access services
Cellular Device Setup § eSIM devices must be electronically
configured to connect a specific carrier and network
§ Service-specific TLS or MQTT certificates may be needed to access services
Advancing Near Field Communication Technology 7
NFC CONTROL EXAMPLE
Advancing Near Field Communication Technology 8
● Christie LCD Projector § NFC tag stores lamp-hours used § On-site service technician needs only
physical access to the projector to tap/read status
§ Access to additional “advanced setup” controls could also be enabled through NFC interface
INDUSTRIAL DEVICE WITH NFC CONTROL
Advancing Near Field Communication Technology 9
● Zelio NFC Timer § NFC enabled application allows for a rich user
interface to configure advanced industrial timer § Built-in diagnostics and reporting functions
RECOMMENDATIONS
Advancing Near Field Communication Technology 10
● Two-Way Authentication § Systems should validate the authenticity of remote devices using device certificates § Devices should confirm that they are connecting to a legitimate service
● Unique Key Per-Device § IoT gateways should establish a unique network key for every connected device § Application can enforce end-to-end security that is independent of the connection § Authenticated symmetric-key algorithms (such as AES in GCM mode) prevent replays and
ensure device/service authenticity
● NFC Forum Signature RTD Standard § Supports implicit ECC certificates on NFC tags § Validated device public key can be used to create unique device keys using ECDH
IMPLICIT ECC CERTIFICATES FOR IOT
Advancing Near Field Communication Technology 11
More efficient than conventional X.509 certificates with RSA: Meta Data, 35%
Crypto, 65%
Meta Data, 85%
Crypto, 15%
RSA/DSA Certificate Implicit ECC Certificate Available open-source implementation:
§ https://github.com/Trustpoint/tpm2m
RESOURCES
Advancing Near Field Communication Technology 12
Blog Post and White Paper:
http://nfc-forum.org/nfc-iot-opportunity
Contact Information:
[email protected] http://www.trustpointinnovation.com