1 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

draft-urien-hip-iot-00.txt

HIP support for RFID

Pascal.Urien@telecom-paristech.fr

http://www.telecom-paristech.fr

2 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

Goal

The goal of this document is to analyze issues raised by the deployment of the Internet Of Things (IoT), and to propose a framework based on an Identity Layer such as the HIP protocol

3 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

What is IoT: Internet of Tags

ReaderTag

Start

EPC-Code

URI Conversion ONS Resolver

EPCISServer

Local System

DNS Cloud

PML Files

EPC: Electronic Product CodeONS: Object Name ServiceEPCIS: EPC Information ServicePML: Physical Markup language

4 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

What is IOT : Internet Of Object

http://www.ipso-alliance.orgUntil recently, smart objects were realized with limited communication capabilities, such as RFID tags, but the new generation of devices has bidirectional wireless communication and sensors that provide real-time data such as temperature, pressure, vibrations, and energy measurement. Smart objects can be battery-operated, but not always, and typically have three components:

a CPU (8-, 16- or 32-bit micro-controller), memory (a few tens of kilobytes) and a low-power wireless communication device (from a few kilobits/s to a few hundreds of kilobits/s).

The size is small and the price is low: a few square mm and few dollars.

The Internet of Things: IP for Smart Objects

5 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

Open Issues

What is a thing?We distinguish two classes of things

Things that are computers equipped with communication interfaces.Things that are not computers, but who are associated with computers equipped with communication interfaces.

What is the identifier of a thing? They are several proposals:

A serial number, such as an EPC code.An IP address.Other, for example a fix hash value, or adhoc naming scheme.

AuthenticationIs there a need/way to authenticate a thing? In other words is it possible and needed to prove the identity of a thing.

6 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

Open issues

Identity ProtectionThings can be used to track people or objects, which are identified by a set of things. Identity protection enforces privacy by hiding things identities thanks to cryptographic means.

Communication ProtocolA thing communicates with the Internet network by various interfaces

 Via MAC (OSI2) radio protocols, as defined by EPCGLOBALThanks the IP protocol, in that case the thing is an IP node, and is natively plugged in the Internet Cloud.Other, for example the Host Identity Protocol

Things to Things communicationsIn some cases, things communicate with other things. If identity protection is required, the associated infrastructure is complex from a cryptographic or physical point of view, because classical routing techniques can't be used.

7 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

HIP for IoT

HIP Benefits

We suggest defining a new version of the HIP protocol, dedicated to the Internet Of Things issues, according to the following arguments :

Things are associated to Identifiers. IP addresses are usually understood as locators and not identifiers. In this identity-based approach the infrastructure to which the thing is connected belongs to the internet network, but even if the thing comprises an IP stack, the IP address is not correlated with the thing identity.

The actual version of HIP provides inter HIP nodes communications thanks to ESP secure channels. This paradigm could be re-used for things to things communication, compatible with the IP infrastructure.

8 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

HIP for IoT

HIP issues for the Internet Of things

 Identifiers. HIP Identifiers (HIT) rely on cryptographic procedures, i.e. a digest of an RSA public key. A new naming scheme SHOULD be defined

 Identity Protection. No Identity Protection is supported. Therefore HIP nodes MAY be easily tracked. We believe that Identity Protection MUST be supported.

Communication Architecture. If identity protection is supported, some trusted gateways SHOULD be used in order to establish communications with things.

9 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

Example: draft-urien-hip-tag-02.txt

IP

MAC

PHY

IP

MAC

PHY

RFID-MAC

RFID-PHY

RFID-MAC

RFID-PHY

HIP

PortalTag Reader

HATHAT

HIP IdentitySolverSPI-I

SPI-R

EPC-Code

EPC-Code

10 /14 Pascal URIEN, IETF 76th, Monday November 9th Hiroshima Japan

Questions ?