ITU CoE Progam Cybersecurity · IoT Definition Note1 - Through the exploitation of identification, data capture, processing and communication capabilities, the IoT makes full use

Key Aspects of Cybersecurity in the Context of IoT

IoT Roadmap and Security

Omendra K. GovindALTTC, INDIA

[email protected]

ITU CoE Progam

Cybersecurity12 – 16 May 2018

IoT Roadmap and Security 2

Agenda

• Introduction to IoT

• IoT Technolgies and challenges

• ITU Standards

• M2M / IoT Standardization activities India

IoT Definition

Note1 - Through the exploitation of identification, data capture, processing andcommunication capabilities, the IoT makes full use of things to offer services to allkinds of applications, whilst ensuring that security and privacy requirements arefulfilled.

Note 2 – From a broader perspective, the IoT can be perceived as a vision withtechnological and societal implications.

A global infrastructure for the information society, enabling advanced services byinterconnecting (physical and virtual) things based on existing and evolvinginteroperable information and communication technologies

Source: ITU-T Y.2060 (06/2012)

Introduction

Source: ITU-T Y.2060 (06/2012)

New dimension introduced in the IoT

Technical Overview

Device Types and their relationship with physical things

IoT ArchitectureNode

Gateway

Services

Sensor

Fundamental Characteristics

of IoT

Interconnectivity

Things-related services

Hetero-geneity

Dynamic changes

Enormous scale

Fundamental Characteristics / Requirement of IoT

Identification-based connectivity

Identification-based connectivity

InteroperabilityInteroperabilityAutonomic networkingAutonomic networking

Autonomic services provisioning

Autonomic services provisioning

Location-based capabilities

Location-based capabilities

SecuritySecurity

Privacy protectionPrivacy protection

High quality and highly secure human

body related services

High quality and highly secure human

body related services

Plug and playPlug and play

ManageabilityManageability

Source: ITU

Enabling Technologies and Drivers for IoT

Ubiquitous Connectivity

Widespread Adoption of IP-based Networking

Computing Economics

Miniaturization

Advances In Data Analytics

Rise of Cloud Computing

IoT Elements

•Object ID

•AddressingIdentification

•Gatherning Data from related objectsSensing

•Using low powerCommunication

•Processing units and Software Applications represent “brain” and computational ability of IoTComputation

•Use casesServices

•Ability to extract knoweldge smartly by different machines to provide the required servicesSemantics

8

M2M / IoT applications

Vertical Markets

• Domain Specific Applications

Horizontal Markets

• Ubiquitous computing and analytical services

IoT Applications

Building blocks of IoT

Source: Frost & Sullivan

Internet of Things is the organization of objects and things into a Internet like structure and enables:

1. The virtualization of everyday objects,

2. Endowing physical and virtual objects with an identity,

3. And interconnecting the objects for the purpose of monitoring and interacting with them.

• Consumer electronics

• Sensing devices

• Embedded Systems and Controllers

• Virtual Objects

• Wireless sensor networks, short range sensors and capture devices

• Wireless transmitting devices/ modules

• Personal Computers and Smartphones

• Wired and Wireless Networks

• Enterprise and SP Gateways

• Network Management

• Data Centers

• Discovery management

• Identity management

• Device management

• Performance management

• Applications

• Domain specific applications

• Enterprise application (ERP, CRM, SCM)

• Social networking apps

• Analytics

Objects Translation Connectivity Platforms Applications

Mature Developing Mature Developing Emerging

DEVICE GATEWAY PLATFORM HEADEND APPLICATIONS

IDG IGP IPA

UNDERLYING NETWORK

IMN

M2M Layer

M2MGateway

M2MPlatform

IGG IPP

Devices(Sensors/Actua

tors)

M2M HeadEndApplications

M2MPlatform

M2MGateway

Network Services

Generic M2M / IoT Network Architecture Model


Five main challenges in IoT

Various Communication Technologies

Source: KEYSIGHT

Fixed & Short Range

• RFID

• Bluetooth

• Zigbee

• WiFi


IoT Communication Technologies

Long Range technologiesNon 3GPP Standards (LPWAN)

• LoRaWAN• Sigfox• Weightless• RPMA• Others

3GPP Standards• LTE-M• EC-GSM• NB-IoT• 5G


IMT 2020

IoT Communications Models

Device-To-Device Communications

Device-To-Cloud Communications

Device-to-Gateway Model

Back-End Data Sharing Model

IAB RFC 7452 - “Architectural Considerations in Smart Object Networking’’

IoT Standardisation Challenge- Many related vertical and horizontal activities







Mapping objects to identifiers

IoT Reference Model

Interoperability and Open Interfaces• Rec. ITU-T Y.4200 defines the requirements for the interoperability of a smart city platform and

its reference points in order to ensure the correct functioning of city services. Interoperability allows:

– Increase in the number of services provided and their quality.

– Enables provision of better services, maximum efficiency, scalability and simple integration.

– Interoperability with other platforms will encourage local economic development through innovation and competition.

Reference framework of an SCP

Source: Rec. ITU-T Y.4201 (02/2018)

The value of the network is proportional to the

square of the number of its nodes – while

cost follows a more or less linear functions

MetCalfe’s Law

Platform based integration, open

standards and open source are key

24

Security and Privacy concern

Security

• Massive Scale, Homogeniety , Anticipated Service Life, Cyber Security issues, Physical security, BYIoT

Privacy

• Users privacy preferences and data collecting behavior

Interoperability and Standards

• Proprietary ecosystems and consumer choice

Legal, Regulatory, and Rights Issues

• Challenges that didn’t previously existed, IPR



Domain Knowledge Vertical and Horizonal Insight

• The data can be provided back to the devices,

people, or analysis programs to build further insight.

• There can be continuous flow of data, travelling

between devices, networks, and gateways.

• Data Flood - IoT is opening the networks

that were previously closed, making them

more vulnerable to the hackers

• Analytics - Think beyond conventional

business intelligence tools eg. Medical

emergency – data needs to analyse in real

time

• Complexity - IoT technology will connect

equipment and devices that have never been

connected before, and hence, there must be

ease in the design and development to have

more connections.

• The technologies required to create intelligent

systems can get extremely complex and broad, and

to provide seamless experience, the solutions need

to be customized to some extent.

M2M / IoT Standardization activities India


M2M / IoT Roadmap

Policy & Regulatory Features of Roadmap• KYC Norms for M2M• M2M SIMs with International Roaming state• Soft, Embedded & Virtual SIMS in M2M• M2M Service Providers (MSP)

The ‘National Telecom M2M Roadmap’ will lead to• A reference document to all M2M eco system stakeholders in India• Single Government interface for optimum planning of networks in

smart infrastructure• Unambiguous roles and responsibilities for various stakeholders

including Government bodies for harnessing full M2M potential• Facilitate in realizing the policy goals of Make in India and Digital

India

• Numbering Related Issues• Roaming issues in M2M• Location and connectivity issues

National Telecom M2M roadmap released (2015).


Building Communication Infrastructure

M2M Communication Technologies

Spectrum availability for M2M Communication

QoS in M2M Communications

Energy footprints of M2M Network

NOFN – Enabling M2M reach in rural India

Building M2M Network

• Ducts alongside planned roads and mandate to provide for communication cables

• Common Data Centre for services

• Energy footprint and Environment

• Selection of Communication Technologies

• Security and Privacy perspective

• Smart Infrastructure Management System


M2M / IoT Standardization Activities

Released Technical Reports on:• M2M Gateway & Architecture.• M2M Enablement in Power Sector• M2M Enablement in Intelligent Transport System• M2M Enablement in Remote Health Management• M2M Enablement in Safety & Surveillance Systems• M2M Number resource requirement & options• V2V / V2I Radio communication and Embedded SIM• Spectrum requirements for PLC and Low power RF communications• ICT Deployments and strategies for India’s smart cities: A curtain raiser• M2M/ IoT Enablement in Smart Homes• Communication Technologies in M2M / IoT domain

Technical reports are available on

www.tec.gov.in/technical-reports


Actionable points emerged from the Technical Reports

1. Based on TR and consultations with all the stake holders, TEC proposed 13 digit M2M Numbering plan for SIM baseddevices/ Gateways.

2. Embedded SIM : Based on TR, IR has been prepared in TEC. MoRTH included in AIS140 standard for VTS.

3. Additional Spectrum requirement for Low power RF communications in Sub GHz band was sent to WPC/ DoT.

4. Any device / Gateway having direct connectivity with PSTN / PLMN should have static IP (IPv6 or dual stack). BIShas mandated IPv6 for Smart meters to be connected on Cellular technologies, IS16444.

5. Multi protocol gateways.

6. M2M Network architecture and various Service delivery models for providing services in M2M domain.

7. Spectrum requirement for DSRC technology.

8. Licensing for LPWAN on non cellular technologies, providing public services.

9. Common service layer requirement at the platforms, important for data sharing, Security and interoperability.

10. Device testing and certification

– M2M devices need to conform to safety standards from radiation/ power perspectives.

– M2M devices need to be certified, while focusing on international standards deployment


Testing and Certification requirements

• Gazette notifications issued.

• Regulatory and legal compliance requirements - Devices with communication facility needs testing and certification against the International standards on

– EMC (Electro magnetic compatibility),

– Safety,

– Technical protocols including Interoperability & Conformance testing, Security

– Others (SAR, IPv6 or RoHS )

• Minimum Essential requirements are being formulated

• Testing will be done in the accredited labs in India

• In case of MRA (Mutual Recognition Arrangement) with the other countries, devices may be tested there and no need of further testing in India.


Draft National Digital Communications Policy – 2018

Strategic Objectives by 2022

1. Provisioning of Broadband for All

2. Creating 4 Million additional jobs in the Digital Communications sector

3. Enhancing the contribution of the Digital Communications sector to 8% of India’s GDP from ~ 6% in 2017

4. Propelling India to the Top 50 Nations in the ICT Development Index of ITU from 134 in 2017

5. Enhancing India’s contribution to Global Value Chains

6. Ensuring Digital Sovereignty

Vision

To fulfil the information and communication needs of citizens and

enterprises by establishment of a ubiquitous, resilient, secure and

affordable Digital Communications Infrastructure and Services;

and in the process, support India’s transition to a digitally

empowered economy and society.

Missions

National Digital Communications

Policy, 2018 envisages three Missions:

1. Connect India:

2. Propel India:

3. Secure India:

IOT SOLUTIONS

TELEMATICS / AUTOMOTIVE

SMART CITY

EDUCATION

MANUFACTURING

OTHER VERTICALS

Fleet Management

Telematics for Insurance

Connected Bike Connected Car

Smart Street Light

Smart Bin Smart Meter

Student TrackingCampus

MonitoringBooks Tracking

Solution

Asset Tracking (Trolleys)

Employee Monitoring

Container Tracking

Blood Bank Monitoring

HEALTHCARE

Solar Health Monitoring

Cell Tower Monitoring

Data Center Monitoring

mSell – Sales Force Tracking

Smart Refrigerator Monitoring

Water Monitoring

Launched by TSPL with its partner

Building Energy Management

System (BEMs)


Documents

ITU CoE Progam Cybersecurity · IoT Definition Note1 - Through the exploitation of identification, data capture, processing and communication capabilities, the IoT makes full use