258 13 4MB
English Pages 205 Year 2016
IoT Technical Challenges and Solutions
For a listing of recent titles in the Artech House Power Engineering Library, turn to the back of this book.
IoT Technical Challenges and Solutions Arpan Pal Balamuralidhar Purushothaman
Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the U.S. Library of Congress. British Library Cataloguing in Publication Data A catalog record for this book is available from the British Library.
ISBN-13: 978-1-63081-111-2 Cover design by John Gomes © 2017 Artech House All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Artech House cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. 10 9 8 7 6 5 4 3 2 1
To the IoT Research and Innovation community at Tata Consultancy Services
Contents Preface 13
1 Internet of Things Today 15 1.1 Introduction: Key Trends 15 1.2 Application Landscape for IoT 19 1.2.1 IoT for Facilities 20 1.2.2 IoT for Products 20 1.2.3 IoT for Consumers 21 1.2.4 IoT for the Supply Chain 22
1.3 Technologies of IoT 23 1.3.1 Sensor Subsystem 24 1.3.2 Local Sensor Networks 25 1.3.3 Gateway Subsystem 25 1.3.4 Cloud Connectivity Networks 26 1.3.5 Cloud Subsystem 26
1.4 IoT Standardization 28 1.5 Challenges and Open Problems 32 1.5.1 Handling the Scale 32 1.5.2 Security and Privacy 33 1.5.3 Context-Aware Analytics 34 1.5.4 Affordable Implementation and Deployment 34 1.5.5 Ease and Economy of Development 35
7
8
IoT Technical Challenges and Solutions
1.5.6 Realistic Deployments 35
1.6 Conclusions 36 References 36 Selected Bibliography 38
2 Scalability of Networks and Computing 41 2.1 Introduction 41 2.2 Use Cases and Requirements 42 2.2.1 Smart Transportation 43 2.2.2 Smart Environment 43 2.2.3 Smart Energy 44 2.2.4 Smart Water 44 2.2.5 Smart Security and Surveillance 45 2.2.6 Smart Retail and Logistics 45 2.2.7 Smart Manufacturing 46 2.2.8 Smart Farming 46 2.2.9 Smart Home 46 2.2.10 Smart Health 47
2.3 Application Classification Templates 47 2.4 Communication Technologies for IoT 49 2.4.1 Personal/Local Area Network Technologies 50 2.3.2 Technologies for Low-Power Wide Area Networks (LPWAN) 53 2.3.3 Cellular Technology for IoT 54 2.4.4 Application-Level Protocols 55
2.5 Scalable Network Architectures for IoT 56 2.5.1 Network Topologies 57 2.5.2 IoT Protocol Design Space 58 2.5.3 Delay-Tolerant Networks 58 2.5.4 Software-Defined Networking (SDN) 60
2.6 Practical Considerations for Scalable IoT System Implementation 62 2.6.1 Real-Time and Power Considerations for IoT Applications 62
Contents
2.6.2 Utilizing the Edge Devices for Computing 64 2.6.3 Need for a Platform for Application Development and Deployment 65
2.7 Conclusions 67 References 68 Selected Bibliography 68
3 Security and Privacy 73 3.1 IoT Security: A Perspective 73 3.1.1 Business Objectives of Security 75
3.2 IoT Security: Key Requirements 75 3.3 IoT Security Challenges 79 3.3.1 Typical Threats on Various IoT Subsystems 80
3.4 Data Protection 81 3.5 Communication Security 83 3.5.1 Cryptographic Key Management 84
3.6 Identities and Identity Management 86 3.7 Authentication 87 3.8 Access Control 88 3.9 Secure Software Updates 89 3.10 Privacy in IoT Systems 90 3.11 System-Level Security Assessment 92 3.11.1 Risk-Based Security 92 3.11.2 Threat Modeling and Risk Estimation 94
3.12 IoT Security: Practical Guidelines 100 3.13 Summary 103 References 104 Selected Bibliography 105
9
10
IoT Technical Challenges and Solutions
4 Sensor Informatics and Business Insights 109 4.1 Introduction 109 4.2 Sensor Signal Processing 111 4.2.1 Signal Acquisition and Conditioning 111 4.2.2 Signal Representation 114 4.2.3 Feature Extraction and Inference 116
4.3 Semantic Interpretation of Processed Information 119 4.3.1 Machine Learning 119 4.3.2 Rule Engine 123 4.3.3 Reasoning 124
4.4 Business Insights from Interpreted Knowledge 126 4.4.1 Visual Analytics 126 4.4.2 Modeling and Simulation 127 4.4.3 Optimization and Planning 127
4.5 Data and Algorithm Marketplaces as New Business Models 128 References 129 Selected Bibliography 132
5 Mobile Sensing 135 5.1 Introduction 135 5.2 Applications and Use Cases for Mobile Sensing 136 5.2.1 Mobile Sensing for Environmental Monitoring 137 5.2.2 Mobile Sensing for Emergency Response 137 5.2.3 Collaborative Sensing for Urban Transportation 138 5.2.4 Robots in Healthcare 138 5.2.5 Robotic Telesensing and Operation 138 5.2.6 Aerial Robots for Spatial Intelligence 139
5.3 Technologies and Challenges in Mobile Sensing 143 5.3.1 Smartphone-Based Sensing 143
Contents
5.3.2 Robotic Sensor Networks 147 5.3.3 UAV for Aerial Mapping 149
5.4 Economics of Mobile Sensing 152 5.5 Summary 154 References 154 Selected Bibliography 155
6 Democratizing Analytics: Analytics as a Service 157 6.1 The Need for IoT Analytics 157 6.2 The Need for Analytics as a Service 161 6.3 Analytics as a Service for Developers: Model-Driven IoT 165 6.4 An Example of a Model-Driven IoT Framework 168 6.4.1 Domain Concern 168 6.4.2 Development and Orchestration Concern 169 6.4.3 Infrastructure Concern 171
6.5 Summary 172 References 173 Selected Bibliography 174
7 The Real Internet of Things and Beyond 177 7.1 Realistic Internet of Things 177 7.1.1 Key Contributing Factors to Real IoT 178
7.2 Real IoT Is a Network of Trade-Offs 181 7.2.1 Some of the Common Trade-Offs Encountered in IoT Systems and Applications 182 7.2.2 Safety on the Machine Floor: An Illustrative Example 184
11
12
IoT Technical Challenges and Solutions
7.3 Drivers for the Next Wave of IoT 186 7.3.1 Resilient IoT Systems 186 7.3.2 Cognitive IoT 187 7.3.3 Impact of 5G as the Next Wave of Communication Technology in IoT 188
7.4 Concluding Remarks 190 References 191 Selected Bibliography 191
About the Authors 193 Index 195
Preface We started working on the Internet of Things (IoT) in 2010. Its earlier evolution as wireless sensor network was started even earlier. We conceptualized and started building a horizontal IoT platform for multiple applications. As we struggled through the process of building the platform, one thing became clear: IoT is not a monolithic technology stack. It is an abstraction for multiple technologies, some of which had existed long ago. There were three key trends that were driving adoption of IoT: the cost of sensor devices were coming down, the cloud technology was becoming mature, and the capacity of the Internet was getting better. However, as we started moving beyond pilot deployments, we realized that it is not a technology play alone. IoT systems must consider business goals and return-on-investment (RoI) aspects early in the design of solutions. This prompted us to look at IoT systems aside from its hype as real IoT systems focusing on a realistic value proposition to businesses and social applications. This needs an integrated approach with abstraction of technology components such as communication, computing, storage, mobility, security and privacy, business value-add via analytics, and economy of mobile sensing and automation. This book is an attempt to knit together a pragmatic approach towards real IoT covering all of these. In Chapter 1, we outline the IoT as it is perceived and seen today; we discuss about key trends, IoT application landscape, IoT technologies, and standardization and introduce the challenges and open problems. We devote Chapters 2 and 3 into the core technologies of IoT with regard to communication, computing, storage, security, and privacy. In Chapter 4, we introduce sensor informatics as the main driving force for IoT for creating business 13
14
IoT Technical Challenges and Solutions
value-adds. In Chapter 5, we bring in the concept of mobile sensing, where sensors mounted on platforms that are mobile (like mobile phones, robots, and drones), can bring in economies of scale during deployment. In Chapter 6, we introduce the concept of automation of the analytics via analytics as a service, which leads towards democratization of analytics resulting in easing the specialized skill requirement for IoT. Finally in Chapter 7, we summarize and outline the real requirements for a realistic IoT deployment and try to provide a glimpse of technologies to come in future. This book would not have been possible without the help of several people. First and foremost, we want to thank Mr. K. Ananth Krishnan, chief technology officer of TCS who encouraged us to deep dive into IoT research. We want to thank various scientists and researchers from the Embedded Systems and Robotics Research Area of TCS Research and Innovation, whose work provided the backbone of the content of this book. We also thank the editorial staff of Artech House, whose diligent follow-ups and feedback kept us on our toes and helped us in delivering the book on time. Last but not the least, we want to thank our children, wives, and parents without whose support and inspiration the writing of this book would not have been possible. We believe that this book would be useful to a wide audience including practitioners and people who are in general interested in exploring a pragmatic approach to IoT. This is not a technology cookbook that is prescriptive in nature, but a suggestive one discussing practical considerations towards building real IoT.
1 Internet of Things Today
1.1 Introduction: Key Trends The Internet of Things (IoT) is defined as [1]: “the network of physical objects—devices, vehicles, buildings and other items which are embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.” Forbes defined it as [2]: “a giant network of connected things (which also includes people)—between people-people, people-things, and things-things.” A thing, in IoT, can be physical objects like a bridge, a building, or a transport having sensors like vibration, temperature, and accelerometer, respectively, or human beings like a person wearing a smart watch or having a biochip implant; in IoT, all of them can have an IP address through which the sensor data can be transferred over a network (including the Internet). The concept of IoT came into being in 1999. However, the first reported IoT-like device was built at Carnegie Melon University in the early 1980s; it was a soft drink machine connected to the Internet allowing availability to be checked online in real time [3]. Why is IoT being regarded as one of the most disruptive technologies that will drive business digitization? The answer is 15
16
IoT Technical Challenges and Solutions
simple. Until now, the use of information technology in most of the business verticals were to improve and automate the business support services and not the core physical business process. IoT’s ability to sense the physical world and digitize the physical world context will be bring fundamental change and digitization to the existing physical business processes across all verticals leading to either significant reduction in operation cost or improvement in response time and quality or bringing in real-time customization in the products or service offerings or helping in increasing security and ensuring compliance. For end consumers, IoT has the potential to change the way that products and services are consumed; there will be much more real-time understanding of consumer needs and subsequent personalization thereof. This will be discussed in further detail with examples in Section 1.2. The market for IoT is clearly heating up. According to Gartner, there were scheduled to be 6.4 billion connected “things” in 2016 (an increase of 30% from 2015), with a projected deployment of 20.8 billion things by 2020 (5.5 million new things to be connected every day) [4]. Gartner has also reported that, in 2016, IoT would be instrumental in U.S. dollar spending in total services of $235 billion and in total end-point spending of $1.4 trillion (which is an increase of 22% from 2015). By 2020, the total IoT end-point spending was projected to rise to $3 trillion. The mix of consumer compared with business applications in this spending is also interesting; in 2015, the consumer versus business application share in the overall spending was 35% to 65%. The consumer spending was projected to increase over the years and, by 2020, the consumer versus business application share in the overall spending would be 51% to 49%. In a recent global IoT trend study by Tata Consultancy Services [5] involving more than 3,500 executives across small and large corporations all over the world, some interesting facts about IoT trends have come to light: • Nearly 80% companies surveyed have initiated IoT programs. On average, such companies had a revenue increase of 16%. • Nearly half of them either track customers or monitor operations through mobile applications and IoT technologies.
Internet of Things Today
17
• The spending in IoT seems to be directly proportional to actual product offering price of the company. Companies whose products’ prices are more than $10 million will spend an average of $335 million, while those with product prices of $100 or less will spend an average of only $39 million. This can be attributed to the fact that the return on investment (ROI) for IoT infrastructure and systems are more justified when it is used to improve, optimize, protect, and monitor high-value products. • There will be varying degree of IoT adoption across the four major geographies: North America, Europe, Asia-Pacific, and Latin America. The IoT spending will be more in North American and European companies (with North American companies spending 0.45% of revenue, and their European counterparts spending 0.40%). The Asia-Pacific companies are not going to lag much behind in spending, with IoT-related investment amounting to 0.34% of revenue, while the Latin American enterprises will spend around 0.23% of revenue on IoT. • Companies who demonstrated largest revenue increases from IoT initiatives had some common traits: • They were able to create substantial value for their end customers and not just value for themselves. • They could deliver that value through new business models focusing on product and service offerings around the IoT data. • All of them leveraged the IoT technology to understand firsthand their product and service performances and usage patterns with regard to their end customers. The trends described above are macro business trends being observed globally in the IoT space. Next, we will explore slightly deeper details of the application landscape for IoT in different industry verticals. Some of the recent successful deployments of IoT that demonstrate the above traits include [6]: 1. Energy monitoring and usage optimization across facilities for large enterprises (final value add: reduction in energy cost);
18
IoT Technical Challenges and Solutions
2. Quality monitoring in the food processing chain (final value add: ensuring same quality and taste for the end user); 3. Predictive analytics of refrigeration systems (final value add: reduction in overall maintenance cost and increase of operating life of the machines); 4. Real-time alerting around wellness and activity for elderly people at home and factory people in hazardous areas (final value add: quick intervention with the appropriate medical help). All of these have one common factor: all of them needed to demonstrate that the value-add (economic or otherwise) outscores the cost of infrastructure investments, thereby justifying the ROI. Almost every imaginable type of company seems to have an IoT strategy in 2016 [7]. Here are some of the unlikeliest ones to throw their hat into the IoT ring: the toymaker Mattel with the connected Barbie doll [8], the gamemaker Atari with smart home products [9], the nonprofit browser company Mozilla with an operating system for connected devices [10], and the credit card company Visa with integration of payments inside IoT devices [11]. There are a lot of innovative products and solutions coming out in the market in the IoT space. Their sustainability in the marketplace will depend again on the value-add that they bring to the end customer; however, it is worthwhile to follow these innovations as some of them are bound to succeed to build a sustainable business [12, 13]. The interesting ones worth mentioning are automated cooking systems, self-charging and wireless-charging platforms, water monitoring systems, blindspot-free rear-view mirrors for cars, three-dimensional (3-D) printing pens, and wearable monitoring of human physiology. There are also innovative services and business models being created around IoT-enabled products; for example, instead of selling a washing machine, the washing machine vendor can give it away for free and charge the consumer per wash based on the time and the load. Another interesting trend is the emergence of an ecosystem for IoT. The chip makers like Intel, Qualcomm, TI, ARM, and Arduino are providing the core sensing and processing technology with low power consumption and universal connectivity that can be embedded into the “Things.” The equipment vendors like Cisco, Huawei,
Internet of Things Today
19
Ericsson, and Nokia are trying to create new network equipment that address the new challenges posed by IoT, while the large telecom operators all over the world are trying to create a value-added services model around machine to machine (M2M) communications. Finally, the major software vendors like IBM, Google, Microsoft, SAP, Accenture, and TCS are focusing on data handling, data analytics, and system integration aspects of IoT.
1.2 Application Landscape for IoT A typical IoT stack is outlined in Figure 1.1. The sensors are put on physical objects and human beings to sense their context. The meaningful information from the sensor signals is extracted and sent over the Internet to the cloud using a gateway device. Further analysis of the extracted information is done to understand the physical events and business insights are derived thereof in
Figure 1.1 Internet of Things stack.
20
IoT Technical Challenges and Solutions
different business verticals. These business insights trigger the response cycle, which may range from a completely offline process change to completely real-time actions taken to mitigate the effects of the underlying physical event. This sense, extract, analyze, and respond cycle presented here is found to be common to all possible IoT applications. The final benefits to the business and stakeholders in an IoT system will invariably come from either reduced cost due to improved operational efficiency via IoT-based monitoring or better insights from analytics of IoT data creating value and competitive advantage for the stakeholders. There are four core business areas in different verticals where IoT can be applied to generate value through sensing and subsequent analysis and response: facility, product, customer, and supply chain [14]. The type of applications can be monitoring, control, optimization, or autonomous depending upon the use case. These are depicted pictorially in Figure 1.2. 1.2.1 IoT for Facilities
Most of the industry verticals that have fixed assets in form of buildings, campuses, infrastructure and heavy equipment will benefit from deploying IoT for its facilities. There can be monitoring applications like perimeter security through video surveillance, control applications like building energy management via smart meter data analytics or predictive maintenance for machines, and optimization applications like emergency evacuation via people sensing and localization. Such applications will generate business value in terms improved security or compliance, lower cost of operation, lower cost of maintenance, and improved lifespan of assets in almost all industry verticals including travel and hospitality, retail, energy and utilities, banking, industrial manufacturing, farming, healthcare, and life sciences that usually have significant real estate or office spaces or infrastructure. 1.2.2 IoT for Products
Using IoT for products can take two forms: it can ensure quality when the product is built, or it can detect finished product performance in the field. The former requires putting sensors into the
Internet of Things Today
21
Figure 1.2 IoT application space.
product to monitor its quality as it is manufactured and to reject or segregate bad quality products and can therefore be regarded as a monitoring application. The latter requries putting sensors on products deployed in the field, thereby having a monitoring application for generating feedback and future product requirements, a control application for predictive maintenance of such products to improve lifespan, and an optimization application in the form of prescriptive analytics to ensure lower cost of operations and maintenance. All industry verticals that produce and deploy machinery or packaged goods in the field can benefit from such IoT deployments including automotive and transportation, telecommunications and media, energy and utilities, environment, retail, and consumer packaged goods, industrial manufacturing, farming and healthcare, and life sciences. 1.2.3 IoT for Consumers
Using the sensors present in smart phones and wearable and other unobtrusive sensors like a camera, it will be possible to sense, locate, and understand customers, which in turn, will be able to provide enterprises with the invaluable knowledge about the cus-
22
IoT Technical Challenges and Solutions
tomers’ likes and dislikes. This knowledge can be used to create actionable insights around a customer profile, leading towards the personalization of the product or service offering and resulting in cost and experience benefits for the end user. Almost all such applications can be regarded as control or optimization kinds of applications. While this kind of possibility is there in each and every industry vertical with human beings as their ultimate consumers, there are two industries which will have the potential to be disrupted via IoT-based consumer monitoring. First, in-store and online retail for personalized recommendation-based shopping experience will become possible using various physical, physiological, and biological sensors on consumers deployed in form of mobile phone or wearable. Second, healthcare or life sciences industry can change from an illness-driven industry to a wellness-oriented industry providing personalized wellness plans, diagnosis, treatment protocols, medicine, and therapy based on each patient’s health condition sensed through various physical, physiological and biological sensors on consumers deployed in form of mobile phone or wearable or implantable. 1.2.4 IoT for the Supply Chain
A supply chain (SC) is a network of supplier, production centers, storage, distribution centers, sellers, and buyers. Tracking an item in the supply chain using sensor technology can provide a near-real-time view, which, in turn, can lead to improve of the efficiency of the supply chain via advanced optimization techniques. Almost all industry verticals that have tangible products as offerings typically have supply chains that can be optimized via IoT deployment. In particular, consumer packaged goods and energy and utilities industries are heavily dependent on this supply chain and stand to be disrupted via suitable deployment of sensors and the associated analytics and optimization. Automation in supply chain will also come via technologies like driverless cars that can be regarded as a mix of IoT, robotics, and artificial intelligence; it stands to disrupt the automotive and transportation industry. Table 1.1 details the IoT application landscape described above.
23
Internet of Things Today Table 1.1 IoT Application Landscape Industry Vertical
Type of Application Facility
Product
Consumer
Supply Chain
Potential Disruption via IoT
Automotive and transportation
Building or infrastructure surveillance
Car monitoring and maintenance
Driving behavior monitoring
Automation via driverless cars
High, through driverless cars and drones
Travel and hospitality
Building surveillance
Room Customer monitoring and behavior maintenance monitoring
Optimization of operations, recommender systems
Medium, through personalization
Retail and CPG
Building or infrastructure surveillance
End-product sensing and monitoring
Customer behavior monitoring
Optimization of operations, Recommender Systems
High, through personalization
Energy and utilities
Building or infrastructure surveillance
Quality monitoring and control: electricity and water
Customer behavior influencing
Demand response optimization and peak load management
Medium, through peak load management via customer behavior influencing
Banking, insurance, and financial services
Building or infrastructure surveillance
End-product sensing and monitoring
Customer behavior monitoring
Optimization via risk profiling
Medium, through personalization
Industrial Building, manufacturing infrastructure, or equipment surveillance
End-product quality control and defect inspection
Customer feedback monitoring
Optimization of Operations
High, through improved efficiency
Farming
Building, infrastructure, equipment surveillance
Produce sensing and monitoring
Customer feedback monitoring
Optimization of operations
Medium, through improved efficiency
Environment
Infrastructure surveillance
Environmental sensing and monitoring
People health and feedback monitoring
Visualization
Medium, through real-time views of pollution map
Healthcare and life sciences
Building, infrastructure surveillance
End-product sensing and monitoring
Patient prognostics and health risk profiling
Optimization of operations
High, through personalized healthcare
Telecommunication and media
Building, infrastructure surveillance
End-product sensing and monitoring
Customer feedback monitoring
Recommender systems
Medium, through personalized content recommendation
1.3 Technologies of IoT The technology stack is IoT is described in Figure 1.3. Architecturally, typical IoT system is divided into three subsystems: sen-
24
IoT Technical Challenges and Solutions
Figure 1.3 IoT technology stock.
sor subsystem, gateway subsystem, and cloud subsystem with the necessary underlying network connectivity between the subsystems. The sensor subsystem is connected to the gateway subsystem via local sensor networks. The gateway subsystem is connected to cloud subsystem via a wide area network like the Internet. Each of these three subsystems connected via two types of networking are described in brief next. 1.3.1 Sensor Subsystem
The sensor subsystem uses connected transducers to covert physical world stimuli into digitized electrical signals. Once digitized, these signals can be transported to gateway devices for further processing via wired or wireless local sensor networks. Signal conditioning of the analog transducer signal followed by analogto-digital (A/D) conversion and subsequent digital signal processing of the digitized data is required to produce good-quality sensor data under noisy environments. Dynamic range of the sensor transducer (should accommodate extreme cases of physical world stimuli), sampling frequency for the sensor digitization (as per Nyquist Sampling theory, this should be more than twice the maximum useful frequency of the physical world stimuli), and minimization of energy consumption (this should be as low as pos-
Internet of Things Today
25
sible to conserve battery and extend sensor life in the field) are a few of the important technical considerations for sensor subsystem deployment. Sensor subsystems are typically computer memory and power-constrained devices, but advances in semiconductor technology are making sensor devices more and more powerful yet miniaturized in this aspect. The sensors can sense environmental properties like temperature and pressure, physical properties like location, velocity, acceleration, strain, vibration, contact, and proximity, and physiological/biological properties like heart rate, blood pressure, electrocardiogram (ECG), and electroencephalogram (EEG). Advances in science of mechanics, electromagnetics, acoustics, thermodynamics and optics, chemistry, and biology are also creating increasingly more new transducers making it possible to sense newer physical events. 1.3.2 Local Sensor Networks
Local sensor networks carry the sensor data from sensors to a gateway device for further processing and transport of the data over the Internet or other public networks to the cloud. They can have fixed network topologies like star, ring, bus tree, or mesh networks or they can be formed in an ad hoc manner. Shared media access protocols using time division multiple access (TDMA), frequency division multiple access (FDMA) or code division multiple access (CDMA) technologies are used on top of the physical network connectivity for seamless transportation of the sensor data. Bluetooth and Zigbee (discussed in detail in Chapter 2) are the most popular wireless sensor network technologies, while WiFi also can be used in some scenarios. Depending upon the use case, the sensors can be interconnected using wired network also or can be connected point-to-point to the gateway using serial interfaces like universal serial bus (USB). 1.3.3 Gateway Subsystem
Gateway subsystems connect to local sensor networks on one side and public networks like the Internet on the other side. They typically operate as a router, gateway, or switch bridging the two different types of physical network and protocol stacks. For example, the public network is typically Internet Protocol (IP) enabled,
26
IoT Technical Challenges and Solutions
whereas in most of the cases the local sensor network is not. One of the sensor nodes in local sensor network can become the gateway or there can be dedicated gateway devices. Because typically gateway devices can have more memory and computing power and in many scenarios are electrically powered, it is possible to execute some of the high sampling rate sensor signal processing and noise cancellation algorithms in the gateway itself so that clean data at a reduced rate goes to the cloud. 1.3.4 Cloud Connectivity Networks
The cloud connectivity networks are typically IP networks; in most of the cases, this will be the Internet for IoT systems. However, there may be scenarios where private networks and private clouds are deployed depending upon the use case requirements. Bandwidth, latency, reliability, and security of this network are critical for viable implementation of these systems. 1.3.5 Cloud Subsystem
The cloud subsystem receives the sensor data over IP, stores them, and allows analytics to be run on the stored data. The elastic nature of cloud is needed to cater for uneven demand of processing and storage emanating from fluctuating nature of the sensor data. In some cases, the data is processed even before storing; such systems are known as complex event processing (CEP) systems. The storage database needs to handle huge data coming from sensors and hence needs to be Big Data-enabled; there may be limited number of huge files (like video surveillance data) or huge number of small files (coming from a lot of sensors). The processing and analytics engine is the software service available on the cloud to derive business insights from the sensor data, as outlined earlier. It is clear that the main value delivered by the IoT technology comes from information extraction and analytics of the sensor data. In Figure 1.4, we present the technology stack for IoT analytics, which can be distributed across sensors, gateways, and the cloud. The raw sensor data at the bottom of the knowledge pyramid needs to be processed to create contextual information trying to answer questions like who did what, where, and when. It boils down to summarizing or visualizing the sensor data along with
Internet of Things Today
27
Figure 1.4 Technology stack for IoT analytics.
identity, location, and timestamp information. This contextual information can be applied to build knowledge models of the physical system. The models can either be built on scientific knowledge linking how the physical event generated the information or can be statistical models learned from the data or a hybrid of both. These models help in having a better understanding of the system answering questions like why the physical event has happened. These kinds of insights are extremely useful in business operations helping in business decision-making and value-add. Finally, a collection of such understandings can create the true wisdom, which can prescribe what should be done to prevent the physical event (if it is counterproductive to business) or facilitate the physical event (if it is aiding business outcome) or run the current operation faster, cheaper, or better. The knowledge pyramid can be explained using a simple example. Let us assume that a building is installed with temperature and gas sensors. The data from these sensors form the raw data layer. The visualization and reporting of these sensor data in a spatiotemporal map can be the contextual information layer. The knowledge model can be simple, telling that because there is high abnormal temperature in certain zones, the building at that part must have caught fire. The understanding layer can do causal analysis of the temperature sensor data and gas sensor data and infer that the fire has been caused by a gas leak and hence appropriate
28
IoT Technical Challenges and Solutions
fire extinguishers capable of handling gas fire needs to be sent. The final wisdom layer would be how to design the building infrastructure to prevent such fires from happening or minimizing the number of people affected due to such events. It is quite obvious that as we climb up the pyramid the business value of the analyzed data becomes more and more useful. However, the volume of the data to be analyzed continues to reduce as we move from information to knowledge to insights to wisdom.
1.4 IoT Standardization It is quite clear from looking at the diversity of the technologies and vertical domains, that standardization will become one of the key elements to the success of IoT. All stakeholders of IoT systems will need to invest substantially into standardization to bring in interoperability and avoid vendor lock-in. The areas in which standardization efforts are necessary can be looked upon from different perspectives. In one view, the standardization can happen in IoT domain applications (including domain-specific physical infrastructures such as building, road, and traffic), in software services layer [via application programming interfaces (APIs) and software as a service or (SaaS)], the ICT infrastructure (consisting of cloud, Internet and connectivity), and edge devices (consisting of sensing devices and embedded systems). This is pictorially depicted in Figure 1.5. In another view from interoperation perspective, as outlined by European Telecommunication Standards Institute (ETSI), IoT standardization can be regarded as a set of intermixing interoperation requirements in technical, syntactic, semantic, and organizational level [15]. This is represented in Figure 1.6. The technical interoperation requires standardization in basic communication and computing systems for IoT (distributed systems, physical communication systems, and embedded systems). The syntactic interoperation tries to standardize how these different computing systems talk to each other using standard communication protocols. The semantic interoperation brings in the requirement of interpreting the IoT data in a common vocabulary, which can be either technology-specific or physical infrastructure-specific or vertical domainspecific or a combination of all. The organizational interoperation
Internet of Things Today
29
Figure 1.5 Services and technology-level standardization for IoT.
Figure 1.6 Different levels of interoperability in IoT.
deals with the domain view to ensure interoperation between two different systems in the same vertical domain and also with a system-of-systems view where two different IoT systems from two different organizations (e.g., transportation and the healthcare system of a city) can talk to each other in a common language so that larger, value-added services can be built using multiple organizational systems (e.g., healthcare systems and transportation
30
IoT Technical Challenges and Solutions
systems talking to each other to find out the fastest route for dispatching an ambulance). Many of the notable standardization organizations all over the world are working in the area of IoT Standardization under the umbrella of the International Telecommunication Union–Telecom (ITU-T) [16]. They include TIA (the U.S. Telecommunications Industry Association) [17], ETSI (European Telecommunications Standards Institute) [18], CCSA (China Communications Standards Association) [19], TSDSI (Telecommunication Standards Development Society, India) [20], ARIB (Association of Radio Industries and Business, Japan) [21], 3GPP (Third Generation Partnership Program), and OMA (Open Mobile Alliance) [22]. There are also independent (or working under other organizations) alliances, consortia, or standard-making bodies like IPSO Alliance [23], Internet Engineering Task Force (IETF) [24], and OneM2M [25]. All these bodies are working to create technical standards around machine-to-machine (M2M) communications in various areas of physical layer, data link layer, network layer, transport layer, and application layer protocols and interfaces [26]. Figure 1.7 shows the association among different M2M standardization organizations. These standardization efforts mainly take care of technical and syntactic interoperability outlined in Figure 1.6. In the semantic interoperation space, quite a bit of work has been achieved in Open Geo Spatial Consortium (OGC) [27]. The Sensor Web Enablement (SWE) and Sensor Mark-up Language (SensorML) from OGC provides rich semantic description of sensor data. These specifications from OGC are being put into standardization through the World Wide Web Consortium (W3C) [28] as an Internet Standard for Spatial Data on the Web [29]. In the space of industry-specific interoperability, the Industrial Internet Consortium (IIC) is doing a lot of work in terms of creating industry vertical-specific use cases, test beds, and technology requirements around energy, healthcare, manufacturing, public sector, and transportation verticals [30]. There are also some initiatives to standardize the smart city space, which can be thought of as a large organization consisting of multiple industry verticals by the International Organization for Standardization (ISO) [31]. ISO has tried to identify the types of stakeholder and types of ICT systems of a smart city and has proposed an ecosystem-based domain
Internet of Things Today
31
Figure 1.7 Relationship between different standardization bodies in M2M space.
model. Similar work has also been done by the U.K. standardization body called British Standards Institution (BSI) [32] in the area of smart city vocabularies. It should be noted that although a lot of effort is being spent on the technical interoperation part, given the complexity and diversity of IoT systems, it is not possible or prudent to define standards for each and every layer and component; each vertical and use case will have different requirements. Rather, the focus in an IoT system should be to adopt multiple existing standards in each layer and define the Interoperation between those standards at the syntactic, semantic, and organizational levels. There are quite a few consortia trying to work in this space [33], notable among them being Thread (backing from NEST in the connected home space looking at the radio layer), Open Interconnect Consortium/IoTivity (backing from Intel looking at the radio layer and upper layer protocols) [34], AllSeen Alliance/AllJoyn (driven by Qualcomm in connected home looking at upper layer protocols) [35], ITU-T SG 20 (backed by ITU-T as the umbrella international standard for IoT and smart cities/communities [36], IEEE P2413 (complete umbrella of IoT standards from IEEE supporting 350 existing standards and 110
32
IoT Technical Challenges and Solutions
new standards) [37], Apple HomeKit (not a standard, but Apple’s view of connected home) [38], and Google Brillo (Android for IoT) [39].
1.5 Challenges and Open Problems There is no disputing the fact that IoT has the potential to disrupt every business and blur the boundaries between industry verticals. There is no doubt about its potential impact. However, is this just a hype or are there some real-life deployments in IoT? It is true that most of the IoT deployments are happening in a pilot scale and very few have scaled out beyond pilots. We try to explore the main challenges in IoT that need to be addressed to convert the hype around IoT to a practical reality. There seems to be five areas of concern around which the challenges are emerging: (1) gearing up the ICT infrastructure to the massive scale of IoT sensors and data, (2) ensuring security of IoT systems and complying to privacy requirements for IoT data, (3) context-aware analytics of IoT data leading towards business insights and value-adds, (4) affordable implementation and deployment of IoT system to ensure ROI, and (5) ease of development of IoT analytics systems [40]. This is depicted pictorially in Figure 1.8 and explained in detail next. 1.5.1 Handling the Scale
With immensely large number of sensors (potentially in billions) connecting over the Internet, the scalability of the connecting networks to transport the sensor data to cloud, the scalability of the storage systems to store and retrieve the huge volume of data and the scalability of the computing infrastructure to analyze such huge volume of data within the required response time of the application; all become important considerations. The storage technology has scaled quite well; however, the network and computing scalability, unless addressed properly can always become a bottleneck for practical implementation of IoT systems, especially under realtime constraints on the response and energy constraints on the sensor device side. The storage, although capable of handling very large data, mainly tries to handle a limited number of large and
Internet of Things Today
33
Figure 1.8 Challenges in IoT deployments.
very large files. In the IoT context, it is more likely to encounter a huge number of small files; it is expected that the current storage technology may need some tweaking to cater to this requirement. The scalability of networks and computing [41, 42] is discussed in detail in Chapter 2 with some real-world use cases and examples. 1.5.2 Security and Privacy
Security in IoT systems has a different dimension from the implication perspective. Because we are dealing with physical systems consisting of sensors placed on real infrastructure and human beings, a security lapse in the ensuing ICT system can potentially put the infrastructure or human lives at risk. It is not only important to make IoT systems as much secure as possible, given the constraints of power, computing, and memory that typical embedded edge devices have, but also it is important to do a proper security risk
34
IoT Technical Challenges and Solutions
assessment of potential implications on the physical infrastructure if a security breach happens. However, because IoT systems sense contextual information, they can contain sensitive personal data like location and health. The end user or the infrastructure owner should be able to determine or have control over with whom their data can be shared. If appropriate measures are not implemented, rich personal data falling into the wrong hands can have catastrophic consequences. In Chapter 3, we discuss in depth the implications of security and privacy in IoT systems and possible approaches towards solving the issues. 1.5.3 Context-Aware Analytics
It is important to understand that analytics of IoT systems does not stop at visualizing sensor data in form of charts and graphs in geotagged maps. In line with Figure 1.4, it is also imperative for IoT analytics to gain deeper knowledge and insights into the physical system events (how and why). This means building and validating models backed by physical science of physics, chemistry, or biology or learning statistical models backed by data science. Having a validated model may allow businesses to predict some outcome from the IoT system and use that contextual knowledge for humanintervened action and control. Going one step further, if the system analytics can automatically infer what actions need to be taken to have the desired effect in the business process or operation, then a complete autonomous system can be built that can be regarded as a giant control system. In Chapter 4, we describe different aspects of the sensor informatics and business insights needed to achieve the above objectives. 1.5.4 Affordable Implementation and Deployment
A bulk of the cost of IoT deployment goes into the hardware and operational cost of deploying sensors in the field. While many systems will need fixed, dedicated sensor installations and will have requisite value-add coming from the data collected from them justifying their ROI, there will be many cases where such ROI cannot be justified, nor is there a need for putting fixed, dedicated sensor installations. Novel methods like ad hoc sensor deployment on mobile platforms like robots and drones or crowdsourcing
Internet of Things Today
35
physical world data from the sensors of millions of mobile phones carried by people need to be regarded as possible options; otherwise, many potential use cases of IoT may not see the light of the day beyond pilots. In Chapter 5, we introduce mobile ad hoc sensing technologies and discuss how they can lead to economy of deployment. 1.5.5 Ease and Economy of Development
Just like open application development platforms and applications stores had revolutionized the mobile phone market, such open platforms are also needed for successful adoption of IoT. When more people start writing value-adding applications on the IoT data, then only adoption of IoT will rise significantly and will solve real problems plaguing today’s business and society creating the necessary impact. Today, most of the IoT systems are closed silos, and that needs to change. We call it “democratization” of IoT analytics where different applications can provide different analytics from the IoT data as a service. This, coupled with automation of some parts of the analytics using artificial intelligence, can lead to a cost-effective and easy way to create value from IoT sensor data. In Chapter 6, we introduce this subject and give it a detailed treatment. 1.5.6 Realistic Deployments
To realistically deploy IoT-based systems in the field, we need to consider robustness, user-centricity, choice of the right processes and business model, and use of the right ecosystems. This is elaborated in detail in Chapter 7, which also outlines how a realistic deployment of IoT is always a trade-off between multiple conflicting factors, notable among them being direct hardware sensing versus indirect software sensing, application-specific hardware versus general-purpose hardware, security versus user experience, battery lifetime versus performance, and communication range versus power versus bandwidth. Further resilient and cognitive IoT systems in conjunction with fifth generation (5G) wireless communication systems will pave the way for realistic application deployments in near future.
36
IoT Technical Challenges and Solutions
1.6 Conclusions In this chapter, we first introduced the key macro business trends that are being observed in the IoT space; this includes creating value for end customers and new business models through better understanding of end customers’ requirements. Then we outlined the main business components in the application landscape that are affected by IoT; these components include facility, product, consumer, and supply chain. We covered this from the perspective of different industry verticals and gave a summary outline of possible application use cases, including the potentially disrupting ones. Then we introduced different technologies needed for IoTbased systems including different architectural components spanning sensor devices to cloud systems connected in between via local sensor networks, gateway devices, and Internet. Following that, we introduced the need for standardization and interoperation in IoT space and discussed how different standardization activities are trying to address the standardization in terms of technical, syntactic, semantic, and organizational interoperability. Finally, we identified the real-world challenges in terms of scalability, security, privacy, affordability, context-awareness, and ease of development that must be addressed to create and deploy a full-scale IoT system in the real world. Diving deeper into these challenges, identifying their issues, and trying to provide feasible and reali�stic solution approaches to them become the objective for the rest of the book.
References [1] http://www.webopedia.com/TERM/I/internet_of_things.html. [2] ������������������������������������������������������������������ http://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/#14b285316828. [3] http://internetofthingsagenda.techtarget.com/definition/ Internet-of-Things-IoT. [4] http://www.gartner.com/newsroom/id/3165317. [5] http://sites.tcs.com/internet-of-things/. [6] http://www.tcs.com/research/Pages/TCS-Connected-Universe-Platform. aspx. [7] http://www.ioti.com/iot-trends-and-analysis/10-most-important-iottrends-2016.
Internet of Things Today
37
[8] https://www.engadget.com/2016/02/15/ barbie-hello-dream-house-iot-voice-commands/. [9] https://techcrunch.com/2016/06/05/atarinet-of-things/. [10] https://blog.mozilla.org/blog/2015/12/09/firefox-os-pivot-to-connecteddevices/. [11] http://www.techworld.com/mobile/internet-of-things-will-be-gamechanging-for-visa-says-director-3629227/. [12] https://powermore.dell.com/technology/the-10-most-innovativeconsumer-based-internet-of-things-companies/. [13] http://wonderfulengineering.com/30-innovative-products-you-did-notknow-exist-but-are-too-awesome-to-miss/. [14] http://sites.tcs.com/internet-of-things/. [15] http://www.etsi.org/images/files/ETSIWhitePapers/IOP%20 whitepaper%20Edition%203%20final.pdf. [16] http://www.itu.int/en/ITU-T/Pages/default.aspx. [17] http://www.tiaonline.org/standards/procedures/manuals/scope. cfm#TR50. [18] http://www.etsi.org/deliver/etsi ts/102600 102699/102690/01.01.01 60/ts 102690v010101p.pdf. [19] http://www.ccsa.org.cn/english/. [20] http://www.tsdsi.org/. [21] www.arib.or.jp/english/. [22] http://www.openmobilealliance.org/. [23] http://www.ipso-alliance.org/. [24] www.ietf.org. [25] http://www.onem2m.org/. [26] http://www.iot-a.eu/public/public-documents/d3.1. [27] www.opengeospatial.org/ogc. [28] https://www.w3.org/. [29] https://www.w3.org/2015/spatial/wiki/Main_Page. [30] http://www.iiconsortium.org/. [31] http://www.iso.org/iso/home.html. [32] http://www.bsigroup.com/en-GB/smart-cities/. [33] http://techbeacon.com/state-iot-standards-stand-big-shakeout. [34] https://www.iotivity.org/.
38
IoT Technical Challenges and Solutions
[35] https://allseenalliance.org/. [36] http://www.itu.int/en/ITU-T/studygroups/2013-2016/20/Pages/ default.aspx. [37] https://standards.ieee.org/develop/project/2413.html. [38] https://developer.apple.com/homekit/. [39] https://developers.google.com/brillo/. [40] https://www.computer.org/csdl/mags/it/2015/03/mit2015030002.pdf. [41] http://blogs.cisco.com/digital/4-key-requirements-to-scale-the-internetof-things. [42] http://electronicdesign.com/communications/understanding-how-iotsystems-scale-and-evolve.
Selected Bibliography Atzori, L., A. Iera, and G. Morabito, “The Internet of Things: A Survey,” Computer Networks, Vol. 54, No. 15, 2010, pp. 2787–2805. Balamurali, P., P. Misra, and A. Pal, “Software Platforms for Internet of Things and M2M,” Journal of the Indian Institute of Science, A Multidisciplinary Reviews Journal, Vol. 93, No. 3, July–September 2013. Bandyopadhyay, D., and J. Sen, “Internet of Things: Applications and Challenges in Technology and Standardization,” Wireless Personal Communications, Vol. 58, No. 1, 2011, pp. 49–69. Bandyopadhyay, S., P. Balamuralidhar, and A. Pal. “Interoperation Among IoT Standards,” Journal of ICT Standardization, Vol. 1, No. 2, 2013, pp. 253–270. Bandyopadhyay, S., et al., “Role of Middleware for Internet of Things: A Study,” International Journal of Computer Science & Engineering Survey (IJCSES), Vol. 2, No. 3, August 2011. Biswas, A. R., and R. Giaffreda, “IoT and Cloud Convergence: Opportunities and Challenges,” 2014 IEEE World Forum on in Internet of Things (WF-IoT), 2014, pp. 375–376. Botts, M., et al., “OGC® Sensor Web Enablement: Overview and High Level Architecture,” in GeoSensor Networks, New York: Springer, 2008, pp. 175–190. Botts, M., and A. Robin, “OpenGIS Sensor Model Language (SensorML) Implementation Specification,” OpenGIS Implementation Specification OGC, 2007, p. 07-000. BSI Standards Publication, Smart Cities Vocabulary, PAS, Vol. 180, 2014. Chen, H., R. H. L. Chiang, and V. C. Storey, “Business Intelligence and Analytics: From Big Data to Big Impact,” MIS Quarterly, Vol. 36, No. 4, 2012, pp. 1165–1188.
Internet of Things Today
39
Cheng, H. -C., and W. -W. Liao, “Establishing a Lifelong Learning Environment Using IOT and Learning Analytics,” 2012 IEEE 14th International Conference on Advanced Communication Technology (ICACT), 2012, pp. 1178–1183. Davenport, T. H., and J. G. Harris, Competing on Analytics: The New Science of Winning, Cambridge, MA: Harvard Business Press, 2007. Demirkan, H., and D. Delen, “Leveraging the Capabilities of Service-Oriented Decision Support Systems: Putting Analytics and Big Data in Cloud,” Decision Support Systems, Vol. 55, No. 1, 2013, pp. 412–421. Ding, G., L. Wang, and Q. Wu, “Big Data Analytics in Future Internet of Things,” arXiv preprint arXiv:1311.4112, 2013. Dinh, N. -T., and Y. Kim, “Potential of Information-Centric Wireless Sensor and Actor Networking,” 2013 IEEE International Conference on Computing, Management and Telecommunications (ComManTel), 2013, pp. 163–168. Emery, D., and R. Hilliard, “Every Architecture Description Needs a Framework: Expressing Architecture Frameworks Using ISO/IEC 42010,” Joint Working IEEE/ IFIP Conference on Software Architecture & European Conference on Software Architecture 2009 (WICSA/ECSA 2009), 2009, pp. 31–40. Evans, J. R., and C. H. Lindner, “Business Analytics: The Next Frontier for Decision Sciences,” Decision Line, Vol. 43, No. 2, 2012, pp. 4–6. Farooqui, K., L. Logrippo, and J. de Meer, “The ISO Reference Model for Open Distributed Processing: An Introduction,” Computer Networks and ISDN Systems, Vol. 27, No. 8, 1995, pp. 1215–1229. Gubbi, J., et al., “Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions,” Elsevier Journal on Future Generation Computer Systems, Vol. 29, 2013, pp. 1645–1660. Haas, P. J., et al., “Data Is Dead... Without What-If Models,” PVLDB, Vol. 4, No. 12, 2011, pp. 1486–1489. ISO/IEC JTC 1, Smart Cities Preliminary Report, 2014. Kansal, A., et al., “Senseweb: An Infrastructure for Shared Sensing,” IEEE Multimedia, Vol. 4, 2007, pp. 8–13. Kozlov, D., J. Veijalainen, and Y. Ali, “Security and Privacy Threats in IoT Architectures,” Proc. of 7th Intl. Conf. on Body Area Networks, 2012, pp. 256–262. Lewis, F. L., “Wireless Sensor Networks,” Smart Environments: Technologies, Protocols, and Applications, 2004, pp. 11–46. Li, W., J. Bao, and W. Shen, “Collaborative Wireless Sensor Networks: A Survey,” 2011 IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2011, pp. 2614–2619. Ma, H. -D., “Internet of Things: Objectives and Scientific Challenges,” Journal of Computer Science and Technology, Vol. 26, No. 6, 2011, pp. 919–924.
40
IoT Technical Challenges and Solutions
Medaglia, C. M., and A. Serbanati, “An Overview of Privacy and Security Issues in the Internet of Things,” in The Internet of Things, New York: Springer, 2010, pp. 389–395. Ning, H., and Z. Wang, “Future Internet of Things Architecture: Like Mankind Neural System or Social Organization Framework?” IEEE Communications Letters, Vol. 15, No. 4, 2011, pp. 461–463. Ojo, A., E. Curry, and T. Janowski, “Designing Next Generation Smart City Initiatives Harnessing Findings and Lessons from a Study of Ten Smart City Programs,” 22nd European Conf. on Information Systems, Tel Aviv, 2014. Pal, A., “Internet of Things – from Hype to Reality,” IEEE Computer Society IT Professional Magazine, May 2015. Pal, A., et al., “System and Method for Identifying and Analyzing Personal Context of a User,” U.S. Patent Application 14/376,536, filed January 22, 2013. Parker, L. E., et al., “Distributed Heterogeneous Sensing for Outdoor Multi-Robot Localization, Mapping, and Path Planning,” in Multi-Robot Systems: From Swarms to Intelligent Automata, New York: Springer, 2002, pp. 21–30. Smith, S. W., The Scientist and Engineer’s Guide to Digital Signal Processing,�������� San Diego: California Technical Publishing, 1997. Suo, H., et al., “Security in the Internet of Things: A Review,” 2012 IEEE International Conference on Computer Science and Electronics Engineering (ICCSEE), Vol. 3, 2012, pp. 648–651. Tata Consultancy Services Ltd., “Internet of Things: The Complete Reimaginative Force,” TCS Global Trend Study, July 2015. Wallace, D. P., Knowledge Management: Historical and Cross-Disciplinary Themes, Westport, CT: Libraries Unlimited, 2007, pp. 1–14. Weber, R. H., “Internet of Things–New Security and Privacy Challenges,” Computer Law & Security Review, Vol. 26, No. 1, 2010, pp. 23–30. Wei, R. E. N., “A Study of Security Architecture and Technical Approaches in Internet of Things,” Netinfo Security, Vol. 5, 2012, p. 025. Xu, T., J. B. Wendt, and M. Potkonjak, “Security of IoT Systems: Design Challenges and Opportunities,” Proc. of the 2014 IEEE/ACM International Conference on Computer-Aided Design, 2014, pp. 417–423. Zhu, Q., et al., “IoT Gateway: Bridging Wireless Sensor Networks into Internet of Things,” 2010 IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing (EUC), 2010, pp. 347–352.
2 Scalability of Networks and Computing
2.1 Introduction As outlined in Chapter 1, the Internet of Things (IoT) is all about putting sensors on physical objects and human beings and connecting them to monitor, diagnose, or predict physical states and events. Different studies predict that there will be 40 to 50 billion IoT devices connected to the Internet by 2020 [1]. However, are the network and computing infrastructure scalable enough to handle the deluge of data that will be churned out by these devices? We try to explore in depth this infrastructure scalability issue in this chapter. From a networking perspective, scalability is needed in every layer of the communication stack. Here scalability means providing sufficient bandwidth, capacity, and low latency for transporting the sensor data to handle the IoT application requirements. We also need to keep in mind the coverage of the network to implement cost-effective systems. Hence, choice of the right communication technology, network topology, and network protocol has paramount importance in this respect.
41
42
IoT Technical Challenges and Solutions
However, value of IoT systems is mainly derived from meaningful analytics of the collected sensor data. The volume of data generated by sensors being enormous leads us to the computing scalability problem. Depending upon the application type, the required analytics need to be computed in real time or in near real time or offline. The computing infrastructure needs to take cognizance of this varying requirement and implement the required system accordingly. In Section 2.2, we present an exhaustive set of possible use cases for applying IoT across various verticals like transportation, environment, energy, water, security surveillance, retail, manufacturing, agriculture, and healthcare. For each of the application use cases, the requirements for communication bandwidth, network capacity, latency, network coverage, timeliness of analytics, and computational complexity are tabulated. The analysis of communication technologies, network architectures, and computing architectures in subsequent sections draws extensively from these diverse requirements from diverse use cases. In Section 2.3, we outline different communication technologies for IoT in form of personal, wide area, or cellular networks and application layer protocols. In Section 2.4, we will cover different network architectures for IoT that can be built on top of these communication technologies to provide scalability. These include various network topologies, protocol design, delay-tolerant networks, and software-defined networks. Subsequently, in Section 2.5, we will discuss some practical considerations for scalable IoT system deployment in form of real-time and power considerations for sensor data analytics, and utilizing the edge device for analytics, service-oriented platforms for IoT application development.
2.2 Use Cases and Requirements IoT can give rise to several interesting use cases, which hold the potential to add value to the end user. At a broad level, IoT use cases can be verticalized into various domains [2]. These use cases demand and pose a lot of requirements on the infrastructure of network, storage, and computing. One needs to understand these use cases first before understanding the infrastructural requirements from these use cases. Hence, we start with a list of example
Scalability of Networks and Computing
43
IoT application use cases in different verticals that promise to create a disrupting value to the end-user experience or business. 2.2.1 Smart Transportation 2.2.1.1 Smart Parking
Sensor-based parking slot monitoring followed by aggregate parking slot monitoring and demand-based parking price modification can go a long way to ease parking woes of busy city downtowns. 2.2.1.2 Traffic Congestion Management
Sensor-based localization and tracking of vehicles can provide insights into temporal and spatial patterns of traffic, which, in turn, can be used for better traffic planning. In addition, such sensing systems can be used in real time for dynamic congestion control and signaling. 2.2.2 Smart Environment 2.2.2.1 Pollution Control
Air quality monitoring and sound level monitoring can easily be done using IoT-based sensing systems. Analysis of such data can produce pollution heat maps, which can either tell people the areas to avoid or help authorities to take control action. 2.2.2.2 Waste Management
Urban waste collection until now has been a scheduled regular process; however, production of waste is dynamic in nature and hence sensing of waste content in the dustbins and optimal scheduling of waste collection vehicles accordingly can lead to a much more efficient system. 2.2.2.3 Forest Fire Detection
Forest fires can cause havoc to the environment and can affect the nonurban, suburban, and urban populaces. Timely detection of forest fires when they are small can make them much easier and cheaper to control. Sensor-based systems with analytics for early detection of forest fires can be an impactful application in many locations.
44
IoT Technical Challenges and Solutions
2.2.2.4 Natural Hazard Detection and Prediction
In many areas, due to their geographical locations, landslide and avalanches are potential life hazards. Similarly, earthquakes and tsunamis are natural hazardous events. Strategic placement of wireless sensors coupled with analysis of the aggregate sensor data can provide early warning for landslide, avalanche, earthquake, and tsunami, thereby enabling suitable timely evacuation procedures. 2.2.3 Smart Energy 2.2.3.1 Grid Monitoring and Control
Continuous monitoring and control of electricity grid parameters can make the grid smart. A smart grid can be considered to be consisting smart control centers, smart transmission networks, and smart substations. Sensing critical grid parameters, transmitting them in real time to a central control station, and creating automatic actionable insights from the grid sensor data can be seen as the IoT-enabled version of the smart grid. 2.2.3.2 Peak Load Management
With the proliferation of smart meters and smart gateways at home and buildings that can be regarded as the electricity sensor connected over network, it is now possible to have complex demand-response analysis create suitable policies for peak load management. 2.2.4 Smart Water 2.2.4.1 Water Quality Monitoring
Water quality monitoring, both for fresh water and ground water, is an important aspect that is becoming more pertinent in the current context. Analysis of water content via biological and chemical sensors can provide impactful health benefits for all. 2.2.4.2 Leakage Detection
The water distribution network of any city is one of the most complex ones and, being typically underground, is quite hard to maintain. There is significant amount of waste of water that happens due to leakages in water distribution pipes. Such leakages also re-
Scalability of Networks and Computing
45
sult in higher power consumption as the pumps need more power to push water through the leaky network. Hence, suitable placement of water pressure sensors all along the water network and resultant analytics for leakage detection can be very useful. 2.2.5 Smart Security and Surveillance 2.2.5.1 Perimeter Access Control
Video camera-based surveillance is increasingly proliferating across cities, neighborhoods, and homes as an effective means for protection, threat detection and access control. Due to the inherently large size of the video data, the biggest challenge is to create meaningful analytics on video data with automatic detection and alerting for security events. 2.2.5.2 Hazardous Scenario Detection and Response
Hazardous scenarios like fire in a building need real-time detection and analysis triggering emergency evacuation if needed. Video surveillance augmented by suitable sensors and associated analytics can be used create such applications involving real-time alert generation and optimal evacuation path prediction. 2.2.6 Smart Retail and Logistics 2.2.6.1 Supply Chain Optimization
A supply chain is a network of supplier, production centers, storage, distribution centers, sellers, and buyers, and tracking an item in the supply chain using sensor technology can provide a nearreal-time view, which, in turn, can lead to improve of the efficiency of the supply chain via advance optimization techniques. 2.2.6.2 Personalized Shopping
Sensing, location tracking, and understanding customers via the sensor present in smartphone and wearable items can provide retail stores with the invaluable knowledge about the customers’ likes and dislikes. This knowledge can be used to create actionable insights around customer profiles. This can help to create a personalized shopping experience for the end user resulting in cost and experience benefits.
46
IoT Technical Challenges and Solutions
2.2.7 Smart Manufacturing 2.2.7.1 Defect Detection and Quality Control
Automated defect detection and quality control in a manufacturing plant or an assembly line are important applications to efficiently improve product quality. Camera-driven three-dimensional (3-D) vision systems followed by necessary analytics can provide such solutions. 2.2.7.2 Predictive Maintenance and Diagnosis for Machines
Sophisticated and costly machines employed in today’s shop floor have expensive downtime and maintenance issues. Putting sensors on such machines (both obtrusive and unobtrusive) and performing modeling, diagnosis, and prognosis on the collected sensor data can provide the much-needed, just-in-time predictive maintenance for such systems. 2.2.8 Smart Farming 2.2.8.1 Produce Quality Monitoring
Smart farms of the future have started employing sensors for plant monitoring ranging from simple cameras to specialized sensors like spectroscopes and x-rays. Analytics of such sensor data can reveal early diagnosis of plant diseases and also can recommend optimal farming processes (watering, insecticide, and so forth) tuned for a particular plant or crop. 2.2.8.2 Smart Control of the Greenhouse Environment
With the advent of advanced networked sensing, a smart greenhouse can be regarded as a closed loop control system, which senses various environmental and plant parameters and maintains the optimal environment suitable for plant growth. 2.2.9 Smart Home 2.2.9.1 Smart Home Surveillance Systems
Camera and other home sensor-based security and surveillance systems for home are coming up rapidly. The key to deployment of such systems is smart cameras, which can do the video analyt-
Scalability of Networks and Computing
47
ics themselves, so that only abnormal events are reported over the Internet and video is not sent out over the network. 2.2.9.2 Home Energy and Water Use Optimization
With most of the homes getting fitted with smart or digital meters, it is possible to monitor in real time the energy and water consumption at home. Analytics of such data can provide appliancelevel consumption, peak load management, and, in general, optimization of overall usage and associated cost. 2.2.10 Smart Health 2.2.10.1 Monitoring or Wellness Monitoring at Home and the Workplace for Elderly People and People with Disease
Due to s significant raise in the number of elderly people and people with chronic diseases, it is becoming more important to impart sensor-based remote healthcare with a patient at home. Medical devices, wearable devices, and mobile phones can be used to create such systems to provide real-time health views and alerts to the remote doctor. 2.2.10.2 Predictive Analytics and Disease Prognosis
With the advent of connected sensors in the medical domain via mobile phones, wearable devices, and other devices, it is becoming possible to obtain 24-7 health and wellness data from patients. Predictive analytics on such data can provide capability of immediate disease diagnosis and future disease prognosis. It can also help in discovering new data-driven diagnostic procedures helping the healthcare system to move from current illness-driven reactive systems to more proactive, wellness-driven systems.
2.3 Application Classification Templates One interesting observation from the wide gamut of applications presented above is the variety in terms of sensors, deployment, and analytics requirements. The applications space of IoT is too huge and it is useful to abstract them into a set of application categories or templates for a systematic analysis.
48
IoT Technical Challenges and Solutions
Broadly, the application requirements can be classified with regard to type of application (monitoring, control, optimization). They can be further subdivided into different classes based on the number of sensors (small or large), data traffic nature (burst or continuous), data traffic size (large or small), system latency (real time, near real time, or offline), coverage area (low, medium, or high) and analytics complexity (low or high). Tables 2.1, 2.2, and 2.3, respectively, try to classify the three types of applications (monitoring, control, and optimization) with their respective subdivision under the headings of number of sensors, data traffic nature, data traffic size, system latency, coverage area, and analytics complexity. These headings mainly depict the application attributes that is useful for the design of a suitable system architecture. As obvious from Tables 2.1, 2.2, and 2.3, each application use case, based on its classification, will pose different IoT infrastructural requirement in terms of networking, storage, and computing. Understanding these requirements beforehand and creating the right architectural design for the IoT system is of paramount importance for a cost-effective, scalable, successful deployment of IoT-based system; there is no one-size-fits-all solution. Later in this chapter, we will delve more deeply into the main technological components of the IoT architecture. Table 2.1 Requirements Mapping for Monitoring Applications Application Use Case Smart parking Pollution monitoring Forest fire detection Natural hazard detection and prediction Water quality monitoring Water leakage detection Perimeter access control Produce quality monitoring Smart home surveillance Systems
Number Data of Traffic Sensors Nature Large Burst Small Burst Medium Continuous Large Continuous
Data Traffic Size Small Small Small Medium
System Latency Real-time Offline Near real time Real time
Analytics Coverage Complexity Area Low Medium Low High Low Medium High High
Small
Burst
Small
Offline
Medium
Low
Medium
Continuous Small
Real time
High
Medium
Small
Continuous Large
Real time
High
Low
Small
Continuous Large
Offline
High
Medium
Small
Continuous Large
Near real time High
Low
49
Scalability of Networks and Computing Table 2.2 Requirements Mapping for Control Applications Number of Sensors
Data Traffic Data Nature Traffic Size
System Latency
Analytics Coverage Complexity Area
Traffic congestion management (traffic control)
Large
Continuous
Medium
Real time
Low
High
Grid monitoring and control
Medium
Continuous
Medium
Real time
Medium
Medium
Peak load management
Application Use Case
Large
Continuous
Small
Offline
High
High
Hazardous scenario Small detection and response
Continuous
Large
Real time
High
Medium
Personalized shopping
Large
Continuous
Medium
Offline
Medium
Low
Defect detection and quality control
Small
Continuous
Large
Real time
High
Low
Predictive maintenance Small and diagnosis for machines
Continuous
Large
Offline
Medium
Low
Smart control of green- Medium house environment
Continuous
Medium
Near real time
Medium
Low
Home energy and water use optimization
Small
Burst
Small
Offline
Medium
Low
Monitoring or wellness monitoring at home and workplace of elderly people or people with disease
Medium
Burst
Medium
Real time
Medium
Low
Predictive analytics and disease prognosis
Medium
Burst
Medium
Offline
High
High
Table 2.3 Requirements Mapping for Optimization Applications Application Use Case Traffic congestion management (planning) Waste management Supply chain optimization
Number of Sensors Large
Data Data Traffic Traffic System Nature Size Latency Continuous Medium Offline
Medium Large
Burst Burst
Small Small
Analytics Coverage Complexity Area High High
Near real time Low Near real time High
Medium High
2.4 Communication Technologies for IoT There are several communication technologies applicable for IoT. Selecting a specific technology from the pool of existing communi-
50
IoT Technical Challenges and Solutions
cation technologies will depend on various factors. It is important to take into account the application requirements, communication requirements, architecture, maturity, and acceptance of the standard. There are a number of popular access-level technologies used in IoT systems. As shown in Figure 2.1, they may be categorized majorly into wireless personal or local area networks (WPAN/ WLAN) and wireless wide area networks (WWAN). Salient features of major standards in both the categories are presented next. 2.4.1 Personal/Local Area Network Technologies
One of the key challenges of IoT is the last-meter connectivity. There are several wireless technologies available that can be considered to suit specific application requirements. A summary of the major technologies come under this category is given in Table 2.4. 2.4.1.1 IEEE 802.15.4
IEEE 802.15.4 is a physical layer and the media access control layer standard and several secondary communication protocols has been designed on top of it. It has several features relevant to standard IoT networks. The basic link in 802.15.4 supports 10-m range with a data transfer rate of 250 Kbps. Important features include
Figure 2.1 High-level view of scalable IoT networks.
51
Scalability of Networks and Computing Table 2.4 Popular Short- and Medium-Range IoT Communication Technologies
Technologies Bluetooth (https:// www.bluetooth.org/) Bluetooth Smart (BLE) (https://www.bluetooth.com/what-isbluetooth-technology/ bluetooth-technologybasics/low-energy) ZigBee (https://www. zigbee.org) Wi-Fi (http://www. wi-fi.org/)
Zwave (http://www.zwave.com/) ANT+ (https://www. thisisant.com/) Rubee (http://www. rubee.com)
Standards Body Bluetooth SIG IoT Interconnect
Frequency Band 2.4-GHz ISM 2.4-GHz ISM
Max Max. Data Range Rate 100m 1-3 Mbps 35m 1 Mbps
IEEE 802.15.4, Zigbee alliance IEEE 802.11 g/n/ ac/ad (http:// www.ieee802. org/11/Reports/ tgah_update.htm) Zwave
2.4-GHz ISM 2.4 GHz, 5 GHz, 60 GHz
160m
908 MHz
30m
ANT Alliance
2.4 GHz
100m
IEEE 1902.1, IEEE 1902.2
131 kHz 5m (long wave magnetic)
100m
Max. Power 1W
Network Type WPAN
10 mW
WPAN
250 Kbps 6 to 780 Mbps, 6 Gbps at 60 GHz
100 mW 1W
Star, mesh Star, mesh
100 kbps 1 Mbps
1 mW
Star, mesh Star, mesh P2P
1 mW
1.2 Kbps 40 to 50 nW
real-time suitability by reservation of guaranteed time slots, collision avoidance through carrier sense multiple access/collision avoidance (CSMA/CA) and integrated support for secure communications. It incorporates low-power management functions. There are three possible frequency bands of operation (868, 915, and 2,450 MHz) from which to choose. Several network topologies are possible. It should be noted that this standard does not define a network layer; other protocols have been developed to incorporate higher-layer integration. There are quite a few standard protocols based on IEEE 802.15.4, prominent among them being ZigBee, WirelessHART, and 6LoWPAN. 2.4.1.2 Zigbee
The ZigBee standard is maintained by the ZigBee Alliance. ZigBee was developed for short-range communication in the order of 10m to 100m based on IEEE 802.15.4. Its main feature is low energy; the protocol can maintain very long sleep intervals and low operation
52
IoT Technical Challenges and Solutions
duty cycles enabling devices to run on batteries for years. ZigBee is being used extensively in smart energy, home automation, and lighting control applications, each of which has a specific ZigBee profile and certification. 2.4.1.3 6LoWPAN
The full expansion of 6LoWPAN is IPv6 over low-power wireless personal area networks. The standardization effort is driven by Internet engineering task force (IETF) with a goal to define an efficient adaptation layer between the 802.15.4 link layer and transmission control protocol over Internet protocol (TCP/IP) stack. It includes the 802.15.4 link layer, the IP header compression layer and a TCP/IP stack. A major advantage of 6LoWPAN is that the devices running on different heterogeneous physical networks can communicate with each other over the Internet, which is a very important requirement from an IoT perspective. For connecting to an IPV4 network, which is most of the deployed Internet today, it requires a gateway to take care of IPv6-to-IPv4 conversion. 2.4.1.4 WirelessHART
WirelessHART is the wireless flavor of the Highway Addressable Remote Transducer (HART) protocol. WirelessHART is also based on the 2.4-GHz IEEE 802.15.4 physical layer. It uses time division multiple access (TDMA) with time synchronization for achieving reliable low-power consumption. 2.4.1.5 Thread
Thread uses IEEE 802.15.4 and 6LowPAN and specifies an IPbased mesh network protocol. Every Thread-certified device gets an IPv6 address. On the network layer, Thread supports user datagram protocol (UDP) on top of 6LowPAN. 2.4.1.6 Wi-Fi
The highly popular Wi-Fi technology, based on the IEEE 802.11 standard, is also used for IoT applications. Power consumption can be an issue for low-power IoT devices. Clever power management design can save the situation to an extent. The attraction is that the IoT application can leverage the existing wireless network
Scalability of Networks and Computing
53
infrastructure. Also, it can work with common off-the shelf Wi-Fienabled devices such as smart phones. 2.4.1.7 Bluetooth
Bluetooth is another successful wireless technology grown with the popularity of mobile phones. Bluetooth is mainly used today as a cable replacement for short range communication. It supports data throughput up to 2 MBps. Bluetooth is generally used in a point-to-point or in a star network topology. A master Bluetooth device can communicate with a maximum of seven devices in a piconet. The technology is fairly low power but high compared to Zigbee. Bluetooth Low Energy (BLE) is positioned to fill that gap. 2.4.1.8 Bluetooth Low Energy (BLE)
Bluetooth Low Energy (BLE) (also called Bluetooth Smart or Version 4.0+ of the Bluetooth specification) is the low power version of Bluetooth that was built mainly for the IoT. Theoretically, BLE can support an unlimited number of devices; however, in practice, the number of simultaneously connected devices can be between 10 and 20. There are several other proprietary protocols, many of them having a strong domain focus are in wide usage. Similar to BLE, the ANT technology is also an ultralow-power protocol typically used in body and health-monitoring applications. ANT technology specifies the radio interface, while ANT+ covers specifications also for more complex network topologies. ANT+ technology has already penetrated into the smartphone market. Some smartphones have been launched in the market supporting ANT technology. RuBee (IEEE 1902.1 and 1902.2 standards) modulates the magnetic component of its carrier wave at around 131 kHz. It has a short range of about 5m and can penetrate many materials including steel. Key features of some these technologies are summarized in Table 2.4. 2.4.2 Technologies for Low-Power Wide Area Networks (LPWAN)
The uses for wide-area IoT technology are predominant in civic infrastructure systems. It includes parking resource management, traffic control, utilities monitoring, and environmental monitor-
54
IoT Technical Challenges and Solutions
ing. There are also agricultural use cases like crop monitoring and livestock movement monitoring that need wide-area coverage. Asset monitoring and tracking in transportation and cold chain require ubiquitous coverage that is statewide, nationwide or worldwide. Another use case for wide-area monitoring is monitoring of transportation infrastructures such as rail lines and roadways need. Consumer applications like health and wellness monitoring can also benefit from having an alternative to cell phones for their wide-area connectivity. Due to power constrained nature of the sensing devices, this connectivity needs to low power. Major technologies applicable for LPWAN are summarized in Table 2.5. 2.4.3 Cellular Technology for IoT
Current cellular 2G, 3G, and 4G technologies are also popular for IoT applications. They are suitable for applications that require wide area connectivity, mobility, and areas where main power supply is available or frequent recharging is possible. They support Table 2.5 Low-Power Wide Area Networking Technologies for IoT
Technology
Standards or Governing Body
Frequency
Range
Data Rate
Topology
Devices per Access Point
Star
Unlimited
Weightless (http://www. weightless. org/)
—
N&P (Subgigahertz ISM), W (TV whitespace)
2–5 km (urban)
200 bps– 100 Kbps, W (1 Kbps–10 Mbps)
LoraWAN (https://www. lora-alliance. org/)
LoRa Alliance
433, 780, 868, 915MHz ISM
2.5–15 km
0.3–50 Kbps Star on star
SigFox (http:// www.sigfox. com/en/)
SigFox
Ultranarrow band
30–50 km 100 bps (rural), 3–10 km (urban)
Star
1 million
WiFi LowPower
IEEE P802.11ah
Subgigahertz license-exempt bands
1 km (outdoor)
150 Kbps–340 Mbps
Star, Tree
8,191
Dash7 (http:// www.dash7alliance.org/)
Dash7 Alliance
433, 868, 915 MHz
2 km
9.6, 56, 167 Kbps
Star, tree
Connectionless, can support large numbers
LTE-Cat 0
3GPP R-13
Cellular
2.5–5 km
200 kbps
star
≥20,000
UMTS(3G), HSDPA/HSUPA
3GPP
Cellular
27 km or 10 km
0.73–56 Mbps
Star
Hundreds per cell
1 million or more
Scalability of Networks and Computing
55
the coexistence of many simultaneously connected devices, the absence of interference, high reliability, and long range, and they have the capability to service both low-data rate latency-sensitive and high-data rate applications on the same infrastructure. The 3GPP LTE profile for Machine Type Communications (MTC) [3] is specifically designed for IoT. LTE MTC has made battery life, cost, and coverage optimizations for applications that require ubiquitous coverage, high reliability, and robust security of 4G LTE Advanced, but does not need the high data rate. It is possible for LTE MTC to coexist with existing 4G LTE mobile broadband services (as part of 3GPP release 13). LTE MTC has ~1-MHz narrowband operation and peak data rates less than 2 Mbps. It reduces the cost and complexity of devices and can improve coverage for machines deployed in radio-challenged locations like inside-buildings or underground. 2.4.4 Application-Level Protocols
Although IP connectivity is not necessarily required to ensure machine-to-machine communication, many standards, in their specification, include IP to easily connect things to the Internet. However, this is not enough to ensure interoperability at the required IoT application level. Because the communication nodes in IoT are resource-challenged (memory, central processing unit (CPU), battery), efficient data transmission mechanisms are needed at IP level; constrained application protocol (CoAP), extensible messaging and presence protocol (XMPP), representational state transfer (RESTful) hypertext transfer protocol (HTTP), and message queue telemetry transport (MQTT) are relevant applicationlevel protocols. 2.4.4.1 MQTT (Message Queue Telemetry Transport)
MQTT [4] is a publish-subscribe messaging system based on a broker model. The protocol has a very small overhead (~2 bytes per message) and works under lossy and intermittently connected networks. MQTT was designed to flow over TCP. MQTT is useful in large networks of small devices that need monitoring and controlled from a back-end server on the Internet. It is not designed for device-to-device transfer.
56
IoT Technical Challenges and Solutions
2.4.4.2 CoAP (Constrained Application Protocol)
CoAP [5] is an application-layer protocol championed by IETF. It is designed to provide a RESTful application protocol modeled on HTTP semantics, but with a much smaller footprint. Requests and responses are exchanged asynchronously using CoAP messages over User Datagram Protocol (UDP). CoAP binary encodes all the headers, methods and status codes, thereby reducing the protocol overhead. 2.4.4.3 XMPP (Extensible Messaging and Presence Protocol)
XMPP [6] is an open XML-based protocol for near-real-time messaging, presence and request-response services using TCP as transport. Using its store and push mechanism, it can store contents even if the receiving entity is in sleep mode or offline. However, it needs a persistent TCP connection and lacks an efficient binary encoding. For these reasons, it has typically not been practical for low-power and lossy networks, but the recent improvements in XMPP in form of XEP-0322, XEP-323, and XEP-324 can make it more suitable for IoT.
2.5 Scalable Network Architectures for IoT With the multitude of potential applications for IoT, there is a need for specific architecture to support such diverse uses with such a large number of sensors. Advanced IT systems successfully used the client-server model and now cloud services are driving networked service architectures. For IoT applications, a client-server approach may not be the best model. Referring to Figure 2.1, a typical IoT deployment would need a set of sensors connected to the Internet cloud via some gateway device. When a group of sensors may be required to make some decisions locally and trigger an instant action, computing at a remote server may not meet the required response time and computing at the gateway device may make more sense. However, a fully distributed model may also have issues, as the cost and technical constraints that the sensors have will not allow heavy computing and storage resources to be integrated into the sensors. For practical purposes, a better solution may lie between the two extremes, based on a specific IoT application. For example,
Scalability of Networks and Computing
57
consider a large agriculture sensor network. In a typical large application, thousands of sensors can be connected to the cloud. Providing some computing and storage resources at the IoT WAN gateway level can enable the system to do some in-network computing to reduce the communication bandwidth requirements. We can leverage modern WAN orchestration technologies to support the networking needs of the IoT application. 2.5.1 Network Topologies
There are majorly three network topologies utilized in the IoT: point-to-point, star, and mesh networking. In a hybrid approach, a mix of these topologies is also used. 2.5.1.1 Point-to-Point Network
This is a direct connection between two network nodes. A cell phone connecting to a medical device using Bluetooth is an example. The obvious limitation of this topology is its scalability and coverage. It can support only two nodes and span the communication range offered by the underlying communication technology. 2.5.1.2 Star Network
Here one central node acts as a common connection point for many peripheral nodes. The peripheral nodes cannot talk to each other directly, but can communicate through the central node. This central node also takes the role as a gateway to external networks. Star topology has a few important advantages. The network performance in terms latency and throughput is consistent and predictable. Fault detection and isolation in such networks are easy and thus provide high overall network reliability. There are also some disadvantages. The central node is a single point of failure. The scale of the network depends on the capacity of the central node. Further, the range is limited to the transmission range of a single device. 2.5.1.3 Mesh Network
In a mesh network, the nodes can have multiple connectivity paths. It is a mix of simple nodes and router nodes. Router nodes capture and disseminate their own data. They also serve as relays for oth-
58
IoT Technical Challenges and Solutions
er nodes in collaboration with neighbors. One or more nodes in a mesh network will have gateway roles for providing connectivity to external world. As the data path can be in multiple hops, the network range is not limited to the transmission range of a single node. A mesh network is scalable and resilient to individual node failures, but at larger sizes a mesh network becomes too complex to manage. The network latency can increase. In practice, an IoT network can be a combination of all these topologies. The majority of sizable applications follow a cluster-tree or cluster-star topology; clusters are a group of localized IoT devices networked together and controlled by a head node or gateway. The clusters by themselves may have a start or mesh topology. These clusters are integrated using a backhaul network or Internet. 2.5.2 IoT Protocol Design Space
Many of the communication technologies and protocols options from the lists presented earlier can be used to build a scalable IoT network system. An example depiction of design space for protocol stack architectural options using some of the popular protocols are presented in Figure 2.2. A gateway (GW) element is introduced to connect non-IP networks to IP networks. Any path in that graph could be selected to build a workable protocol stack. The choice will also depend on the application requirements and the underlying communication technology capabilities corresponding to the nodes selected. 2.5.3 Delay-Tolerant Networks
Many communication protocols require connectivity to be maintained for the network communication to happen. Communicating over intermittently connected networks is a challenge. Some IoT applications using mobile nodes face this problems. When there are many interruptions in connectivity, the source device will need to keep retrying for a successful retransmission. Similar to existing store and forward technologies used in current sensor networks, one can allow nodes on the route to buffer packets and send them on when connectivity to the next hop has been restored.
Scalability of Networks and Computing
59
Figure 2.2 Design space for IoT networking protocols: example.
Store and forward are often used in sensor networks to allow packets to travel through the network one hop at a time. Delay-tolerant networking (DTN) aims to improve the connectivity between devices by providing a consistent methodology for managing delays across multiple links. Further DTN can improve the network efficiency and reliability of communications. Most of the current work on implementing DTN uses the Bundle Protocol (BP) for the deep-space network use case. The Bundle Protocol implements an overlay network on top of existing networks encapsulating the data within it. This makes it possible to transmit packets over multiple network types and allows it to use the mixture of different network stacks and the Internet. However, one overhead of this is a larger packet header size, which is needed to store information in the encapsulated protocol and networks own headers. BP is a message-based overlay that follows the store, carry, and forward principle. The BP defines the format of the messages, called bundles, and the logic layout to process them. Bundles have a lifetime and will be deleted if the lifetime expires. BP uses a cache to store the bundles. These bundles are either processed by the node, if it is the destination or forwarded to other nodes toward
60
IoT Technical Challenges and Solutions
the bundle destination. An IoT application can consider using this protocol in case it has an intermittent connectivity scenario. 2.5.4 Software-Defined Networking (SDN)
In SDN, the upper layers of the networking hardware are replaced with software. More specifically, SDN separates the data and control planes of the network; the usually computer-heavy data plane can still remain in hardware, but the control plane can be completely software-driven, thereby allowing the network to reconfigure itself in run time. Applications can now see the network as a virtual entity. Figure 2.3 depicts the SDN architecture. To the applications and policy engines, the network appears as a single, logical switch accessible through a set of application programming interfaces (APIs). These APIs implement common network services such as routing, multicasting, security and access control, bandwidth management, traffic engineering, quality of service, processor and storage optimization, energy usage, and all forms of policy management. The Open Networking Foundation (ONF) [7] drives the standardization and promotion of open APIs. The
Figure 2.3 SDN architecture.
Scalability of Networks and Computing
61
open APIs between the SDN control and applications layers make it possible for business applications to operate on an abstraction of the network without being tied to the details of the network implementation. SDN makes the networks application-customized and applications network-capability-aware. As a result, computing, storage, and network resources can be optimized and both computer-aware and storage-aware networks can be implemented easily on top of SDN. OpenFlow [8] is the first standard communications interface directed towards an SDN architecture. OpenFlow allows direct access to the forwarding plane of network devices such as switches and routers (depicted as network hardware abstraction in Figure 2.3); it exposes an open interface (depicted as network control interfaces in Figure 2.3) for the formation of the required control plane. Network function virtualization (NFV) is a related technology that provides a software virtualization layer on top of the variety of network equipment and devices providing a common interface. The combination of SDN and NFV can provide a lot of technological boost towards the required adaptive network scalability for IoT systems. These kinds of adaptive architectures would be particularly useful for application scenarios that have widely fluctuating network traffic. For example, a citywide video surveillance system that sends raw video only on detection of anomalous events can generate very low data traffic when there are no surveillance events and huge data traffic when some events occur. With the potential huge scale of network for IoT, current network systems may find it difficult to handle the capacity demands and real-time needs without compromising on reliability. Hence, there is need to create adaptive networks on top of existing networking technology via addition of in-network storage in network routers to handle network fluctuations. They need a customized link-state routing protocol to enable routers to temporarily store and/or replicate data in response to detected network problems and forward them later as per application requirements. This works rather well for delay-tolerant applications that focus more on reliability than real timeliness. For IoT, applications handling critical data can benefit from this. Examples include smart healthcare and smart energy with offline analytics requirement.
62
IoT Technical Challenges and Solutions
2.6 Practical Considerations for Scalable IoT System Implementation As depicted in Figure 2.1, a typical IoT deployment architecture consists of a set of sensors connected via a gateway device to the cloud. The protocols for connecting sensors to gateway and gateway to cloud are shown in Figure 2.3. Application services are deployed both in edge and cloud on top of this sensor data transport layer. This architecture is outlined in Figure 2.4; the subsequent discussions generally refer to this architecture. There are several implementation practices that can affect an IoT system. Their requirements stem from the need for adaptive and configurable networks, real-time and power considerations for sensor data analytics, utilizing the edge devices for analytics, and using a serviceoriented platform for application development and deployment. These are explored in detail next. 2.6.1 Real-Time and Power Considerations for IoT Applications
As outlined in Table 2.1, many of the applications in IoT need analytics insights to be computed and presented in real time. A typical data flow of an IoT system involves sensing the physical phenomenon, extracting information from sensed data, analysing the extracted information to derive insights and undertake suitable response based on those insights. The insight and response can
Figure 2.4 IoT deployment architecture.
Scalability of Networks and Computing
63
range from simple descriptive visualization to diagnostic, prognostic, and prescriptive systems. IoT systems are typically constrained by low configuration sensor data acquisition and gateway devices at the edge of the network with potentially infinite compute capability available in the cloud. There are some conflicting requirements that typically characterize such systems: • For the ideal real-time system, all processing of sensor data can be done at the edge device (sensor aggregators and gateways) and suitable decision or responsive action taken from there itself. However, due to limited computational power and memory of the edge device, all the required analytics cannot be done at the edge and hence need to be offloaded to the cloud. • The less computation is done at the edge device, the more data needs to be sent to the cloud, which results in higher congestion, higher data transfer cost, and increased system latency, which, in turn, affects the real-time performance. • Edge devices needing to send more data to the cloud over wireless connectivity typically end up consuming more power resulting in precious battery drain for battery-powered edge gateways, required in many IoT systems due to deployment considerations. A good IoT system design needs to take care of all these conflicting requirements. Needless to say, such design is completely specific to the application use case under consideration. Referring to Table 2.1, we can suggest the following thumb rules for IoT system design consideration: • If there are real-time requirement for analytics insights, try to do as much computation as possible in the edge device. Only computations requiring aggregate sensor information from multiple systems should be done on cloud. The partitioning of the computation between edge and cloud can be formulated as an optimization problem that tries to balance data flow between edge and cloud without draining too much battery on the edge device.
64
IoT Technical Challenges and Solutions
• For electrically powered edge device with high-bandwidth, low-cost network, a lot of computation can be offloaded to the cloud provided that the real-time requirements are not stringent enough compared to the available network latency. • For small systems with limited data and a battery-powered gateway, it is advisable to do as much computation as possible in the edge and send only the insights and results to the cloud. • For systems not having real-time requirements but having a high load of computational complexity in analytics, it is better to do as much computation as possible in the cloud. Many of these recommendations point towards doing analytics computation at the edge device. This is discussed in detail next. 2.6.2 Utilizing the Edge Devices for Computing
The routers or switches of the network usually have decent computer power; hence, they can perform customized computations on the messages flowing through them. This is extremely useful in filtering the data as it moves through the network passing only the meaningful data packets, thereby reducing the overall network load. In other words, the analytics intelligence can now be performed at the network nodes instead of the cloud. This is particularly useful in reducing network congestion and proving real-time support. Examples include city traffic control, hazard or abnormality detection and response, water leakage detection, and electricity grid monitoring. To implement such systems, there is a need to first create a basic networking platform that can be software-controlled, as both of these will demand adaptation from the network layer. SDN can provide that basic adaptation framework. Utilizing the edge device for computing can be an elegant way to address both the network and compute scalability problem of IoT systems. This new paradigm of computing is also referred to as fog computing. In fog computing, not only are the sensor aggregators and gateways utilized for computing, but also the switches on the network are brought into the distributed computing architecture. It operates on the principle of trying to do as much computation as possible near the source of the sensor data.
Scalability of Networks and Computing
65
To implement fog computing systems, it is imperative to create a virtualized distributed computing infrastructure across the edge devices and cloud. Each device in the network can run a software agent capable of dynamically downloading and executing analytics code. However there are quite a few challenges in creating a practically deployable fog computing framework. They stem mainly from the huge heterogeneity of the edge devices in terms of computational capability, memory, and battery power and also from the unpredictable availability of such devices. 2.6.3 Need for a Platform for Application Development and Deployment
The traditional way to develop IoT applications is to build it from the bottom up for the given vertical application use case. It starts from sensor integration and moves to sensor networking, sensor data collection, and sensor data storage finally ending up in sensor data analytics or visualization, but this kind of bottom-up development system may not be a scalable and sustainable for a system as diverse and as large as typical IoT systems; a desirable approach is to create horizontal service-oriented platforms. Standardization organizations like ETSI and OneM2M have already published the reference architecture of IoT along with desired components of the platform [9]. The basic features of these reference architectures are quite similar to the one depicted in Figure 2.4. In Figure 2.5, we summarize and present the required features and value additions from such a horizontal IoT platform. Such a horizontal development platform can help in reducing development cost and time via software reuse and provide a cost-effective yet scalable way to crowdsource application development. Such platforms can expose application programming interfaces (APIs) for application developers to quickly build applications relevant to a given use case. Such platforms can provide the basis for creating massive IoT data exchanges connecting sensor providers to data consumers via application stores. It not only allows IoT data to be shared among applications, but it also allows it to be shared among different vertical systems creating real intelligent system of systems. Such concepts are extremely useful in designing complex interdependent systems like smart cities, which rely on intelligent interoperation between multiple verticals like governance, energy, transportation,
66
IoT Technical Challenges and Solutions
Figure 2.5 Horizontal IoT platform features.
and healthcare. Open data encourages transparency and it can generate new products and services, and can promote efficiency due to better visibility. A horizontal platform for IoT can really provide the fulcrum for creating such open data systems. Additionally, the variety of sensor devices, their data syntax and semantics, and the variety of the communication protocols that they use for connecting to the cloud via the Internet demands platforms that can provide all possible combinations covering sensor device management, sensor data management, sensor data transport, and analytics services. Providing these implementations in form of a set of libraries and APIs in the platform can provide the much needed abstraction layer insulating the application developers from the tiny details of the underlying IoT sensor data network. .
Scalability of Networks and Computing
67
There are quite a few horizontal end-to-end service integration platforms being built [10, 11]. Such platforms will provide the necessary technology abstraction needed for democratizing the application development for IoT by making it rich, cost-effective, and value-adding.
2.7 Conclusions The power of IoT is its capability to build a scalable distributed and efficient communication and computing for the things within the system. The wide range of application use cases are categorized into three sections. They are monitoring, control, and optimization. Surveillance applications typically require near-real-time communications. Computing requirements might include analytics for event detection, forensic analysis, and insights generation. This may be handled by the resources in a cloud. Control applications are likely to have more stringent real-time requirements and high quality of service (QoS). To achieve the required robustness and real-time response for control action, some computing might have to be done at the edge gateway level. A suitable computing or communication partition may be required. For the third category of study or planning applications, the system may not have realtime performance targets. Here data is collected systematically and communicated periodically. Instead of streaming the data to the cloud, it may be collected and transmitted as blobs or bundles; here, edge processing may not be a major requirement. Following this line of thought, a methodology to arrive at scalable network architecture for a specific application or application category is possible. The first step is to gather all application requirements or characteristics such as application category, number of nodes (scale), spatial distribution, data traffic pattern, computation complexity of data processing, and constraints on devices deployable. These requirement attributes are used to pick a suitable protocol or technology architecture from the protocol design space codified as a graph structure in Figure 2.2. This can help an IoT system designer to get a set of initial solutions to work towards an optimal architecture. From an overall IoT system perspective, including the computing aspects the architectural guidelines discussed in Section 2.4 would be highly useful.
68
IoT Technical Challenges and Solutions
References [1] http://www.cisco.com/web/about/ac50/ac207/crc_new/university/ RFP/rfp13078.html. [2] http://www.libelium.com/top_50_iot_sensor_applications_ranking/. [3] http://www.3gpp.org/news-events/3gpp-news/1714-lc_mtc. [4] http://mqtt.org/. [5] http://coap.technology/. [6] http://xmpp.org/. [7] https://www.opennetworking.org/about/onf-overview. [8] https://www.opennetworking.org/sdn-resources/openflow. [9] http://www.etsi.org/plugtests/COAP2/Presentations/03_ETSI_M2M_ oneM2M.pdf. [10] Balamurali P, P. Misra, and A. Pal, “Software Platforms for Internet of Things and M2M,” Journal of the Indian Institute of Science, A Multidisciplinary Reviews Journal, Vol. 93, No. 3, July–September 2013. [11] http://www.tcs.com/about/research/Pages/TCS-Connected-UniversePlatform.aspx.
Selected Bibliography Bartram, J., and R. Ballance, (eds.), Water Quality Monitoring: A Practical Guide to the Design and Implementation of Freshwater Quality Studies and Monitoring Programs, Boca Raton, FL: CRC Press, 1996. Bonomi, F., et al., “Fog Computing and Its Role in the Internet of Things,” ACM Proc. of 1st Edition of the MCC Workshop on Mobile Cloud Computing, August 17, 2012, pp. 13–16. Decker, C., et al., “Challenges of Using Edge Devices in IoT Computation Grids,” 2013 Intl. Conf. on Parallel and Distributed Systems (ICPADS), December 15, 2013, pp. 564–569. Ekbatani, M. K., et al., “Congestion Control in Urban Networks Via Feedback Gating,” Procedia-Social and Behavioral Sciences, Vol. 48, 2012, pp. 1599–1610. Evans, J. R., and C. H. Lindner, “Business Analytics: The Next Frontier for Decision Sciences,” Decision Line, Vol. 43, No. 2, 2012, pp. 4–6. Ghose, A., et al., “UbiHeld: Ubiquitous Healthcare Monitoring System for Elderly and Chronic Patients,” Proc. of the 2013 ACM Conf. on Pervasive and Ubiquitous Computing, Adjunct Publication, 2013, pp. 1255–1264. Gonzalez-Miranda, S., et al., “An IoT-Leveraged Information System for Future Shopping Environments,” IT Convergence Practice, Vol. 1, No. 3, 2013, pp. 49–65.
Scalability of Networks and Computing
69
Graham, S., and D. Wood, “Digitizing Surveillance: Categorization, Space, Inequality,” Critical Social Policy, Vol. 23, No. 2, 2003, pp. 227–248. Gubbi, J., et al., “Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions,” Elsevier Journal on Future Generation Computer Systems, Vol. 29, 2013, pp. 1645–1660. Gulliver, J., et al., “Development of an Open-Source Road Traffic Noise Model for Exposure Assessment,” Environmental Modelling & Software, 2015. Haas, P. J., et al., “Data Is Dead... Without What-If Models,” PVLDB, Vol. 4, No. 12, 2011, pp. 1486–1489. Hannan, M. A., et al., “A Review on Technologies and Their Usage in Solid Waste Monitoring and Management Systems: Issues and Challenges,” Waste Management, Vol. 43, 2015, pp. 509–523. Hawilo, H., et al., “NFV: State of the Art, Challenges, and Implementation in Next Generation Mobile Networks,” IEEE Network, Vol. 28, No. 6, November 2014, pp. 18–26. Hengstler, S., et al., “MeshEye: A Hybrid-Resolution Smart Camera Mote for Applications in Distributed Intelligent Surveillance,” ACM Proc. of 6th Intl. Conf. on Information Processing in Sensor Networks, 2007, pp. 360–369. Herzig, D., “Cost-Benefit Model for Smart Items in the Supply Chain,” in The Internet of Things, Berlin, Germany: Springer, 2008, pp. 155–172. Holnicki-Szulc, J., P. Kolakowski, and N. Nasher, “Leakage Detection in Water Networks,” Journal of Intelligent Material Systems and Structures, Vol. 16, No. 3, 2005, pp. 207–219. Huang, Q., et al., “Intelligent Building Hazard Detection Using Wireless Sensor Network and Machine Learning Techniques,” Proc. Comput. Civil Eng., 2012, pp. 485–492. Kuhlbusch, T. A. J., et al., “New Directions: The Future of European Urban Air Quality Monitoring,” Atmospheric Environment, Vol. 87, 2014, pp. 258–260. Latvakoski, J., et al., “Towards Horizontal Architecture for Autonomic M2M Service Networks,” Future Internet, Vol. 6, No. 2, 2014, p. 261. Li, D., et al., “From Digital Earth to Smart Earth,” Chinese Science Bulletin, Vol. 59, No. 8, 2014, pp. 722–733. Li, F., et al., “Smart Transmission Grid: Vision and Framework,” IEEE Trans. on Smart Grid, Vol. 1, No. 2, 2010, pp. 168–177. Liu, Y., et al., “Forest Fire Detection Using Artificial Neural Network Algorithm Implemented in Wireless Sensor Networks,” ZTE Communications, Vol, 12, 2015. LTE-M, “Optimizing LTE for Internet of Things,” White paper, Nokia Networks, http://networks.nokia.com/sites/default/files/document/nokia_lte-m_-_optimizing_lte_for_the_internet_of_things_white_paper.pdf. Mahmood, A., et al., “A New Scheme for Demand Side Management in Future Smart Grid Networks,” Procedia Computer Science, Vol. 32, 2014, pp. 477–484.
70
IoT Technical Challenges and Solutions
Maiti, S., et al., “Historical Data Based Real Time Prediction of Vehicle Arrival Time,” 17th Intl. IEEE Conf. on Intelligent Transportation Systems (ITSC14), 2014. Auzias, M., Y. Mahéo, and F. Raimbault, “CoAP over BP for a Delay-Tolerant Internet of Things,” 3rd Intl. Conf. on Future Internet of Things and Cloud (FiCloud), 2015. Michałkiewicz, A., M. Kujawińska, and K. Stasiewicz. “Digital Holographic Cameras and Data Processing for Remote Monitoring and Measurements of Mechanical Parts,” Opto-Electronics Review, Vol. 16, No. 1, 2008, pp. 68–75. Mukherjee, A., A. Pal, and P. Misra. “Data Analytics in Ubiquitous Sensor-Based Health Information Systems,” 2012 IEEE 6th Intl. Conf. on Next Generation Mobile Applications, Services and Technologies (NGMAST), 2012, pp. 193–198. Mukherjee, A., et al., “ANGELS for Distributed Analytics in IoT,” 2014 IEEE World Forum on Internet of Things (WF-IoT), March 6, 2014, pp. 565–570. Ojo, A., E. Curry, and T. Janowski, “Designing Next Generation Smart City Initiatives: Harnessing Findings and Lessons from a Study of Ten Smart City Programs,” 22nd European Conf. on Information Systems, Tel Aviv, 2014. Omnes, N., et al., “A Programmable and Virtualized Network & IT Infrastructure for the Internet of Things: How Can NFV & SDN Help for Facing The Upcoming Challenges?” 2015 IEEE 18th Intl. Conf. on Intelligence in Next Generation Networks (ICIN), February 2015, pp. 64–69. Pal, A., “Internet of Things: From Hype to Reality,” IEEE Computer Society IT Professional Magazine, May 2015. Pal, A., et al., “Energy Information Gateway for Home,” 2011 IEEE 2nd Intl. Conf. on Intelligent Systems, Modelling and Simulation (ISMS), 2011, pp. 235–240. Polycarpou, E., L. Lambrinos, and E. Protopapadakis, “Smart Parking Solutions for Urban Areas,” 2013 IEEE 14th Intl. Symp. and Workshops on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2013, pp. 1–6. Ruiz-Altisent, M., et al., “Sensors for Product Characterization and Quality of Specialty Crops—A Review,” Computers and Electronics in Agriculture, Vol. 74, No. 2, 2010, pp. 176–194. Somani, N., et al., “Storage Aware Routing Protocol for Robust and Efficient Services in the Future Mobile Internet,” 2012 IEEE Intl. Conf. on Communications (ICC), 2012, pp. 5849–5853. Stähli, M., et al., “Monitoring and Prediction in Early Warning Systems for Rapid Mass Movements,” Natural Hazards and Earth System Science, Vol. 15, No. 4, 2015, pp. 905–917. Tennenhouse, D. L., et al., “A Survey of Active Network Research,” IEEE Communications Magazine, Vol. 35, No. 1, 1997, pp. 80–86. Caraguay A. L. V., et al., “SDN: Evolution and Opportunities in the Development IoT Applications,” International Journal of Distributed Sensor Networks, May 4, 2014. Gazis, V., et al., “A Survey of Technologies for the Internet of Things,” Intl. Conf. on Wireless Communications and Mobile Computing (IWCMC), Dubrovnik, 2015.
Scalability of Networks and Computing
71
Xiaoli, X., Z. Yunbo, and W. Guoxin, “Design of Intelligent Internet of Things for Equipment Maintenance,” 2011 IEEE Intl. Conf. on Intelligent Computation Technology and Automation (ICICTA), Vol. 2, 2011, pp. 509–511. Zhao, J. -C., et al., “The Study and Application of the IOT Technology in Agriculture,” 2010 3rd IEEE Intl. Conf. on Computer Science and Information Technology (ICCSIT), Vol. 2, 2010, pp. 462–465.
3 Security and Privacy
3.1 IoT Security: A Perspective The power of IoT is in its distributed data gathering using a network of sensors and devices to enable individuals and businesses to make better decisions. Due to its very connected nature, devices are exposed to increased potential attacks and other infringements from the connected world. Attacks such as viruses, malware, tampering, and others can result in industrial failures, business losses or safety compromises, and other security issues. Adequate deployment of security measures is an important requirement of any IoT system. According to International Data Corporation (IDC), by 2017, 90% of organizations that implement the IoT will suffer an IoTbased breach of back-end information technology (IT) systems [1]. This is an important data point to note and it confirms the current concerns IoT developers and users on the lack of confidence regarding security and more often privacy.
73
74
IoT Technical Challenges and Solutions
Stuxnet [2], BlackEnergy [3], and many other attacks on vehicles, medical devices, and so forth have shown that IoT systems are highly vulnerable [4]. The attacks on sensors and devices can impact the system in multiple dimensions. Tampered health information or manipulated sensor data can create an improper diagnosis and wrong treatments for patients. A denial of service attack on vehicle control bus can cripple vehicle navigation system and cause serious accidents. In general, attacks on devices as part of various control systems in manufacturing and process control can be a big threat to personal safety as well. Further, it may lead to heavy losses to businesses and brand reputation. Malicious filtering of critical alarm notification from a temperature sensor device can unleash a fire hazard. Attacks on devices related to financial systems are another area of concern. Manipulation of financial transactions through unauthorized point-of-sale (POS) and mobile point-of-sale (mPOS) device access can create substantial losses to banks and retail outlets. Even a mere breach of access control itself can create a lot of flutter to the reputation of highly visible organizations such as airports, nuclear installations, and power grid. Software update-related vulnerabilities of IoT edge devices are being used to gain unauthorized access to manipulate data and firmware. This is a big threat to connected vehicles, homes, and medical devices. Profiles of individuals can be created through unlawful access of network and location tracking leading to privacy concerns. Even analytics attacks can be performed to extract personal information where apparently unconnected data from various user devices can be linked and analyzed. It is very difficult to detect and mitigate these kinds of attacks. In this chapter, a pragmatic approach to IoT security and privacy is presented. We begin looking at the objectives of security and related system requirements and technology challenges. Subsequently useful technologies for data security and communication security are discussed. Important aspects on identity, authentication, key management, and software security are reviewed later. The need for threat analysis and risk modeling to understand and plan system-level security is motivated next. Then a summary of practical guidelines for architects, developers, and users of IoT system is presented. Some concluding remarks are made at the end of the chapter.
Security and Privacy
75
3.1.1 Business Objectives of Security
A secure IoT system should provide for the required level of confidentiality, integrity, and availability of data and services. Further, they should ensure safety, reliability, resilience, and usability. These aspects may get different emphasis from the varied perspectives of different stakeholders including equipment vendor, business owner or operator, service provider, and end user. The business impact of security attacks on the IoT system is at multiple levels. It includes service availability, system access and control, equipment damage, data loss, and breach of privacy. The major value proposition of security to the business is in the reduction and mitigation of risk, supporting new business models and improving operation performance. Minimizing the impact of security measures on user experience is another aspect gaining importance these days. The following are the key dimensions where a business is impacted by a breach of security: • Financial: This is the potential financial loss to a business as a consequence of a lack or breach of security. • Reputation: Estimated loss of reputation derived from the data misuse or successful attack. • Identity: Attacks that lead to disclosure, misuse, or loss of evidence of identity of stake holders. • Privacy and regulatory: Meeting the privacy and regulatory requirements of data management. This will also include safety aspects of operations. • Availability guarantees: Operational availability of the system and services under suitable guarantees. System vulnerabilities need to be analyzed and suitable security countermeasures to be deployed to keep the system secure against possible threats affecting stated business goals.
3.2 IoT Security: Key Requirements IoT can be viewed as a convergence of existing information technology (IT) and operational technology (OT). At a high level, a typical
76
IoT Technical Challenges and Solutions
IoT system can be mapped into end points, gateway, and cloud. End points are terminal devices such as sensors and actuators. Gateways include access points and other network elements that help aggregation at the edge. Cloud infrastructure provides the required computing, storage, and visualization resources for the IoT application. As shown in Figure 3.1, each of these components has targets and associated vulnerabilities for attacks. The artifacts to be protected include sensor data, security credentials, identities of devices and people, configuration, and software. In addition to this, limited resources at endpoints make them target for easy overloading attacks on memory, CPU cycles and battery. The external human agents including users, consumers, developers, workers, and hackers are predominantly the sources of potential attacks. At times, software agents running on these devices have also potential for triggering attacks. Efficient access control
Figure 3.1 IoT system components and typical attack targets.
Security and Privacy
77
mechanisms are required as a primary security measure between these entities. Security policies are required to ensure that they have to interact according to their expected roles and responsibilities. Enforcement of these policies will require effective authentication of the entities. Authentication mechanism verifies the identity of entities by validating some sort of credentials. Authorization is the process to grant specific access permissions to these authenticated entities. IoT security encompasses the schemes to ensure the confidentiality, integrity, and availability of the data while it is at rest, in motion, or in process. Communication protocols often incorporate mechanisms for message security while in motion. Access control and encryption can be considered to protect the data at rest. Sensor devices may hold data for a short time in a buffer before transmitting. Many times, an attack on this may not have a serious impact for generic applications and one may be tempted to overlook the confidentiality and integrity measures. However, it is advisable to incorporate adequate security by default as per the availability of resources. The protection of data while computing is somewhat tricky and relatively difficult. Computing in trusted environment is an option to consider. Computing in an encrypted domain is another direction to explore where upcoming encryption schemes such as homomorphic encryption are being developed, but they are computationally intensive and not yet ready for constrained devices. Protecting the software from tampering and external injections is another major security challenge. Periodic checking of the integrity of the software is necessary. Attestation is the process by which a program can authenticate itself. Remote attestation allows a remote system to check the integrity of another connected system. These mechanisms will be useful to verify the identity and integrity of the program code. IoT systems have an additional challenge in protecting the endpoints and gateways from physical tampering or movements. This will include tampering with sensors, power source, and the whole device itself. Physical security mechanisms are needed to detect such attacks and enable the system to take remedial measures. Many times IoT systems gather and share sensitive information for various applications. Providing confidentiality to the personal
78
IoT Technical Challenges and Solutions
identifiable data is the major scope of privacy. There should be clarity with the data ownership, intended use, and traceability as acceptable to the data provider. Figure 3.2 depicts key capabilities required IoT security. From a cybersecurity perspective, confidentiality, integrity, and availability (CIA) are the major pillars of IoT data security among other factors. Confidentiality in IoT refers to the restricted disclosure of information. Cryptographic protocols play a major role here. IoT services and devices require integrity mechanisms to prevent the modification or tampering of the data, whether it is on the device or during transmission. They must be accessible and available when called upon by authorized entities. This includes ensuring that communication channels are protected, and IoT devices and services are resistant to denial-of-service (DoS) attacks. There can be serious problem from compromised IoT devices as they can be used to launch DoS attacks against other connected systems. The devices must be able to conduct mutual authentication with users, other devices, and the cloud to block such propagation of attacks. Communication security involves mutual authentication, traffic authorization, and transmission with secured data integrity and data privacy. Additionally, the endpoint devices should also support secure updates, firmware attestation, and secure boot process.
Figure 3.2 Key aspects of an IoT system security.
Security and Privacy
79
Each endpoint must have the ability to maintain its identity information. Identity is a token assigned to a single instance to identify that device uniquely. Manually managing endpoint identity on individual systems is not practical for large-scale systems. In such cases, an automated identity management infrastructure should be in place.
3.3 IoT Security Challenges Many IoT systems have considerable complexity and diversity of protocols and technologies. They are inadequately designed to match their complexity. The time to market pressure to create new IoT systems and services tend to neglect their security requirements. Cryptographic protocols play a major role for providing confidentially and integrity of data. Due to their resource constraints IoT devices tend to implement relatively low-complexity security primitives. The state-of-the-art cryptographic algorithms and protocols are not easy to deploy on such constrained devices. There is a need for lightweight protocols to address this limitation. Further keeping their software updated with patches bug fixes or security mitigations is another challenge. Authentication and authorization are important aspects of IoT security and there is a lack of robust standards for authentication and authorization of IoT edge devices. The security level achieved using multifactor authentication in traditional cybersecurity systems is not easily extendable to IoT systems. In IoT devices, multiple credentials may need to be stored in the same device and this takes away the out-of-band benefit associated with multifactor authentication. Some of the third-party options available for certificate authentication and identity services are not adequate to handle device-specific profiles and authorizations. There are challenges with monitoring of a huge number of IoT edge devices for security events. Due to heterogeneity of these devices and lack of standardization, they do not have a unified way for capturing and reporting security-related events. Adequate audit and logging standards are highly required for IoT components. Device-level security and reliability alone does not translate in to a secure system at the global level. The system-level security should consider and capture the process of combining and
80
IoT Technical Challenges and Solutions
configuring the interactions between devices involved in the IoT system. The life cycle of an IoT system has many perspectives based on the roles of those manufacturing, deploying, operating, managing, and disposing the system components. Consideration must be given to protecting IoT devices and data throughout its life cycle. Data will flow across many administrative boundaries with different policies and intents. Managing the data flow across levels is a challenge. Many IoT services require cloud platform to support multiple business domains and users on a single platform. This requires multitenancy support with secure and lightweight virtualization. Security standards for platform configurations involving such virtualized IoT platforms supporting multitenancy need to mature. From a developer perspective, the best practices should provide guidelines for secure development of systems. However, there is not much information on best practices available for IoT security design and development. Familiarity with the available technology itself is limited among IoT developers and awareness for secure development needs to be enhanced. 3.3.1 Typical Threats on Various IoT Subsystems
The IoT system spans across multiple subsystems including sensor, devices, gateways, communication network, cloud, and applications or services. The number of threats possible on the entire IoT system is very high as the attack surface is too large. A publication from Open Web Applications and Security Project (OWSAP) [5] lists the top 10 IoT vulnerabilities. It includes: • Insecure Web interface; • Insufficient authentication and authorization; • Insecure network services; • Lack of transport encryption or integrity verification; • Privacy concerns; • Insecure cloud interface; • Insecure mobile interface; • Insufficient security configurability;
Security and Privacy
81
• Insecure software or firmware; • Poor physical security. Table 3.1 gives a list of common threats pertaining to various IoT subsystems.
3.4 Data Protection The dynamics of the IoT data fall into three classes. They are data in use (DIU), data at rest (DAR), and data in motion (DIM). The data in use pertains to that being used by a running algorithm. DIU is somewhat tricky because it hard to maintain cryptographic measures to secure it while processing. This may be handled by operating system layers that provide a confidential computing environment for the processing. The protection of such data requires a trusted environment for the execution of code. The Trusted Execution Environment (TEE) [6] provides this capability for use on various processors such as those from Advanced RISC Machines (ARM), which has a family of reduced instruction set CPU (RISC). ARM-based devices leverage technologies such as TrustZone [7] Table 3.1 Representative List of Threats at Various Subsystem Level Subsystem Threats Cloud, Web Account hijacking, data breaches, loss of data, insecure APIs, applications and denial of service, malicious insiders, cross-site scripting (XSS) services where client side scripts are injected to Web pages viewed by others. Cross-Site Request Forgery (CSRF) that forces an end user to execute unwanted actions on a Web application in which they are currently authenticated. Broken authentication and session management, insecure direct object references, security misconfiguration, missing function level access control, unvalidated redirects and forwards. Network Eavesdropping, data modification, spoofing, stolen credentials such as user name and password, man in the middle, denial of service attack, sniffer attack, open ports in firewalls and routers, misconfigured NAT-Port Mapping Protocol (NAT-PMP) services, host intrusion and malware, password breach, Wireless Encryption Protocol (WEP) vulnerability Devices Lost or stolen devices, improper use of devices, stealing of data or credentials, data modifications, malware injection; tampering with firmware or firmware download process
82
IoT Technical Challenges and Solutions
for this purpose. Security integrated circuit (IC) chips have highquality cryptographic implementations. Random number generation, certification, and resistance to physical attacks are particular strengths. Secure microcontroller unit (MCU) is a good proposition for embedded device security. It would have built-in hardware crypto modules that can generate various session keys, verify, and sign using certificates and support data encryption. All the keys and certificates are securely stored in a secure MCU vault. Embedded microcontrollers may make use of security fuses to provide security for Flash memory from external manipulations. Secure operating systems and microkernels are other options to consider. Separating the data from the metadata and storing data integrity checks in with the metadata are another approach. Here the data path units can work in its native environment and can check the integrity as and when needed. More novel approaches including homomorphic encryption attempt to allow the processing of data while still in encrypted state. However, their complexity is too high to be practical with the current state of the art. Most of the data protection schemes will involve the application of encryption. There are numerous cryptographic primitives available in hardware or software form. The National Institute of Standards and Technology (NIST) provide recommendations for various crypto algorithms and configurations to use for the protection of sensitive information. Some commonly used encryption algorithms are listed in Table 3.2. If a new crypto scheme is developed, then it should undergo cryptographic algorithm validation. For this purpose, the Cryptographic Module Validation Program (CMVP) and Cryptographic Algorithm Validation Program (CAVP) from the NIST can be helpful. Data is at rest when the device holds the data for a longer time. The encryption key used here should be securely stored in a hardware cryptographic module resident in the device. Further, it is recommended that all secret and private keys, authentication, access control, and other security configurations should be secured sufficiently. Data-in-transit requires various communication security measures to be deployed.
Security and Privacy
Crypto Algorithm Triple DES RSA Blowfish Twofish AES ECDH and ECDSA
83
Table 3.2 Commonly Used Encryption Algorithms Comments Symmetric, uses three individual keys of 56 bits each; hardware implementable Public key encryption, key size 1,024 to 4,096 bits Symmetric, encrypts in 64-bit blocks, key sizes 32 to 448, very fast except when there is a key change due to preprocessing delay Symmetric, block sizes of 128 bits, key sizes up to 256 bits Symmetric, block size 128, key sizes 128, 192, 256, Most popular contemporary standard, available with many devices Elliptic curve Diffie-Hellman (ECDH) scheme for encryption key establishment Elliptic Curve Digital Signature algorithm (ECDSA) for data signing
3.5 Communication Security Generally communication standards include cryptographic confidentiality, integrity, and authentication algorithms incorporated as part of the protocol. Most of the IoT applicable wireless communication standards incorporate some level of security features at the link level. In many cases, they offer some flexibility to configure for specific application requirements. Table 3.3 provides a list of
Table 3.3 Salient Security Features of Popular IoT Wireless Communications Standards Wireless Communication Standards Security Aspects Wi-Fi Wi-Fi Protected Access 2 (WPA2) with AES (IEEE 802.11i), EAP methods for layer 2 authentication Bluetooth, BLE Discovery or connect through enquiry or paging, no device address privacy, Encryption E0/, BLE has AES-CCM, signed data, frequent change of address, ECDH for key exchange Zigbee (802.15.4) Link layer encryption with 128-bit AES; trust center for key distribution 6LowPAN Secure mode using 802.15.4 link layer encryption; access control list (ACL) Weightless Supports authentication, encryption, repudiation GSM Authentication algorithm (A3), cipher key generating algorithm (A8) embedded in SIM; Temporary Mobile Subscriber Identity (TMSI) to address intrusions
84
IoT Technical Challenges and Solutions
popular wireless communication standards and their key security features. The security requirements and schemes for data communications at the application level will have a dependency on the data exchange patterns as well. Major data communication patterns in IoT applications are request-response and publish-subscribe. The request-response paradigm is used by several protocols including Web Services/simple object access protocol (SOAP), Java remote method invocation (RMI), constrained application protocol (CoAP), remote procedure call over data distribution services (RPC-over-DDS), and the popular serial communications protocol, Modbus. The security support of the standard protocols varies in terms of confidentiality, integrity, and key management features. Protocols such as MQTT (formerly MQ telemetry transport) and advance message queuing protocol (AMQP) support the publish-subscribe mode for data exchange. The primary categories of threats faced by them are unauthorized subscription, unauthorized publication, tampering and replay, and unauthorized access to data. The intermediate brokers used by some of these protocols can be a single point of failure that may affect their availability. Control plane communications have a focus on the safety and reliability of the system and the security requirements are comparatively high. Here mere enhancement of encryption and authentication may not be sufficient. An additional layer of security mechanisms such as context-based sanity checks and firewalls and unidirectional gateways should be considered. 3.5.1 Cryptographic Key Management
In crypto-based security protocols, the key establishment and management form critical part of cryptographic operations. Generation and periodic renewal of cryptographic keys or certificates are needed when a new communications session is established. Keys must often be certified by a certifying authority (CA) or derived from other keys. The public key infrastructure (PKI) model is a proven approach to a strong key management system. It has the required flexibility to work in a distributed system. Resource constraints with the IoT devices would require a lightweight PKI model to be applied to them. Such a lightweight PKI can be used for distributing device
Security and Privacy
85
keys or identities as a tamperproof root-of-trust token that requires low computation and storage capability. A typical X509 certificate is around 800–1,200 bytes. A tailored variant of the X.509 certificate is used known as Device Verifiable Certificate (DVC), which is typically 200–300 bytes. DVC supports mutual authentication, encryption, digital signature, key management, secure messaging, and secure updates. There is a wide deployment of such certificates in millions of devices today. When a device is decommissioned, it is necessary to revoke a certificate before it expires. In X.509, this is accomplished by publishing of certificate revocation lists (CRL). CRLs are publicly available and also digitally signed by the certificate authority. Any device that wants to authenticate a peer device must check the current CRL to check the revocation status. This can also be done using Online Certificate Status Protocol (OCSP). However, for all IoT device scenarios, this might not be a very easy process. There are various other application-level security protocols that can be used in IoT system scenarios. Specifically, they can be considered to be implemented in the gateway to the cloud communication segment. Table 3.4 provides a list of security protocols and their salient features. IoT systems need a security policy for protection of IoT data from sensors to the cloud. Key generation algorithms should use an effective random number generator as prescribed by the Table 3.4 Popular Security Protocols and Their Salient Features Protocol Security Aspects IKEv2/IPsec Establishes a secure tunnel, X.509 certificates for authentication, Diffie-Hellman key exchange for shared session secret, cryptographic key generation using shared secret TLS/SSL X.509 certificate for authentication, asymmetric keys from X.509 used for symmetric key exchange, symmetric key used for data encryption DTLS Datagram TLS (based on TLS) HIP Host Identity Protocol, host identity based on public key (instead of popular IP address/DNS) EAP Extensible Authentication Protocol, an authentication framework supporting multiple authentication methods, works on the link layer, uses different protocols for EAP messages transmission, supports key delivery and usage mechanisms SSH A cryptographic network protocol, uses public key cryptography for mutual authentication, creates a secure channel for data
86
IoT Technical Challenges and Solutions
standards. Periodic key changes, distribution, and destruction should be driven by well-defined security policies. When the system spans multiple stakeholders, data ownership policies and declarations are also required. For this data, elements and associated attributes need to be identified.
3.6 Identities and Identity Management The IoT poses the challenge to manage a huge set of identities that are larger than conventional identity management systems. Here, in addition to humans, the identities of several other machines and identities of things are to be managed. In many cases, they are connected intermittently or mobile. Some people refer to this identity ecosystem as the Identity of Things (Adopt) [8] where there is a networked relationship between devices, applications or services, and humans. An identifier is typically a publicly known dedicated attribute or name for a device. A device can have more than one identifier. Sometimes the network addresses are used as identities. However, that is not a recommended practice. Addresses such as IP determine the communication endpoint within a certain system, but the device address may not be permanently associated with the device and it may change. Thus, it is better to have a different identifier other than the network address for the device. There are many types of device identifiers in common use. The simplest of them are a globally unique identifier (GUID) or a public name. However, these by themselves do not provide an authenticated identity for an IoT device and are open for easy spoofing. Another technique is to use a cryptographic identifier such as 802.1AR device identifications (IDs). A trusted platform module (TPM) [9] can handle cryptographic device identities that are robust to many software and hardware attacks. ITU-T defines a number of specifications pertaining to object identifiers (OIDs). OIDs can be used to refer to physical objects, in the management information base (MIB) used by the Simple Network Management Protocol (SNMP). Logical objects include software, services, data and databases, documents, and other digital objects. Identification of software is another area of considerable interest. Approaches to it include software ID tags and the
Security and Privacy
87
Common Platform Enumeration. ITU-T OIDs can be used to refer to a number of logical objects. The Digital Object Identifier (DOI) is standardized as ISO 26324:2012 and provides a way of directly referencing digital objects.
3.7 Authentication Authentication is one of the important requirements for IoT devices to know and verify each other’s identity to interact in a safe and secure manner. Shared key and public key models are two basic models used for authentication in the Internet domain. Shared keys are shared secrets known to participants. They can be passwords, personal identification numbers (PINs), images, biometrics, gestures and cryptographic keys. The trouble here is that if the key is exposed, then all the devices and services using that key are vulnerable. In the IoT, this threat can go to massive proportions due to its scale. However, PKI has two keys (private and public) and the scheme is stronger from the security perspective. For some of the constrained devices, it may be difficult to implement due to its algorithm complexity. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are the most widely used Internet security protocols. Both of them support PKI and shared-key models to create a secure channel. OAuth 2.0 [10] and OpenID Connect 1.0 [11] are two standardized frameworks for authentication and authorization in the Internet domain. It is used to explicitly participate in the issuance of tokens to applications. Further, OpenID Connect has support for discovery and registration mechanisms that are highly relevant for IoT. The limitation of OAuth and Connect is that they have only been bound to HTTP so far. There are ongoing works on binding them to other IoT protocols as well. The authentication mechanisms supported by some of the prominent IoT protocols are given in Table 3.5. Although multifactor authentication (MFA) enhances the effectiveness, it is not always feasible to use traditional MFA methods to support strong authentication of things. Contextual intelligence [12] formed by real-time contextual clues, in addition to credentials, can be used for authentication. For example, if an anomaly is
88
IoT Technical Challenges and Solutions Table 3.5 Authentication Options for Some of the IoT Protocols
Protocol
Authentication Methods Supported
MQTT
Username and password are used and are sent in the clear. It is recommended that TLS be employed when using MQTT. Support for multiple authentication options for device-to-device communication. Can use DTLS additionally for higher-level confidentiality requirements. Uses preSharedKey, rawPublicKey, and certificate. Supports multiple authentication patterns via the Simple Authentication and Security Layer (SASL). Includes one-way anonymous and mutual authentication with encrypted passwords, certificates, and other means through SASL. The Data Distribution Standard (DDS) from OMG provides endpoint authentication. Also supports key establishment to perform message data origin authentication (HMAC). Both digital certificates and various identity or authorization token types are supported. Uses X.509 certificates (PKI) using RSA and DSA tokens. Support of TLS protocol for authentication and confidentiality. For basic authentication, credentials are passed in the clear and can be used with TLS. However, a token-based authentication approach such as OAUTH 2 is recommended. Supports network and application-level authentication through the use of master key, network, and, optionally, application link keys. Keys are preshared. Provides authentication through standard automatic pairing or simple pairing with a human-in-loop to verification (following a simple DiffieHellman exchange). Supports one-way and mutual authentication options. For device-device authentication, .secure simple pairing offers Justworks, Passkey entry, and Out of Box options. Supports two-factor authentication system. LE Secure Connections pairing model that combines several of the available association models. In addition, ECDH is used for key exchange. Unencrypted data authenticated using Connection Signature Resolving Key (CSRK) Device Identity/Privacy is via an Identity Resolving Key (IRK).
CoAP
XMPP
DDS
HTTP/REST
Zigbee
Bluetooth
Bluetooth-LE
detected in a sensor data traffic with abrupt changes in the values, a second factor could be initiated to reauthentication of the device. This is very much useful for smartphone-based applications where there are a number of sensors to provide real-time contextual intelligence.
3.8 Access Control Access control pertains to the permissions in the usage of resources and services, assigned to different entities of an IoT system. The major challenge is in providing access permission in an environ-
Security and Privacy
89
ment where human users and machines or devices are authorized to interact. Entities seeking access to others may have multiple roles. In role-based access control (RBAC), users or devices have to prove their identity; consequently, a session is created and a role is established for the user or device to perform authorized tasks. The identity mechanisms that can be used for authorization were discussed earlier. However, when there are a large number of devices with multiple purposes, the resulting role explosion could be difficult to manage. Policy-based access control or dynamic authorization management could be helpful here. Attribute-based authorization provides fine granularity, high flexibility, and rich semantics, and other beneficial features like partial authentication could be used. Here sensor attributes like location, sensor type, or actuator category can be used to define access categories dynamically and it could be a support for role-based access control.
3.9 Secure Software Updates Software or firmware updates are a critical feature to consider for IoT systems. From an operational point of view, it is highly useful to maintain and advance the lifetime of the connected devices. Manufacturers would use this feature to patch their firmware bugs as and when they are discovered. The mechanisms deployed for the support of firmware updates are vulnerable for security breaches. The upgrade process could be exploited by hackers to tamper with the device data, operations, or actuations. Further, it may be used to inject a malware to trigger secondary attacks in the network. The risk of performing remote updates must be carefully considered against its value. Secure update for devices has multiple parts to look at. It has to ensure firmware integrity and confidentiality while communicating, flashing, and booting up the device. Secure update also involves attesting to the integrity of the update and verifying it after a secure transmission to the target device. The boot-time and run-time software are critical for the attestation and verification process. Some of the data security measures described previously can be used here as well. Keys used in upgrades can be managed by a third-party certificate authority and updated as needed.
90
IoT Technical Challenges and Solutions
This mechanism can also be used for the secure update of system configurations.
3.10 Privacy in IoT Systems A prevalent definition of privacy is that “the right to select what personal information about an individual is known to what people” [13]. In the IoT paradigm, this means: 1. Awareness of privacy risks posed by smart things and services; 2. Individual control over the collection and processing of personal information by the devices; 3. Awareness and control of subsequent use and dissemination of personal information by those entities to any entity outside the personal control sphere. Basically, this entails one to assess one’s personal privacy risks and take suitable action to protect one’s privacy. Also, the user should be assured that it is enforced beyond his or her immediate control sphere. The trouble is that the exact scope of the subject’s personal sphere can differ from situation to situation. Further, it is still unclear what constitutes the individual’s personal sphere. Privacy is a deeply social concept and subject to greatly varying individual perception and requirements. From a practical perspective, privacy in IoT is around a set of personally identifiable information (PII) and the user should be involved in selecting them. In one view, privacy is providing confidentiality of PII elements as desired by the user. There are many challenges in implementing privacy in IoT. In general, awareness of privacy rights and compromises are low among the user community. In IoT systems, the data collection happens more passively. Due to this, many privacy breaches go unnoticed. Although there are privacy regulations, many big businesses do not enforce them as the economy of breaching privacy regulations are in their favor. Some of the major threats to privacy are discussed here: • Identification: This is a threat associating an identifier with an individual and data about the person. The identifier can be a
Security and Privacy
91
name, address, or pseudonym of any kind. Privacy measures should include identity protection and protection against identification. Anonymization and privacy-enhancing identity management are some techniques that can be considered, although they may not completely address the challenge in all situations. • Localization and tracking: This is the threat of finding and recording a person’s location at multiple levels of granularity over time. Generally, this data is collected passively. Leaving location trails puts the user at risk of identification, location, and activity. Anonymization, time, and data resolution control are a few steps that can be considered to address this threat. • Profiling: This is the threat of compiling information dossiers from various devices about individuals. This is generally used to infer interests by correlation with other profiles and data. Existing approaches to preserve privacy include client-side personalization, data perturbation, obfuscation, and anonymization. • Device updates and transitions: Retiring old devices can leave a lot of privacy-sensitive information out of one’s personal control. Wiping decommissioned devices is one measure that can be taken to address this. • Data linkage and analytics: This threat relates with linking various data items, possibly from multiple sources, such that the analysis of a combination of them reveals unintended information. Suitable access control and anonymization are some of the techniques that can be applied here. The following steps are suggested towards a generic approach for IoT privacy: • Privacy and security go hand in hand. A privacy and security by design approach should be adopted. • Purpose limitation measures that promote no use beyond predefined purposes should be taken. • The data minimization approach should be adopted in which only necessary data is collected, processed, and stored. Consider anonymization or deletion of data after use.
92
IoT Technical Challenges and Solutions
• Adopt distributed protection models that provide multilayer security and resilience in a distributed architecture. • Invest in the use of advanced techniques for anonymization, pseudonymization techniques, and encryption.
3.11 System-Level Security Assessment Major value proposition for security is the reduction and mitigation of risk, enablement for supporting new business models and improving operations. Evaluation of the return on investment (ROI) of an implementation of a secure system design must be grounded in a realistic assessment of the threats. It should assess the risks that they pose that may prevent the system from delivering its intended business functions. It is possible to go forward with no security and accept all of the risk. It is also possible to spend an exorbitant amount of money on security to the point where it no longer justifies the security gains. A balance must be achieved between the ROI of the security and its effectiveness. To achieve this, we need a system-level metric-driven security assessment. Further, in a dynamic IoT system, new nodes are added and new software are installed and they are evolutionary in nature. In such situations, operators use sophisticated tools to discover the network topology and existing vulnerabilities. However, these tools do not put vulnerabilities into the context of how they can be exploited. Similarly, they do not automatically determine the impact to the system. Because of this reason, several automated approaches to security analysis have been proposed during the last decade. Some of these automated approaches define security metrics over the paths of an attack graph, while others define a security metric in terms of security risk. 3.11.1 Risk-Based Security
Risk is usually defined as the expected loss. “Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization” [14].
Security and Privacy
93
The risk computation can be done in two parts: a probability estimation of a successful attack and an impact estimation. It is useful to have a computable measure of risk to select an optimum security scheme by assessing the impact of various possible security threats.
Risk = Probability of successful attacks * Impact of attacks The generic block diagram of system for security risk estimation is given in Figure 3.3. The system faces number of security threats that exploits the system vulnerabilities. The threats are realized though a number of attacks. Structuring of these threats through a threat model is the first step of the risk analysis methodology. The next step is to categorize the threats based on their nature of security impact to the system. Subsequently, a metric for severity ranking is computed based on the threat category. This helps the analyst to find the ranking of various system threats and it may be used to develop a security strategy to focus on most severe threats. A more detailed computation is possible for risk estimation through a more refined impact estimation and likelihood estimation for the threats. Here the context of the attack is also considered for the estimation. Impact depends on what impairment or loss that it creates for the business goals due to the affected data or functionality elements. Therefore, it will be beneficial to use a
Figure 3.3 Generic steps for approach security threat analysis and risk assessment.
94
IoT Technical Challenges and Solutions
system model that incorporates the information flow, dependencies, hardware or software mappings, security goals, and business goals as the basis of the impact estimation. Further, the likelihood of a threat has a dependency on various factors including system vulnerabilities, the actor (agent), his or her skill level, the skill level required for the attack, and motivation. There are qualitative and quantitative approaches to estimate the risk indicator. Subsequently, various security countermeasures can be planned to reduce the risk level and the process can potentially optimize the security investments. There are numerous frameworks devised for security risk analysis, including OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation; a security risk assessment framework developed by Carnegie Mellon’s Computer), ISO 27001/27005 [ISO/IEC 27001 is a security management framework developed by the International Organization for Standardization (ISO), and ISO/IEC 27005 is the associated guidance for risk assessment and risk management], COSO [The Committee of Sponsoring Organizations of the Treadway Commission; has its own standard for enterprise risk management (ERM) and risk assessment] and NIST, which has a family of standards similar to the ISO 27000 series for risk management, in particular NIST 800-30 and 800-53. While each of them has a number of strengths, there is weakness in using specific aspects of IoT systems and their interdependencies in estimating the risk level. One common argument against the use of security metrics is that the input to the metric model is often imprecise. Whatever the model can compute is not meaningful. However, the numbers obtained can be used in a comparative sense and that itself is a big step forward. Refining metrics for better capturing of the properties of network vulnerabilities is a work in progress. One simpler and practical approach for threat modeling and risk estimation for IoT system security is outlined next. 3.11.2 Threat Modeling and Risk Estimation
According to the definition of the Open Web Application Security Project (OWASP), threat modeling is a method for analyzing the security of an application or system. This process consists of the identification and evaluation of security risks and, based on this
Security and Privacy
95
knowledge, the determination of the mitigation techniques, methods, or algorithms. Understanding the system to be analyzed is the first step in threat analysis process. For that, we need to identify the main assets that need to be protected. Here the term assets are used in a broad sense that includes data, security credentials, certificates, keys, and functionality states. This also includes the mapping of the interaction between assets and interactions with external entities. The structured representation of these interactions can be through data flow diagrams (DFDs) that model the entire IoT system under consideration. Nodes of the DFD will be the information elements and edges form the interactions or dependencies. An exemplary system model for the remote monitoring of the chiller system for climate control is shown in Figure 3.4. It illustrates the data flow and dependency of the IoT system that uses various sensors monitoring the environmental and machine states and the data is used to form a control strategy to keep the environmental parameters under specified limits. The attributes of the nodes and edges can capture the other system features or details that can contribute to the threat analysis. The risk analysis process starts with studying the system and preparing a DFD model. Each of the interactions (involving an edge to a node) will have several threats. It will be difficult to handle the innumerous threats pertaining to the system in a structured manner. For this, a threat categorization would be helpful. The STRIDE model from Microsoft is one approach for threat categorization, and another is a model for qualitative risk evaluation, DREAD. 3.11.2.1 STRIDE Model
The STRIDE model [15] is a component of the Microsoft Security Development Lifecycle (SDL) for general threat categorization. It is an acronym formed from the following threat categories: spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privileges. The threats that translate to masquerade and to impersonate other users or devices to gain undue access come under the category of spoofing. Actions that illegally modify the data fall into the tampering category. Repudiation is a malicious action with the goal of hiding or changing the authorship information of certain committed actions or transactions. Informa-
Figure 3.4 Data flow model of a chiller monitoring system.
96 IoT Technical Challenges and Solutions
Security and Privacy
97
tion disclosure means reading or disseminating the data without permission. Denial of service is a malicious action that blocks access to valid users. A threat aimed to maliciously enhance the access privilege to enable unauthorized access come under the elevation of privilege category. The threats associated with each interactions represented in the system DFD model are categorized into one of the six categories of STRIDE model described above. The next step is to rate the threats organized under each of the STRIDE categories using a qualitative risk computation mechanism such as DREAD. 3.11.2.2 DREAD Model
DREAD [16] is a classification scheme for threat rating from Microsoft. This is an acronym formed from the constituents of the threat metric. They are: damage, reproducibility, exploitability, affected users, and discoverability. The sum of the ratings from each of these aspects of the threats forms the final DREAD score. The amount of damage caused by the threat if exploited is rated under damage. Reproducibility is a metric to represent the ease of exploitation of the threat. Exploitability captures the required skills and tools to exploit the threat. The affected user’s rating is determined from the number of users who will be affected by the exploitation of the threat. Discoverability expresses how easy it is to discover the threat. Each of these aspects is rated from 0 to 10, with highest security risk being rated at 10. The overall DREAD score is computed as: Risk_DREAD = (Damage + Reproducibility + Exploitability +Affected Users + Discoverability)/5 Once each of the threats identified is rated using DREAD, the next step is to aggregate this over each STRIDE category for all paths in the DFG. Based on the numerical values of the aggregate risk rating for each threat category, an overall assessment of the effectiveness of system security can be obtained. Figure 3.5 gives an outline of a risk estimation process involving STRIDE and DREAD models along with a DFG-based system model [17]. There are multiple variants with suitable refinements available for threat modeling and risk estimation usable for IoT systems [18].
98
IoT Technical Challenges and Solutions
Figure 3.5 Qualitative risk assessment using STRIDE and DREAD models.
The determination of the countermeasures and mitigation techniques is the following step. Generic mitigation aspects for each threat category are listed in Table 3.6. This can provide guidance to refine the selection of protocols, cryptographic primitives, security policy, access control mechanisms, and other system configurations. Several sophistications in approaches can be brought into the threat analysis process. Instead of a mere listing of threats, they can be expanded in terms of attack graphs where a threat is realized through a combination of attacks. The attack graphs model how multiple vulnerabilities contribute in an attack. The graph represents system states corresponding to security-related conditions, such as the existence of vulnerability on a particular host or the connectivity between different hosts. Vulnerability exploitation can be modeled as a transition between system states. The overall threat rating can be refined with a more elaborate risk assessment approach where the probability of attacks is also considered. It will depend on various factors including the threat actors, their skill levels, motivation, ease of attacks, and social and environmental conditions. Further, the impact aspect of various
Security and Privacy
Threat Type Spoofing identity
Tampering with data Repudiation
Information disclosure Denial of service
Elevation of privilege
99
Table 3.6 Threat Categories and General Mitigation Approaches Mitigation Techniques Malicious party impersonates a device or a user with an illegally acquired identity. Some of the mitigation approaches are: stronger authentication, protecting secrets, and avoiding storage of secrets if possible. Deletion or modification of data. This may be mitigated by: enhanced authorization, hashes, message authentication codes, digital signatures, and tamper-resistant protocol. Denial of committing a data operation or transaction. Some mitigation measures are: digital signatures that can be verified, timestamps, and audit trails. Unauthorized disclosure of data to an unintended audience. Some steps for mitigation are: strong authorization, encryption of data, protect security keys, credentials, avoiding storage of secrets. Block the access to data and services even to legitimate users. Some of the following measures can be considered: authentication, authorization, filtering based on source, ID, size, and type, throttling, and quality-ofservice measures in the network. Unauthorized enhancement of access level and permissions. Some applicable measures include: authentication, authorization, access control, and run with least privilege.
threats can be linked with associated security goals and business goals. Another direction is to use more sophisticated system models to cover multiple aspects of the IoT system integrated into the model. Typical IoT systems are complex and it integrates IT, OT, and communication technologies. For the purpose modeling, the entire system can be abstracted in multiple views. They are information view, deployment or operation view, applications view, and business view. The information view looks at the system in terms of data generation, data flow, and data transformation. The deployment or operation view depicts the devices on which the information plane is deployed and their configurations and functions for their operations. Data collected and stored in the information view may be used by both internal and external applications, which can take many forms, from software in a console to an application in a mobile phone. The business view captures the business objectives and how the underlying information and operations are contributing to them. The DFG-based system model described earlier can be extended with these views and used in the threat analysis for a more realistic outcome.
100
IoT Technical Challenges and Solutions
3.12 IoT Security: Practical Guidelines According to the trusted computing group [19] the critical strategies suggested for IoT architects to address system security are: 1. Assessment of IoT system goals and risks; 2. Management of identity and integrity; 3. Encryption of confidential data; 4. Use of hardware security for critical systems; 5. Protection of resource-limited devices with overlay networks. For a successful IoT system, the architects should define their business goals, gauge the security risks to those goals, and develop appropriate security controls to manage or reduce the risks. Security should not be an afterthought. This requires building in security by design and evaluating risks early in the life cycle. For medium to large IoT systems, rigorous threat modeling and risk analysis need to be carried out. There are a few documentations on useful guidelines for IoT system developers and users [20–22]. Some of the key guidelines on practical implementation aspects to help the development, deployment and management of IoT systems are summarized next. • Access control or passwords: • Change default passwords shared between devices. Avoid weak passwords. • Randomly created passwords using high-quality random number generators are desirable. • Consider deactivation of sparsely used or unused features or services (e.g., virtual private networks (VPN) and remote administration). • Identity and authentication: • Use system-level threat models to design authentication and authorization schemes. • Consider context based secondary authentication such as smartphone-based techniques (e.g., face recognition, speaker recognition, fingerprint, gesture).
Security and Privacy
101
• Leverage the security features of standards-based IoT protocols such as CoAP, DDS, and REST. This will help interoperable authentication and authorization. • Common identity mechanisms that can be considered include cryptographic identity, identity based on PKI, hardware root of trust (HRoT), key pair generated in HRoT, and private key protection. Also consider automated identity provisioning, identity management, and remote attestation of identity. • The devices containing the sensors and actuators need to authenticate themselves to the gateway devices and the cloud. Mutual authentication should be performed to avoid fake entities from entering into the system. • Embedding a hardware security module that can take care of cryptographic functions should be considered wherever possible to strengthen the security. • Establish role or relationship mappings between people and devices through explicit authorizations • Communications and networking: • Review all connectivity configurations to the Internet, in the context of their vulnerabilities and functional requirements. Use encrypted communication whenever possible. • Migrate to IPv6 for scalability and future-proof. • Choose end-to-end security schemes wherever possible, assuming the network to be insecure by default. • Sharing IoT-related data and access with respective device manufacturers should be under a well-understood policy. • Implement a privileged user management system to ensure that administrators can access and monitor systems and devices. Authorize administrators to disable the device in the case when an attack is detected. • Device security: • At a minimum level, endpoint security at the device level include root of trust (RoT), attestation, and crypto algorithm and secure updates. RoT should be ideally in hardware. Remote attestation is preferred. • Tamper-resistant approaches could be considered including automatic memory erasure or remote notification during a tampering attempt.
102
IoT Technical Challenges and Solutions
• The span of the security should begin from manufacturing stage itself and should be tracked in each stage of the life cycle. • For easy self-registration, the initial provisioning artifacts including keys and identities may be resolved at the manufacturing stage itself. • The default configuration for the device should be secure. Firmware should be locked down for restricted access. • Hardware protection should be used wherever possible. The use of secure element (SE) or trusted protection modules (TPM) devices is recommended. • All unused ports, general purpose input/output pins (GPIO), universal asynchronous receiver transmitter (UART), debug ports (such as joint testing action group (JTAG)) interfaces on the hardware should be disabled. • Use preventive measures for physical attacks; ICs should be protected with appropriate sealing. • Data security: • All confidential data at rest should be encrypted. The integrity of all data at rest should be verified before it is used. Endto-end verification of data integrity from its initial source to the destination should be considered for data communications. • Based on the capability of the devices and the application requirement of end-to-end confidentiality, the data should be encrypted. Sometimes the confidentiality scheme supported by the communication standard would be sufficient. • Transport layer security (TLS) provides a mechanism for integrity-verified confidential transmission of data between two hosts on a network. However, TLS cannot guarantee end-to-end data integrity when intermediary hosts are involved between the source and the destination. There are some workarounds that can be used with trusted intermediary systems that extend the chain-of-trust across multiple hops. • There are cryptographic schemes that attach verifiable integrity and confidentiality to the data itself. In this approach, the data is logically encapsulated by and transmitted along with signatures or secure authentication codes that guarantee data integrity and encrypted when confidentiality is needed.
Security and Privacy
103
• The integrity of an endpoint device must be maintained, even from authorized administrators and users of the system. • Monitoring the signatures or file hashes of all software on a system and comparing that to a trusted source is one effective way of detecting tampering at the software level. Ensure that only approved, trusted software or firmware can execute on a system and that any updates or changes are from a trusted source. Cryptographically signed code should be preferred. • Cloud interfaces: • All cloud interfaces, including cloud-based Web services and APIs, should be reviewed for security vulnerabilities. The interfaces should avoid weak passwords, provide account lockout mechanism, multifactor authentication, and protection against XSS, SQLi, and CSRF vulnerabilities, and force the change of the default username and password. • End-user awareness: • End users need to be educated to operate and manage the IoT devices that they handle in a secure manner, including information about the software updating process and management, which should available to the user. In case of an error during the process, the rollback mechanism should be specified. • Awareness on vulnerabilities of other devices (smartphone, wireless network, building automation network) can impact the device security. • Be aware on how to safeguard customer data and enable privacy-related configurations. Also, focus on these security measures and mitigations may have some variations for different IoT system stakeholders such as manufacturer, developer, consumer, and service provider. Some general recommendations are presented in the IoT Security Guidance document from OWASP [23].
3.13 Summary Security and privacy are the top concerns of IoT systems these days. One of the major reasons behind this concern is the uncer-
104
IoT Technical Challenges and Solutions
tainty on how the system will be impacted by the actions and behaviors of various system components and stakeholders. Many times, a holistic picture of the system security is not available to the decision-makers and end users. A systematic approach to analyze various threats and their potential risks with the help of a system model would be of use here. There are a large number of security protocols and algorithms available for consideration. Only the prominent ones are outlined in this chapter, and there are many others being worked out by the research community. As the device technology progresses, the affordable computing and storage capability per joule is also increasing. This enables the use of Internet protocols directly on end points in many cases. Although we highlight constraint devices as one of the differentiators for IoT protocols in general, one should leverage proven Internet technologies wherever possible to reduce overall cost and time to market. IoT business is at its initial stages and insights from future operations will testify and enhance the security and privacy schemes as it evolves.
References [1] IDC Futurescape for Internet of Things, December 2014, https://www.idc. com/getdoc.jsp?containerId=prUS25291514. [2] http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet. [3] http://www.securityweek.com/blackenergy-group-uses-destructive-plugin-ukraine-attacks. [4] http://www.wired.com/2015/12/2015-the-year-the-internet-of-thingsgot-hacked/. [5] https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_ Ten_Project#tab=Top_10_IoT_Vulnerabilities__282014_29. [6] Trusted Execution Environment, https://en.wikipedia.org/wiki/Trusted_ execution_environment. [7] http://www.arm.com/products/processors/technologies/trustzone/. [8] https://kantarainitiative.org/confluence/display/IDoT/Concepts+of+Ide ntity+within+the+Internet+of+Things. [9] http://www.trustedcomputinggroup.org/resources/trusted_platform_ module_tpm_summary. [10] http://oauth.net/2/.
Security and Privacy
105
[11] http://openid.net/connect/. [12] http://www.iot-now.com/2015/03/26/31426-securing-the-identity-ofthings-idot-for-the-internet-of-things/Contextual knowledge is power. [13] Westin, A. F., “Privacy and Freedom,” Washington and Lee Law Review, Vol. 25, No. 1, 1968. [14] Stoneburner, G., A., Goguen, and A. Feringa, “Risk Management Guide for Information Technology Systems,” NIST Special Publication 800-30, 2002. [15] STRIDE Model (v=cs.20).aspx.
https://msdn.microsoft.com/en-us/library/ee823878
[16] https://msdn.microsoft.com/en-us/library/ff648644.aspx. [17] ���������������������������������������������������������������������� http://www.upm.ro/facultati_departamente/stiinte_litere/conferinte/situl_integrare_europeana/Lucrari6/06%20-%20Hunor,%20Haller,%20Sebesety-Pal.pdf. [18] ��������������������������������������������������������������������� http://engage.securestate.com/assess-your-security-risk-with-securestates-simple-irisk-equation. [19] Trusted Computing Group, published documents on IoT security www. trustedcomputinggroup.org. [20] https://www.nccgroup.trust/uk/about-us/newsroom-and-events/ blogs/2014/april/security-of-things-an-implementers-guide-to-cyber-security-for-internet-of-things-devices-and-beyond/. [21] https://downloads.cloudsecurityalliance.org/whitepapers/Security_ Guidance_for_Early_Adopters_of_the_Internet_of_Things.pdf. [22] Guidance for Securing IoT Using TCG Technology Version 1.0, Trusted Computing Group, 2015, http://www.trustedcomputinggroup.org/files/ resource_files/CD35B517-1A4B-B294-D0A08D30868AB3D1/TCG_Guidance_for_Securing_IoT_1_0r21.pdf. [23] https://www.owasp.org/index.php/IoT_Security_Guidance.
Selected Bibliography Clymer, C., et al., “iRisk Equation,” Whitepaper, http://insurehub.org/sites/default/files/reports/Final%20Report.pdf. Folk, C., et al., Dun & Bradstreet, “The Security Implications of the Internet of Things,” AFCEA International Cyber Committee, February 2015. Garcia-Morchon, O., et al., “A Comprehensive and Lightweight Security Architecture to Secure the IoT Throughout the Lifecycle of a Device Based on HIMMO,” 11th Intl. Symp. on Algorithms and Experiments for Wireless Sensor Networks, ALGOSENSORS 2015, Patras, Greece, September 17–18, 2015. Hernan, S., et al., “Threat Modeling Uncover Security Design Flaws Using the STRIDE Approach,” MSDN Magazine-Louisville, 2006, pp. 68–75.
106
IoT Technical Challenges and Solutions
Internet of Things, “IoT Governance, Privacy and Security Issues,” Position Paper, European Research Cluster on the Internet of Things, 2015. Kamongi, P., M. Gomathisankaran, and K. Kavi, “Nemesis: Automated Architecture for Threat Modeling and Risk Assessment, for Cloud Computing,” 2014 ASE Big Data, Social Informatics, PASSAT, BioMedCom 2014 Conf., Harvard University, December 14–16, 2014. Keoh, S. L., S. S. Kumar, and H. Tschofenig, “Securing the Internet of Things: A Standardization Perspective,” IEEE Internet of Things Journal, Vol. 1, No. 3, June 2014. Lee, M. -C., “Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method,” International Journal of Computer Science & Information Technology (IJCSIT), Vol. 6, No. 1, February 2014. Li, Z., and T. Xin, “Threat Modeling and Countermeasures Study for the Internet of Things,” Journal of Convergence Information Technology, Vol. 8, No. 5, 2013. Noel, S., et al., “Measuring Security Risk of Networks Using Attack Graphs,” International Journal of Next Generation Computing, July 2010. Nurse, J. R. C., et al., “Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things,” Intl. Workshop on Secure Internet of Things (SIoT), 2015. Olsson, T., “Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence,” 11th Intl. Conf., ICICS 2009, Beijing, China, December 14–17, 2009. Roman, R., P. Najera, and J. Lopez, “Securing the Internet of Things,” Computer, Vol. 44, No. 9, September 2011, pp. 51–58. Sicari, S., et al., “Security, Privacy and Trust in Internet of Things: The Road Ahead,” Elsevier Journal on Computer Networks, Vol. 76, 2015, pp. 146–164. Sitnikova, E., and M. Asgarkhani, “A Strategic Framework for Managing Internet Security,” 2014 11th Intl. Conf. on Fuzzy Systems and Knowledge Discovery (FSKD), 2014, pp. 947–955. Stoneburner, G., A. Goguen, and A. Feringa, “Risk Management Guide for Information Technology Systems,” NIST special publication, Vol. 800, No. 30, 2002, pp. 800–830. Ukil, A., J. Sen, and S. Koilakonda, “Embedded Security for Internet of Things,” 2nd Natl. Conf. on Emerging Trends and Applications in Computer Science (NCETACS), 2011. U.S. Department of Homeland Security guide, “Cyber Security Assessments of Industrial Control Systems,” Washington, D.C., 2010. Weber, R. H., “Internet of Things: New Security and Privacy Challenges,” Computer Law & Security Review, Vol. 26, No. 1, 2010, pp. 23–30.
Security and Privacy
107
Whitehouse, O., “Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond,” NCC group, http://www.nccgroup.trust/ globalassets/our-research/uk/whitepapers/2014-04-09_-_security_of_things_-_ an_implementers_guild_to_cyber_security_for_internet_of_things_devices_ and_beyond.pdf. Zhang, X., et al., “Information Security Risk Management Framework for the Cloud Computing Environments,” 2010 IEEE 10th Intl. Conf. on Computer and Information Technology (CIT), 2010, pp. 1328–1334. Zhao, K., and L. Ge, “A Survey on the Internet of Things Security,” 2013 9th IEEE Intl. Conf. on Computational Intelligence and Security (CIS), 2013, pp. 663–667.
4 Sensor Informatics and Business Insights
4.1 Introduction Cambridge Dictionary defines context as [1]: “the situation within which something exists or happens, and that can help explain it.” In the IoT context, sensors pick up the manifestation of something happening (e.g., fire, earthquake, traffic congestion, faults, disease, likes or dislikes, object location) via their transducers and measure the physical features (e.g., temperature, vibration, location, speed, physiological parameters). The role of sensor informatics is to analyze the collected sensor signal to understand the corresponding context and from there deduce about instantaneous and dynamic state of the cyberphysical system (CPS). This understanding of the situational behavior of the CPS gives insights and knowledge into the physical phenomenon, which can help businesses in three ways: 1. They can help optimize the business operations and run businesses more efficiently.
109
110
IoT Technical Challenges and Solutions
2. They help in a deeper understanding of the physical processes and customers by adding new features and services to the business line. 3. They help modeling the business processes and predicting future events by removing the risk of business and business planning. The whole process of deriving context from sensors and drawing business insights out of it is an extremely complex process with lot of dependence on the physical context, type of sensors and nature of insights. The whole sensor informatics process can be depicted as a knowledge pyramid [2] (as shown in Figure 4.1). There are three major components of sensor informatics as outlined in the data, information, knowledge, and wisdom (DIKW) pyramid of Figure 4.1: • Sensor signal processing: It helps in converting raw sensor data to information. • Semantic interpretation of processed information: It helps in converting information to knowledge.
Figure 4.1 The DIKW pyramid.
Sensor Informatics and Business Insights
111
• Business insights from interpreted knowledge: It helps in converting knowledge to wisdom. These are explained in detail next.
4.2 Sensor Signal Processing As depicted in Figure 4.2, the sensor signal processing workflow consists of four major blocks: signal acquisition and conditioning, signal representation, feature extraction, and inference. Each of these blocks is explained in detail next with an example application use case of activity detection from accelerometer signals in mobile phones and wearable devices. 4.2.1 Signal Acquisition and Conditioning 4.2.1.1 Sampling
Sampling of the analog sensor signal is the first step for digitization. Sampling frequency needs to more than twice the maximum frequency of the sensor signal (as per the Nyquist sampling theorem [3]) to avoid aliasing [4]. In real sensor systems, it is typical to have unequal sampling rate as the sampling happens only when
Figure 4.2 Sensor signal processing workflow.
112
IoT Technical Challenges and Solutions
the sensor signal changes. Because most sensor signal processing typically works on equal sampling rate signals, this unequal sampling rate may need to be made uniform using techniques of resampling and interpolation [5]. 4.2.1.2 Matched Filtering
The matched filter is the optimal linear filter for maximizing the signal-to-noise ratio (SNR) in the presence of additive stochastic noise [6]. It is typically used to tune the filter to the sensor signal so that any noise that is outside the signal band is filtered out. Typically matched filters are designed as lowpass or highpass or bandpass filter depending upon sensor signal characteristics. Digital filtering techniques [7] like finite impulse response (FIR) [8] and infinite impulse response (IIR) [9] are useful in designing suitable matched filters. FIR filters are easier and stable to design but need more delay taps to achieve the desired frequency response; however, the higher number of delay taps can result in higher latency. IIR filters have a smaller number of taps and hence smaller latency, but they may result in unstable behavior. 4.2.1.3 Adaptive Filtering
Matched filtering does not provide the necessary performance when the noise falls in the same frequency band as the desired signal. Adaptive filtering can help in such scenarios. An adaptive filter [10] is a system with a linear filter that has a variable parameter transfer function where these parameters can be adjusted according to an optimization algorithm [11]. An adaptive filter can be designed using FIR or IIR filters [12]. There are two basic kinds of adaptive filter: least-mean-square (LMS) and recursive-leastsquare (RLS). LMS adaptive filters are used for FIR filter architecture and RLS adaptive filters are used for IIR filter architecture. In other words, an adaptive filter can be regarded as a digital filter that self-adjusts its coefficients to minimize an error function. This error function (or the cost function) is the distance between the reference or desired signal and the output of the adaptive filter [13]. Typically, the cost function optimization is done in least-squares sense, hence the name LMS or RLS [14].
Sensor Informatics and Business Insights
113
4.2.1.4 Outlier Detection
An outlier is typically a data point that is statistically distant from other data points; it typically occurs due to error in the sensor data that needs to be excluded [15]. Outliers in a sensor signal stream typically indicate measurement error; they either need to be discarded or subsequent processing blocks in the workflow should use statistics that are robust to outliers. For the removal of outliers, the distribution can be modeled as mixture of two distinct subpopulations, representing correct trials and measurement errors. A generalized method to detect outliers is to find a set of features in the signal that can separate between regular values and outliers [16]. 4.2.1.5 Applications of Signal Acquisition and Conditioning Resampling
Many times, the physical signals have unequal sampling frequencies (due to hardware limitations of reporting sensor data only when they change) or have higher or lower than necessary sampling frequencies. Typically, all signal informatics algorithms work on uniformly sampled data; in the case of working with multiple sensors, there is the need to put all the sensor signals in the same sampling rate so that they can be fused. Through the use of sampling and interpolation algorithms, signal informatics can help in acquiring the digitized signal into the system in the right sampling rate. For example, for accelerometer signals, the hardware is typically designed to send data only when there is a change in the value of acceleration, thereby making it a variable sampling rate system that needs resampling to make it uniform sampling-rate. Noise Cleaning
Sensor data, in all practical scenarios, is corrupted by noise due to ambient and sensor inaccuracies. Efficient matched filtering techniques and adaptive filtering techniques can be used to clean this noise. For example, an accelerometer signal used for activity detection of people can use a matched bandpass filter with a pass-
114
IoT Technical Challenges and Solutions
band of 0.5 Hz to 4 Hz, as most of the frequencies while standing, walking, or running occur within this frequency band [17]. Additionally, adaptive filtering can be used for canceling noise from accelerometer signals [18], which can arise from sensor irregularities and limitations. Anomaly Detection
Sometimes, even after cleaning the sensor data, the artifacts of the unwanted signal remain at an unacceptably high level, thereby corrupting the analytics insights. In such cases, it is better to throw away such data than process it. Statistical processing-based anomaly detection techniques can be used for such requirements. In the activity detection use case, this kind of unwanted signal can be generated if the wearable device or the mobile phone is not firmly held against the body or if there are irregularity in the sensor electronics. 4.2.2 Signal Representation
Once the time-domain signal is preprocessed and cleaned, it can be either be processed in the time domain itself or it can be processed after transforming it to another domain like frequency or wavelet. Typical signals have a lot of redundancy and hence techniques of dimensionality reduction needs to be applied to reduce the effective signal space. 4.2.2.1 Frequency Domain
The Fourier transformation (FT) [19] transforms a signal from the time domain to a frequency domain. The discrete version of FT is known as a discrete Fourier transform (DFT) [20]. The most popular implementation of DFT is fast Fourier transform (FFT) [21]. The transforms result in an output vector of frequencies ranging from low-frequency to high-frequency coefficients. Frequency-domain representation helps in doing efficient matched filtering to remove unwanted frequency components in a signal. They are also useful in finding out multiple repetitive patterns in the signal and the rate at which the repetition occurs. The inverse discrete Fourier trans-
Sensor Informatics and Business Insights
115
form (IDFT) or the inverse fast Fourier transform (IFFT) is used to convert back from the frequency domain to the time domain. 4.2.2.2 Wavelet Domain
Wavelet transforms are a generic type of transform where instead of using sine and cosine as basic functions as in the Fourier transform, more generic basis functions are used [22]. As in DFT, there is a discrete version of wavelet transform available: discrete wavelet transform (DWT). DWT is particularly useful when the frequency content of the signal becomes time-varying and there is a need to represent different frequencies in different resolutions [23]. In comparison to the Fourier transformation that loses the time information of the data and transforms the data globally, DWT preserves the time dimension and transforms the data locally, which leads to a faster calculation. 4.2.2.3 Statistical Processing
To handle the large amount of data for processing, statistical processing techniques can be applied to the signal to effectively represent the significant information-bearing part of the signal. We can do simple statistical processing [24] to represent the time-domain signal with some of its first- and second-order statistics like mean, median, mode, variance, and correlation. As another option, the data is transformed to frequency domain via DFT and DWT [25] and statistical processing is applied there to effectively represent the signal sequence. There are also windowed statistical processing techniques like piecewise aggregation approximation (PAA) [26] and symbolic aggregate approximation (SAX) [27], which can provide good dimensionality reduction for specific kind of signals and applications. 4.2.2.4 Applications of Signal Representation Compression
There is a large cost associated with sensor data transport and storage. Hence, there is need for efficient lossless and lossy compression techniques. The transform and statistical processing techniques effectively represent the significant part of the signal, there-
116
IoT Technical Challenges and Solutions
by providing a potential way to efficiently compress the signal. Taking the example of the accelerometer-based activity detection, frequency analysis of the accelerometer shows that there are only a few frequency bands that are significant; the rest can be removed. Visualization
Visualization of various signal components can be the first step towards having some insight into the signal behavior, which, in turn, can lead to efficient signal analytics development. However, due to the large amount of information available in the signal space, sometimes it is extremely difficult to manually visualize all parts of the signal. Transform and statistical processing techniques can help in breaking down the signal into smaller, nonredundant components, which, when visualized in a graph, can provide much better insights about the signal and underlying events. This can be the precursor to visual analytics, described later in this chapter. 4.2.3 Feature Extraction and Inference
After preprocessing of the raw data and the dimensionality reduction, features (e.g., interesting signal properties that correlate with the physical event captured by a sensor) have to be extracted. Feature extraction describes the process of extracting representative features from the sensor data. Inference describes methods that use the extracted features to gain more information about the data and infer knowledge from that. They include detection of specific patterns in the signal, identification of such patterns, estimation of signal features from previous signals, and fusion of multiple features from multiple signals. Many times, the feature extraction and inference needs to be done on-the-fly as the sensor signal flows in stream; special techniques called stream processing are used in conjunction with existing algorithms for such systems. 4.2.3.1 Detection
Statistical signal processing techniques are used detect the presence or absence of a particular pattern in the sensor signal. It can be regarded as having a single hypothesis and inferencing the hypothesis to be right or wrong based on certain patterns present in the sensor signal [28]. Signal detection theory is a very mature
Sensor Informatics and Business Insights
117
field that developed around communication and radar systems. The same techniques can be used in sensor signal informatics. In a detection problem, there are four possible outcomes: hit (the pattern is present and system detects it), miss (the pattern is present, but the system misses detection), false alarm (the pattern is absent, but the system detects it), and correct rejection (the pattern is absent and the system also does not detect it) [29]. While the hits and correct rejections are desirable, false alarms and misses are not desirable. The whole detection theory is built around maximizing the former and minimizing the latter. It usually involves correlating certain features of the sensor signal with the desired pattern and then applying variants of thresholding criteria to detect presence and absence of the desired pattern. Most of the challenges in detection arise from noisy signals; there are specific techniques like constant false alarm rate (CFAR) [30] and voting (M of N) [31], which are used to reliably detect under noisy conditions. 4.2.3.2 Identification
Identification can be considered as detection of identity of instances that works on multiple patterns instead of one pattern. It can be regarded as having multiple hypothesis and inferencing one of the hypotheses to be right or wrong based on specific patterns present in the sensor signal [32]. It also involves correlating certain features of the sensor signal with the desired pattern, but instead of applying thresholding techniques as in detection, identification systems employ pattern recognition techniques [33]. 4.2.3.3 Estimation
Signal estimation can be thought of inferring value of unknown states observed by the sensors under noisy conditions [34]. While detection or identification can be regarded as proving a discrete set of hypotheses as right or wrong, estimation techniques can be regarded as a continuous set of hypotheses that are almost always wrong, with the focus being minimization of the estimation error. Popular estimation techniques include least square estimation (LSE) [35], maximum likelihood estimation (MLE) [36], Bayesian minimum mean squared error (BMSE) [37], and Kalman filtering (KF) [38].
118
IoT Technical Challenges and Solutions
4.2.3.4 Fusion
Sensor information fusion can be thought of as techniques and tools for exploiting the synergy in the information acquired from multiple sensors [39]. Integration of multisensory information can help in making better inferences about the physical event. Multisensor data fusion can result in better accuracy and noise performance exploiting the sensor redundancy and sensor correlation. The fusion can happen at the data level (mix all raw sensor signals together), feature level (extract relevant features from each sensor signal and then fuse), or decision or inference level (infer from each sensor signal and then fuse the inference through techniques like majority voting). Challenges on multisensor fusion mainly emerge around different noise distribution of different sensor signals and their nonstationarity [40]. 4.2.3.5 Stream Processing
A lot of applications require that the above kind of feature extraction and inferencing (detection, identification, recognition, estimation) happen on live data streams as the live sensor data samples become available from the acquisition system. Such systems have specific requirements like handling missing or delayed samples and making algorithms low computational complexity to handle low-latency, high-sampling rate systems [41]. When multisensor data streams are handled together, the synchronization of the different sensor signals becomes an additional challenge. Stream processing systems typically need specialized software architecture [42] around in-memory processing, low-latency processing, data pipelines, and scheduling [43]. They also need streaming versions of algorithms instead of traditional batch versions to make them low computational complexity and low memory [44]. 4.2.3.6 Applications of Feature Extraction and Inference Pattern Recognition
This is the detection of specific patterns or discovery of recurrent patterns that have causation with physical events captured by the sensor. For example, the accelerometer data from a smart phone may have different specific patterns in the x, y, and z-axes when
Sensor Informatics and Business Insights
119
the user is stationary versus walking versus running; these can be used to detect activity of the user. Prediction
Once a clean sensor data is available, in many use cases, the main requirement from informatics becomes modeling of the events to predict them in the future. The estimation techniques outlined above can provide the necessary statistical models (LSE, ML, BMSE, and so forth). The Kalman filtering techniques additionally allow for state-space modeling through state transition matrices, which make it easy to model time series that are governed by physical equations (like rectilinear motion). For example, in the accelerometer-based activity detection use case, use of Kalman filter in conjunction with the activity detector can predict the user’s motion, thereby making it useful for indoor localization kind of applications.
4.3 Semantic Interpretation of Processed Information Once the data from sensors are cleaned up and processed to generate information, the next important step becomes converting the processed information into knowledge. The critical part of this step is to interpret the information in a semantic manner that correlates the information to physical events and maps the cyber world findings into interpretations in the physical world. As depicted in Figure 4.3, the workflow of semantic interpretation has three major components: machine learning, rule engine, and reasoning. It should be noted that the machine learning can be regarded as partly belonging to inference, described previously. However, the outcome of machine learning always provides a powerful semantic interpretation of the data; hence, we thought it prudent to describe machine learning here. All the three components are described in detail next. 4.3.1 Machine Learning
Machine learning has evolved from the pattern recognition and computational learning theory in artificial intelligence [45]. Ma-
120
IoT Technical Challenges and Solutions
Figure 4.3 Semantic interpretation workflow.
chine learning explores the study and construction of algorithms that can learn from and make predictions on data. Such algorithms operate by learning a model from example inputs to make datadriven predictions or decisions expressed as outputs on new set of data; they do not follow strictly static program instructions. The key feature is the ability to build models from example inputs; this allows the application developer to semantically describe the example input data mapped to physical events. This semantic knowledge is used by machine learning algorithms to learn and build models, which can be used to classify, cluster, and predict physical events. Machine learning can be broadly classified into four models: supervised, unsupervised, semisupervised, and reinforcement [46]. These are described next. 4.3.1.1 Supervised Learning
In supervised learning, the machine is given example inputs with mapping to desired annotated outputs (also known as training data); the machine tries to learn a general rule that maps inputs to outputs. There are supervised learning algorithms [47] like support vector machine (SVM) classification, Naïve-Bayes classification, least-squares regression, and Ada-boost gradient boosting, which learns patterns from training data to predict the values of the label on additional unlabeled data; this can be used to classify events based on sensor data or predict events.
Sensor Informatics and Business Insights
121
4.3.1.2 Unsupervised Learning
In unsupervised learning, no labels are given to the output; the algorithm needs to find structure in its input. Unsupervised learning can be used to discover hidden patterns in data or finding relevant features. Popular unsupervised learning algorithms include decision trees, self-organizing maps, nearest-neighbor mapping, k-means clustering, and singular value decomposition. These algorithms can be used to segment, recommend, and identify data outliers. 4.3.1.3 Semisupervised Learning
Semisupervised learning lies in between supervised and unsupervised learning, where the example inputs with desired mapping to annotated outputs are there for some of the data but not for all. It typically uses a small amount of labeled data with a large amount of unlabeled data. 4.3.1.4 Reinforced Learning
Here the learning happens continuously in a dynamic environment; the system needs to automatically judge its closeness to the goal and there is not explicit way to evaluate the closeness to the goal. Reinforcement learning uses trial and error to discover which actions yield the greatest rewards. One example of reinforced learning is learning to play a game by playing against an opponent. Machine learning uses many of the same algorithms and techniques as data mining, but there is a fundamental difference between the two: while data mining discovers previously unknown patterns and knowledge, machine learning is used to learn from known patterns and knowledge and apply them to other data for making decisions. In other words, while data mining uses known properties of data to discover unknown properties of the same data, machine learning uses known property of data to find other known properties with a new instance of similar data. Machine learning is better suited for IoT analytics because there is always knowledge and sensor data available on known physical events and sensors are always producing new data points. The increased computing power has also promoted a new class of algorithms called neural networks that loosely model the way
122
IoT Technical Challenges and Solutions
our brain works with many layers of networked decision-making. These are called deep neural networks [48]. Advances in artificial intelligence (AI) have given rise to artificial neural networks (ANN), which can potentially model any kind of relationship within a data set. Deep multilayered ANNs (also popularly known as deep learning [49]) use special types of neural networks to learn complicated patterns in large amounts of data. They need a lot of computing power and recent advances in the computing systems have contributed greatly in proliferation of deep learning. Deep learning has shown lot of promise in image data; there needs to be further development in the field to apply deep learning effectively in sensor data. It should be noted that deep learning needs a huge dataset to learn and big data techniques need to be used to handle such huge data. 4.3.1.5 Applications of Machine Learning Clustering and Classification
The unsupervised method of segregating sensor data into multiple clusters without any a priori knowledge of data is known as clustering. This is useful when the sensor data produced by specific events have distinct patterns as compared to normal events. When there are known labeled data available depicting various physical events, supervised learning can be used to learn the rules of classification into different events; this learned model can be used to classify new sensor data and identify the physical events from them. In the activity detection use case, machine learning on accelerometer data can be used to classify different activities like sitting, standing, lying down, walking, and running. Regression and Prediction
Labeled sensor data can be used to create numerical regression models between physical events (inputs) and sensor data (outputs). This numerical model can be used to predict future events from the captured sensor data. Accelerometer-based motion estimation can be fitted into a regression model to predict locations of users.
Sensor Informatics and Business Insights
123
4.3.2 Rule Engine
A rule engine is a software system that runs a combination of rule rules in an execution environment. The rules can come from regulations, policies, or domain knowledge. Rule engines typically support rules, facts, exclusion, preconditions, and other functionalities. Rule engine software provides the ability to register, define, classify, and manage all the rules [50]. In a nutshell, rule engines allow for putting logic combining detected events from sensor data through processing blocks described previously to include or exclude a higher-level event. Most rule engines support a data abstraction layer representing the business entities and relationships supporting different file formats for the model. Rules can be written in standard programming languages or custom languages or architectures like Business Process Execution Language (BPEL) [51]. There are three types of rules supported by rule engines [52]. 4.3.2.1 Inference Rules
Inference are used to represent system state behaviors of the type IF THEN . They can be regarded as a complex chain of if-then-else statements operating on inferences obtained from sensor data. The rules can be executed either when the applications invoke them or when one of the attributes of the rule decision (inference from sensor data processing) is changed. These kinds of rule engines are typically stateless. 4.3.2.2 Reaction Rules
The reactive rule engines go one step further; after detecting an event via inference rules, they process event patterns to decide what action to take and then invoke relevant action tasks. These kinds of rule engines are typically state-driven. 4.3.2.3 Goal-Driven Rules
The inference rules and reaction rules are often referred to as forward-chaining rules as they process information as they come in to take decision. There exists another class of rules called backwardchaining rules; here the rules try to resolve facts to fit a particular
124
IoT Technical Challenges and Solutions
goal. In other words, they try to find out if something exists based on existing information. They are also known as goal-driven rules. Backward chaining evaluates different conditions simultaneously to ascertain which one is closest to the desired goal. 4.3.2.4 Applications of Rule Engines Inferencing
Once a set of information has been extracted from the sensor data, inferencing rules allow processing of that to draw higher-level inference regarding the physical event affecting the sensor data. For example, rule engine-based inferencing can be used on accelerometer-based activity detection to detect micro-activities like sitting or lying down while stationary, slow or brisk while walking, and jogging or fast running while running. Complex Event Processing
There is another class of applications called complex event processing (CEP) [53], which uses reaction rules to effectively map a complex logic from detected events to desired action. CEP is typically performed in real time and often employs stream processing, described previously, before applying the rules. In the activity detection use case, CEP can be used to create alerts on user abnormalities; for example, the alert can be generated if the user is about to fall. 4.3.3 Reasoning
A reasoning system can generate conclusions from available knowledge using logic. They are an integral part of artificial intelligence and knowledge-based systems [54]. Reasoning systems can either be in interactive mode with human-in-loop intervention or in batch mode that is fully automated. The first practical application of automated reasoning was expert systems focusing on domain-specific problems like medical diagnosis or machine fault diagnosis. We can regard reasoning as the use of existing knowledge to draw conclusions and create explanations [55]. There are three kinds of reasoning systems as outlined next.
Sensor Informatics and Business Insights
125
4.3.3.1 Deductive
Deductive reasoning is the process of reasoning from one or more propositions or facts to reach a logically certain conclusion. Deductive reasoning is a top-down logic in which a conclusion is reached by assertion of a general rule leading towards a guaranteed specific conclusion. For example, if x = 10 and y = 11, we can deduce that x + y = 21. 4.3.3.2 Inductive
Inductive reasoning starts with specific observations and tries to move towards a generalized most likely conclusion; it weighs the accumulated evidence to reach the most likely outcome. Here the premises are viewed as supplying the necessary evidence for the likely conclusion. The conclusion of an inductive argument is probable, based upon the evidence given. An example of inductive reasoning is scientific research-gathering evidence, identifying patterns, and forming a hypothesis or theory to explain the observation. 4.3.3.3 Abductive
Abductive tries to infer a theory from an observation; it tries to find the simplest and most likely explanation that justifies the observation. In abductive reasoning also, the premises do not guarantee the conclusion. Abductive reasoning usually uses an incomplete set of observations to find the likeliest possible explanation for the set. The abductive reasoning process usually needs creativity and intuition, thereby making it most difficult to implement in computer systems. An example of abductive reasoning is a medical diagnosis in which, given a set of symptoms and signs, doctors try to determine the most likely cause (disease). 4.3.3.4 Applications of Reasoning Systems Mostly Involving Repair and Diagnosis Systems Diagnosis
Diagnosis of fault in machines or disease in human beings is complex hybrid process that includes straightforward deduction (if x is the symptom, then y must be the cause), induction (if x is the symptom, then y is the most likely cause among n possible op-
126
IoT Technical Challenges and Solutions
tions), and abduction (intuitively start with y to the most likely cause and show that it indeed creates x symptom). Expert Systems
Expert systems can be regarded as automated diagnostic systems in which rules and reasoners with domain knowledge are embedded into the system and the system tries to recommend a possible diagnosis or a set of diagnoses to the doctor or mechanic. It can help experts like doctors and mechanics to make quick diagnostic decisions.
4.4 Business Insights from Interpreted Knowledge Drawing business insights from the interpreted knowledge that comes out of the signal informatics chain is the most important step to create value in the IoT application space. This is elaborated upon in Chapter 6; however, it is worthwhile to look at the kind of business insights that analytics on processed sensor information can bring. We describe three important analytics methods next; these are also elaborated upon in Figure 4.4. 4.4.1 Visual Analytics
Visual analytics [56] is the science of analytical reasoning facilitated by interactive visual interfaces. It can be termed as the science and
Figure 4.4 Business insights workflow.
Sensor Informatics and Business Insights
127
the art of the analysis of overwhelming amounts of disparate, conflicting, and dynamic information that can emanate from sensors [57]. Visual analytics can be seen as an integral approach combining visualization, human interpretation, and data analysis. Visual analytics need to take care of human factors, including the areas of cognition and perception. From a technology perspective, visual analytics relate to the areas of information visualization, computer graphics, and data analysis (information retrieval, data management and knowledge representation, and data mining) and usually is a complex interaction between visualization, data, analytics, and knowledge models with human-in-loop. 4.4.2 Modeling and Simulation
The information and knowledge extracted from sensor data not only cannot be used to detect or predict events, but they also can be used to create new models. Modeling and simulation use physical, mathematical, or logical models of a system as a basis for simulations; it is a mean to develop data as a basis for decision-making. It helps to get information about how something will behave in reality without actually testing it in real life. Modeling and simulation can be used for what-if analysis during the design phases of systems. It can support early evaluation and optimization of designs and ongoing verification as changes occur in complex IoT-enabled systems [58]. 4.4.3 Optimization and Planning
Finally, the biggest business value-add from the information and knowledge derived from sensor informatics is achieved when it helps in designing better business processes in terms of cost, efficiency, or features, thereby directly affecting the return on investment (ROI). Optimization and planning have been developed and matured in the standard operation research (OR) [59] field for a long time; it can be applied easily to information and knowledge extracted from the sensor data via sensor informatics. It uses mathematical modeling, statistical analysis, mathematical optimization, and graph-based analytics to arrive at optimal or near-optimal solutions to complex decision-making problems, thereby helping in the creation of optimal planning tools. The most obvious applica-
128
IoT Technical Challenges and Solutions
tion of IoT-based optimization and planning is in the supply chain [60] and logistics or, in general, any system that encompasses the flow of objects in a network.
4.5 Data and Algorithm Marketplaces as New Business Models The most important aspect of any IoT system is the data being collected. However, traditionally data will be in silos of individual verticals or organizations. To deliver value, the data from different sources and systems need to be aggregated together to gain far greater insight. In this regard, this is the big push towards open data, especially governments and smart cities all over the world providing data sets to the public from their departments through Web sites like data.gov. In many cases, this is not real-time data but a slightly older data. This data needs to be complete, primary, timely, accessible, machine-processible, nondiscriminatory, nonproprietary, and license-free. Open data encourages transparency and can generate new products and services and promote efficiency due to better visibility. However, at this point, beyond smart cities and government data, there is very little open data available in IoT space for enterprises. It is obvious that such data cannot be made available for free to everybody; hence, there is a case for creating a data marketplace [61]. In a data marketplace [62], application developers need to buy data to create value-added applications on it. When the business value created (in terms of operational cost reduction or process optimization or improvement in efficiency) is worth more than the data cost (which will be the usual case for value creation via sensor informatics and analytics), it creates a viable and scalable business model that is democratized. However, ensuring the security and maintaining the privacy of such data are important concerns that need to be addressed; in Chapter 3, we explored some of the security and privacy issues. Another interesting aspect to address for creating scalable value-added IoT systems is creation of an analytics algorithm repository. All the people having the right domain knowledge about the business problem and hence being in a positon to conceptualize the right value-added business application may not have technical knowledge about the required sensor informatics and analytic algorithms required to draw the right insights from the sensor data
Sensor Informatics and Business Insights
129
for creating such an application. However, such algorithms can be crowdsourced from a group of algorithm experts and stored in a repository [63] that is available as working and executable algorithm code to the application developers [64]. To create a sustainable model, such a repository can also be created in a marketplace framework so that the algorithm providers have some incentive and reward [65]. We explore this concept of analytics as a service in detail in Chapter 6. However, as is true for any such crowdsourced system, trust and reputation of the algorithm provider become important factors. Data marketplace, along with the algorithm marketplace, has the potential to create an economic and sustainable model of IoT analytics-based application development that capitalizes on openness and reuse to deliver real value and hence can address the biggest challenge plaguing the IoT ecosystem: that of creating killer applications that justifies the ROI. In summary, in this chapter, we covered the different aspects of the most important part in the IoT system: sensor signal informatics. We have described how sensor informatics is important to understand the context and state of physical systems and have introduced three major sections of signal informatics: sensor signal processing (which is about acquisition, clean up, and representation of sensor signals to convert it into information), semantic interpretation of sensor information (which is about relating and interpreting sensor information into physical system knowledge), and business insights from interpreted knowledge (which is about creating actionable insights from the knowledge already interpreted from sensor signals). Finally, we outlined the concept of data and algorithm marketplace as the future architecture for crowdsourced sensor informatics and discussed the challenges thereof. Sensor informatics can be regarded as the brain of an IoT system and hence responsible for all the intelligence and smartness usually associated with IoT.
References [1] http://dictionary.cambridge.org/dictionary/english/context. [2] http://inls151f14.web.unc.edu/files/2014/08/rowleydikw.pdf. [3] https://www.cs.cf.ac.uk/Dave/Multimedia/node149.html.
130
IoT Technical Challenges and Solutions
[4] http://redwood.berkeley.edu/bruno/npb261/aliasing.pdf. [5] http://in.mathworks.com/help/signal/ref/resample. html?s_tid=gn_loc_drop. [6] http://ee.eng.usm.my/eeacad/mandeep/EEE436/chp%203.pdf. [7] http://learn.mikroe.com/ebooks/digitalfilterdesign/chapter/ basic-concepts-of-digital-filtering/. [8] http://dspguru.com/dsp/faqs/fir/basics. [9] http://dspguru.com/dsp/faqs/iir/basics. [10] http://www.ece.mcmaster.ca/faculty/reilly/coe4tl4/adaptive%20 filters%20Scot%20Douglas.PDF. [11] http://in.mathworks.com/help/dsp/ug/overview-of-adaptive-filtersand-applications.html. [12] http://www.ee.lamar.edu/gleb/adsp/Lecture%2007%20-%20 Adaptive%20filtering.pdf. [13] https://www.lsv.uni-saarland.de/fileadmin/teaching/dsp/ss15/ DSP2016/ADF_intro.pdf. [14] https://courseware.ee.calpoly.edu/~fdepiero/fdepiero_dsp_notes/ notes%20%26%20materials/Adaptive_Filtering.pdf. [15] http://www.itl.nist.gov/div898/handbook/eda/section3/eda35h.htm. [16] http://eprints.whiterose.ac.uk/767/1/. [17] https://arxiv.org/ftp/arxiv/papers/1107/1107.4414.pdf. [18] http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3270843/. [19] http://www.thefouriertransform.com/. [20] http://www.robots.ox.ac.uk/~sjrob/Teaching/SP/l7.pdf. [21] http://www.dspguide.com/ch12/2.htm. [22] http://gwyddion.net/documentation/user-guide-en/wavelet-transform. html. [23] http://www.cse.iitm.ac.in/~vplab/courses/CV_DIP/PDF/Lect-wavelet_ filt.pdf. [24] https://reference.wolfram.com/language/guide/Statistics.html. [25] http://www.ncbi.nlm.nih.gov/pubmed/12762451. [26] http://jmotif.github.io/sax-vsm_site/morea/algorithm/PAA.html. [27] https://cs.gmu.edu/~jessica/sax.htm. [28] http://www.ece.uic.edu/~devroye/courses/ECE531/lectures/b2c3.pdf. [29] http://www-psych.stanford.edu/~lera/psych115s/notes/signal/. [30] http://www.ece.iisc.ernet.in/~cmurthy/E1_244/Slides/Rohling.pdf.
Sensor Informatics and Business Insights
131
[31] http://ece.wpi.edu/radarcourse/Radar%202010%20PDFs/Radar%20 2009%20A_6%20Detection%20of%20Signals%20in%20Noise.pdf. [32] http://research.microsoft.com/en-us/um/redmond/events/ cognetsummit/presentations/stancil.pdf. [33] http://www.sis.pitt.edu/spring/patterns/node11.html. [34] http://www.ece.uic.edu/~devroye/courses/ECE531/lectures/intro.pdf. [35] http://stat.ethz.ch/~geer/bsa199_o.pdf. [36] http://times.cs.uiuc.edu/course/410/note/mle.pdf. [37] http://www.lx.it.pt/~mtf/learning/Bayes_lecture_notes.pdf. [38] http://stanford.edu/class/ee363/lectures/kf.pdf. [39] https://www.ieee.li/pdf/viewgraphs/multisensor_data_fusion.pdf. [40] http://preserve.lehigh.edu/cgi/viewcontent. cgi?article=2318&context=etd. [41] http://cs.brown.edu/~ugur/8rulesSigRec.pdf. [42] http://edoc-intranet.epfl.ch/files/content/sites/lts4/files/frossard/ publications/pdfs/icassp06.pdf. [43] http://db.csail.mit.edu/pubs/cidr07.pdf. [44] http://www.nist.gov/smartspace/downloads/ICME08_paper.pdf. [45] http://alex.smola.org/drafts/thebook.pdf. [46] http://www.sas.com/it_it/insights/analytics/machine-learning.html. [47] http://www.cs.huji.ac.il/~shais/UnderstandingMachineLearning/ understanding-machine-learning-theory-algorithms.pdf. [48] http://neuralnetworksanddeeplearning.com/. [49] http://deeplearning.net/. [50] https://en.wikipedia.org/wiki/Business_rules_engine. [51] https://www.oasis-open.org/committees/tc_home.php?wg_ abbrev=wsbpel. [52] http://www.brcommunity.com/b410.php. [53] http://www.complexevents.com/about-real-time-intelligence-and-cep/. [54] https://www.butte.edu/departments/cas/tipsheets/thinking/reasoning. html. [55] http://research.microsoft.com/pubs/192773/tr-2011-02-08.pdf. [56] http://www.visual-analytics.eu/faq/. [57] http://vis.pnnl.gov/pdf/RD_Agenda_VisualAnalytics.pdf.
132
IoT Technical Challenges and Solutions
[58] http://www.automationworld.com/all/internet-things-and-importancemodeling-and-simulation. [59] http://mathworld.wolfram.com/OperationsResearch.html. [60] http://web.mit.edu/~sgraves/www/papers/Graves_Kletter_Hetzel.pdf. [61] http://radar.oreilly.com/2012/03/data-markets-survey.html. [62] http://www.bigdataexchange.com/homepage/buyersellers/. [63] https://www.datamapper.com/algorithms. [64] https://algorithmia.com/. [65] http://www.gartner.com/smarterwithgartner/the-algorithm-economywill-start-a-huge-wave-of-innovation/.
Selected Bibliography Ackoff, R. L., “From Data to Wisdom,” Journal of Applied Systems Analysis, Vol. 16, 1989, pp. 3–9. Allen, J., “Photoplethysmography and Its Application in Clinical Physiological Measurement,” Physiol. Meas., Vol. 28, 2007, pp. R1–R39. Arel, I., D. C. Rose, and T. P. Karnowski, “Deep Machine Learning: A New Frontier in Artificial Intelligence Research [Research Frontier],” IEEE Computational Intelligence Magazine, Vol. 5, No. 4, 2010, pp. 13–18. Arora, A., et al. “Exscal: Elements of an Extreme Scale Wireless Sensor Network,” Proc. 11th IEEE Intl. Conf. on Embedded and Real-Time Computing Systems and Applications, 2005, pp. 102–108. Chandel, V., et al., “AcTrak: Unobtrusive Activity Detection and Step Counting Using Smartphones,” in Mobile and Ubiquitous Systems: Computing, Networking, and Services, New York: Springer, 2013, pp. 447–459. Coutaz, J., et al., “Context Is Key,” Communications of the ACM, Vol. 48, No. 3, 2005, pp. 49–53. Daubechies, I., “The Wavelet Transform, Time-Frequency Localization and Signal Analysis,” IEEE Trans. on Information Theory, Vol. 36, No. 5, 1990, pp. 961–1005. Derler, P., E. A. Lee, and A. Sangiovanni Vincentelli, “Modeling Cyber–Physical Systems,” Proc. of the IEEE, Vol. 100, No. 1, 2012, pp. 13–28. Douglas, S. C., “Introduction to Adaptive Filters,” in Digital Signal Processing Handbook, V. K. Madisetti and D. B. Williams, (eds.), Boca Raton, FL: CRC Press, 1999. Friedman-Hill, E. “Jess, the Rule Engine for the Java Platform,” 2008. Frigo, M., and S. G. Johnson, “FFTW: An Adaptive Software Architecture for the FFT,” Proc. of the 1998 IEEE Intl. Conf. on Acoustics, Speech and Signal Processing, Vol. 3, 1998, pp. 1381–1384.
Sensor Informatics and Business Insights
133
Goodwin, G. C., and K. S. Sin, “Adaptive Filtering Prediction and Control,” Courier Corporation, 2014. Graves, S. C., D. B. Kletter, and W. B. Hetzel. “A Dynamic Model for Requirements Planning with Application to Supply Chain Optimization,” Operations Research, Vol. 46, No. 3, Supplement 3, 1998, pp. S35–S49. Grubbs, F. E., “Procedures for Detecting Outlying Observations in Samples,” Technometrics, Vol. 11, No. 1, February 1969, pp. 1–21. Gubbi, J., et al., “Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions,” Future Generation Computer Systems, Vol. 29, No. 7, 2013, pp. 1645–1660. Hall, D. L., and J. Llinas, “An Introduction to Multisensor Data Fusion,” Proc. of the IEEE, Vol. 85, No. 1, 1997, pp. 6–23. Haykin, S., Adaptive Filter Theory, Upper Saddle River, NJ: Prentice Hall 1996. Honig, M. L., and D. G. Messerschmitt, Adaptive Filters, Structures, Algorithms and Applications, Boston, MA: Kluwer Academic Publishers, 1984. Jenkins, W. K., et al., Advanced Concepts in Adaptive Signal Processing, Boston, MA: Kluwer Academic Publishers, 1996. Kay, S. M., Fundamentals of Statistical Signal Processing, Vol. 1: Estimation Theory, Upper Saddle River, NJ: Prentice Hall, 1993. Kay, S. M., Fundamentals of Statistical Signal Processing, Vol. 2: Detection Theory, Upper Saddle River, NJ: Prentice Hall, 1998. Kay, S. M., Fundamentals of Statistical Signal Processing: Practical Algorithm Development, Vol. 3, Boston, MA: Pearson Education, 2013. Keogh, E. J., and M. J Pazzani. “Scaling Up Dynamic Time Warping for Datamining Applications,” Proc. of 6th ACM SIGKDD Intl. Conf. on Knowledge Discovery and Data Mining, 2000, pp. 285–289. Kielman, J., and J. Thomas, (Guest Eds.), “Special Issue: Foundations and Frontiers of Visual Analytics,” Information Visualization, Vol. 8, No. 4, Winter 2009, pp. 239–314. Lertniphonphun, W., and J. H. McClellan. “Unified Design Algorithm for Complex FIR and IIR Filters,” Proc. on 2001 IEEE Intl. Conf. on Acoustics, Speech, and Signal Processing, (ICASSP’01), Vol. 6, 2001, pp. 3801–3804. Li, C., and G. Miklau, “Pricing Aggregate Queries in a Data Marketplace,” WebDB, 2012, pp. 19–24. Liggins II, M., D. Hall, and J. Llinas, (eds.), Handbook of Multisensor Data Fusion: Theory and Practice, Boca Raton, FL: CRC Press, 2008. Lin, J., et al., “A Symbolic Representation of Time Series, with Implications for Streaming Algorithms,” Proc. of 8th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery, 2003, pp. 2–11. Maddala, G. S., “Outliers,” in Introduction to Econometrics, 2nd ed., New York: MacMillan, 1992, pp. 88–96.
134
IoT Technical Challenges and Solutions
Magnani, L., Abduction, Reason, and Science: Processes of Discovery and Explanation, New York: Kluwer Academic/Plenum Publishers, 2001. Mannila, H., “Data Mining: Machine Learning, Statistics, and Databases,” IEEE Computer Society Intl. Conf. Scientific and Statistical Database Management, 1996. Manolakis, D. G., V. K. Ingle, and S. M. Kogon, Statistical and Adaptive Signal Processing: Spectral Estimation, Signal Modeling, Adaptive Filtering, and Array Processing, Norwood, MA: Artech House, 2005. Menychtas, A., et al., “A Marketplace Framework for Trading Cloud-Based Services,” in Economics of Grids, Clouds, Systems, and Services, New York: Springer, 2011, pp. 76–89. Ojo, A., E. Curry, and T. Janowski, “Designing Next Generation Smart City Initiatives: Harnessing Findings and Lessons from a Study of Ten Smart City Programs,” 22nd European Conf. on Information Systems, Tel Aviv, 2014. Pal, A., et al., “A Robust Heart Rate Detection Using Smart-Phone Video,” Proc. of 3rd ACM MobiHoc Workshop on Pervasive Wireless Healthcare, 2013, pp. 43–48. Poor, V. H., An Introduction to Signal Detection and Estimation, 2nd ed., New York: Springer, 1998. Proctor, M., “Drools: A Rule Engine for Complex Event Processing,” in Applications of Graph Transformations with Industrial Relevance, New York: Springer, 2011, pp. 2-2. Russell, S., and P. Norvig, Artificial Intelligence: A Modern Approach, 2nd ed., Upper Saddle River, NJ: Prentice Hall, 2003. Skolnik, M. I., “Introduction to Radar,” in Radar Handbook, 2nd ed., New York: McGraw Hill, 1962. Sokwoo, R., “Design and Analysis of Artifact-Resistive Finger Photoplethysmographic Sensors for Vital Sign Monitoring,” Ph.D. dissertation, MIT, 2000. Suh, J., et al., “A Performance Analysis of PIM, Stream Processing, and Tiled Processing on Memory-Intensive Signal Processing Kernels,” ACM SIGARCH Computer Architecture News, Vol. 31, No. 2, 2003, pp. 410–421. Sun, Y., et al., “Advances on Data, Information, and Knowledge in the Internet of Things,” Personal and Ubiquitous Computing, Vol. 18, No. 8, 2014, p. 1793. Thomas, J. J., and K. A. Cook, “Illuminating the Path: The R&D Agenda for Visual Analytics,” National Visualization and Analytics Center, 2005, p. 4. Vickers, J., “The Problem of Induction,” Stanford Encyclopedia of Philosophy, June 21, 2010. Hodge, V. J., and J. Austin, “A Survey of Outlier Detection Methodologies,” Artificial Intelligence Review, Vol. 22, No. 2, 2004, pp. 85–126. Wang, H., D. Estrin, and L. Girod, “Preprocessing in a Tiered Sensor Network for Habitat Monitoring,” EURASIP Journal on Advances in Signal Processing, Vol. 4, 2003, pp. 392–401. Wu, J., et al., “Apparatus and Method for Providing a Data Marketplace,” U.S. Patent Application 11/750,993, filed May 18, 2007.
5 Mobile Sensing
5.1 Introduction Mobile sensing is a class of sensing architecture in which sensors mounted on a moving platform or gateway is used in a space over time to collaboratively monitor physical and environmental conditions. Mobility enables sensor nodes to target and track objects and phenomena that are either moving or spatially distributed. The mobile platform can be people carrying personal devices, transport vehicles, robots, and drones. In addition to being the eyes and ears of the IoT, these platforms provide hands and legs to IoT. They can be efficiently used for observing large geospatial systems, civil infrastructures, vehicles, and environmental events such as wind, pollution, and chemical clouds. Along with static sensors, these mobile sensing systems enable a seamless coverage at the required time resolutions as required by the application. Each platform has its own sweet spot in the economic spatiotemporal coverage as depicted in Figure 5.1. Satellites provide a coarse view from space that can provide a large coverage but has a low time resolution (i.e., periodicity of views available is in days). Views from unmanned aerial vehicles (UAVs) provide a 135
136
IoT Technical Challenges and Solutions
Figure 5.1 Mobile sensing: sweet spot for different mobilesensing platforms.
much better observation quality with improved time resolution; however, the practical coverage possible is less than that of satellites. The data collection by a person carrying a personal or handheld device can be effectively used for applications that can work with data collection at a lower time resolution and coverage. At the same time, fixed sensors can provide a high time resolution, but their coverage is relatively limited. Each sensing platform has its own sweet spot for economic spatiotemporal coverage as shown in Figure 5.1. However, exceptions are possible from this generic view on the data collection behaviors and platform. The coverage of sensor system can be increased by using a network of fixed and mobile sensors. Here the economics of sensing will play a role in deciding the right platform and architecture, and we will have a brief discussion on this aspect at the end of this chapter.
5.2 Applications and Use Cases for Mobile Sensing As mentioned above, popular platforms that can be used for mobile sensing are robots, UAVs, and smartphones. Various sensors mounted on these platforms can be mobilized to the location of interest as and when required. Specifically, for applications in which the phenomenon of interest does not require a dedicated sensor, sampling periodicity is low and spatially distributed can substantially benefit from a mobile-sensing approach. There are several
Mobile Sensing
137
use cases of mobile sensing, and some of the representative classes are discussed in the following sections. 5.2.1 Mobile Sensing for Environmental Monitoring
Preventive health researchers are interested in gathering data to build a fine-grained model of environmental factors affecting pollution-induced diseases. Sensors mounted on private or public transport along with static sensors deployed at strategic locations can monitor temperature, humidity, carbon monoxide, and so forth. A synthesized model from this data is highly helpful for giving guidance and warnings to people with asthma, fine-particle allergies, and so forth. One such example is the pollution hotspots being monitored with use of smartphones [1]. Smartphones are used to collect the ultrafine particle density data from the sensors mounted on cars of volunteers. In-car GPS is used for position approximation. Volunteers get discounts or waivers on their cell phone charges. This information is offered to news media for dissemination and raising public awareness. Another example is on the monitoring of deserts. Dynamics of deserts are a serious concern for people living in and around them. The Tumbleweed [2] is a robot that can roll across the desert, gathering information about desertification. It can operate autonomously for years and can travel thousands of kilometers using only the power of the wind. 5.2.2 Mobile Sensing for Emergency Response
First responders involved in indoor emergency situations, such as urban fire, are often challenged by dangerous and dynamic operating environments with little access to situational information. This situational information, such as the extent and severity of an indoor fire, can enhance rescue planning and reduce risk to personnel. Traditional predeployed sensors are either absent or often sparsely distributed and inadequate to provide required information. Also, fixed deployment of sensors to cover large infrastructure are relatively expensive to install and maintain. Controlled mobility of robots having the capability to move per need can provide substantial help to first responders.
138
IoT Technical Challenges and Solutions
5.2.3 Collaborative Sensing for Urban Transportation
For collection of urban traffic information, which is a highly distributed phenomenon, different methods have been traditionally used. This includes surveillance cameras, loop detectors on the road, and Doppler radars. Achieving wide coverage using this fixed infrastructure is an expensive and nonflexible approach. Mobile sensing is an economic alternative or complementary scheme to be used here. Probe vehicles such as taxis and buses could collect traffic data in a city. For example, they could periodically report their speed and location to a central server over cellular communication network. Additionally, location information revealed by using their smartphones can also be a source of traffic estimation. 5.2.4 Robots in Healthcare
Robots can have the ability to perform tasks that humans find difficult, monotonous, or inefficient to do [3]. They can assist in home care support functions such as asset location, can move patients, and can communicate with doctors in an emergency. Robotic pets are becoming popular for wellness and theraputic purposes. In a home care scenario, they may assist in sharing the location of medication, objects, and people and may also help in navigation. They need to be autonomous in terms of both mobility and decisionmaking abilities. This requires systems for the data collection, processing, storing, and use of information for the autonomous services. Further medical robots are being used for several minimally invasive surgical procedures. 5.2.5 Robotic Telesensing and Operation
Teleoperation means controlling or doing work at a distance. Telerobotics based teleoperation has a wide use in many different fields including military or defense, space, underwater, offshore exploration, and healthcare. It can aid in repairs and exploration in difficult-to-reach areas such as space, mines, and inaccessible areas. Also, it is useful in assisting unskilled staff in the field for expert operations. Remote-operated vehicles (ROVs) are increasingly being used in disaster management, mining, and underwater
Mobile Sensing
139
operations replacing humans. In general, ROVs find a wide range of applications including surveys, oceanography, and inspection. Doctors can use tele-operated medical robots for examining a remote patient and perform surgical procedures. Tele-operation is often found to be enhanced with augmented reality (AR) interfaces in which a remote person is provided with near real-life visualization of the scene acquired by the robots. To enhance the operator perception of the mobile robot workplace, haptic interfaces can be used. They offer feedback or tactitle feedback, giving operators a better sense of the remote environment. This will help in enhancing the efficiency and robustness of interactive tele-operation. 5.2.6 Aerial Robots for Spatial Intelligence
A growing interest is shown for using unmanned aerial vehicles (UAVs) for inspection and other remote-sensing applications. UAV has been traditionally used in several military applications. A wide spectrum of civilian applications is emerging, including public area monitoring, infrastructure inspection, intelligent farming, and aerial mapping. The low-cost, small UAVs, generally called drones, have the potential for several industrial applications and public services. In spite of severe restrictions and regulations, applications of drones have increased exponentially over the past few years. In precision agriculture, UAVs allow farmers to gather real-time data on crops, detect crop diseases as early as possible, estimate yield, detect stress due to inadequate water and nutrition, and make better decisions about using fertilizers, herbicides, and pesticides. There are applications reported in which drones are used for pesticide spraying. Animal tracking is another task well suited to the capabilities of drones. They can also help to protect crops from the attack of wild animals. In forestry, the use of unmanned aerial systems in spotting and mapping forest fires is getting attention. Further, the estimation and classification of tree resources and wildlife in forests are also compelling applications of drones. Environmental protection is an area in which UAVs can contribute a lot. The three-dimensional (3-D) surface mapping of the landscape is useful for designing and planning structures. Aerial mapping of the building at various stages of construction can provide
140
IoT Technical Challenges and Solutions
useful information regarding the progress and compliance of the construction. Further, for post-disaster investigation of damaged buildings and utility structures, UAV can be a powerful tool for support. Table 5.1 lists various industry verticals that can benefit from UAV-based sensing. 5.2.6.1 Utility Asset Inspection Using UAV [4]
Utility systems such as power lines, oil and gas pipelines, and water supply lines require periodic inspections. The inspection involves assessing the entire structure to identify and locate anomalies such as cracking, snapping, shifting, chipping, surface degradation, and weed encroachment. For power lines and pipelines, there is a need for checking their rights of way for any intrusions or infringements. Also, there is a need to look for signs of leakage, such as dead or discolored vegetation, presence of liquid on the ground, dirt, rusting or unusual fog, or suspended particles. Such inspections are also relevant for railway lines. Manual utility inspection often involves difficult and dangerous conditions. The unsafe conditions faced by the field workers include working at high heights or working with high-voltage assets, biological hazards, and large bodies of water or heat. Employing a drone to inspect assets through near-field remote sensing lets field staff stay at a safe distance, reducing the likelihood of injury or incapacitation. Moreover, such inspection methodology Table 5.1 Some of the Prominent UAV Applications for Different Verticals Domains UAV Applications Utilities Pipelines (oil, gas, water), power lines, wind farm, solar farm Transportation Road traffic, railways, water transport Government Coastal surveillance, public events, pollution, forests, smart city, heritage sites, land use, and law and order Construction Site survey, planning, development, building management Insurance Inspection, damage assessment, risk monitoring, emergency care Healthcare Emergency care, remote monitoring or assistance Retail Outlet planning, shop shelf monitoring Mining Asset monitoring, mapping, disaster management Telecom Telecom tower inspection, radio frequency (RF) signal mapping, temporary cells
Mobile Sensing
141
can provide higher-quality, more accurate, and usable data, as and when needed. It helps in improving efficiency and reducing costs. It supports a variety of visualization formats including high-density images, 3-D views, annotated video summaries, and various geographical information system (GIS) layers. 5.2.6.2 UAV-Based Aircraft Inspection
Hailstorms, lightning strikes, and even normal wear and tear cause damage to aircraft fuselage. Timely monitoring and remediation are required to avoid millions of dollars in loss of revenue. Speeding up the inspection of aircrafts by using drones as part of the Integrated Vehicle Health Management System (IVHMS) can be of tremendous value towards improving aircraft utilization. 5.2.6.3 UAV for Urban Inspection
Drones can also be effectively deployed for inspection of communication towers, wind turbines, solar farms, buildings, and roadways, as well as unidentified objects including suspected explosives. Intelligent infrastructure is a key focus for smart cities. Effective sensing methodologies to monitor the state of the infrastructure are of high interest there. In addition to visual cameras, infrared, multispectral, and hyperspectral sensors are often used to gather data for detecting various changes and damages at high precision. UAVs can also play a key role in monitoring and surveillance strategies of smart cities. 5.2.6.4 UAV for Insurance Business
Drones can also be a potential tool for insurance companies to evaluate risk and collect digital evidences for evaluating claims. A standardized inspection process to cover various asset categories that are of interest to insurance business, such as crops, buildings, and vehicles could be formulated with drones. Drones can be quickly deployed to collect and record digital evidence of asset damages in case of a disaster or emergency. This can open up new business models in insurance. Figure 5.2 shows various enterprise sensing applications of UAV.
Figure 5.2 UAV-based sensing: potential business applications.
142 IoT Technical Challenges and Solutions
Mobile Sensing
143
5.3 Technologies and Challenges in Mobile Sensing There are several issues and challenges related to technologies, methodologies and business models in mobile sensing. In this section, we discuss those aspects related to mobile sensing using smart phones, robots, and UAVs. 5.3.1 Smartphone-Based Sensing
Today, smartphones serve as integral mobile devices for personal communication and the computer devices of choice. It comes with a set of embedded sensors, such as an accelerometer, Global Positioning System (GPS), compass, gyroscope, microphone, and camera. Individually and collectively, these sensors can provide a rich set of contextual information. Bluetooth and Wi-Fi radios also provide information around the surrounding environment. They are enabling several new applications across a wide variety of domains, such as healthcare, wellness, social networks, safety, environmental monitoring, and transportation. Many more new sensors such as a barometer and a heart rate sensor are being added to smartphones. The primary objectives of these sensors were for mobile applications to improve their performance, user interfaces, and other functionalities. However, they also enable a significant opportunity to gather data about people and their environments. For example, the physical movements, actions, and gestures of a person can be decoded by processing accelerometer data from the smartphone being carried. Distinct patterns within the accelerometer data can reveal different activities such as running, walking, standing, or counting the number of steps taken or estimating the distance walked. Further, microphonescan capture the ambient sound that can be analyzed in order to determine the ambient noise level and person’s location context. This is a key input for several wellness applications. In addition to this, there are several sensors that can be externally integrated or connected to the smartphone to extend its sensing capabilities. A large number of medical or healthcare sensors that can be connected over Bluetooth fall in this category: devices for measuring blood pressure, glucose level, heart rate, respiration, and various biomarkers in blood and perspiration, to mention a few.
144
IoT Technical Challenges and Solutions
5.3.1.1 Mobile Phone Sensing: Different Scales
Mobile phone sensing applications can be categorized at different scales into personal sensing, community sensing, and public sensing. • Personal sensing: Applications focus on monitoring the different aspects of the personal life of individuals and collect information about their activities. The sensor data for such application is private or may be shared only with highly trustworthy entities. For instance, healthcare applications share data with medical professionals to provide necessary support in case of emergency. • Community sensing: Applications make use of collaborative sharing within a group of phone users who are interested in common goals or a purpose. In community sensing, systems collect and share information among phone users, their friends, and their social groups, which can promote interaction among people and improve the efficiency of organizing social activities. • Public sensing: Applications collect rich and heterogeneous data from a large number of people, which can be mined for a variety of purposes to aid decision processes. Phone users’ participation is the heart of all public mobile-sensing applications in which data can be shared and can return collective benefits. The popularity of smartphones created a new trend for crowdsensing networks (CSNs), which is a promising platform for community-driven participatory sensing. People can use their smartphones or sensor-equipped devices (including vehicles) to form a crowd-sensing network to enable collaborative sensing. This voluntarily collects data for several valuable applications such as environmental monitoring and protection, traffic jam reporting, citizen journalism, and tourist queries. 5.3.1.2 Users’ Participation in Mobile Phone Sensing
The participation of the general population in data collection and analysis has led to a sensing paradigm shift known as crowdsourcing. Mobile crowdsourcing can be seen as a distributed approach
Mobile Sensing
145
to solve a complex problem leveraging the participation of a large group of individuals with mobile devices. Smartphone-based sensing can be classified into two sensing paradigms, namely, participatory sensing and opportunistic sensing. Participatory sensing requires active participation with specific user-initiated actions for collecting the data such as snapping a picture or recording a voice or a manual data entry. In participatory sensing, the phone user has complete control regarding the contribution of the sensed data, which makes it more meaningful and less personal but places a considerable burden on the phone users. MobiShop [5] is a people-centric participatory sensing application, which shares prices of products among users. The users use their mobile phones’ camera to capture a digital image of store receipts. Opportunistic sensing shifts the burden of tasks from the phone users to a background sensing system and applications can collect data without active participation of the user. Google’s Android operating system does several such user context data collections in the background. Along with the benefits of opportunistic sensing, the opportunistic model introduces many challenges. As users do not directly control the data sharing, privacy of the users remains a major concern. Another challenge is design of incentive schemes, which can motivate users to contribute data in sensing system. 5.3.1.3 Some Challenges and Trends in Collaborative Sensing
Although the wide availability of sensors offers very interesting opportunities for collaborative sensing, there are also challenges that need to be tackled. • Encouraging cooperation from and among the users: Suitable incentive or reward schemes should be deployed for encouraging the participants. In a platform-centric model, the system itself provides a reward to the participating users. However, in a user-centric model, the incentives are based on auctions in which users demand a specific reward in exchange for their sensing services. The use of gamification to engage users is another model to consider. • Management of the data quality: Guaranteeing or even estimating the quality of data collected using opportunistic sens-
146
IoT Technical Challenges and Solutions
ing is a major difficulty. There are certain reputation estimation techniques in the literature that estimate the expected level of cooperation and the reliability of the different contributors. Data quality indicators such as the accuracy, completeness, and freshness can be quantified with this information. A number of data quality metrics for sensor feeds have been in use including a metric called the quality of contributed service to characterize the quality and timeliness of a sensed quantity obtained through participatory sensing. • Spatial crowdsourcing: In certain cases, it is required from the contributors to collect data from specific areas or locations, for reasons such as to influence a person or a mobile-sensing platform such as a vehicle to slightly detour from his or her or its route to collect data. At the same time, this detour suggestion should also be beneficial to them, in terms of less congestion, better ride quality, and so forth. Also, there can be a locationspecific dynamic incentive scheme for data collection. • Semantic data management: The use of semantic techniques, such as ontologies and reasoners can provide significant benefits. Among them, we can highlight enabling the interoperability among different devices and enriching sensor data with higher-level information, which could be potentially queried in a flexible and semantic way. • Automation of data collection: The effort involved from users to collect and collaborate for data collection is another factor to consider. Well-designed mobile applications with unobtrusive interfaces can alleviate this problem to a great extent. The complete engagement model including data collection, authentication, and incentive mechanism can be automated to achieve the best user engagement. • Management of trust and privacy: Collaborative sensing often involves the collection of data that has some privacy concerns. Specific privacy protection mechanism should be incorporated throughout the life cycle of the data. Similarly, trust management is a fundamental aspect of collaborative sensing, particularly if humans actively provide information. For example, malicious users could provide false information to disturb the system or to gain a competitive advantage. Suitable authentica-
Mobile Sensing
147
tion mechanism for the participants should be incorporated in the system. • Data ownership: Clarity on the ownership, purpose, and legality of the data and the process is another issue to be addressed. Transparency on these aspects should be provided to all the stakeholders. • Battery and communication cost anxiety: Will the mobile sensing application deplete the battery energy faster? Will it cause increased data charges? The sensor data acquisition, processing, and communication should be as energy-efficient as possible to alleviate the anxiety of the user. 5.3.2 Robotic Sensor Networks
As discussed earlier, a number of applications have been supported by robotic sensor networks. Major applications are in environmental monitoring and in search and rescue. Search-and-rescue systems should quickly and accurately map search space and locate the victims. It should also maintain communication with human responders. It should also be capable to handle a dynamic and potentially hostile environment. Robotic ad hoc networks having robust communication, sensing, computing, and localization capability are required to be used for this purpose. It should autonomously conduct target tracking with minimal support of localization capabilities. 5.3.2.1 Multirobot Sensing and Coverage Issues
Robots can be considered as active, mobile, and autonomous data processing units operating in a network. Robots use embedded sensing capabilities for their control and task execution. For sensing applications involving a larger spatial coverage, the use of multirobots holds many advantages. Multiple robots can leverage their redundancy and parallelism to increase the robustness, flexibility, and coverage. Multiple robots can also localize themselves more efficiently when they have different sensor capabilities. The advantage of faster coverage is relevant for many applications like search and rescue, intrusion detection, sensor deployment, harvesting, and mine clearing.
148
IoT Technical Challenges and Solutions
In a multirobot system, there are several techniques that can be used for planning the coverage. Using the informative approach, each robot is given a local identity and is in the communication range of the other robots. This enables them to spread out in a coordinated manner. However, in a molecular approach, no local identification is made for the robots and they do not perform any directed communication as well. Here trajectories are formed with each robot moving in a direction away from all its immediate sensed neighbors. Ant societies and their stigmergic communication are the motivation for another trajectory planning approach. In mobile-sensing networks, potential field techniques are also used for tasks like local navigation and obstacle avoidance. This is used for cases where mobile robots are to be arranged in an unknown environment. Fields are constructed such that each node is repelled by other nodes. Also, obstacles in the environment force the network to spread. A virtual force-based algorithm can be effectively used by combining repulsive forces and attractive forces to navigate the robots through virtual motion paths. 5.3.2.2 Localization for Robots
For robot localization, there are several choices of technologies including GPS, active and passive beacons, odometer, and sonar. For indoor applications, the problem is challenging because GPS cannot be used. In such cases, various sensor-assisted methods are to be explored. In one approach, a sensor-driven local map is generated and is correlated with a global map. Here no prior knowledge of the environment is assumed. Sensor data is used to construct the global map dynamically. A set of feasible poses are generated as local maps. The algorithm then selects the best fit from the feasible poses that gives the location. Simultaneous location and mapping (SLAM) fall in this category. Dead reckoning can be used as a secondary source for refining the above location estimation. The Monte Carlo method, combined with the grid-based Markov localization, is another approach for robot positioning. It can globally localize and can deal with ambiguities. A panoramic image-based model for robot localization is another approach. In urban environments, a possible localization method is by using scene fingerprinting of images taken by
Mobile Sensing
149
cameras. Here feature correspondence between images taken by camera with their reference images are used to match and locate. Humanoid robots are getting popular for variety of applications such as assistive robotics and personal robotics. A visionbased approach for localization and navigation is often followed in such applications. Scene understanding and SLAM are used by the humanoid robot to maneuver in the interactive environment. 5.3.3 UAV for Aerial Mapping
The majority of the industrial applications of UAV is in aerial mapping. Although satellites are capable of providing high-quality aerial images, UAVs have their sweet spots in low-cost, high-resolution mapping free from cloud interferences as and when required. Aerial images can be used to generate several maps including orthorectified (geographically accurate) two-dimensional maps, elevation models, thermal maps, and 3-D maps or models. They can be made with sufficient accuracy for the precise measurement of various objects of interest using photogrammetry techniques. Two-dimensional maps are still the most commonly used product from UAV-captured images. A series of overlapping aerial photographs can be combined into a single panoramic image. For an ortho-mosaic creation, a series of overlapping aerial photographs is geometrically corrected (orthorectified) and combined in a uniform scale. Orthorectified photos can be used to produce GIS-compatible maps for various GIS applications including archaeological applications, construction, and cadastral surveying. The 3-D visualizations and volume calculations from a set of aerial images are possible through a 3-D reconstruction process. For this, a sequence of images of the terrain with at least 80% overlap is required for the 3-D reconstruction algorithm. Other data products from UAV-collected imagery include digital elevation models (DEMs), Normalized Difference Vegetation Index (NDVI) (vegetation) maps, and thermal maps. DEMs are topographical maps and they represent the underlying terrain. The detailed surface features such as buildings, vegetation, and other man-made aspects are not captured in DEM. Hidden features with cavities like buildings cannot be adequately represented in DEM. NDVI maps are majorly used for agricultural applications. It uses visual and near-infrared images to compute NDVI. NDVI
150
IoT Technical Challenges and Solutions
indicates how green (vegetated) a terrain is based on the amount of infrared light reflected by living plants. Thermal maps are useful for applications such as detecting structural damages, groundwater discharges, and hidden archaeological assets. Many image processing, computer vision, and geometrical processing techniques are available for a rich set of applications of UAV-based sensor data. For example, in a building construction scenario, the aerial sensing can provide several useful insights on the status and progress of the construction process. Table 5.2 gives a list of use cases of UAV for construction monitoring and computer vision techniques for addressing them. 5.3.3.1 Challenges of UAV-Based Infrastructure Inspections [6]
While the potential benefits are high, enterprises are not yet ready to deploy inspection drones in their regular operations. Regulatory restrictions are one of the major hurdles; most regulators (such as the Federal Aviation Administration in the United States and the Swedish Transportation Agency in Sweden) have restricted drone usage.
Table 5.2 UAV-Driven Computer Vision Methods for Construction and Building Monitoring Use Cases Techniques or Approaches Progress monitoring Leveraging spatial and temporal information in four dimensions (4-D) for monitoring work-in-progress, appearance-based reasoning about the progress Site monitoring 4-D visualization of digital surface model (DSM), geometrybased change detection, integrating aerial images with augmented reality Building inspection 3-D model-based damage estimation, edge detection for identifying cracks on building façades and roofs Building 3-D model, extracting building contours for measurement measurement Surveying Georeferencing using time-stamped GPS data Structural damage Image segmentation and object classification for damage assessment estimation, machine learning-based classification of damaged buildings using feature sets obtained from feature extraction and transformation in images Road assessment Image-based 3-D reconstruction, feature extraction through image filtering, analyzing the structure and dimension of road surface, feature extraction and Orthophoto mapping Geo-hazard Orthophoto mapping and visual interpretation to inspect investigations geologic hazards along oil and gas pipelines
Mobile Sensing
151
Drones pose concerns around safety, privacy, and interference with air traffic. Potential injury due to faulty operation is the major cause of safety concerns; this needs to be addressed with robust machines that have fail-safe capabilities. This will require the flying machine to have improved path planning, navigation, and control, with obstacle avoidance features. This also calls for autonomic navigation, so that drones are not limited by the skill level of the human operator. The autopilot system should have the ability to enforce compliance to regulations. Human operators should be able to define the inspection scope intuitively to the autonomic system, which manages flight planning, safety planning, and possibly even payload configuration. The drone operating system should also take care of the environmental and operational conditions in planning and navigating the drone. Failure of a drone may lead to loss of the equipment, which calls for low-cost hardware, including sensors. Today, it takes a team of skilled personnel to operate a drone for asset inspection. A qualified pilot is required to fly the machine, a domain expert can suggest the view orientations, and a technician needs to ensure the quality of data acquisition. This need for several experienced experts raises the cost of the program. The autonomic platform should be sophisticated enough to allow a semiskilled professional to conduct the session in a semiautonomic manner, and we should move to fully autonomic mode in the future. Should there be an air traffic controller (ATC) for drones? This may not be necessary, but monitoring organization will be required to coordinate drone operations, so as to address compliance and conflicts. Standards are needed for the operation of drones in common air space; initiatives such as the Drone Safety Council are working toward this. Handling the Big Data gathered by drones is another problem that needs attention. While there are many image and video processing tools for visualization of aerial data, the fact is that end consumers are not interested in just collecting and visualizing the data. They are more interested in actionable information extracted from the mission. Automatic object recognition, object-based measurements, and change or anomaly detection are major requirements. This requires a data processing pipeline that can work autonomously without manual intervention and provides information
152
IoT Technical Challenges and Solutions
services. Approaches from cognitive robotics and deep learning could add substantial impact here. The huge volumes of streamed data would need real-time processing (distributed across onboard, ground station, and cloud computing). Integrating this data with other sources such as remote sensing satellites, smartphones, and other sensors can offer higher-quality insights. Privacy is a major social concern with regard to drones. However, for the inspection applications described above, the possibility of sensitive data being captured is relatively low. This concern can be further alleviated by the use of image obfuscation techniques to suppress sensitive regions before moving the content to secondary storage. The promise of inspection drones is appealing. More novel use cases are emerging, and the industry needs to prepare for effective use of these powerful devices.
5.4 Economics of Mobile Sensing In IoT, the decision to physically connect a thing will depend on the value realizable from the resultant information and cost of connecting it. Cost encompasses the design, implementation, operation, and maintenance of the IoT system. Beyond that, it also has to factor the security, privacy, and overall risk of connecting it. We use the term “Thinganomics” as the economics of connecting things and it is an important aspect to be considered in choosing and architecting IoT applications. Mobile-sensing approaches are an important contributor to the economy of sensing. Coverage is an important metric for the sensing applications and it can be used as one of the measures for quality of service. It basically addresses the detection of a phenomenon or event of interest in spatio-temporal space for a given application. The phenomenon under observation has a temporal behavior and it needs to be detected and responded within a specified time duration desired by the application. For example, a fire alarm system will require the fire to be detected and responded to within seconds of its occurrence. In another application, an air pollution alert system may expect the detection of air pollution and response to be achieved in couple of hours. In the fire detection case, the coverage is desired to be achieved using a fixed sensor system in
Mobile Sensing
153
which the sensors continuously monitor the event at a high sampling rate, whereas in the pollution monitoring application could benefit from mobile sensing in which a mobile sensor can achieve a higher coverage due to its mobility and at the same time meet the time resolution requirement. Figure 5.3 outlines the relationship between sampling, response requirement, and occurrence. It also outlines how the cost of mobile sensors goes down compared to fixed sensors as the coverage requirement goes up; this is also explained mathematically below. Let Cd be the desired coverage, Ns is the number of sensor nodes, ms is the mobility rate of the sensor in meters per second, Cs is the coverage of individual sensor, Tp is the duration of the phenomenon to be observed, and Tr is the maximum delay tolerance for the detection of the phenomenon or event. The total number of sensor nodes required for a uniform coverage Cd desired by the application can be estimated as
Ns =
Cd Cs (1 + ms ) * min(Tp , Tr )
From the above expression, it is evident that the number of sensors required for a desired coverage is inversely proportional to the mobility, persistence of the phenomenon, and delay tolerance
Figure 5.3 Economics of mobile sensing.
154
IoT Technical Challenges and Solutions
in detection. For a fixed sensor system, the mobility is zero and we can see that requires the maximum number of sensors. The cost of sensing has capital cost pc (for a single sensor unit/platform) and operational cost P0 · a′ is a multiplying factor that differentiates the operational cost dependency on number of units for fixed sensors versus mobile sensors.
Ps = ( pc + a ′p0 ) * N s The cost of the sensing will be roughly proportional to the number of sensor units. For mobile sensing, typically the sensor units (including platform) are individually substantially costlier compared to fixed sensor nodes. However, for a fixed sensing case, the numbers required are substantially high, although they are cheaper. These factors to be taken into account for a specific application scenario to arrive at an optimum sensing scheme. Finally, the optimal architecture may involve only fixed sensors or only mobile sensors or a mix of both.
5.5 Summary Mobile sensing is an important aspect to consider for economic sensing architectures for various applications, especially for largescale spatially distributed systems. Mobile platforms such as smartphones, vehicles, robots, and drones can be used as mobile gateways for data collection. Several representative use cases for each of the sensing modalities have been discussed highlighting the challenges and practical directions to address them. Crowdsourcing of sensing enables participatory and collaborative sensing involving people. It can potentially achieve very large-scale coverage. However, additional challenges related to human behaviors, privacy, and social factors have to be addressed. The emergence of drones as a sensor platform is disruptive and is predicted to be a highly impactful platform for diverse mobile-sensing applications.
References [1] http://www.ijcaonline.org/archives/volume83/number10/14488-2798.
Mobile Sensing
155
[2] http://techxplore.com/news/2014-02-data-gathering-tumbleweed-robotdesertification.html. [3] http://www.werobot2015.org/wp-content/uploads/2015/04/SimshawHauser-Terry-Cummings-Regulating-Healthcare-Robots.pdf. [4] http://sites.tcs.com/blogs/research-and-innovation/ promise-inspection-drones-enterprises. [5]
https://www.researchgate.net/publication/229013654_MobiShop_Using_ Mobile_Phones_for_Sharing_Consumer_Pricing_Information.
[6] http://sites.tcs.com/blogs/research-and-innovation/ challenges-adopting-drones-inspection-utility-assets.
Selected Bibliography Aberer, K., et al., “OpenSense: Open Community Driven Sensing of Environment,” Proc. IWGS ’10 of the ACM SIGSPATIAL Intl. Workshop on GeoStreaming, 2010. Brezmes, T., J. L. Gorricho, and J. Cotrina, “Activity Recognition from Accelerometer Data on a Mobile Phone,” Proc. of 10th Intl. Work-Conference on Artificial Neural Networks: Part II: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living, 2009. Burke, J., et al., “Participatory Sensing,” Proc. ACM Sen-Sys Workshop, World-Sensor-Web, 2006. Campbell, A. T., et al., “People-Centric Urban Sensing,” 2nd ACM WICON, 2006, p. 18. Changkun, J., et al., “Economics of Peer-to-Peer Mobile Crowdsensing,” 2015 IEEE Global Communications Conference (GLOBECOM), 2015. Das, T., et al., “Prism: Platform for Remote Sensing Using Smartphones,” Proc. 8th ACM MobiSys, 2010. Fossel, J., et al., “OctoSLAM: A 3D Mapping Approach to Situational Awareness of Unmanned Aerial Vehicles,” Proc. of Intl. Conf. on Unmanned Aircraft Systems (ICUAS), Atlanta, GA, May 28–31, 2013, pp. 179–188. Guo, B., et al., “From Participatory Sensing to Mobile Crowd Sensing,” Proc. of IEEE PERCOM Workshops, March 2014, pp. 593–598. Ilarri, S., O. Wolfson, and T. Delot, “Collaborative Sensing for Urban Transportation,” Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 2014. Jayaraman, P. P., et al., “MOSDEN: A Scalable Mobile Collaborative Platform for Opportunistic Sensing Applications,” Transactions on Collaborative Computing, Issue 1, 2014.
156
IoT Technical Challenges and Solutions
Kakaes, K., et al., “Drones and Aerial Observation: New Technologies for Property Rights, Human Rights and Global Development: A Primer,” July 2015, http:// drones.newamerica.org. Krause, A., et al., “Toward Community Sensing,” Proc.7th ACM/IEEE IPSN, 2008, pp. 481–492. Lane, N. D., et al., “A Survey of Mobile Phone Sensing,” IEEE Communications Magazine, September 2010. Li, Q., “Security, Privacy & Incentive Provision for Mobile Crowd Sensing Systems,” Doctoral Dissertation, Pennsylvania State University, University Park, PA, 2013. Máthé, K., and Lucian Buşoniu, “Vision and Control for UAVs: A Survey of General Methods and of Inexpensive Platforms for Infrastructure Inspection,” Sensors, Vol. 15, No. 7, June 25, 2015. Pal, A., et al., “Road Condition Monitoring and Alert Application,” Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012. Simshaw, D., et al., “Regulating Healthcare Robots: Maximizing Opportunities While Minimizing Risks,” Richmond Journal of Law and Technology, Vol. 22, No. 3, 2016, http://jolt.richmond.edu/v22i2/article3.pdf. Whitehead, K., and C. H. Hugenholtz, “Remote Sensing of the Environment with Small Unmanned Aircraft Systems (UASs), Part 1: A Review of Progress and Challenges,” J. Unmanned Veh. Syst., Vol. 2, 2014, pp. 69–85.
6 Democratizing Analytics: Analytics as a Service
6.1 The Need for IoT Analytics In the IoT context, there are physical objects in the real world (e.g., buildings, cars, roads, environment, human bodies), which, when perturbed by external stimuli in form of physical events (e.g., fire, earthquake, traffic congestion, faults, disease), generate specific sensor signals from specific features of interests (e.g., temperature, vibration, location, speed, physiological parameters). Sensors are the transducers placed on the physical objects that can observe the property change of the feature of interests and provide that information in the form of sensor signals. Sensor informatics, covered in Chapter 4, extracts information from the sensor signal. The role of analytics is to ingest this information and provide intelligence from it. The whole process is outlined in Figure 6.1. The objective of any IoT analytics application is the derivation of physical world contexts and building of models and insights from the collected sensor data (Figure 1.4 from Chapter 1) with the main purpose of deriving intelligence from observed sensor information. The intelligence can be derived in different ways providing different levels of insights depending upon application 157
158
IoT Technical Challenges and Solutions
Figure 6.1 Sensor-driven analytics.
requirements. Depending upon the kind of contextual questions that we try to answer in the analytics system, there can be four broad types of analytics: descriptive, diagnostic, predictive, and prescriptive. We have redrawn Figure 1.4 as Figure 6.2, in which the mapping of these four types of analytics is clearly articulated in the reference of the knowledge pyramid. In Table 6.1, we map a few IoT analytics use cases with different types of analytics and the type of questions that they try to answer. Descriptive analytics can be described as the analytics to find
Figure 6.2 Different types of analytics.
Democratizing Analytics: Analytics as a Service
159
Table 6.1 Different Types of Analytics Contextual Question Analytics Type IoT Analytics Case Who, What, Where, When? Descriptive Smart parking, pollution monitoring How did it happen? Diagnostic Hazardous scenario detection, water leakage detection, perimeter access control, elderly people monitoring: fall or inactivity detection Why did it happen? What is Predictive Electricity grid monitoring and expected to happen? control, monitoring for people with chronic disease, alert generation, predictive analytics and disease prognosis for health, predictive maintenance of machines What should be done to Prescriptive Traffic congestion management, make it happen or not electricity peak load management, happen? hazardous scenario response: emergency evacuation
contextual information in collected sensor data trying to answer questions like who, what, when, and where. It can be used in many cases where data visualization in different contextual dimensions of identity, location, and time can be enough to provide the necessary insights. Typical examples are visualization of parking lot vacancy using occupancy sensors or pollution level of a city from various pollution sensors located at various locations of the city, both being visualized as an overlay of geo-physical map. However, given that a specific stimulus causes specific observation on the sensor, diagnostic analytics can be defined as the inverse problem of finding the stimuli given the observation. If the model generating the observation from stimuli is known, the inverse model can be easily found out. Such analytics typically tries to answer how a particular event occurred. Examples of diagnostic analytics are to find out location, time, and subject of specific events from indirect measurement of sensors; it can be intrusion detection in campus surveillance, leakage location detection in a water supply, or fall or inactivity detection monitoring for elderly people at home. Predictive analytics is another form of analytics used for predicting the future state of the physical system given the current and historical sensor data. It usually needs knowledge and reasoning of why a particular phenomenon has occurred to predict the future behavior. It usually tries to answer questions like why a particular event happened and from there try to predict what is expected to happen
160
IoT Technical Challenges and Solutions
in future. Typical examples are finding out faults in electricity grids or screening people for likely disease risks or finding and predicting faults in factory machines. Finally, prescriptive analytics can be regarded as doing deterministic or stochastic optimization on the overall system with historical sensor data as input to prevent or aid future event occurrences. Prescriptive analytics is also very useful for performing what-if analysis on a given physical system to discover the best possible prescription. It can try to answer questions like what should be done prevent an unwanted event from happening. Typical examples include real-time traffic congestion management using vehicle location data, demand-response control of electricity to shave off-peak load demand, or planning of emergency evacuation routes in real time avoiding congestion. As an example to dive deeper, let us take the use case of predictive maintenance of machines. The health of machines can be sensed via vibration, thermal and acoustic sensors. Each of these sensors generates one-dimensional and two-dimensional (2-D) time series (2-D in case of images, like thermal images); this time series is also known as sensor signals. In the given use case, it may be the vibration sensor signal generated from an accelerometer sensor along with a 2-D video of the thermal profile of the machines. A simple machine learning-based diagnostic analytics on this needs the following steps: • Clean up the signal and remove all undesired artifacts (includes filtering of the sensor signal for noise removal and removal of chunks of time series altogether where the noise cannot be cancelled effectively). • Label the cleaned signal in time with information on when the machine was “good” and when the machine went “bad.” • Find out by painstaking causal correlation analysis which features of the cleaned signal has causal relationship with the “good” and “bad” condition of the machine; this is also called labeling. Knowledge of the physics of the machine operation can also help in this. • Use the collected labeled sensor signals to train a machine learning-based classifier. The trained classifier provides the model mapping the physical problems in the machine to pat-
Democratizing Analytics: Analytics as a Service
161
terns in the sensor signal. This model can be improved with the scientific knowledge of design and operation of the machine. • Use the learned and designed model to diagnose from the patterns of the sensor signal whether the machine has gone “bad” or which parts of the machine have gone “bad.” This is known as diagnostic analytics. • Going one step further, if sensor signal can be collected over the lifespan of a machine gradually going from a good state to a bad state, a regression-type predictive model can be built to predict the failure of similar other machines. This can lead to timely intervention through predictive maintenance reducing machine downtime and cost of repair. As obvious in the above example, the analytics process is quite complex requiring knowledge from multiple stakeholders that includes programmers, data scientists, mechanical engineers, physicists, and machine maintenance experts. Hence, there is need for such analytics to be abstracted out as a service with concerns and knowledge of each stakeholder taken into account. We discuss this in detail in the next section.
6.2 The Need for Analytics as a Service Any typical information technology (IT) development involves three stakeholders: business people (who provide the requirements), developers (who architect and write the code), and operations people (who deploy the system and maintain it). In Agile development process parlance [1], this is also known as Biz-Dev-Ops [2, 3]. An efficient plan for IT software development always involves continuous interaction of the three stakeholders. However, the development of IoT analytics applications becomes a bit more complex. This typically involves a fourth entity other than the three standard Biz-Dev-Ops people, an entity who understands the why and how of physical world or the physicists, chemists, and biologists of the world (jointly referred to as scientists). We collectively call this new development paradigm Biz-Sci-Dev-Ops: the four stakeholders and their interdependency are depicted in Figure 6.3.
162
IoT Technical Challenges and Solutions
Figure 6.3 The four stakeholders for IoT analytics development.
We take another example of building an IoT-enabled remote healthcare application where physiological sensor data on wearables worn by patients are collected 24 hours per day, 7 days per week and analytics is done that data provide real-time alerts on abnormal conditions and historical insights on the patient’s health. Here the Biz role is typically played by healthcare providers focusing on requirement generation. The Sci role is played by doctors and biomedical specialists. In the Dev role, we have standard IT programmers and architects who not only create a system that collects sensor data in real time and sends it to the cloud, but also write the analytics application to generate real-time anomaly alerts and historical insights based on the algorithms and models provided by the Sci experts. Finally, we have the IT infrastructure experts in the Ops role who take the applications and systems developed by the Dev teams and deploy it in sensor network cum cloud-based IoT infrastructure (Figures 2.1 and 2.4). For the machine predictive maintenance example given earlier, the Biz person is the factory maintenance person, the Sci person is the physicist or mechanical engineer who was involved in the machine design
Democratizing Analytics: Analytics as a Service
163
or the person who understands the machine design. The Dev and Ops roles remain similar to the healthcare example mapping to programmers and application developers and IT infrastructure experts, respectively. Traditionally, IoT applications are built bottom-up as per vertical requirements starting with sensor integration followed by sensor data collection using sensor networking, storing the collected data, and finally analyzing the stored data and streamed data to draw actionable insights. However, instead of taking the bottomup vertical approach for application development, from the cost of development, ease of development, and code reuse perspective, it is beneficial to have a horizontal, platform-driven approach. Many of the existing IoT service platforms support features like user management, resource provisioning, application life-cycle management, device management and configuration, and connectivity service provisioning and management. Another such platform [TCS Connected Universe Platform (TCUP) [4]] tries to address a few of the above concerns by providing an integrated application development platform covering device management, data storage and management, an application programming interface (API) -based application development framework and a distributed application deployment framework. What is primarily missing in the above frameworks is a service layer abstracting analytics to a higher level, thereby making it easy to use. The study of IoT analytics problems (all of which is handled in detail in Chapter 4) clearly indicates that the developers of IoT analytics systems typically spend maximum of their development time in few specific tasks: 1. Clean up the sensor signal from unwanted artifacts; this is also known as anomaly detection. 2. Understand which features of the collected sensor signal (or image or video) causally correlates with the observed physical event; this is known as feature engineering. It can also be termed as dimensionality reduction. 3. Remove the redundancy from the sensor signal while preserving the desired events; this is also known as compression.
164
IoT Technical Challenges and Solutions
What is not mentioned in Chapter 4 is the practical fact that anomaly detection, feature engineering, and compression remain the key challenges in any IoT analytics development. The main problem here for these challenges lie with choosing the right algorithms from multitude of algorithms available, each working better for a specific type of sensor signal. Hence, at the very least, the analytics as a service should provide sensor-agnostic anomaly detection as a service, sensor-agnostic feature engineering as a service and sensor-agnostic compression as a service. Once the sensor data has been cleaned, all redundancies are removed, and the right features are extracted, there still remains the challenge for modeling the data to draw the right insights from it; this typically involves combination of science-based modeling and data-based modeling (also known as machine learning), which we can call modeling as a service. Here we are trying to highlight the need for automation services in implementation of the systems described in Chapter 4 given their complexity and multidisciplinary nature of such systems that can make the implementation of such systems easier for developers who are not analytics algorithm experts. These services partially address the issues related to ease of analytics application development like code reusability, need for multiple skills in domain, analytics, sensors, or programming or visibility of data across applications. However, to address these issues fully, we need a more holistic and top-down approach. One way to address all the relevant issues is through the concept of separation of concerns among different stakeholders; this has been prevalent in the area of model-driven development (MDD) [5, 6], and recently it was also applied in the context of IoT to provide a framework to specify the requirements at different levels [7]. However, these frameworks do not address issues like analytics algorithm reuse, distributed execution of analytics, generation of analytics, and reasoning workflows, a common ontology and semantics for sensor data needed for a full-fledged IoT system. The need for a distributed computing environment to deploy and execute the analytics across multiple computing entities distributed in space while still meeting timing requirements adds interesting new dimensions to the analytics deployment challenges. This becomes further challenging with the advent of multicore processors
Democratizing Analytics: Analytics as a Service
165
[8] and accelerators like graphical processing units (GPUs) [9] on single computing platforms. Hence, a model-driven development (MDD) approach that can abstract out the metamodel of the IoT system and automate much of the analytics application development and deployment process allowing the application developer to focus only on application requirement specific concerns will be of high interest to the industry. We discuss this in detail in the next section.
6.3 Analytics as a Service for Developers: Model-Driven IoT There has been quite a bit of ongoing work on MDD systems on the implementation side. One example of such effort is from an organization called OASIS (Advancing Open Standards for the Information Society) [10]. They have brought a new standard metamodel for IT services “The Topology and Orchestration Specification for Cloud Applications” (TOSCA) [11] for improving portability of cloud applications in heterogeneous application environments. Here the structure of a service is defined by the topology template with a directed graph, which, in turn, consists of node templates and relationship templates. TOSCA allows defining complex workflows that can be used for the management process of creating, deploying, and terminating services. It specifies an Extensible Markup Language (XML)-based syntax for describing the basic data and components [12], while existing business process modeling languages such as Business Process Execution Language (BPEL) [13] and Business Process Model and Notation (BPMN) [14] are used to describe plans. An open source implementation and development framework is available in OpenTOSCA [15]. The architecture [16] supported in OpenTOSCA is outlined in Figure 6.4. It has descriptors for end points, instances, and models along with modeling tools. It has a planning engine and a controller engine to orchestrate the services, an implementation artifact engine to execute the services, all available through suitable APIs. Such frameworks, while having most of the features for cloud-based application development platforms, generally lack support for sensor-specific systems and analytics required in an IoT scenario. They definitely support Dev and Ops and, to some extent, requirements of the business
166
IoT Technical Challenges and Solutions
Figure 6.4 Open TOSCA architecture.
processes (Biz), but they complete lack support of the Sci for IoT analytics applications development. Their support from Biz, Dev, and Ops also lacks the support of sensors, sensor integration to the cloud, and cloud-based sensor device management. However, these drawbacks can be addressed through addition of sensor integration and management functionalities in the IoT platform and through knowledge-driven architectures as outlined in Figure 6.5. Such knowledge-driven architectures can support modeling of knowledge of the different expert stakeholders described in Figure 6.3, thereby allowing separation of their concerns. An application developer can take advantage of the knowledge of the other stakeholders encoded in the system to quickly develop analytics applications. The different knowledge bases described in Figure 6.5 is outlined next. • Biz knowledge base: Application developers are mainly concerned about solving a specific set of domain problems. They are expected to have good programming skill but limited knowledge about the domain applications and the kind of sensors to be deployed towards those requirements. The domain-specific knowledge base that is populated by domain experts intends to bridge this gap by providing knowledge like mapping between physical phenomena and sensor observation, mapping between sensor application and sensor technology.
Democratizing Analytics: Analytics as a Service
167
Figure 6.5 Knowledge base to support different stakeholders.
• Sci knowledge base: The Sci knowledge base consisting of a repository of analytics algorithms is contributed mainly by the algorithm writers and scientists. It not only contains the archive of algorithm executables in form of libraries, it also contains metadata about algorithms detailing their application areas, limitations, performance parameters, accuracy, CPU complexity, and memory load. This knowledge base can be used by the application developers to query and look for specific algorithms suitable for their application. • Dev knowledge base: In addition to the basic development support available in cloud-based systems like TOSCA, the Dev knowledge base can provide details on sensor communication interfaces and protocols, device drivers, and sensor data models.
168
IoT Technical Challenges and Solutions
• Ops knowledge base: After the development of sensor analytics applications for the operations, people need to deploy them. Usually, part of the applications runs on edge or gateway devices collecting sensor data and part of the applications runs on the cloud. In addition to what is available in existing frameworks, the Ops knowledge base needs to collect information about the computing, memory, and communication capabilities of the available gateway devices, available gateway-to-cloud communication channels, storage capacity of the cloud, and details of available hardware in infrastructure of the cloud and map them to the information available from the Sci knowledge base.
6.4 An Example of a Model-Driven IoT Framework An IoT analytics application can have multitude design concerns: domain information, development and orchestration, and infrastructure (sensors, devices, networks, and cloud). This is depicted in Figure 6.6. Figure 6.6 also shows how these three different design concerns map to the four different knowledge bases described earlier. For example, domain information needs both Biz and Sci knowledge bases, development and orchestration needs both Sci and Dev knowledge bases, and finally infrastructure needs Ops knowledge bases. 6.4.1 Domain Concern
Domain concern can be viewed as a set of data flows from sensor to sinks (actuator, database, reports, visualizer) traversing many computing operations that transforms the data to various information elements. This information flow can be modeled as a directed graph with nodes as computing modules that computes the designated information element. The edges indicate the input/output dependency relation. This also serves as a semantic model for the IoT application. It can also map to Biz knowledge base through a suitable semantic mapping. Figure 6.7 depicts the flow graph corresponding to an example vehicle telematics service where we
Democratizing Analytics: Analytics as a Service
169
Figure 6.6 IoT service model.
clearly show how the information flows from sensors to feature of interests to context to insights finally leading towards value-added application. It not only uses the Biz knowledge base, but also the Sci knowledge base to infer context, insights, and value from the sensor data. The nodes requires a specification of the computing model or algorithm to be used for computing the designated information element(s); this model comes from the scientific knowledge about the physical event and can be specified as a node property. 6.4.2 Development and Orchestration Concern
This view captures the information to develop analytics application via interconnecting various analytics algorithm blocks, build the corresponding executable software modules, and test them for deployment in the target devices. Also, it can specify the operational behaviors of the entire system that need to orchestrate during the operation. There is need to have an underlying metamodel to represent all the dimensions of an IoT service that can provide a framework to build and deploy the application from its specifications that includes communications, temporal behavior of the system, and business process orchestrations. It can use TOSCA-like
Figure 6.7 Example information flow graph (vehicle telematics).
170 IoT Technical Challenges and Solutions
Democratizing Analytics: Analytics as a Service
171
basic framework on top of which this service orchestration layer can be added. The analytics flow suggested by the Sci knowledge base can be made available in form of an algorithm repository from which the complete analytics workflow can be created. The workflow created at this step is then deployed on the test devices for validation. There could be standard reusable computing blocks that can be used across applications or there can be application specific algorithms. The analytics can also include rule engines utilizing the knowledge bases and can be done offline or in real time using complex event processing. 6.4.3 Infrastructure Concern
In a typical IoT application, sensing and computing may span multiple devices and platforms involving sensor device, gateways, and cloud platforms. We can view this as partitioning of the computing flow graph into subgraphs and binding suitable computing devices to execute them. Specific device with its detailed specifications can be selected from the infrastructure knowledge base and the related node property set to depict the compute specifications (CPU, clock, number of cores, GPU availability, memory). The executables created as part of the workflow during service development and orchestration needs to be mapped and matched into the right (and available) infrastructural choice. Once the computing operations are matched and mapped, the communication mechanism between these modules needs to be specified. The modules within same computing environment can use standard parameter passing mechanisms like API, messaging, or interprocess communication primitives. Communication across devices needs external interfaces and protocols such as USB [17], Bluetooth [18], Zigbee [19], Wi-Fi [20], and 2G/3G [21]. Further, the nature of data exchange may follow high-level syntactical models like REST, Pub-Sub, and Proxy. These were described in detail in as described in Chapter 2. The edges in the flow graph model can be used to capture the communication interface details and the infrastructure knowledge base can be used to check the compatibility and consistency. It is obvious that the partitioning of workflow between sensor nodes, edge gateways, and the cloud depend on a number of factors like hardware configuration of these systems, complexity of the algorithms to be run and real-time requirement from the applications.
172
IoT Technical Challenges and Solutions
Edge computing mechanisms described in Section 2.5 can be used to deploy and operate such systems. In most of the application use case scenarios, this partitioning of computing can be done statically between sensor nodes, edge gateways, and the cloud. However, in case of applications with strict real-time requirements and dynamically changing environments like robotic navigation, there may be a need to dynamically partition and allocate workflow subtasks to different components of the infrastructure mapping their capabilities and also keeping in mind the power and communication considerations.
6.5 Summary In this chapter, we first established the need for IoT analytics citing some example use cases. We took an example use case of predictive maintenance of machines to elaborate on the complexity of the analytics development process. Then we elaborated the need for analytics as a service for IoT, taking an example of health and wellness via physiological sensing and suggested how services like anomaly detection, feature engineering, and compression, if done in a sensor-agnostic way, can really add value to the IoT analytics developer. We also introduced the need for learning models from the cleaned up sensor data using the hybrid knowledge of physical sciences and data sciences there by establishing the multidisciplinary skill requirement for IoT analytics. This, when combined with the typical IoT analytics development project requirement of involving multiple stakeholders in form of Biz-Sci-Dev-Ops, point towards MDD as a possible approach towards separating and addressing the concerns of each of the stakeholders. We introduced knowledge models for different these stakeholders of IoT analytics and identified four different knowledge models for four different stakeholders and three different stakeholder concerns around that. For illustration, we described an example framework for application development for IoT platforms. It should be noted that the concept of MDD-based analytics as a service specific to IoT is a recent one. It is possible to address this by creating knowledge models for various stakeholders and separate out concerns of different stakeholders in IoT application
Democratizing Analytics: Analytics as a Service
173
development through use of models and knowledge bases. This is extremely important to improve the ease of application development and democratizing analytics for IoT. Such democratization would lead towards widespread adoption and deployment of IoT analytics across multiple applications areas.
References [1] http://agilemethodology.org/. [2] https://blog.appdynamics.com/devops/ new-modern-family-business-development-operations-bizdevops/. [3] ���������������������������������������������������������������� http://www.tcs.com/resources/newsletters/Pages/Biz-DevOps-Enterprise-Agility.aspx. [4] http://www.tcs.com/about/research/Pages/TCS-Connected-UniversePlatform.aspx. [5] http://www.agilemodeling.com/essays/amdd.htm. [6] https://msdn.microsoft.com/en-us/library/aa964145.aspx. [7] http://www.w3.org/2014/02/wot/papers/prehofer.pdf. [8] https://software.intel.com/en-us/articles/ frequently-asked-questions-intel-multi-core-processor-architecture. [9] http://www.nvidia.com/object/what-is-gpu-computing.html. [10] https://www.oasis-open.org/org. [11] https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca. [12] http://www.w3schools.com/xml/. [13] http://searchsoa.techtarget.com/tutorial/BPEL-tutorial. [14] http://www.bpmn.org/. [15] http://www.iaas.uni-stuttgart.de/OpenTOSCA/indexE.php. [16] http://www.iaas.uni-stuttgart.de/OpenTOSCA/container_architecture. php. [17] http://www.usb.org/home. [18] https://www.bluetooth.com/. [19] http://www.zigbee.org/. [20] http://www.wi-fi.org/. [21] http://www.3gpp.org/.
174
IoT Technical Challenges and Solutions
Selected Bibliography Balamurali P, P. Misra, and A. Pal, “Software Platforms for Internet of Things and M2M,” Journal of the Indian Institute of Science, A Multidisciplinary Reviews Journal, Vol. 93, No. 3, July–September 2013. Bandyopadhyay, S., et al., “Demo: IAS: Information Analytics for Sensors,” Proc. of the 13th ACM Conf. on Embedded Networked Sensor Systems, 2015, pp. 469–470. Bonomi, F., et al., “Fog Computing and Its Role in the Internet of Things,” AMC Proc. of the 1st Edition of the MCC Workshop on Mobile Cloud Computing, MCC ’12, New York, NY, 2012, pp. 13–16. Chattopadhyay, T., et al., “Automated Workflow Formation for IoT Analytics: A Case Study,” IoTaaS, IoT360, Rome, Italy, October 2015. Dasgupta, R., and S. Dey, “A Comprehensive Sensor Taxonomy and Semantic Knowledge Representation: Energy Meter Use Case,” 7th Intl. Conf. on Sensing Technology, 2013. Dey, S., et al., “A Semantic Sensor Network (SSN) Ontology Based Tool for Semantic Exploration of Sensor,” Semantic Web Challenge Competition ISWC, 2014. Ghose, A., et al., “Design Insights for a Mobile Based Sensor Application Framework: For Aiding Platform Independent Algorithm Design,” 14th Intl. Conf. on Information Processing in Sensor Networks (IPSN), 2015. Gubbi, J., et al., “Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions,” Elsevier Journal on Future Generation Computer Systems, Vol. 29, 2013, pp. 1645–1660. Jaiswal, D., et al., “Demo: A Smart Framework for IoT Analytic Workflow Development,” Proc. of 13th ACM Conf. on Embedded Networked Sensor Systems, 2015, pp. 455–456. Köhler, M., D. Wörner, and F. Wortmann, “Platforms for the Internet of Things: An Analysis of Existing Solutions,” http://cocoa.ethz.ch/downloads/2014/02/1682_20140212%20-%20Bocse.pdf. Li, F., et al., “Towards Automated IoT Application Deployment by a Cloud-Based Approach,” IEEE 6th Intl. Conf. on Service-Oriented Computing and Applications (SOCA), 2013. Mistry, S., et al., “P2P-Based Service Distribution over Distributed Resources,” 2015 IEEE 29th Intl. Conf. on Advanced Information Networking and Applications (AINA), 2015, pp. 515–520. Mukherjee, A., et al., “ANGELS for Distributed Analytics in IoT,” 2014 IEEE World Forum on Internet of Things (WF-IoT), 2014, pp. 565–570. Pal, A., P. Balamuralidhar, and A. Mukherjee, “Model-Driven Development for Internet of Things: Towards Easing the Concerns of Application Developers,” IoTaaS 2014, IOT 360, Rome, October 2014.
Democratizing Analytics: Analytics as a Service
175
Patel, P., B. Morin, and S. Chaudhary, “A Model-Driven Development Framework for Developing Sense-Compute-Control Applications,” MoSEMInA ’14, May 31, 2014. Patel, P., et al., “Enabling High-Level Application Development in the Internet of Things,” in Sensor Systems and Software, New York: Springer, 2013, pp. 111–126. Patel, P., and D. Cassou, “Enabling High-Level Application Development for the Internet of Things,” Journal of Systems and Software, Vol. 103, 2015, pp. 62–84. Paul, H. S., et al., “Compute on the Go: A Case of Mobile-Cloud Collaborative Computing Under Mobility,” in Adaptive Resource Management and Scheduling for Cloud Computing, New York: Springer, 2015, pp. 78–90. Shahnawaz, A. et al., “Mobile Sensing Framework for Task Partitioning Between Cloud and Edge Device for Improved Performance,” ISCC, 2016. Soukaras, D., et al., “IoT Suite: A Tool Suite for Prototyping Internet of Things Applications,” 4th Intl. Workshop on Computing and Networking for Internet of Things (ComNet-IoT), co-located with 16th Intl. Conf. on Distributed Computing and Networking (ICDCN), 2015, p. 6. Ukil, A., et al., “Adaptive Sensor Data Compression in IoT Systems: Sensor Data Analytics Based Approach,” 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2015, pp. 5515–5519. Ukil, A., S. Bandyopadhyay, and A. Pal, “IoT Data Compression: Sensor-Agnostic Approach,” IEEE Data Compression Conference (DCC), 2015, pp. 303–312.
7 The Real Internet of Things and Beyond
7.1 Realistic Internet of Things In the midst of excitement and hype, there are several practical deployments of IoT happening today delivering realistic business benefits. Examples include fleet monitoring, building monitoring, customer intelligence in retail stores, telemedicine, navigation, and tracking. The potential user community is becoming aware of this technology and what it can offer. Some restaurant chains use remote monitoring of cooler and freezer temperatures to avoid thousands of dollars in potential spoilage. Retail stores see the increased level of customer engagement that a beacon platform provides, providing customers valuable brand information and generating buzz and increased sales. There is an interesting case study on how an IoT-based energy management system delivered the return on investment (ROI) in 18 months [1]. Smart vending allows machines to monitor their own inventory levels, calling in for deliveries only when needed and with a list of what items are needed, saving delivery drivers valuable time. Fleet and asset tracking provides not only for dispatching more efficiently but also monitoring driver behavior, which can also save on the cost of 177
178
IoT Technical Challenges and Solutions
insurance and provide management with valuable information for driver training. Monitoring and processing of evaporation credits for cooling towers and landscape irrigation can save many dollars in water and sewer bills. However, is it a great success story for all IoT applications? The truth is the count of failed IoT projects has outnumbered successful projects by a huge margin [2]. There may be several reasons for the failures and any emerging technology may face this challenge on its travel to maturity. In this context, it may be appropriate to examine the concept of a real Internet of Things, by which we mean an IoT solution with an associated business model that provides ROIs on realistic business applications. Even for an application focusing on social impact, it should have a business model to ensure its sustainability. For a data-gathering application, it means return of invesetment (ROI), the ratio of business value of the data collected, and the cost of acquiring it should be comfortably high. There are several factors contributing to the success and failures of IoT projects and we will discuss a few of them next. 7.1.1 Key Contributing Factors to Real IoT
The challenges with IoT go beyond making and connecting devices that work. The integrated product and services need to work seamlessly, almost invisible to an end user. As Mark Weiser suggests in his ubiquity paradigm, we need machines that fit the human environment instead of forcing humans to enter theirs [3]. The service needs to meet needs, easily integrate into daily life or the industrial process, and has to enhance the user’s life or the business process. This requires the reliability and robustness of all the components of the integrated solution. Sometimes the system is over engineered to deliver the application goals. The system architecture should be pruned and tuned to the business goals and deployment context. The following are several factors contributing to a real IoT. 7.1.1.1 Robust Devices and Connectivity
Devices that work reliably in the deployment environment that do not shut down or restart due to failures or bugs are key to any IoT application. Impact and consequences of a buggy device may vary from a consumer application to an industrial application. Also, the
The Real Internet of Things and Beyond
179
Figure 7.1 Major contributing factors to real IoT.
devices should enable system level security in terms of identity, authentication, and tamper-proofing. Another aspect to consider is the choices that one has to make in terms of technologies and standards for a cost-effective IoT system. There are many IoT standards at various maturity levels addressing various aspects of the system. One should expect to change the architecture as the technology evolves. The curse of choices for almost every component also makes the system design difficult. There are multitudes of silicon vendors, device platforms, energy sources, communication protocols, and backend software platforms from which to choose. One should also recognize that there is a trade-off between robustness and cost effectiveness, and this should be addressed within the larger context of the application. For large-scale deployments, remote management is a key requirement and it contributes to system robustness as well. Approaches such as aggregate programming should be used to simplify the design, creation, and maintenance of complex IoT software systems. Here, the basic unit is no longer a single device, but instead a cooperating collection of devices: details of behavior and position and number of devices are largely abstracted away. This can be accomplished by a layered approach to programming complex services, building on foundational work on the composition of distributed systems and then on general mechanisms for robust and adaptive coordination.
180
IoT Technical Challenges and Solutions
7.1.1.2 Functionality and Processes
From a functional perspective, IoT systems in general are expected to collect sensor data, transport it to processing and decision-making locations, and enable the implementation of actionable insights. Real-time analytics will be a requirement involving business intelligence to machine learning, data mining, predictive analytics, condition monitoring, and visualizations. This often involves complex processes and possibly a model-driven approach would help to address the complexity. For example, business process modeling (BPM) is an established technique for modeling and executing complex processes in enterprises. The enterprise adoption of IoT technologies could be accelerated if these techniques are adapted to the requirements of real-world IoT. 7.1.2.3 Keep the End User in Focus
User experience is a key factor for the success of IoT applications. It is important to keep the user at the center to validate the IoT product’s value to the user. Mere technology “wow” factors cannot ensure the longevity of the device and application. The value proposition should consider social context and expectations as well. For example, driving behavior monitoring for a usage-based insurance premium had mixed acceptance with personal vehicles. At the same time, it had a taste of success in fleet-monitoring applications. Here for the same solution, the end user and the context were different. In the first case, the car owner is the end user who has the choice of enrolling in the scheme, and there is a shadow of privacy concern. For the second use case, the fleet manager is the end user and he or she has the value proposition and control to implement the solution. 7.1.2.4 Appropriate Business Model
The business model is a plan for the successful operation of a business, identifying sources of revenue, the intended customer base, products, and details of financing. A strong business model is the key to sustain any IoT application, and IoT has the potential to enable new business models. The World Economic Forum outlined four phases of adoption of industrial IoT applications in their re-
The Real Internet of Things and Beyond
181
port [4]. They are operational efficiency, new products and services, outcome economy, and autonomous and pull economy. In the initial phase, focus can be given to improving operational efficiency through various means such as improved asset utilization, operational cost reduction and worker productivity. In the second phase, new products and services can be focused. This may involve new software services, data monetization, and payment models such as pay per use. Outcome economy will focus on systems by forming and leveraging new connected ecosystems, platform-enabled marketplaces, and new payment processes. Finally, autonomous and pull economy is leveraged by continuous demand sensing, end-toend automation, resource optimization, and waste reduction. In each of these phases, there is a potential to explore appropriate new business models. Remote monitoring and maintenance are an upcoming service and business model enabled by IoT. New payment models that will enable charging for usage and service quality levels are promising. “TotalCare” aerospace service from Rolls Royce is an example of a business model applicable to IoT where the payment mechanism for aircraft engines is $/engine flying hours. Supporting such a service requires extensive sensing, monitoring, analytics, and prediction [5]. 7.1.2.5 Develop an Ecosystem
For an IoT application to succeed, there should be an ecosystem to support in terms of technology awareness, skill set, developer community, and third-party services. Platform-based offerings should consider providing easy access to third-party developers. Opensourcing is being increasingly adopted for some of the horizontal technologies those are hard to crack, and it may result in a robust solution with the contribution from the diversity of the community.
7.2 Real IoT Is a Network of Trade-Offs There are several trade-offs to be made in IoT systems to be economically and functionally viable and also efficient. IoT networks in general have a highly distributed architecture. One of the major
182
IoT Technical Challenges and Solutions
underlying trade-offs is between computing, communication, and storage across the network. How much data can be processed locally so that the communication requirement can reduced? How can the computations be restricted locally so that the device lifetime is enhanced with the reduction of battery power consumption? How long can the data be buffered so that the computing and communication can be scheduled in bursts to reduce the overall energy consumption? A centralized cloud-based architecture in which the sensor nodes directly communicate to the cloud offers easy manageability of the network. However, the centralized architecture can stress the communication network due to the transportation of whole sensor data to the cloud. In a distributed computing architecture, in-network computing is possible and data reduction can happen at each intermediate node, enabling reduced overall communication cost. Managing and updating distributed computing elements can be complex. This will lead to architectural tradeoffs between centralized versus hierarchical architecture and edge computing versus cloud computing. 7.2.1 Some of the Common Trade-Offs Encountered in IoT Systems and Applications 7.2.1.1 Hard Sensing Versus Soft Sensing
Appropriate hard sensors can be used for every phenomenon or feature to be monitored. In some cases, there is a possibility of using analytics and inference to reduce the number of hard sensors required. While these soft sensors that are implemented in software will help to reduce the sensor cost, it may increase the software complexity and cost of software and computing platform depending on where it is implemented. A suitable balance should be made between hard sensing and soft sensing. 7.2.1.2 Application-Specific Devices Versus General-Purpose Device Platforms
Should we use application-specific optimized devices or generalpurpose device platforms such as Arduino and smartphone? Wearables are often application-specific devices. Application-specific devices offer a spectacular performance; they are often costly and require a large scale-up to break even. However, general-purpose devices will have a large user base and experience available to develop solutions more quickly and cheaply, but they may not be
The Real Internet of Things and Beyond
183
the optimum platform to give the required performance and user experience. 7.2.1.3 Security Versus User Experience
Security is a top concern of IoT systems. Due to the large attack surface and evolving cyber-physical threats, the security schemes required to be implemented often gets complex. This may likely to affect overall user experience of the solution due to the added interactions and processes required for the security scheme. The same goes with privacy as well. 7.2.1.4 Battery Lifetime Versus Performance
High performance and quality often demand additional hardware and software complexity with enhanced resources. Energy is a major resource of importance to IoT devices and they need to have a strategy to manage energy resources efficiently to maximize their lifetime. Managing frequent battery replacement is a painful exercise affecting user experience as well. This leads to need of a tradeoff between multiple energy-related system design parameters and energy optimization is a major agenda in IoT system design. 7.2.1.5 Communication Range, Power, and Bandwidth
For transporting the data from source to sink, there are multiple candidate communications standards and architectures possible. A multihop communication with short-range links are one option. However, one may use a single-hop, long-range link. For the same bandwidth, short-range links require lesser power compared to long-range wireless links. While multihop provides a flexibility and redundancy, it may result in increased delay and may require additional relay nodes. Narrow, long-frequency bands can offer higher communication range at a low power (for example, low power wide area network (LPWAN)), whereas higher-frequency standards with wider bandwidths have higher power consumption and a lesser range. There is a trade-off between frequency bands, bandwidth, transmit power, and hop count in the IoT network and a careful choice must be made to get a solution with optimum performance. An illustrative example of an IoT solution is discussed next.
184
IoT Technical Challenges and Solutions
7.2.2 Safety on the Machine Floor: An Illustrative Example
Here we discuss an IoT application in a steel plant where the safety of human workers and the systems around them are focused. There are crane operators in the plant who move iron ore and coal into furnaces for steel making. There are others as well who assist in the associated processes. It is obvious that they are working in very dangerous and adverse conditions and their safety and wellness is of high value to them and the plant operation. The objective of the IoT solution is to provide situation awareness on the state of each worker and generate appropriate notifications, advice, and guidance. This will lead to reduction on losses due to accidents, disruptions, and low productivity and, at the same time, will improve the safety and availability of the worker services. Some of the states and events of interest with respect to a worker are fall detection, incapacitation, and stress level. Use of wearables that have accelerometers and photoplethysmograms (PPGs) could be part of the solution. There can also be other modalities, such as electrocardiograms (ECGs) and electroencephalograms (EEGs). The wearable device can be based on a helmet, wrist, footwear, eyewear, and headband. From a human factors perspective, the device should be nonobtrusive and much less intrusive. It should merge with the normal operation and work style. The device would be battery-powered; however, it should stay long enough to avoid any frequent charge depletion. The next issue is how the device can communicate to a cloudbased application server, which will take care of the monitoring process. The 2G/3G cellular connection is not a feasible one due to power requirements. Can Zigbee, Wi-Fi, or Bluetooth offer a solution? Yes, but they have a short range and a gateway device is required to connect them to the cloud using a wireless wide area network (WAN) or cellular network. Then where will the gateway device be placed? Installing it in the operator cabin could be acceptable because each worker operates the crane from that cubicle integrated with the crane system, although it is moving frequently. The gateway device could be powered by the power supply available in the cabin. Alternately, can any of the LPWAN standards be of use so that individual gateway device for each cabin could be avoided? Instead, a single local gateway is sufficient to connect
The Real Internet of Things and Beyond
185
all the wearable devices of the workers, but are they highly bandwidth constrained and will they be sufficient for the communication requirements? Communication depends on where the data is required and where it is processed. The sensor data processing pipeline includes data preprocessing, filtering, motion artifact removal, parameter computations, and event detection. One option is to implement the whole pipeline in the wearable device itself and only the events need to be communicated to the cloud. This will have an impact on the computing, memory, and energy required for the wearable device and may lead to a short battery life. However, there is an option to distribute the computation between the wearable device, the gateway, and the cloud. In this approach, the preprocessing and other low-intensity computations resulting in a data reduction can be planned to execute in the wearable device. The reduced data can be further processed at the gateway level or cloud. If there is a good connectivity available between the gateway and the cloud, then it is advisable to do it in the cloud for ease of maintenance and security. Camera-based sensing is an alternate or complementary approach for the situation monitoring. There the computation requirements are comparatively high, but it has the potential to gather additional information. Here also one has to go through the above analysis process to evaluate the solution architecture. The exercise is not yet over. We need to look at the business model as well. Who will build, operate, and maintain the solution and how is the cash flow? One option is that the steel plant can get this system implemented by an external vendor and they take care of the operation and maintenance as well. This will involve a one-time contract fee with an annual maintenance charge. Another payment option is to charge per worker on an annual basis. Here then data and services may be hosted by the vendor. Alternately, this may be hosted in a cloud under the control of the steel plant. There is a room for bringing in insurance companies as a stakeholder in this business. Here the steel plant may engage with the insurance company for covering damages related to safety and security. The insurance company, in turn, can engage a vendor for deploying the above IoT solution supporting a feature set deter-
186
IoT Technical Challenges and Solutions
Figure 7.2 Resilient IoT and related concepts.
mined from a risk analysis. There are many more possibilities for the suitable business model.
7.3 Drivers for the Next Wave of IoT The next wave of IoT will most likely to focus on robustness and resilience by leveraging distributed embedded intelligence. A brief conceptual overview of two major aspects, namely, resilient IoT systems and cognitive IoT systems, is given next. 7.3.1 Resilient IoT Systems
Resilience is the capacity of a system to survive, adapt, and grow in the face of unforeseen changes, even catastrophic incidents. A resilient system is characterized by their capability to resist external disturbances and internal failures, ability to recover, enter stable state(s), and adapt its structure and behavior to constant change. Resilience is a desired feature for IoT systems having dynamics and an element of control function involved in the operation. The dynamism can be from various component failures such as sensor failure, communication failure, or device failure. It can also come from device mobility and changes in the ambience. Impact is more felt in complex IoT systems such as smart grid, process control, robotic operations, vehicular monitoring, and remote healthcare. A useful way of looking into resilience would be to study the resilience of complex systems. The aspects such as diversity and adaptation are relevant in this context. Highly dependable systems
The Real Internet of Things and Beyond
187
such as avionics use diversity where diverse control systems (electronics, fluid, and mechanical control) are used to implement triple level redundancies. In a similar manner, IoT systems can also leverage diversity in terms of sensor modalities, communication paths, algorithms, and computing devices for robustness. Adaptation is another aspect that IoT systems can use to modify itself to address always changing and slowly evolving environments. Resilience is also related to reliability, dependability, and trustworthiness. Reliability looks at design faults and operational failures to ensure functionality. Dependability is a measure of a system’s availability, reliability, and maintainability. Another related concept is trustworthiness in which a trustworthy system incorporates resilience, reliability, safety, security, and privacy. 7.3.2 Cognitive IoT
The concept of cognitive IoT explores the integration of human cognitive process into system design. It embodies a cognitive cycle that integrates the key processes of sensing, analyzing, learning, deciding, and acting. It is envisaged that, in cognitive systems, general objects behave as agents and interact with the physical environment and/or social networks, with minimum human intervention. Rather than being explicitly programmed, cognitive computing learns and reasons from its interactions with humans and from its experiences with its environment, enabling them to keep pace with the volume, complexity, and unpredictability of information generated by the IoT. The advantages are multifold: saving people’s time and effort, increasing resource efficiency, and enhancing service provisioning, to just name a few. There are two aspects of cognitive IoT. In the first, the cognitive approach is used to make the IoT system autonomous. It can enable the IoT with self-managing and self-healing capabilities and resilience. The second aspect is that how IoT can be used to make systems cognitive. There are several aspects of cognitive systems that will be relevant for IoT. 1. Deep human engagement: Cognitive systems enable enhanced human interactions with people. Towards this, IoT systems are used to collect human context by sensing speech tone, senti-
188
IoT Technical Challenges and Solutions
ment, emotional state, environmental conditions, and nature of a person’s relationships. Acquiring and processing five senses can enable applications with enhanced user experience. Incorporation of tactical sensing can enable remote activities through realistic haptics. Through this continuous learning, businesses can offer customers deeper engagements and become more natural, anticipatory, and emotionally appealing. 2. Extended expertise: Cognitive systems can be designed to gather and learn domain knowledge. This expert system can be of help as a companion to enhance the workforce’s performance. Such systems can both understand and teach complex expertise. This enables a faster learning curve for workforce. 3. Cognitive products and services: New classes of products and services that sense, reason, and learn about their users and their contexts can be enabled with cognitive IoT. It allows for continuous improvement and adaptation and for augmentation of capabilities not previously imagined. This is already being used by automobiles, service robots, and medical devices, among others. 4. Cognitive processes and operations: Making business processes cognitive can make them self-adaptive with enhanced awareness of workflows, context, and environments. The continuous learning process from the experience gained through operations can be transformed into knowledge. Leveraging this, it can provide ability for better forecasting and operational effectiveness.
7.3.3 Impact of 5G as the Next Wave of Communication Technology in IoT
The fifth generation (5G) of mobile networks is an upcoming key technology towards the next wave of cellular communications. Specific support for IoT has been envisaged to include ubiquitous coverage, signaling efficiency, and the ability to support several hundreds of thousands of simultaneous connections for massive sensor deployments. While technology like Zigbee and WiFi will still be low-cost options for certain IoT industries, 5G will have the potential as a massive cellular networking infrastructure to provide an overarching connectivity to futuristic IoT applications. Some of
The Real Internet of Things and Beyond
189
the applications such as real-time tactile communication for remote haptics where transporting a realistic five senses experience to a remote location require the capability of 5G communications. What today’s IoT applications are looking from a wide area network are ubiquitous coverage, scalability, coexistence, managed quality of service (QoS), and end-to-end security. These are being addressed by two recent standards as part of 3GPP Release 13. They are eMTC (enhanced machine-type communications) and NB-IoT (narrowband IoT). eMTC is named as Cat-M1 and it supports variable rate up to 1-Mbps, 1.4-MHz narrow band. NB-IoT is known as Cat-NB1 supporting tens of kilobits per second in the 200-kHz narrow band. They promise to reduce device complexity, multiyear battery life, and large coverage. It can achieve 1 million connections per square kilometer, using multiples of a 200-kHz bandwidth. Also, they work under the standard long-term evolution (LTE) infrastructure. Beyond this, 3GPP is also working on a new 5G air interface. It is expected to bring support for massive IoT with higher capability and efficiency. It is expected to support time-critical applications including communication and control involving robots and drones. IoT systems and services integrated to the standard cellular telecom network will have a strong positive impact to its proliferation and business opportunities. One of the major hurdles for new wireless communication technology is the nonavailability of the radio frequency (RF) spectrum in the traditional range. Higher bands like millimeter waves are being targeted for enhanced capacity, but they have the disadvantage of higher attenuation in the medium and thus reduced range. However, for IoT devices, this may not be a limitation and may enable smaller device form factors. Application of software-defined networks (SDN) and network function virtualization (NFV) along with 5G can make a strong impact on future distributed enterprise networks. Many vertical sectors will require different types of services from the 5G network. They will have different power budgets, bandwidth requirements, and other connectivity requirements. The required flexibility and elasticity can be supported by advanced network virtualization. Virtualization will be a vital capability with 5G to support diversity of IoT requirements. The concept of network slicing is an approach where the available network bandwidth can be sliced
190
IoT Technical Challenges and Solutions
into multiple units based on the speed, availability, capacity, and coverage requirements. The best way to implement these network slices will be via virtualization to use service provider SDN, NFV, and network orchestration. In each of these cases, the SDN controller will configure and build network slices that include several service chains. The network services themselves are virtualized as virtual network functions (VNFs) that allow operators to set up services rapidly and scale them in response to network and service demands.
7.4 Concluding Remarks In this book, we introduced IoT in Chapter 1 and outlined the current state of the art in terms of application landscape and technology. In Chapter 1, we also discussed the need for standardization in IoT and the challenges and open problems in IoT. Then, in Chapter 2, we discussed scalability of networks and computing and with help from example use cases and showed how it becomes an important component for IoT deployment. In Chapter 3, we touch upon one of the major issues for IoT, namely, security and privacy, cover important topics like threat analysis, data protection, key management, identity management, authentication, access control, and privacy issues and suggest addressing practical deployment issues. In Chapter 4, we cover sensor informatics and business insights, which can be thought of as the brain of IoT spanning sensor signal processing to gather information from sensor data, semantic interpretation of the processed Information to convert it to knowledge, and business insights from interpreted knowledge. In Chapter 5, we introduced the concept of mobile sensing (i.e., sensors mounted on mobile platforms including drones and robots). We also discuss the various application use cases, technology challenges and the economy or business case for such sensing and analytics systems. In Chapter 6, we addressed the application developer concerns by introducing the concept of analytics as a service on top of the sensor informatics stack outlined in Chapter 4. Finally, in this chapter, we address the real issues that need to be tackled for successful deployment of IoT applications. While IoT gets a lot of attention with academia and industry, there is lot to be desired on the success rate of real-life IoT projects.
The Real Internet of Things and Beyond
191
With the concept of real Internet of Things, we discussed various aspects of an IoT solution that provides ROI on realistic business applications. To make the solution cost-effective, there is a large number dimensions for design trade-offs to be made. Pruning and tuning of functionalities and processes are to be made. A paradigm shift from anytime, anywhere to whenever, wherever as required is needed. Communications will benefit from edge computing where processing is done near to the data origin. User centricity in the design is of paramount importance from a user experience perspective. Ways to build resilience into the solutions are of high priority for trustworthy systems in industrial applications. Cognitive computing is a promising approach to explore for building autonomous capabilities in future IoT systems.
References [1] http://www.sustainablebrands.com/news_and_views/ict_big_data/bart_ king/case_study_18month_roi_north_face_connected_ems_retail_stores. [2] http://cio.economictimes.indiatimes.com/news/internet-of-things/8-outof-10-iot-projects-fail-even-before-they-are-launched/52448887. [3] Weiser, M., “The Computer for the 21st Century,” Scientific American, September, 1991, pp. 94-104; reprinted in IEEE Pervasive Computing, JanuaryMarch 2002. [4] ���������������������������������������������������������� http://www3.weforum.org/docs/WEFUSA_IndustrialInternet_Report2015.pdf. [5] http://www.rolls-royce.com/pro-and-services/civil-aerospace/services/ services-catalogue/totalcare.aspx.
Selected Bibliography 4G Americas Cellular Technologies, “Enabling the Internet of Things,” November 2015, http://www.4gamericas.org/files/6014/4683/4670/4G_Americas_Cellular_Technologies_Enabling_the_IoT_White_Paper_-_November_2015.pdf. Athreya, A. P., B. DeBruhl, and P. Tague, “Designing for Self-Configuration and Self-Adaptation in the Internet of Things,” 9th Intl. Conf. on Collaborative Computing: Networking Applications and Worksharing (Collabcom 2013), 2013. Athreya, P., and P. Tague, “Network Self-Organization in the Internet of Things,” 10th Annual IEEE Communications Society Conference on Sense, Mesh, and Ad Hoc Communications and Networks (SECON), 24–27 June 2013.
192
IoT Technical Challenges and Solutions
Atzori, A. Iera, and G. Morabito, “The Internet of Things: A Survey,” Computer Networks, Vol. 54, No. 15, 2010, pp. 2787–2805. Bao, F., and I. -R. Chen, “Trust Management for the Internet of Things and Its Application to Service Composition,” World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2012. Beal, J., D. Pianini, and M. Viroli, “Aggregate Programming for the Internet of Things,” Computer, Vol.48, No. 9, September 2015, pp. 22–30. Delic, K. A., “On Resilience of IoT Systems: The Internet of Things,” Magazine Ubiquity, Volume 2016, Issue February, February 2016. Saha, D., and A. Mukherjee, “Pervasive Computing: A Paradigm for the 21st Century Computer,” IEEE Computer Society, March 2003. Wu, Q., et al., “Cognitive Internet of Things: A New Paradigm Beyond Connection,” IEEE Journal of Internet of Things, Vol. 1, No. 2, 2014, pp. 129–143.
About the Authors Arpan Pal received his B.Tech and M.Tech from the Indian Institute of Technology, Kharagpur, India, in electronics and telecommunications in 1990 and 1993, respectively, followed by a PhD. from Aalborg University, Denmark. He has more than 24 years of experience in the areas of signal processing, communication, and real-time embedded systems. Currently, he works for Tata Consultancy Services (TCS), where, as principal scientist, he heads the Embedded Systems and Robotics Research Area. His areas of interest include mobile phone, camera and biosensing, physiological sensing, machine to machine (M2M) communications and Internet of Things-based platforms and systems. He had earlier worked with the Defense Research and Development Organization (DRDO) of the Indian government working on missile seeker signal processing and he had also worked with Macmet Interactive Technologies, leading their real-time systems group in the area of interactive TV and set-top boxes. Dr. Pal currently has more than 85 publications in reputed journals and conferences along with a couple of book chapters. He has also filed for more than 75 patents and has 15 patents that have been granted. He is an associate editor for reputed journals like ACM Transactions on Embedded Computing Systems and IEEE Transactions on Emerging Topics in Computing and IT Professional Magazine from the IEEE Computer Society. He is in the program committee of various eminent conferences and is a senior member of the IEEE. P. Balamuralidhar received a B.Tech degree in electrical engineering from T.K.M. Engineering College, Kerala University, in 1985 and M.Tech from Indian Institute of Technology Kanpur in
193
194
IoT Technical Challenges and Solutions
1987. Subsequently, he received his PhD from Aalborg University, Denmark. He has more than 28 years of research experience in the areas of signal processing, communications, and embedded systems. He has more than 100 research publications in various journals and conference proceedings and authored six book chapters. He has 20 patent grants in multiple technology domains. His research interests include areas of sensor informatics, Internet of Things, mobilesensing systems, and cognitive computing and vision systems. Dr. Balamuralidhar works for Tata Consultancy Services (TCS) as a principal scientist and heads TCS Research & Innovation Lab at Bangalore. He had earlier worked for Sasken Communication Systems working on 3G wireless communications reference designs. Prior to that, he was a scientist at the Society for Applied Microwave Electronics Engineering and Research (SAMEER) and worked in the area of radar signal processing and systems. He is a senior member of the IEEE and a member of the Association for Computing Machinery (ACM).
Index
6LoWPAN, 52
A Abductive reasoning, 125 Access control, 88–89, 100 Ada-boost gradient boosting, 120 Adaptive filtering, 112 Aerial mapping NDVI maps, 149–50 three-dimensional visualizations, 149 two-dimensional maps, 149 See also Unmanned aerial vehicles (UAVs) Affordability, 34–35 Aircraft inspection, 141 Analog-to-digital (A/D) conversion, 24 Analytics context-aware, 34 data linkage, 91 development stakeholders, 162 diagnostic, 160–61
example model-driven framework, 168–72 need, as a service, 161–65 need for, 157–61 objective of, 157–58 predictive, 18, 47 real-time, 63 sensor-driven, 158 as a service, 157–73 as a service for developers, 165–68 summary, 172–73 types of, 158, 159 visual, 126–27 Anomaly detection, 114 Application classification templates, 47–49 Application landscape, 19–23 consumers, 21–22 facilities, 20 illustrated, 23 industry vertical, 23 products, 20–21 supply chain, 22 Application space, 21 195
196
IoT Technical Challenges and Solutions
Artificial neural networks (ANNs), 122 Attestation, 101 Authentication, 87–88 in IoT security, 79 multifactor (MFA), 87 options, 88 practical guidelines, 100–101 SSL (Secure Sockets Layer), 87 TLS (Transport Layer Security), 87 Authorization, 79
B Battery lifetime versus performance, 183 Bayesian minimum squared error (BMSE), 117 Biz-Sci-Dev-Ops, 161–63, 166–68 Biz knowledge base, 166 Dev knowledge base, 167 Ops knowledge base, 168 Sci knowledge base, 167 Bluetooth, 53 Bluetooth Low Energy (BLE), 53 Bundle Protocol (BP), 59 Business insights, 111, 126–28 modeling and simulation, 127 optimization and planning, 127–28 visual analytics, 126–27 workflow, 126 Business model, 180–81
C Carrier sense multiple access/collision advance (CSMA/CA), 50–51 Cellular technology, 54–55 Challenges in deployments affordability, 34–35 context-aware analytics, 34 ease and economy, 35 realistic deployments, 35 scalability, 32–33, 41–67
security and privacy, 33–34, 73–104
Cloud connectivity networks, 26 infrastructure, 76 interfaces, 103 subsystem, 26–28 Clustering and classification, 122 CoAP, 56 Code division multiple access (CDMA), 25 Cognitive IoT, 187–88 Collaborative sensing, 138, 145–47 Communication, range, power, and bandwidth trade-offs, 183 Communication security cryptographic key management, 84–86 features of wireless standards, 83 overview, 83–84 practical guidelines, 101 protocols, 84 requirements, 84 Communication technologies application-level protocols, 55–56 cellular, 54–55 fifth generation (5G), 188–90 for low power wide area networks (LPWAN), 53–54 overview, 49–50 personal/local area network, 50–53 Community sensing, 144 Complex event processing (CEP) systems, 26, 124 Compression, 115–16 Concluding remarks, 190–91 Confidentiality, integrity, and availability (CIA), 78 Consumers, 21–22 Context-aware analytics, 34 Core business areas, 20
Index
Crypto algorithm, 101 Cryptographic Algorithm Validation Program (CAVP), 82 Cryptographic key management, 84–86 Cryptographic Module Validation Program (CMVP), 82 Cyberphysical system (CPS), 109
D Data, information, knowledge, and wisdom (DIKW) pyramid, 110 Data and algorithm market places, 128–29 Data at rest (DAR), 81 Data flow diagrams (DFDs), 94, 96 Data in motion (DIM), 81 Data in use (DIU), 81 Data linkage analytics, 91 Data protection, 81–83, 102–3 Deductive reasoning, 125 Delay-tolerant networks, 58–60 Denial-of-service (DoS) attacks, 78 Deployment architecture, 62 Detection, 116–17 Device-level security, 79–80, 101–2 Device updates and transitions, 91 Device Verifiable Certificate (DVC), 84 Diagnosis, 125–26 Diagnostic analytics, 160–61 DIKW pyramid, 110 Discrete wavelet transform (DWT), 115 Disease prognosis, 47 DREAD model defined, 97 qualitative risk assessment with, 98 score computation, 97
197
E Ease and economy of deployments, 35 Economics, of mobile sensing, 152–54 Ecosystem, 86, 181 Edge devices, 64–65 Emergency response, mobile sensing for, 137 Encryption algorithms, 83 Endpoints, 77, 79 End-user awareness, 103 Energy home, 47 monitoring, 17 smart, 44 Environment, smart, 43–44 Environmental monitoring, 137 Equipment vendors, 18–19 Estimation, 117 European Telecommunication Standards Institute (ETSI), 28, 65 Expert systems, 126
F Facilities, 20 Farming, smart, 46 Feature extraction and inference applications of, 118–19 detection, 116–17 estimation, 117 fusion, 118 identification, 117 overview, 116 stream processing, 118 Fifth generation (5G) technology, 188–90 Finite impulse response (FIR), 112 Forest fire detection, 43
198
IoT Technical Challenges and Solutions
Frequency division multiple access (FDMA), 25 Frequency domain, 114–15 Fusion, 118
G Gateways, 76, 77 Gateway subsystem, 25–26 Goal-driven rules, 123–24 Grid monitoring and control, 44
H Hard sensing versus soft sensing, 182 Hazardous scenario detection and response, 45 Health, smart, 47 Healthcare, robots in, 138 Home, smart, 46–47
I Identification, 90–91, 117 Identities ecosystem, 86 management of, 86–87 practical guidelines, 100–101 IEEE 802.15.4, 50–51 Inductive reasoning, 125 Inference rules, 123 Inferencing, 124 Infinite impulse response (IIR), 112 Information flow graph, 170 Information technology (IT) software development, 161 Infrastructure inspections, 150–52 Insurance business, UAVs for, 141 International Organization for Standardization (ISO), 30 International Telecommunication Union - Telecom (ITU-T), 30, 31
Internet engineering task force (IETF), 51–52 Internet of Things (IoT) adoption across geographies, 17 analytics, 157–73 application landscape, 19–23 challenges and open problems, 32–35 cognitive, 187–88 communication technologies for, 49–56 for consumers, 21–22 defined, 13, 15 deployment architecture, 62 deployments, 17–18 as disruptive technology, 15–16 drivers for next wave, 186–90 ecosystem, 18–19 for end consumer, 16 for facilities, 20 fifth generation (5G) impact on, 188–90 interoperability, 29 key trends, 15–19 market for, 16 for products, 20–21 protocol design space, 58 realistic, 177–86 revenue increases from, 17 scalable network architectures for, 56–61 services and technology-level standardization, 29 spending in, 17 stack, 19 standardization, 28–32 for supply chain, 22 system considerations, 13 technologies of, 23–28 trend study, 16–17
Index
use cases and requirements, 42–47 See also IoT systems Interoperability, 29 IoT systems complexity and diversity, 79 components and attack targets, 76 confidentiality, 77–78 life cycle, 80 resilient, 186–87 security, 73–104 trade-offs, 181–86
K Kalman filtering (KF), 117
L Least-mean-square (LMS), 112 Least square estimation (LSE), 117 Least-squares regression, 120 Localization for robots, 148–49 threat, 91 Local sensor networks, 25 Low configuration sensor data acquisition, 63 Low power wide area networks (LPWAN), 53–54
M Machine learning applications of, 122 evolution of, 119–20 reinforced learning, 120–21 supervised learning, 120 unsupervised learning, 120 Machine-to-machine (M2M) communications, 30, 31 Manufacturing, smart, 46 Matched filtering, 112
199
Maximum likelihood estimation (MLE), 117 Mesh network, 57–58 Microsoft Security Development Lifecycle (SDL), 95 Mobile phone sensing community sensing, 144 overview, 143–44 personal sensing, 144 public sensing, 144 scales, 144 Mobile sensing, 135–54 aerial robots for spatial intelligence, 139–40 aircraft inspection, 141 applications and use cases for, 136–42 challenges and trends in, 145–47 collaborative, 138 cost of, 154 coverage, 152–53 economics of, 152–54 for emergency response, 137 for environmental monitoring, 137 insurance business, 141 introduction to, 135–36 platform sweet spot, 136 robotic sensing networks, 147–49 robotic telesensing and operation, 138–39 robots in healthcare, 138 smartphone-based sensing, 143–47 summary, 154 technologies and challenges, 143–52 UAV for aerial mapping, 149–52 urban inspection, 141 urban transportation, 138 users’ participation in, 144–45 utility asset inspection, 140–41
200
IoT Technical Challenges and Solutions
Model-driven development (MDD), 164, 165 Model-driven framework development and orchestration concern, 169–71 domain concern, 168–69 example information flow graph, 170 illustrated, 169 infrastructure concern, 171–72 Modeling and simulation, 127 MQTT, 55 Multifactor authentication (MFA), 87 Multirobot sensing, 147–48
N Naïve-Bayes classification, 120 National hazard detection and prediction, 43 Network function virtualization (NFV), 61 Network topologies, 57–58 Noise cleaning, 113–14 Normalized Difference Vegetation Index (NDVI) maps, 149–50
O OASIS (Advancing Open Standards for the Information Society), 165 OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), 94 OneM2M, 65 Online Certificate Status Protocol (OCSP), 84 Open Geo Spatial Consortium (OGC), 30 OpenTOSCA, 165, 166 Optimization and planning, 127–28 Organization, this book, 13–14
Outcome economy, 181 Outlier detection, 113
P Passwords, 100 Pattern recognition, 118–19 Peak load management, 44 Perimeter access control, 45 Personalized shopping, 45 Personal/local area network technologies, 50–53 Personal sensing, 144 Piecewise aggregation approximation (PAA), 115 Platforms for application development/ deployment, 65–67 application-specific versus generalpurpose, 182–83 horizontal development, 65, 66, 67 Point-to-point network, 57 Pollution control, 43 Prediction, 119 Predictive analytics, 18, 47 Predictive maintenance, 46 Privacy defined, 90 drones and, 151 generic approach to, 91–92 management of, 146–47 threats to, 90–91 See also Security Produce quality monitoring, 46 Products, 20–21 Profiling, 91 Protocol design space, 58 Public key infrastructure (PKI), 84 Public sensing, 144
Q Quality monitoring, 18
Index
Quality of service (QoS), 67, 189
R Reaction rules, 123 Real IoT business model, 180–81 ecosystem, 181 end user and, 180 functionality and processes, 180 key contributing factors, 178–81 overview, 177–78 robust devices and connectivity, 178–79 trade-offs, 181–86 Realistic deployments, 35 Real-time alerting, 18 Real-time analytics, 63 Reasoning systems abductive, 125 applications of, 125–26 deductive, 125 inductive, 125 overview, 124 Recursive-least-square (RLS), 112 Regression and prediction, 122 Reinforced learning, 120–21 Remote-operated vehicles (ROVs), 138–39 Requirements mapping for control applications, 49 for monitoring applications, 48 for optimization applications, 49 Resampling, 113 Resilient IoT systems, 186–87 Retail and logistics, smart, 45 Return on investment (ROI), 13, 34, 127, 191 Risk-based security, 92–94 Risk estimation, 94–99 Robotic sensor networks localization for robots, 148–49
201
multirobot sensing and coverage issues, 147–48 overview, 147 Robotic telesensing and operation, 138–39 Robots in healthcare, 138 localization for, 148–49 multirobot sensing, 147–48 for spatial intelligence, 139–40 Role-based access control (RBAC), 89 Root of trust (RoT), 101
S Safety on machine flow, 184–86 UAVs and, 151 Sampling, 111–12 Scalability, 41–67 application classification templates, 47–49 as challenge, 32–33 conclusions, 67 introduction to, 41–42 need for, 41 network architectures, 56–61 of networks and computing, 41–67 practical considerations, 62–67 use cases and requirements and, 42–47 Scalable network architectures delay-tolerant networks, 58–60 network topologies, 57–58 overview, 56–57 protocol design space, 58 software-defined networking (SDN), 60–61 Scalable system implementation application development/ deployment platform, 65–67 edge devices utilization, 64–65
202
IoT Technical Challenges and Solutions
Scalable system implementation (continued) real-time and power considerations, 62–64 Security, 33–34 access control, 88–89 attacks and, 74 authentication, 79, 87–88 authorization, 79 business objectives of, 75 challenges, 79–81 communication, 83–86 confidentiality, integrity, and availability (CIA), 78 data, 81–83, 102–3 device-level, 79–80, 101–2 identities and identity management, 86–87 key requirements, 75–79 perspective, 73–75 physical mechanisms, 77 policies, 77 practical guidelines, 100–103 protocols, 85 risk-based, 92–94 schemes, 77 smart, 45 software updates, 89–90 statistics-based decomposition, 73 subsystem threats and, 80–81 summary, 103–4 system-level assessment, 92–99 user experience versus, 183 Semantic data management, 146 Semantic interpretation, 110, 119–26 machine learning, 119–22 overview, 119 reasoning, 124–26 rule engine, 123–24 workflow, 120 Sensor-driven analytics, 158
Sensor signal processing, 110, 111–19 feature extraction and inference, 116–19 signal acquisition and conditioning, 111–14 signal representation, 114–16 workflow, 111 Sensor subsystem, 24–25 Services and technology-level standardization, 29 Signal acquisition/conditioning adaptive filtering, 112 applications of, 113–14 matched filtering, 112 outlier detection, 113 sampling, 111–12 Signal representation applications of, 115–16 frequency domain, 114–15 statistical processing, 115 wavelet domain, 115 Signal-to-noise ratio (SNR), 112 Smart energy, 44 Smart environment, 43–44 Smart farming, 46 Smart health, 47 Smart home, 46–47 Smart manufacturing, 46 Smartphone-based sensing. See Mobile phone sensing Smart retail and logistics, 45 Smart security and surveillance, 45 Smart transportation, 43 Smart water, 44–45 Software-defined networks (SDN), 60–61, 189 Software updates, secure, 89–90 Spatial crowdsourcing, 146 Spatial intelligence, 139–40 SSL (Secure Sockets Layer), 87 Standardization, 28–32
Index
Star network, 57 Statistical processing, 115 Stream processing, 118 STRIDE model, 95–97, 99 Subsystems cloud, 26–28 defined, 23–24 gateway, 25–26 sensor, 24–25 threats to, 80–81 Supervised learning, 120 Supply chain (SC) defined, 22 IoT for, 22 optimization, 45 Support vector machine (SVM) classification, 120 Symbolic aggregate approximation (SAX), 115 System-level security assessment DREAD model, 97–99 overview, 92 risk-based security, 92–94 STRIDE model, 95–97 threat modeling and risk assessment, 94–99
T TCS Connected Universe Platform (TCUP), 163 Technologies cloud connectivity networks, 26 cloud subsystem, 26–28 communication, 49–56 gateway subsystem, 25–26 local sensor networks, 25 overview, 23–24 sensor subsystem, 24–25 Technology stack defined, 23–24 illustrated, 23
203
for IoT analytics, 27 Thread, 52 Threat analysis, 93 Threat modeling, 94–99 Time division multiple access (TDMA), 25 TLS (Transport Layer Security), 87, 102 Topology and Orchestration Specification for Cloud Applications (TOSCA), 165 Tracking threat, 91 Trade-offs application-specific versus generalpurpose platforms, 182–83 battery lifetime versus performance, 183 communication, range, power, and bandwidth, 183 hard sensing versus soft sensing, 182 overview, 181–82 security versus user experience, 183 Traffic congestion management, 43 Transmission control protocol over Internet protocol (TCP/IP) stack, 52 Transportation, smart, 43 Trust, management of, 146–47 Trusted Execution Environment (TEE), 81
U Unmanned aerial vehicles (UAVs), 135–36 for aerial mapping, 149–52 aircraft inspection with, 141 ATC and, 151 infrastructure inspections, 150–52 for insurance business, 141 potential business applications, 142 privacy and, 151
204
IoT Technical Challenges and Solutions
Unmanned aerial vehicles (continued) safety and, 151 for spatial intelligence, 139–40 urban inspection with, 141 utility asset inspection with, 140–41 See also Mobile sensing Unsupervised learning, 120 Urban inspection, 141 Urban transportation, collaborative sensing for, 138 Use cases mobile sensing, 136–42 smart energy, 44 smart environment, 43–44 smart farming, 46 smart health, 47 smart home, 46–47 smart manufacturing, 46 smart retail and logistics, 45 smart security and surveillance, 45 smart transportation, 43 smart water, 44–45 Utility asset inspection, 140–41
V Value-added services model, 19 Virtualization, 189–90 Visual analytics, 126–27 Visualization, 116
W Waste management, 43 Water leakage protection, 44–45 optimization use, 47 quality monitoring, 44 smart, 44–45 Wavelet domain, 115 Wellness monitoring, 47 Wi-Fi, 52–53 WirelessHART, 52
X XMPP, 56
Z ZigBee, 51–52