By SB Kang, Director of Strategic Business Planning, Yungchang

The Open Connectivity Foundation is sharpening its focus on smart cities.

OCF Korea Forum member, Yungchang Co., Ltd., supported by ETRI, has developed smart bus shelter and smart crosswalk solutions using OCF standards. Following successful development, the solutions are set to be installed in cities across Korea through a series of government contracts.

Enhancing the public transport experience and improving road safety

Yungchang’s smart bus shelter aims to encourage public transport use by enhancing the user experience, improving the urban landscape and ensuring passenger safety. The smart LED powered bus shelter uses Artificial Internet of Things (AIoT) technology to display real time arrival information. Other features include air conditioning and purification, and heated seating. The bus shelter is also equipped with safety features, including intelligent alarm systems that provide passengers with voice guidance from a control center in the event of an emergency. These features combine to ensure passengers can easily access transportation information, enjoy adjustable temperature controls and receive immediate support in the event of an emergency.

The smart crosswalk aims to prevent traffic accidents, promoting both driver and pedestrian safety through features such as flashing road studs and floor lighting to ensure the crossing is immediately visible to pedestrians. A CCTV system is also included to detect vulnerable pedestrians needing more time to cross, this will automatically trigger an extension in the signal time to ensure adequate time for safe crossing.

A limitless choice of IoT devices

Yunchang applied the OCF specifications to generic IoT devices used in smart bus shelters through a process of converting the data received from a generic device into the virtual OCF protocol.

This means the time spent on equipment selection has been reduced. Specific devices requested by customers can also be controlled and managed as IoT devices, and the advantages of the OCF specifications can be applied.

Ensuring secure development

OCF’s ISO/IEC specifications enable secure IoT communication over Internet Protocol (IP), offering a holistic approach to the management and optimization of urban infrastructure. Using the OCF Secure IP Device Framework, designed to enable secure end-to-end implementations that encompass device-to-device, device-to-cloud and cloud-to-cloud, made it simple for Yungchang to apply the OCF specifications to both the bus shelter and crosswalk.

In the case of these two solutions, comprehensive security measures were required specifically for the lightweight, low-powered IoT devices used. The OCF standard is ideal in this scenario, guaranteeing security and stability even with lightweight devices.

Thanks to traceable links between security legislation, and the standard’s compliance to both national and international legislation, the implementation will comply with legislation not only in Korea, but worldwide.

By using the OCF standard, solutions will continue operating seamlessly in future as the standard will evolve with changing industrial communications standards. As the OCF standard is also independent of any consumer ecosystem, the infrastructure and associated data for the two solutions can be controlled, managed and regulated according to local Korean requirements.

The open and interoperable nature of the standard also gives solution developers the ability to control multiple smart city projects within an integrated platform. This enables information from multiple projects to be aggregated and additional services to be provided.

Implications for the wider IoT industry

With new IoT technologies being created at speed, the wider industry is rapidly evolving. Top of mind for IoT developers is the need for devices to connect with the cloud to control numerous devices and utilize data effectively. In their efforts to resolve this challenge the variety of IoT devices and applications will increase, making a rise in the number of low-power IoT devices inevitable. With this in mind, the benefits of truly open IoT standards securely supporting these low powered devices cannot be understated.

Yungchang’s smart bus shelter and smart cross walk solutions demonstrate the benefits the OCF specifications bring to the development of smart cities and are a step towards the OCF becoming the standard of choice for infrastructure in the smart city environment.

Learn more about how the OCF Secure IP Device Framework can enable secure end-to end IP communication securely and swiftly.

Revolutionizing with the IoT

The Internet of Things (IoT) is revolutionizing the way the world works and plays. In our pockets, on our desktops, and even on the walls of our homes and offices, web-enabled smart devices utilize a variety of embedded processors, sensors and communication hardware to collect data, which is then analyzed and acted on, often automatically. The IoT is an enabler of a larger digital transformation, producing vast quantities of data to be stored, transmitted and utilized over an ever-expanding global network.

This treasure trove of data feeds artificial intelligence platforms and data analytics applications and impacts nearly every aspect of our daily lives. But data shared between such a vast network of devices comes not without its risks, and concerns over the security of smart devices are ongoing.

For the IoT ecosystem to flourish, security must be integrated from inception, not as an afterthought. The Open Connectivity Foundation (OCF), a global, member-driven technical standards development organization is working to enable trust, interoperability, and secure communication between internet protocol (IP)-connected IoT devices and services. It does this by fostering collaboration between stakeholders across the IoT ecosystem to deliver the freely-available ISO/IEC specifications, including the Secure IP Device Framework, its open-source reference implementation IoTivity, and an industry-recognized certification program. This enables innovative new secure use cases and user experiences, reduces development costs, integration complexity and time to market, and simplifies regulatory compliance to IoT security and privacy baselines.

The vertical-agnostic technology has already seen significant adoption in the smart home sector and is now enabling the transition to secure, intelligent, smart buildings and smart city infrastructure based on IP connectivity networks.

What is IoTivity?

We’ve established that IoT facilitates seamless connectivity, and brings many benefits into our daily lives. IoT improves machine efficiency and data sharing, enabling more informed decisions which optimizes processes. This improved communication helps identify risks, inefficiencies and potential bottlenecks within device networks.

Furthermore, IoT provides a competitive advantage by facilitating data-driven decisions and enabling new or optimized business models which enhance connectivity needs. Beyond convenience, standardization of IoT domains just makes sense, especially in a business context. It can open up access to new markets, reduces development costs, reduces integration complexity and time to market, simplifies regulatory compliance, enhances supply chains, and inspire further innovation.

IoTivity is an open-source framework that implements the Open Connectivity Foundation (OCF) standards and facilitates these benefits by providing easy and secure communications for IoT devices. The IoTivity project was created to bring together the open-source community to accelerate the development of the framework and services required to connect these billions of devices. Sponsored by the Open Connectivity Foundation (OCF), a group of industry leaders that have created a standard specification and certification program to address these challenges, the IoTivity project delivers a reference implementation of the ISO/IEC recognized OCF standard specifications.

Figure 1. IoTivity Communication Methods

Ultimately IoTivity supports secure connectivity across devices and domains, crucial for storing your data. Secure standards offer peace of mind to consumers, businesses and city planners alike, inspiring trust and confidence as IoT becomes more intertwined with every aspect of our personal and public lives.

How can IoTivity benefit your network?

Some of the key challenges faced within IoT are seen with non IP based standards technology which results in limited interoperability, proprietary protocols and technologies, licensing issues, companies creating a “Closed Ecosystem” (zero or limited Interoperability with other Vendor devices), low adoption of open standards by various industry consortiums, security and privacy concerns, dilemmas in “ownership” of data from variety of IoT devices, lack of strong certification for ensuring protocol & application profile and interoperability. A long list! IoTivity can help mitigate these challenges in a number of ways.

Cost

Unlike proprietary protocols, every OCF device has an IP address and as such can be administered by an IT professional. This removes the need for a specialist installer to configure a gateway. Currently proprietary systems will be connected to the internet and need a gateway to run between IP and non-IP which requires a specialist on-hand when the system is critical. Cutting out the need for this specialist is a huge cost benefit as proprietary platforms require specialist training. The use of IP means that any qualified individual can implement these systems.

Security

OCF utilizes Internet Engineering Task Force (IETF) standards, which incorporates standard methods involving certificates to enhance security. IT professionals can use role-based certificates as a solution to improve security. Certificates can then be adapted so only certain aspects of data can be accessed, creating an additional security layer. Furthermore, dedicated compliance and privacy rules that redact and anonymize sensitive data, before storing and disassociating IoT data payloads from information that can be used to personally identify consumers can be set.

Since OCF is free of any consumer ecosystem, anyone can run up their own cloud and deploy the OCF infrastructure while maintaining absolute control and privacy of their data. Any participant can rent a server, deploy infrastructure and control everything within the server farm. This is invaluable as nobody can see or monetize the data unless permission is given.

Finally, the OCF has put in place traceable links between security legislation and the compliance of the OCF specifications to the legislation. As clauses within legislation are directly mapped to clauses within the OCF specification, and the OCF (conformance test tool) CTT verifies conformance to the specifications, implementations are assured to comply with legislation worldwide. Through this, users, city planners and businesses can ‘compile their compliance’ and ensure data is being utilized securely, effectively and ethically.

Figure 2. ‘Compile your compliance’ for regulatory baseline IoT security

An agile and lightweight platform

IoTivity will run over a lightweight IP Protocol which includes ethernet, Wifi, cellular networks from 3G to 5G and Thread. It also fits into 96k of RAM/512k of Flash meaning it can be run over small, embedded and inexpensive devices. This lightweight implementation can be seen by OCF member Cascoda through its small, low power embedded module which can perform secure IP-based IoT communications. The OCF certified platform is based on an open-source software development kit (SDK) which offers OCF’s secure IP framework and application layer, Thread’s low-power and scalable IPv6-based network layer protocol; the required Thread IP router; and OCF cloud connectivity functionality. Learn more about secure embedded IoT using OCF and Thread inthis whitepaper.

The efficient nature of the platform makes IoTivity a good choice for Linux developers looking to add secure connectivity to lightweight products and can be deployed as a package across a large number of machines.

Ready to start using IoTivity?

If you’re ready to create a successful Linux build using IoTivity with Make, CMake or mbedTLS, visit the IoTivity website here:http://iotivity.org/build_linux/

*First published in theLinux-Magazin February 2023 edition.

By Kyle Haefner, Lead Security Architect, CableLabs

Bruno Johnson, CEO, Cascoda

Joe Lomako, Cybersecurity Lead, TÜV SÜD UK test lab

Internet of Things (IoT) security, like global warming, is one of the few things that can be said to have global awareness, global initiative, and a growing but disjointed global consensus. Governments of the world have recognized that IoT security is a priority problem. In response, they’ve developed security baseline guidance, and drafted and passed legislation to increase IoT security. Manufacturers have realized that building security and privacy into devices adds real value to their brand. This is since consumers are increasingly aware of the importance of security and privacy in the devices they own and, as such, will make purchase decisions based on enhanced security and privacy features.

The challenges facing the industry now lie in navigating a patchwork of regulations that are currently vaguely defined with no clear guidance for certification of compliance. The countdown timer for compliance has already started.

Requirements and Provisions to Be Considered

Legislators in North America and Europe have been developing standards for IoT security. For example, the European Telecommunications Standards Institute (ETSI) has updated the Radio Equipment Directive (RED), which establishes a regulatory framework for placing radio equipment on the market. ETSI adopted a Delegated Act of the RED, activating Articles 3(3)(d), (e) and (f) for certain categories of radio equipment to increase the level of cybersecurity, personal data protection and privacy.

The update mandates cybersecurity, personal data and privacy protection for devices that can:

• 3d: communicate over the internet, either directly or via any other equipment;
• 3e: process personal data, traffic data or location data;
• 3f: enable users to transfer money, monetary value or virtual currency.

Theseprovisions become mandatory on1st August 2024, at which point manufacturers of radio connected devices must be compliant or face potential action.

In the U.S., the National Institute for Standards and Technology (NIST) has released a three-pronged approach split between manufacturers, federal agencies and consumers.

For manufacturers, NIST provides guidance in the form of the NISTIR 8259 series.NISTIR 8259A is the IoT device cybersecurity core baseline that focuses on capabilities such as device identification, device configuration, data protection, logical access to interfaces, software update and a catch-all for logging and cybersecurity state awareness.NIST 8259B covers non-technical requirements such as documentation, information queries from customers, information dissemination, and education and awareness.

For federal agencies, NIST provides guidance inSP 800-213A on the use and management of IoT devices. This publication provides detailed requirements similar to categories inNISTR 8259A, however with more specific requirements under each device capability.

For consumers, NIST, in coordination with the Federal Trade Commission (FTC), has been assigned byPresident Biden’s Executive Order 14028 on Improving the Nation’s Cybersecurity to provide criteria on consumer IoT device labeling. This aims to give manufacturers guidance and standards on how to label consumer devices in terms of their capabilities both physical and cyber.

Additionally, the U.S. Federal Communications Commission (FCC) in June of 2021, released anotice of proposed rulemaking and notice of inquiry with the focus of improving the adoption of cybersecurity best practices in consumer electronics.

While there has not been an official call for a cybersecurity certification in the U.S. similar to the RED in Europe, judging by releases from NIST, FTC and the FCC, signs are beginning to point in that direction.

The primary requirement categories seen in Figure 1. below.

 Figure 1.IoT Security Landscape

These legislations cause challenges for manufacturers, operators, and installers of IoT devices.

The Secure Device Lifecycle

A secure device lifecycle is the foundation of all secure device ecosystems. Manufacturers, operators, and installers of IoT devices will need to build upon this foundation to comply with the guidelines and regulations listed above. Stakeholders should be incorporating the secure device lifecycle into their business plans and processes now.

A secure IoT device lifecycle involves both hardware, software, and the ecosystem infrastructure required to support the device and associated services. Secure device lifecycle management shown in Figure 2. below encompasses all of the processes from the manufacture of the device where cryptographic identity is fused at the factory①, to provisioning operational credentials onto the device②, configuration at deployment site③, ongoing secure updates during normal operation④, and finally secure data wipe⑤ at decommissioning⑥.

Figure 2.The OCF Secure Device Lifecycle

Challenges for Manufacturers

For manufacturers, the timeline for meeting the EU’s RED provisions is short, especially given that the average hardware time-to-market is one and a half to two years – and this is without ongoing supply chain issues. Additionally, developing embedded devices with protections for keying material can take extra time and some manufacturers will need to retool their production lines to accommodate the extra steps of burning key material to the chips.

Challenges for Operators

Consumers expect that their smart devices are manageable wherever, whenever and on any device. To meet this expectation, manufacturers should ensure that their ecosystem offering includes secure communication both proximally, but also to the cloud and over multiple IP segments. Operators should build out and refine security technologies such as Public Key Infrastructure (PKI) to authenticate, authorize and account for devices within their ecosystems – and do so in a way that creates simple and seamless user experiences.

Challenges for Installers

Depending on the use case, the installation process can include a mix of the system integration, application engineering, and the IT administration function. As with manufacturers and operators, installers need to develop suitable technical training and management processes to allow for the appropriate provisioning of secure devices. The provisioning process ensures access rights and privileges for individual users so as to ensure a seamless user experience while maintaining security.

Answering the Call

For several years, manufacturers, vendors and internet operators have been working through various standards organizations to build secure IoT specifications that bring much of the best practices of running secure connected systems into the domain of secure connected andconstrained systems.

There are now mature internationally recognized secure IoT communications standards that can help support the requirements set forth by the EU RED and the US NIST. By using such protocol standards, many of the challenges related to IoT security can be overcome.

However good the communications standard, organizations at every level of the IoT supply chain still need to implement appropriate management processes and ensure that their workforce has sufficient training to facilitate a seamless transition to a more secure world.

Governments are moving at an increasing pace to protect the security of networks from vulnerable and insecure devices – as can be seen with the above directives and guidelines coming from both the EU and US. Specific requirements directly tied to legislation are at best poorly defined and vague, and yet at the same time specific deadlines for conformance have already been set. This puts manufacturers in a difficult position in determining conformance of product lines with lead times that can stretch into multiple years.

The best option right now is to plan to build devices that can meet a majority of the requirements established in ETSI and NIST. It is impossible to foresee what legislation will require, but it is easy to guess that it will be based at least in part on currently established IoT security baselines. Manufacturers must not delay; the clock is ticking.

First published on Cyber Defense Magazine

References

“EN 303 645 – V2.1.0 – CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements.” 2020. ETSI.https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.00_30/en_303645v020100v.pdf

“Executive Order on Improving the Nation’s Cybersecurity.” 2021. The White House.https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

“Federal Communications Commission FCC 21-73 Before the Federal Communications Commission Washington, DC 20554 In the Matter of.” 2021. Federal Communications Commission.https://docs.fcc.gov/public/attachments/FCC-21-73A1.pdf

“NIST Internal or Interagency Report (NISTIR) 8259A, IoT Device Cybersecurity Capability Core Baseline.” 2020. NIST Computer Security Resource Center.https://csrc.nist.gov/publications/detail/nistir/8259a/final

“NIST Internal or Interagency Report (NISTIR) 8259B, IoT Non-Technical Supporting Capability Core Baseline.” 2021. NIST Computer Security Resource Center.https://csrc.nist.gov/publications/detail/nistir/8259b/final

“NIST Special Publication (SP) 800-213A, IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog.” 2021. NIST Computer Security Resource Center.https://csrc.nist.gov/publications/detail/sp/800-213a/final

“OCF – Specifications.” n.d. OPEN CONNECTIVITY FOUNDATION (OCF). Accessed March 3, 2022.https://openconnectivity.org/developer/specifications/ 

About the Authors

Kyle Haefner, PhD is a Lead Security Architect at CableLabs. He also chairs the Core Security work group of the Open Connectivity Foundation (OCF).

Bruno Johnson is the CEO of Cascoda. He also chairs the Marketing and Communications work group of the Open Connectivity Foundation (OCF).

Joe Lomako heads the cybersecurity team in TÜV SÜD’s UK test lab. He has a 25-year background in IoT and wireless connectivity compliance and certification.

The officers of the OCF’sBoard of Directors have been confirmed following a recent election. Leading the organization’s strategic planning as President of the Board will be Brian Bishop, CEO of Data Performance Consultancy Limited.

On his appointment, Brian commented: “I’m delighted to be appointed President of the OCF’s Board of Directors, a position in which I will work to drive the overall strategy of the organization. I have a particular ambition for the OCF to be recognized as the default standard for smart city infrastructure, enabling the development of new SME supply chains and furthering the adoption of secure open standards globally. We are rapidly moving towards this objective, with interest in the OCF already secured from several governments across the world.”

Joining Brian is Betty Zhao, Standard Operation Manager at Haier, who has been named Treasurer of the Board, and Wouter van der Beek, Chief Operating Office at Cascoda, who has been announced as Board Secretary.

President – Brian Bishop

Brian has been researching smart cities for nearly a decade. He has represented the UK government on Global Expert Missions and trade missions for smart cities internationally and is also on the roster of smart city consultants for the United Nations Habitat Programme.

Treasurer – Betty Zhao

Betty is responsible for international IoT standards operations at Haier Group. Betty has over 15 years’ standardization experience in wireless communication and IoT industries, developing MAC layer protocol in IEEE 802.11 and IEEE 802.15. Betty’s expertise includes 802.11/15 MAC layer, data modeling, cloud-to-cloud communication, and ecosystem bridging.

Secretary – Wouter van der Beek

Wouter is the main representative of Cascoda in various standards organizations. He currently chairs the OCF Technical Coordination steering committee, aligning specification, implementation and certification work. His many and various contributions in the OCF are now standardized in releases of the OCF standard and others.

For more information regarding the OCF’s 2022 Board of Directors,click here. If you are interested in becoming a member of the OCF,find out more here.

Interview with Bruno Johnson, Chair of the Marketing and Communications Working Group ofOpen Connectivity Foundation (OCF) and CEO of Cascoda for Smart Home World

What are the primary security and connectivity issues faced by building management systems (BMS) which OCF standards are successfully resolving?  

Building management systems (BMS) have evolved in domain silos, each with their own proprietary bus protocols and data models. This creates a fundamental interoperability issue between domains and hinders the use of building automation protocols with existing IT infrastructure in our homes and buildings. One example of restrictions caused by a lack of BMS connectivity is the inability to securely use occupancy information (in the security domain) to improve the efficiency of heating, ventilation, air conditioning (in the HVAC domain).

OCF has solved this interoperability issue with itsSecure IP Device Framework. The framework allows for secure communication between domain silos by enabling a unified IP-connectivity layer on existing and/or new IT infrastructure.

OCF’s Secure IP Device Framework is an ISO/IEC adopted standard, internationally agreed upon by experts, and is compliant with all known IoT security requirement baselines. Consequently, data, and even the data models used by BMS, can be securely transported to other devices and to the cloud.

Why is it important to foster trust, interoperability and secure communication between IP-connected IoT devices and services?

Security, trust and interoperability are all vital for bolstering the adoption, device sustainability and user experience of IoT. Therefore, by allowing different devices to communicate seamlessly and securely across ecosystems, frameworks such as OCF’s will take IoT interoperability to a new level.

Advancing IoT security is also high on many people’s agendas right now considering the increasing mandates centered around data protection, logical access to interfaces, and device security provisions. For example, America’sIoT Cybersecurity Improvement Act of 2020 requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for IoT devices. This was then echoed by theBiden Executive Order in May 2021.

Over the Atlantic, legislators in Europe are pushing several new and updated requirements in the hope of boosting IoT cybersecurity for device and service users. This includes cybersecurity updates for the Network and Information Systems (NIS) Directive, the EU Cybersecurity Act, and the Radio Equipment Directive (RED).

OCF’s framework is here to solve this fragmentation, ensuring security (and compliance) by design as it is mapped to key industry and government IoT security baselines, such as the NIST 8529D and ETSI EN 303 645 IoT Baseline Requirements. The framework also addresses some of the most critical failures of the IoT security landscape: application-level security and secure communication over multiple IP segments.

What is the latest technology revolutionizing the smart home sector worldwide?

Many smart home devices to date have been built using proprietary platforms, inhibiting them from connecting with other platforms and limiting truly revolutionary innovation in the sector. To overcome this significant IoT interoperability challenge (while still ensuring security and privacy), the Korea Land and Housing Corporation (LH) recently adopted the OCF secure cloud-connected technology as the foundation for its national Smart Home Platform.

The project is seeing a secure and private-by-design IoT smart hub added to each LH home where it collects and analyzes IoT big data. Residents can control 15 different types of device via an OCF-compliant Smart Home app and includes features such as built-in fine dust and CO2 sensors.

LH’s smart hub is expected to be rolled out in over 223,000 households by 2025, enhancing residents’ living experiences through access to smart healthcare, intelligent safety systems, greater convenience through automation and improved energy management and control.

How beneficial are IP connectivity networks in Building Automation Systems (BAS)?

IP connectivity networks already exist in our buildings and are managed by IT professionals. Such systems have reached a level of reliability, bandwidth and (low) latency, meaning that they can now be used to carry BAS data. This is massively beneficial as it will cause a dramatic shift in the way that we interact with buildings and open up opportunities for new services and business models.

First published onSmart Home World

• 1
• 2
• 3
• …
• 15
• »