Network Working Group Hyunsik Yang
Internet-Draft Younghan Kim
Intended status: Informational Soongsil University
Expires: April 2017 October 31, 2016
IoT architecture based on Virtual thing environment for security
draft-yang-t2trg-virtualthing-00.txt
Abstract
This document provides guidance of IoT architecture based on virtual
thing environment for security. In the heterogeneous IoT environment,
Internet of Things(IoT) have a limitation in adapting management
function such as updating software, adopting various general
cryptography mechanisms since they have limited processing power,
storage space and transmission capacities. Moreover, IoT could not
support all of requirement for IoT management function in
heterogeneous environment. Especially, security is one of the issue
in heterogeneous environments. Therefore, this draft describes IoT
architecture based on virtual thing environment and classify the
requirements as well as problem statement.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may not be modified,
and derivative works of it may not be created, and it may not be
published except as an Internet-Draft.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November 10,
2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
Yang, et al. Expires April 31, 2017 [Page 1]
Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 31 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents carefully,
as they describe your rights and restrictions with respect to this
document. Code Components extracted from this document must include
Simplified BSD License text as described in Section 4.e of the Trust
Legal Provisions and are provided without warranty as described in
the Simplified BSD License.
Yang, et al. Expires April 31, 2017 [Page 2]
Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016
Table of Contents
1. Introduction ................................................ 4
1.1. Terminology ............................................ 4
2. Problem statement ........................................... 4
2.1.1. Interface issues ................................... 5
2.1.2. Software management issues ......................... 5
2.1.3. On demand security issues .......................... 5
3. Virtual thing Architecture for IoT ........................... 6
3.1. Architecture ........................................... 6
4. Consideration ............................................... 6
5. Security Considerations ...................................... 7
6. IANA Considerations ......................................... 7
7. Conclusion .................................................. 7
8. References .................................................. 7
8.1. Normative References .................................... 7
8.2. Informative References .................................. 7
9. Acknowledgments ............................................. 7
Yang, et al. Expires April 31, 2017 [Page 3]
Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016
1. Introduction
Currently, in heterogeneous IoT environments, IoT networks are
required to meet various requirements for management such as
supporting various interfaces (REST API, specific protocols),
security issues and software management (OS update, synchronization).
Moreover, each IoT device may have a different hardware specification
and requirement depending on what function or application the IoT
device is design for. Especially, security is one of the major
management issues in IoT. However, supporting every requirement is a
challenge for IoT because IoT is a constrained environment with
resource constrained devices.
This draft describes an IoT architecture based on virtual thing
environment to classify the requirement and problem statement.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
Virtual thing
It is a virtual machine which can provide various application. This
entity maps to physical thing(IoT) as 1:1, 1:N, N:N
2. Problem statement
In the heterogeneous IoT environment, many functions are required to
be managed such as supporting various interfaces (REST API, specific
protocol), security issues and software management (OS update,
synchronization). However, it is quite a challenge for the current
IoT to support every requirement since IoT is a constrained
environment and IoT devices are limited devices. In this situation,
one of solutions is to enable a gateway to have a lots of function to
meet the requirements. Although the solution can solve a part of
requirements, it can't support all requirements since there will be
burdens when the number of IoT increases continuously. In addition,
when an IoT device moves to another gateway, this gateway should
support the same functions that are supported by the previous.
Moreover, all packets should go to another IoT network through the
gateway.
Yang, et al. Expires April 31, 2017 [Page 4]
Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016
To support various functions in heterogeneous environments, IoT
manager should be considered various requirements to manage IoT such
as supporting various interfaces (REST API, specific protocol),
security issues and software management (OS update, synchronization).
Moreover, it should consider characteristics of IoT like
specifications of hardware and ability of IoT.
2.1.1. Interface issues
IoT should support various protocols or REST API to communicate with
each vender's IoT since every IoT device may have a different
protocol or API according to its vender and characteristics of IoT.
However, it is not a good solution if each IoT device is required to
support various interfaces. Even though, all venders would use a
unified APIs or interfaces, it has a limitation to meet all
requirements, for example, security supporting.
2.1.2. Software management issues
IoT also needs an operating system for management and applications
also need to update to fix a bug or for a new feature. However, it is
not easy to update OS or applications at the same time since IoT
devices do not always connect to the Internet. It also can be an
issue in the security aspect because confliction of software version
can create a chance for attackers. To deal with this problem,
synchronization protocols or management methods are required.
2.1.3. On demand security issues
In the IoT environment, IoT is required to provide different security
levels and conditions. For example, when an IoT device sends sensing
data that it is not important like temperature, IoT doesn't need to
use a powerful security mechanism. On the other hand, when an IoT
device sends an important data like health monitoring results or
action messages, IoT needs a powerful security mechanism and
functions such as access control or DDoS mitigation.
Yang, et al. Expires April 31, 2017 [Page 5]
Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016
3. Virtual thing Architecture for IoT
3.1. Architecture
+---------------------------------------------------------+
| <Virtual thing layer> +---+ +security fn |
| | V | +OS management|
| +-|-+ +application |
+-------------------------------------|-------------------+
+-------------------------------------|-------------------+
| <secure connection layer> | |
| Secure channel |
| | |
+-------------------------------------|-------------------+
+-------------------------------------|-------------------+
| <physical layer> +-|-+ |
| | P | +IoT |
| +---+ |
+---------------------------------------------------------+
Figure 1 Virtual thing Architecture for IoT
As shown in figure 1, the virtual thing based architecture is
hierarchically constructed. It consists of three layers. The first
layer is physical layer. It is a basic layer for physical devices.
The second layer is a secure connection layer. This section supports
security connection between physical devices and virtual things. The
third layer is a virtual thing layer. This layer provides various
functions such as security, operation system, or sensor configuration.
4. Consideration
In this document, we describe virtual thing based on architecture for
IoT. In future work, we will define specific requirement for standard
of modeling value.
Yang, et al. Expires April 31, 2017 [Page 6]
Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016
5. Security Considerations
TBD
6. IANA Considerations
This document has no IANA actions.
7. Conclusion
In this document, we describe an IoT management architecture based on
virtual thing environment to solve existing problems. In addition, we
describe problem statements with three use cases. In the future work,
we classify requirements with more use cases.
8. References
8.1. Normative References
[I.D. draft-irtf-t2trg-iot-seccons-00]
O. Garcia-Morchon, S. Kumar, M. Sethi, "Security
Considerations in the IP-based Internet of Things", draft-
irtf-t2trg-iot-seccons-00, October 09, 2016.
8.2. Informative References
9. Acknowledgments
Yang, et al. Expires April 31, 2017 [Page 7]
Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016
Authors' Addresses
Hyunsik Yang
Soongsil University
369, Sangdo-ro, Dongjak-gu,
Seoul 156-743, Korea
Email: yangun@dcn.ssu.ac.kr
Younghan Kim
Soongsil University
369, Sangdo-ro, Dongjak-gu,
Seoul 156-743, Korea
Email: younghak@ssu.ac.kr
Yang, et al. Expires April 31, 2017 [Page 8]