IoT Security: An open source and open standard approach

June 15, 2015

High on any list of IoT concerns is the security for an IoT solution. How do you make sure devices only talk to the correct servers and only the ‘correct’ devices talk to your servers? Lots of people point out IoT security is an important issue but very few are actually creating technology to make IoT solutions secure.

For this reason, I am thrilled we have a new Eclipse project proposal, called Kiaora, that takes on the challenge of IoT security at IoT scale. I am even more thrilled to have Verisign, the company that hosts the .com domain register, proposing and leading the project. Verisign definitely understands that any IoT security solution needs to be based on open standards and open source. Kiaora will be based on IETF DNS-SD and IEFT DNS-SEC standard.

The proposal was posted last week so it will be a couple of weeks before the project is officially created. Verisign has made the code available on their github repos.

Kiaora is going to be a great addition to the Eclipse IoT open source community. Developers will now have a critical component for building security into their IoT solutions.


IoT Developer Survey: What are developers doing with IoT?

April 3, 2015

We have just published the results of the first IoT Developer Survey.  There are some very interesting findings so I encourage you to check out the report.  The raw data is also available [xls] [ods].

Internet of Things (IoT) is still relatively new and not is a lot know about what developers are doing with IoT. Therefore, these results offer an interesting perspective. However with any survey it is just one data point so I always encourage people to look for trends across surveys and year over year trends.  That being said I do think there are some key observations we can learn from these results.

1. Arduino, Raspberry Pi, etc are key platforms for developers. Over 80% over developers have some experience with these types of hardware platforms. The availability of cheap, accessible hardware is a key enabler to IoT. If you want to get access to IoT developers you need to be enabled on these platforms.

2. Security and Interoperability are key concerns. This is very consistent with other surveys and analysis for IoT. It is interesting to see how the concerns change between developers who have deployed a solution vs developers planning to deploy a solution. For instance, security is a concern to more who are planning to develop in next 6-18 months (60.5%).

3. Open source is pervasive in IoT. Over 80% of developers report their companies have policies use open source software for IoT solutions.  This is huge and I think reflects the maturity of open source in the larger technology industry. It also reflects well on our mission for Eclipse IoT.

4. Key IoT languages: Java, C, JavaScript.  No one programming language will dominate IoT development. However it does seem Java, C and JavaScript are languages that will be important for any IoT development.

5. Key Standards and Technology: HTTP, MQTT, Linux. HTTP is the dominant message protocol being used by the survey respondents (63%) and Linux is the dominant operating system (78%). For the ‘new’ IoT standards and operating systems, only MQTT (53%) was being used by a majority of the respondents. I think this shows that either 1) the existing web standards and Linux will be good enough for IoT, or 2) the new IoT standards and operating systems have a long way to go towards adoption.

6. Perspective and Influencers for IoT developers. A challenge of IoT is that it is very vast so understanding how IoT developers perceive themselves and who influences their decisions is important. In this survey the respondents identified their technology focus as being focused on Embedded Software, Web Development and Enterprise Software versus Networking, Big Data, Hardware Design or Mobile and Cloud. The key influencers for technology decisions were hardware vendors, semi-conductor manufacturers and Cloud providers versus Network operators, System Integrators or Enterprise software vendors.

I hope these survey results provide some insight into the IoT Developer community. We are going to discuss these results during a Google Hangout on Thursday, April 9 at 11am.  Join us.

It is an exciting area for developers and we all have a lot to learn. Thank you to everyone that participated in the survey. I hope this is something we can do on an annual basis.

 


Case Study MQTT: Why Open Source and Open Standards Drives Adoption

March 4, 2015

For the last 3 years, we have been talking about why IoT needs open source and open standards to be successful. We are now seeing great examples of why this is so true and why open communities will lead IoT adoption.

MQTT is a perfect case study. This past month Eclipse Paho and Eclipse Mosquitto released new versions of their MQTT clients (Paho) and  MQTT broker (Mosquitto). I believe this is an important milestone for these projects and the adoption of MQTT by IoT solution providers. It seems to me that MQTT has now become a defacto `must be supported standard`for any serious IoT solution provider. And any smart IoT solution provider is using Paho and/or Mosquitto to implement MQTT. https://twitter.com/macchina_io/status/571284151845978112

Google Trends   Web Search interest  mqtt   Worldwide  2004   present

MQTT Google Trend

A quick look at the Google Trends report for MQTT makes it pretty clear interest in MQTT has taken off since Eclipse Paho was created and MQTT was submitted to OASIS for standardization. Now, if you follow the Paho and Mosquitto mailing lists you can see the community is fully engaged and developers are creating real solutions with Paho and Mosquitto.

A perfect example of why open source and open standards drive adoption. We are also seeing this with other standards like Lightweight M2M and CoAP.  Open is definitely winning in IoT


IoT Developer Survey – What are developers doing with IoT?

February 14, 2015

For the last 3 years, we have been working to create an IoT open source community at Eclipse. Like most open source communities, our community members are developers and in this case who are building IoT solutions. One common question I get asked is ‘What are developers doing with IoT’. Unfortunately, my answer varies between ‘everything’ and ‘I don’t know’. Not a very helpful response.

To help answer the question ‘What are developers doing with IoT?’ we have launched the IoT Developer Survey. Our hope is to get a cross-section of developers working in IoT to provide input into their plans for IoT solutions, the technology they use and their perceptions of the industry players. The survey is 18 questions and should take 5-10 minutes to complete. As a thank you we will draw 3 names who will win $100 gift cards at your favorite electronics distributor so you can build even more IoT solutions.

If you are building IoT solutions or in the process of learning about IoT technology, we want to hear from you.


IoT Day 2015 – IoT Security, Device Management and IoT APIs

January 28, 2015

This year at EclipseCon we are hosting an IoT Day on March 11 at the San Francisco Airport Hyatt Regency in Burlingame, CA. IoT Day is meant for people who might not want to spend an entire week learning about all things Eclipse but are definitely interested in IoT. We did this event last year and it was a great success so we are doing it again!

This year the themes for IoT Day are Security, Device Management and IoT APIs. These are incredibly important topics for the IoT industry so I am thrilled to have talks about them during IoT Day.  Here is a brief synposis of what the day will look like:

– The day starts with Benjamin Cabe providing an overview of the Eclipse Open IoT Stack.   The Eclipse IoT community is making great progress of providing the open building blocks any software developer needs to build an IoT solution.  This will be a good introduction.

– IoT device management is one of the key trends in the IoT industry for 2015. Therefore, we are lucky to have Marco Carrer and Julien Vermillard discuss the solutions for device management from Eclipse IoT.

– Lot of people are in the process of building IoT soutions, One aspect is designing an API for your solution. Two speakers from Zebra Technologies will share their experience of designing an IoT API.

– Security is always one of the key concerns for deploying IoT solutions. Open source and Eclipse IoT have a lot to offer developers looking to secure their IoT solution. Julien Vermillard will show how Eclipse IoT, lightweight M2M and DTLS can be used to secure your IoT solution.

– One of the innovative new projects at Eclipse IoT is called Vorto. The Vorto project leaders from Bosch will talk about their vision of IoT device integration with Vorto. 

– MQTT has become an important and widely adopted IoT standard. MQTT-SN is a version of MQTT for sensor networks. Ian Craggs, the Eclipse Paho project leader, will show how MQTT-SN can make MQTT possible over UDP, Zygbee and other transports.

– The day will close with a number of lightning talks from speakers in our community.

It is a great agenda and a great way to learn about some key topics for IoT. The cost to register for the IoT Day is just $200. Find out more and register today.

Special thank you to 2lemetry for being a sponsor of IoT Day.


Thank you to our Friends in 2014

January 16, 2015

The Friends of Eclipse program allows individuals to support and contribute back to the Eclipse community. Over the last several years, the program has been a great success and the donations help support many of the services provided by the Foundation.

In 2014, participation in the Friends of Eclipse was amazing! We had 5977 donations in 2014 and a total of $133K was raised. Over 2300 individuals donated more that $35, so they officially become a ‘Friend of Eclipse’.  In fact, over 100 individuals donated more than $100 so they qualify to be a ‘Best Friend of Eclipse’.  A special thank you to the two individuals that donated $1000!

Thank you to everyone who have donated to Eclipse. It is truly appreciated. I hope we can count on everyone’s support in 2015.


ABCs of IoT Consortiums

December 11, 2014

The Internet of Things industry has taken off over the last two years. One activity I have been monitoring is how industry consortiums have been responding to IoT. At Eclipse IoT we have a goal of implementing open IoT standards, so understanding how different consortiums, old and new, are serving the IoT industry is important for us to know.

Last week, I have an opportunity to give a presentation on IoT Consortiums at the Thingmonk event in London. It was well received so I decided to write it up as a blog post.

In thinking about consortiums, I looked at three factors: 1) Openness: how open are their IP policies and implementing their standards (if they have any), 2) Availability: does the consortium have anything available or delivered. Lots of these consortiums are just getting started but some are already delivering. 3) Adoption: Is the consortium actually using the deliverable and in general what type of momentum do they have. I gave each consortium a grade A,B,C or D, on each of these criteria. Of course this is very subjective and my opinion. Feel free to correct me by leaving a comment.

Old Dog New Tricks

In general I have been thinking of IoT consortiums in different categories the first being existing groups that have focused on device to device connectivity. I’ve labeled this category ‘Old Dog New Tricks’. In this category I include Zigbee Alliance, Bluetooth SIG and UPnP. All three of these groups are in the process of updating their specification to include the new requirements of IoT, ex. suitability for low powered devices or more interoperability profiles. More specifically, Zigbee has their new Zigbee 3.0 spec, Bluetooth has Bluetooth LE (now named Bluetooth Smart) and UPnP has UPnP+.

Openness: C  

In general you need to be a member of these alliances to implement their specification. Membership often provides the opportunity to certify, patent protection and access to the specification.

Availability: B

All of these alliances are delivering their new specifications for IoT today, although they are relatively new.

Adoption: B

All of these alliances have widely adopted communities and will benefit from the move into IoT. For instance, I see a lot of Bluetooth LTE usage and in fact probably deserves a A rating.

 New Kids

There is a group of three consortiums that have been announce in the last 2 years that are getting a lot of attention: Allseen, Open Interconnect Consortium and Thread. It appears these three are mostly competitive with each other and providing similar value to groups in the previous category.  Lets look at each three individually:

Allseen

Allseen was announce by Qualcomm in 2013 as an open source foundation for their Alljoyn framework, a solution for device communication in home automation. Alljoyn has been around since 2011 but in 2013 Qualcomm decided they need a better governance model so they created a foundation.

Openness: A-

Alljoyn is available under an open source license, albeit an obscure licensed called ISC. Unfortunately it doesn’t have a patent clause which has caused some concern. Allseen has also stated they will not publish a standard so it will be impossible to have alternative implementations. For these reason I give it a A- for openness.

Availability: A

You can download the Alljoyn framework today.

Adoption: C

Adoption appears to be pretty modest.

 Open Interconnect Consortium (OIC)

OIC was announce earlier in 2014. Led by Intel and Samsung it appears to be a direct competitor to the Allseen Alliance. It would appear IP concerns was one of the motivation for creating OIC.

Openness: A

OIC will be available under the Apache license and they have stated their intention to publish a specification.

Availability: D

So far nothing has been published.

Adoption: D

They are just getting going so no adoption.

 Thread Group

In 2014, the Thread Group was also announced. Led by Nest, their goal is to ‘To create the very best way to connect and control products in the home.’  It sounds pretty similar to Allseen and OIC. Thread has as its members Nest (interestingly not Google), ARM, Samsung, Freescale and Silicon Labs.  It is interesting to see Samsung in more than one of these groups.

Openness: D

Information is pretty sparse on the Thread Group web site but there is no mention of open source licensing and not even royalty-free access to the deliverables.  I hope and expect this will change once Thread starts delivering.

Availability: D

Nothing has been published.

Adoption: D

They are just getting going.

 Developer Focused

There are a group of consortiums that are focused on delivering standards and open source to the developer community.

IETF

IETF has published a number of standards for IoT developers, including CoAP for application messaging, DTLS for device security and 6lowpan for network communication.

Openness: A

IP policies of the IETF makes it easy to access and implement their standards in open source.

Availability: A

You can access these specifications today.

Adoption: B-

Adoption of CoAP, DTLS and 6lowpan appear to be modest. I’ve seem more interest in CoAP over the last year but it still have some ways to go.

OASIS

OASIS has recently published the MQTT specification, a messaging protocol for IoT. MQTT was developed in the late 1990’s by IBM and Eurotech. In 2013, IBM announced they would open source their implementation at Eclipse and standardize the protocol at OASIS.

Openness: A-

To participate in an OASIS standards committee you need to be a member. However, they do make the specification under open source friendly terms and they do make the final specification open to the public.

Availability: A

MQTT was finalized as a standard in November 2014.

Adoption: B

I’ve seen continued adoption of MQTT as a standard for IoT. Most IoT middleware providers support MQTT and more and more hardware providers are including it. Eclipse Paho and Eclipse Mosquitto, which implement MQTT, are very active and popular projects.

Open Mobile Alliance (OMA)

OMA has published a standard called Lightweight M2M (LWM2M), a standard for IoT device management.

Openness: A-

LWM2M can be easily implement by open source projects and the final specification are open to everyone. The OMA standards committees are only open to members of OMA.

Availability: A

LW2M2M is available today.

Adoption: C+

I don’t see much adoption of LWM2M but I do see that changing. A number of companies are serious about LWM2M and I expect device management to be a hot trend in IoT for 2015. The interest in the Eclipse LWM2M project, Leshan and Wakamma also appear to support increase interest in LWM2M.

Eclipse IoT

The Eclipse IoT community was started in early 2013. It now includes 17 different open source projects and 22 organizations participating in the IoT Working Group. The goal of Eclipse IoT is to provide open IoT frameworks and open source implementations of open IoT standards.

Openness: A

All the Eclipse IoT projects are available under the Eclipse Public License (EPL) and most are dual licensed under the Eclipse Distribution License (a BSD style license).

Availability: A

Most of the projects are available today.

Adoption: B

Projects like Eclipse Paho and Eclipse Mosquitto are being widely used in the IoT and MQTT community. Other projects like Eclipse SmartHome have growing communities.

 Industry Focus

A number of consortiums are services specific vertical industries. I don’t follow these consortiums that closely so my information may be out of date or incorrect.

OneM2M

OneM2M was created by the major global teleco standard groups, including ETSI, TIA and others. Their goal is to create a standard of the service layer required for M2M solutions. They goal was to ensure each standards group didn’t do their own M2M standard but collaborate on a common, One M2M standard.

Openness: B

OneM2M has published the first draft of their specification and asked for feedback. It is possible to create open source implementations of OneM2M. Eclipse IoT has a project, OM2M that started with the ETSi M2M and plans to implement OneM2M.

Availability: B

A draft of the standard is available today. The intended to publish the 1.0 specification in December. I am not sure if this will still happen or not?

Adoption: C

The standard has not been finalized so I have not seen any adoption. Please let me know if you have adopted OneM2M

 Home Gateway Initiative (HGI)

The two main theme of HGI are connectivity and service enabling, with specific reference to smart home scenarios.  HGI appears to provide use cases, requirements and reference architectures for the home automation industry.

Openness: B

Anyone can access the HGI documents from their web site. However, HGI meetings are open to members only.

Availability: B

HGI documents are available from their web site

Adoption: C-

I don’t know of anyone that has adopted or referenced HGI specifications This might be due to my lack of knowledge of the home automation industry. Please feel free to leave a comment if you know of companies adopting HGI.

Continua

Continua is a consortium focused on interoperability of healthcare and medical devices.

Openness: ?

I could not determine their IP policies. It would be great if someone could let me know.

Availability: A

Continua appears to have a functioning certification program and active working group.

Adoption: B

On the Continua web site there were 70 different products that have been certified by Continua. Although not huge, it certainly appears they have momentum and adoption.

International Electrotechnical Commission (IEC)

IEC, a sister organization of ISO, deals with electricity and electrical standards.  They have a number of standards that are relevant for SCADA systems and Industrial Automation.

Openness: C+

To access the IEC standards you need to purchase them. Once you purchase them it is not really clear their policies on re-licensing for things like open source implementations.

Availability: B

A number of standards are available today.

Adoption: B

 Advocacy

There are a number of consortiums that are setup to promote and advocate for IoT technology and the industry in general. These groups are not setup to deliver any specific standard or open source implementation. They are often very good source of networking with other vendors in the industry.

 Industrial Internet Consortium (IIC)

IIC was started in early 2014 and has quickly gained momentum. Started by GE, IBM, Intel, AT&T and Cisco, the consortium has quickly grown to over 100 members.  The goal of the IIC is to assemble best practices the IoT industry through reference architectures, use cases, testbeds, etc.  IIC has a stated goal to not create standards or open source implementations for IoT.

Openness: C

To access any of the IIC content and meetings you need to be a member.

Availabilty: D

IIC is just getting started so very little has been delivered.

Adoption: B

IIC has nothing really to adopt but they have gain impressive momentum in the IoT industry. Eclipse IoT is a member of IIC so we can attend their meetings. It seems to me they have been able to bring together traditional IT providers and industrial vendors. They will be interesting to watch.

 IPSO Alliance

IPSO Alliance was started in 2008. From their web site ‘The IPSO Alliance provides a foundation for industry growth by fostering awareness, providing education, promoting the industry, generating research, and creating a better understanding of IP and its role in the Internet of Things.’  One interesting project of IPSO is their Smart Objects’ project, a project to start defining the meta-data of IoT devices. It is still very early days but it is nice to see some group taking on this work.

Openness: B

IPSO publishes the Smart Object information on their web site. It is not clear how you can participate in the Smart Object project.

Availability: B

A first draft of Smart Object is available. My guess is that this is just the start.

Adoption: C-

It is still very early days. I don’t know anyone who has adopted Smart Objects.

 M2M Alliance

M2M Alliance is a German-based trade association that has been setup to promote the M2M Industry. It has a German focus and its main deliverable is the annual M2M Summit in Dusseldorf.

I will not rate the M2M Alliance since their primary deliverable is the M2M Summit. I attended the 2013 edition and recommend it to anyone that wants to be in the German IoT market.

 Summary

There is not going to be one consortium or standard that will dominate IoT. IoT is just too big. I also expect more consortiums will be started over the next year. It seems to be the thing to do in a growing industry.

I would welcome any feedback or insight into any of the above rankings. I do expect that things will change and I might update the rankings at a later date.

 


Follow

Get every new post delivered to your Inbox.

Join 63 other followers