Network Working Group Hyunsik Yang Internet-Draft Younghan Kim Intended status: Informational Soongsil University Expires: April 2017 October 31, 2016 IoT architecture based on Virtual thing environment for security draft-yang-t2trg-virtualthing-00.txt Abstract This document provides guidance of IoT architecture based on virtual thing environment for security. In the heterogeneous IoT environment, Internet of Things(IoT) have a limitation in adapting management function such as updating software, adopting various general cryptography mechanisms since they have limited processing power, storage space and transmission capacities. Moreover, IoT could not support all of requirement for IoT management function in heterogeneous environment. Especially, security is one of the issue in heterogeneous environments. Therefore, this draft describes IoT architecture based on virtual thing environment and classify the requirements as well as problem statement. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, and it may not be published except as an Internet-Draft. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any Yang, et al. Expires April 31, 2017 [Page 1] Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016 time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on April 31 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Yang, et al. Expires April 31, 2017 [Page 2] Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016 Table of Contents 1. Introduction ................................................ 4 1.1. Terminology ............................................ 4 2. Problem statement ........................................... 4 2.1.1. Interface issues ................................... 5 2.1.2. Software management issues ......................... 5 2.1.3. On demand security issues .......................... 5 3. Virtual thing Architecture for IoT ........................... 6 3.1. Architecture ........................................... 6 4. Consideration ............................................... 6 5. Security Considerations ...................................... 7 6. IANA Considerations ......................................... 7 7. Conclusion .................................................. 7 8. References .................................................. 7 8.1. Normative References .................................... 7 8.2. Informative References .................................. 7 9. Acknowledgments ............................................. 7 Yang, et al. Expires April 31, 2017 [Page 3] Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016 1. Introduction Currently, in heterogeneous IoT environments, IoT networks are required to meet various requirements for management such as supporting various interfaces (REST API, specific protocols), security issues and software management (OS update, synchronization). Moreover, each IoT device may have a different hardware specification and requirement depending on what function or application the IoT device is design for. Especially, security is one of the major management issues in IoT. However, supporting every requirement is a challenge for IoT because IoT is a constrained environment with resource constrained devices. This draft describes an IoT architecture based on virtual thing environment to classify the requirement and problem statement. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. Virtual thing It is a virtual machine which can provide various application. This entity maps to physical thing(IoT) as 1:1, 1:N, N:N 2. Problem statement In the heterogeneous IoT environment, many functions are required to be managed such as supporting various interfaces (REST API, specific protocol), security issues and software management (OS update, synchronization). However, it is quite a challenge for the current IoT to support every requirement since IoT is a constrained environment and IoT devices are limited devices. In this situation, one of solutions is to enable a gateway to have a lots of function to meet the requirements. Although the solution can solve a part of requirements, it can't support all requirements since there will be burdens when the number of IoT increases continuously. In addition, when an IoT device moves to another gateway, this gateway should support the same functions that are supported by the previous. Moreover, all packets should go to another IoT network through the gateway. Yang, et al. Expires April 31, 2017 [Page 4] Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016 To support various functions in heterogeneous environments, IoT manager should be considered various requirements to manage IoT such as supporting various interfaces (REST API, specific protocol), security issues and software management (OS update, synchronization). Moreover, it should consider characteristics of IoT like specifications of hardware and ability of IoT. 2.1.1. Interface issues IoT should support various protocols or REST API to communicate with each vender's IoT since every IoT device may have a different protocol or API according to its vender and characteristics of IoT. However, it is not a good solution if each IoT device is required to support various interfaces. Even though, all venders would use a unified APIs or interfaces, it has a limitation to meet all requirements, for example, security supporting. 2.1.2. Software management issues IoT also needs an operating system for management and applications also need to update to fix a bug or for a new feature. However, it is not easy to update OS or applications at the same time since IoT devices do not always connect to the Internet. It also can be an issue in the security aspect because confliction of software version can create a chance for attackers. To deal with this problem, synchronization protocols or management methods are required. 2.1.3. On demand security issues In the IoT environment, IoT is required to provide different security levels and conditions. For example, when an IoT device sends sensing data that it is not important like temperature, IoT doesn't need to use a powerful security mechanism. On the other hand, when an IoT device sends an important data like health monitoring results or action messages, IoT needs a powerful security mechanism and functions such as access control or DDoS mitigation. Yang, et al. Expires April 31, 2017 [Page 5] Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016 3. Virtual thing Architecture for IoT 3.1. Architecture +---------------------------------------------------------+ | +---+ +security fn | | | V | +OS management| | +-|-+ +application | +-------------------------------------|-------------------+ +-------------------------------------|-------------------+ | | | | Secure channel | | | | +-------------------------------------|-------------------+ +-------------------------------------|-------------------+ | +-|-+ | | | P | +IoT | | +---+ | +---------------------------------------------------------+ Figure 1 Virtual thing Architecture for IoT As shown in figure 1, the virtual thing based architecture is hierarchically constructed. It consists of three layers. The first layer is physical layer. It is a basic layer for physical devices. The second layer is a secure connection layer. This section supports security connection between physical devices and virtual things. The third layer is a virtual thing layer. This layer provides various functions such as security, operation system, or sensor configuration. 4. Consideration In this document, we describe virtual thing based on architecture for IoT. In future work, we will define specific requirement for standard of modeling value. Yang, et al. Expires April 31, 2017 [Page 6] Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016 5. Security Considerations TBD 6. IANA Considerations This document has no IANA actions. 7. Conclusion In this document, we describe an IoT management architecture based on virtual thing environment to solve existing problems. In addition, we describe problem statements with three use cases. In the future work, we classify requirements with more use cases. 8. References 8.1. Normative References [I.D. draft-irtf-t2trg-iot-seccons-00] O. Garcia-Morchon, S. Kumar, M. Sethi, "Security Considerations in the IP-based Internet of Things", draft- irtf-t2trg-iot-seccons-00, October 09, 2016. 8.2. Informative References 9. Acknowledgments Yang, et al. Expires April 31, 2017 [Page 7] Internet-Draft draft-yang-t2trg-virtualthing-00 October 2016 Authors' Addresses Hyunsik Yang Soongsil University 369, Sangdo-ro, Dongjak-gu, Seoul 156-743, Korea Email: yangun@dcn.ssu.ac.kr Younghan Kim Soongsil University 369, Sangdo-ro, Dongjak-gu, Seoul 156-743, Korea Email: younghak@ssu.ac.kr Yang, et al. Expires April 31, 2017 [Page 8]