idnits 2.17.1 draft-tang-iiot-architecture-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 41 instances of too long lines in the document, the longest one being 54 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (2 November 2020) is 1263 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-13) exists of draft-ietf-core-coap-pubsub-09 Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Industrial Internet of Things C. Tang 3 Internet-Draft H. Wen 4 Intended status: Informational S. Ruan 5 Expires: 6 May 2021 B. Huang 6 X. Feng 7 Chongqing University 8 2 November 2020 10 IPv6 and 5G based Architecture for IIoT 11 draft-tang-iiot-architecture-00 13 Abstract 15 As the foundation of the current new round of industrial revolution, 16 the Industrial Internet of Things (IIoT) based on Cyber-Physical 17 Systems (CPS) [smart-factory] has become the focus of research in 18 various countries. In the entire development stage of IIoT, one of 19 the key issues is the standardization of the IIoT architecture. With 20 the development of intelligent manufacturing technology, the number 21 of the IIoT devices will increase sharply, and a large amount of data 22 will be generated in the industrial manufacturing process. However, 23 traditional industrial networks cannot meet the IIoT requirements for 24 high data rates, low latency, massive connections, interconnection 25 and interoperability. The current IIoT architectures also have 26 various limitations: mobility, security, scalability, and 27 communication reliability. These limitations hinder the development 28 and implementation of IIoT. As a network layer protocol, IPv6 can 29 solve the problem of IPv4 address exhaustion. As a high-speed, low- 30 latency wireless communication technology, 5G has great potential in 31 promoting IIoT. In order to solve the above problems, this draft 32 proposes an IIoT architecture based on IPv6 and 5G. It can provide 33 high-speed, low-latency communication services, provide massive 34 connectivity, mobility, scalability, security and other features for 35 industrial device. And the architecture can provide generalized, 36 refined, and flexible network services for devices outside the 37 factory. And an information model is defined to standardize the 38 representation of information in IIoT. Finally, the draft discusses 39 security challenges and recommendations in IIoT. 41 Status of This Memo 43 This Internet-Draft is submitted in full conformance with the 44 provisions of BCP 78 and BCP 79. 46 Internet-Drafts are working documents of the Internet Engineering 47 Task Force (IETF). Note that other groups may also distribute 48 working documents as Internet-Drafts. The list of current Internet- 49 Drafts is at https://datatracker.ietf.org/drafts/current/. 51 Internet-Drafts are draft documents valid for a maximum of six months 52 and may be updated, replaced, or obsoleted by other documents at any 53 time. It is inappropriate to use Internet-Drafts as reference 54 material or to cite them other than as "work in progress." 56 This Internet-Draft will expire on 6 May 2021. 58 Copyright Notice 60 Copyright (c) 2020 IETF Trust and the persons identified as the 61 document authors. All rights reserved. 63 This document is subject to BCP 78 and the IETF Trust's Legal 64 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 65 license-info) in effect on the date of publication of this document. 66 Please review these documents carefully, as they describe your rights 67 and restrictions with respect to this document. Code Components 68 extracted from this document must include Simplified BSD License text 69 as described in Section 4.e of the Trust Legal Provisions and are 70 provided without warranty as described in the Simplified BSD License. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 75 2. IIoT Architecture . . . . . . . . . . . . . . . . . . . . . . 4 76 3. The Factory Internal Network . . . . . . . . . . . . . . . . 7 77 3.1. Status and Development Trends . . . . . . . . . . . . . . 7 78 3.2. Functional View . . . . . . . . . . . . . . . . . . . . . 8 79 3.3. Network View . . . . . . . . . . . . . . . . . . . . . . 10 80 3.4. Way of Communication . . . . . . . . . . . . . . . . . . 13 81 4. The Factory External Network . . . . . . . . . . . . . . . . 15 82 4.1. Situation . . . . . . . . . . . . . . . . . . . . . . . . 15 83 4.2. Development Trend . . . . . . . . . . . . . . . . . . . . 15 84 4.3. Enterprise Dedicated Line . . . . . . . . . . . . . . . . 16 85 4.4. Mobile Communication Network . . . . . . . . . . . . . . 19 86 5. Information Model . . . . . . . . . . . . . . . . . . . . . . 20 87 6. Security Challenges and Recommendations . . . . . . . . . . . 23 88 6.1. Sensing Security . . . . . . . . . . . . . . . . . . . . 24 89 6.2. Transport Layer Security . . . . . . . . . . . . . . . . 24 90 6.3. Appliacation Layer Security . . . . . . . . . . . . . . . 25 91 6.4. IIoT Security Solutions . . . . . . . . . . . . . . . . . 26 92 7. Informative References . . . . . . . . . . . . . . . . . . . 26 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 95 1. Introduction 97 IIoT is an industry and application ecology formed by the 98 comprehensive and deep integration of the Internet, information 99 technology and industrial systems, and IIoT is a key information 100 infrastructure for the development of industrial intelligence. Its 101 essence is based on the network interconnection between machines, raw 102 materials, control systems, information systems, products, and 103 people. Intelligent control, operation optimization and production 104 organization reform will be achieved through comprehensive in-depth 105 perception of industrial data, real-time transmission and exchange, 106 fast calculation processing and advanced modeling analysis. The IIoT 107 foundation is the system architecture, this is the interconnection 108 and intercommunication of the entire industrial system through 109 technologies such as the Internet of Things and the Internet to 110 promote the full circulation and seamless integration of industrial 111 data. 113 The communication technology in the industrial network 114 interconnection architecture needs to meet the following major 115 requirements: 117 * High communication rate. More and more manufacturing activities, 118 such as real-time monitoring of all production factors and the 119 entire production process, and the application of cloud computing, 120 edge computing, virtual reality and augmented reality in the 121 manufacturing industry, will generate a large amount of 122 manufacturing data, which needs to be stable and uninterrupted 123 data rate exceeding 25 Mbps [iiot-5g] . 125 * High coverage. The goal of the IIoT is to establish "ubiquitous 126 communication." In other words, any area of the manufacturing 127 plant should achieve 100% networking coverage. However, in actual 128 factories, due to the complex production environment, such as 129 electromagnetic interference and obstacles, the current 130 communication technology cannot meet the requirements of high 131 coverage. 133 * Low latency. Advanced manufacturing activities, such as human- 134 machine cooperation, machine-machine cooperation, and remote real- 135 time control, have higher requirements on communication delays, 136 and generally require lower delays (about 1 ms). Although the 137 current wireless communication technology has made great progress, 138 and the end-to-end delay is about 20-100 ms [iiot-5g] , it still 139 cannot meet the urgent need for low delay in IIoT communication. 141 * Massive connections. Compared with traditional manufacturing, 142 because of the interconnection of all things in IIoT, data 143 collection in the entire process and will inevitably lead to an 144 exponential increase in the number of communication nodes. Taking 145 into account the current communication technology, wired 146 communication cannot meet the requirements of massive node 147 connections due to its difficult to arrange lines, and wireless 148 communication cannot meet the requirements due to the limitation 149 of the number of access nodes. 151 * Interconnection. In the development of industrial networks, there 152 are many different communication protocols. Such as fieldbus 153 protocols: PROFIBUS, Modbus, HART, etc. Industrial Ethernet 154 protocols: Ethernet/IP, PROFINET, Modbus TCP, etc. Industrial 155 wireless protocols: WLAN, Bluetooth, WirelessHART, etc. Because 156 these protocols use different technologies at the physical layer, 157 link layer, and application layer, the interconnection and 158 interoperability are not ideal, which affects the expansion of the 159 IIoT to some extent. 161 The main work of this architecture is introduced as follows: 163 Combining the actual scenarios of factory intelligent manufacturing 164 and the requirements of IIoT for communication technology, an 165 industrial network interconnection architecture based on IPv6 and 5G 166 communication technology is designed, which can provide high-speed, 167 high-reliability, and low-latency communication services, including 168 inside the factory The network provides functions such as massive 169 connection, mobility, equipment registration and discovery, and 170 security for industrial production-related equipment; the factory 171 external network provides generalized, refined, and flexible network 172 services for equipment outside the factory. In order to standardize 173 the representation of information in IIoT, an information model is 174 defined. Summarized the current security challenges in IIoT, and put 175 forward some security recommendations. 177 2. IIoT Architecture 179 In the IIoT architecture, the network is the foundation, providing 180 infrastructure for the comprehensive interconnection of people, 181 machines, and things, and promoting the full flow and seamless 182 integration of various industrial data. The industrial Internet 183 network connection involves different technical fields with multiple 184 elements and multiple subjects inside and outside the factory, with a 185 large scope of influence and many optional technologies. There are 186 various network connection technologies in the industrial field. 187 These technologies are designed for specific scenarios in the 188 industrial field, and have played a huge role and performance 189 advantages in specific scenarios. However, in terms of data 190 interoperability and seamless integration, they often cannot meet the 191 growing demands of IIoT. 193 The overall goal of IIoT network connection is to promote the 194 interconnection and intercommunication between systems, unlock data 195 from isolated systems and networks, and make data play a greater 196 value for applications within and across industries. 198 This chapter proposes an industrial network system architecture based 199 on the transformation of factory IP network, including two major 200 networks, the factory internal network and the factory external 201 network, as shown in Figure 1. 203 The factory internal network is used to connect various elements in 204 the factory, including people (such as production people, designers, 205 external people), machines (such as equipment, office equipment), 206 materials (such as raw materials, work in progress, finished 207 products), Environment (such as instruments, monitoring equipment), 208 etc. Through the factory internal network, it is interconnected with 209 enterprise data centers and application servers to support business 210 applications in the factory. 212 The factory external network is used to connect smart factories, 213 branches, upstream and downstream collaborative enterprises, 214 industrial cloud data centers, smart products, and users. The data 215 center/application server in the smart factory is interconnected with 216 the industrial cloud data center outside the factory, through the 217 factory external network. Branches/collaborative enterprises, users, 218 and smart products are also connected to the industrial cloud data 219 center or enterprise data center through the factory external 220 network. The data intercommunication in IIoT realizes the seamless 221 transfer of data and information among various elements and systems, 222 so that heterogeneous systems can "understand" each other at the data 223 level, thereby realizing data interoperability and information 224 integration. IIoT requires breaking information islands, realizing 225 cross-system intercommunication of data, and fusion analysis. 226 Therefore, the data interoperability connection layer supports the 227 convergence of the underlying data generated by various factory 228 elements and factory products to the data center on the one hand; on 229 the other hand, it provides access interfaces to the data of the 230 multi-source heterogeneous system for the upper-layer applications to 231 support industrial applications. And the factory external network 232 also should support the rapid development and deployment of 233 industrial application. 235 _______________________ __________________ ________ 236 |Upstream and | |Industrial | | | 237 |downstream companies | |Cloud Platform | | User | 238 |_______________________| |__________________| |________| 239 \ | / 240 \ | / 241 \ ___________________________|_____________/_____ 242 { } 243 { Factory external network } 244 { (Internet/mobile network/private network) } 245 { } 246 {_______________________________________________} 247 / | \ 248 / | \ 249 _________/_____________|___________\_______________ 250 { _______ _______ _______ _______ _______ } 251 { | MES | | SCM | | ERP | | CRM | | APP | } 252 { |_______| |_______| |_______| |_______| |_______| } 253 { } 254 { Factory internal cloud platform } 255 {___________________________________________________} 256 / \ 257 / \ 258 _______/_____ ______\______ 259 | Monitor | | Controll | 260 | System | | System | 261 |_____________| |_____________| 262 _____|__________________________|_______ 263 | | | | 264 ___|__ ___|__ ___|__ ___|__ 265 |Device| |Device| |Device| |Device| 266 |______| |______| |______| |______| 268 Figure 1: IIoT Architecture 270 Architecture advantages: 272 * High communication rate. The factory network adopts industrial 273 PON and 5G technology, which can realize high-speed data 274 transmission. 276 * Low communication delay. The Ethernet-based TSN network [tsn] and 277 5G wireless network can realize low-latency communication and 278 ensure real-time industrial production. 280 * Massive connections. IPv6 [I-D.ietf-6lowpan-usecases] can assign 281 an IP address to each industrial IoT device, and the 5G network 282 supports the wireless access of a large number of IIoT devices. 284 * Scalability. When new industrial equipment joins the network, it 285 can register with the edge server. When other industrial 286 equipment has data and service requirements for the new industrial 287 equipment, the new industrial equipment can be found on the edge 288 server to access data or services. 290 * Mobility. After the device moves in multiple networks, it will 291 register with the edge server again, and the device will obtain a 292 new address from the edge server to perform subsequent 293 communication. 295 * Localization of computing and storage. Use edge computing 296 technology to perform computing or data storage services in edge 297 servers close to industrial sites [edge-computing]. 299 * Support multiple communication protocols. Use OPC UA protocol, 300 support TCP, WebSocket, HTTP and other transmission protocols, 301 which can realize device-to-device communication; support UDP 302 broadcast, MQTT, AMQP and other protocols, and realize Sub/Pub 303 communication [I-D.ietf-core-coap-pubsub]. 305 * Cloudization of network services outside the factory. Based on 306 cloud computing and enterprise dedicated line technology, the 307 enterprise business system will be deployed to the cloud to 308 facilitate external services. It can also provide segmented 309 services for different scenarios such as public cloud and private 310 cloud. Use network virtualization technology to improve the 311 flexibility of network services, so that The factory external 312 network will be able to quickly open services and quickly adjust 313 services according to enterprise requirements. 315 3. The Factory Internal Network 317 3.1. Status and Development Trends 319 In the IIoT factory, on the one hand, the digitization of the factory 320 requires that the digitization of many existing business processes be 321 carried by the corresponding network. On the other hand, a large 322 number of new networked devices have been introduced, such as AGVs, 323 robots, mobile handheld devices, etc.; a large number of new business 324 processes have been introduced, such as asset performance management, 325 predictive maintenance, and personnel/material positioning. The 326 introduction of new equipment and business processes creates new 327 demands on the network. As a result, the traditional two networks 328 (production network and office network) in the factory will become 329 multiple networks, which will correspondingly cause changes in the 330 network architecture in the factory. 332 In order to break information islands and improve operational 333 efficiency, companies will deploy business systems that were 334 originally deployed on various servers, such as MES, PLM, ERP, SCM, 335 CRM, etc., to the data center/cloud platform in the factory. The 336 data generated by each networked device and business process must be 337 able to be aggregated in the data center/cloud platform in real time 338 for joint analysis and rapid decision-making. Changes in business 339 system deployment will also cause changes in network architecture. 341 The IIoT demand for flexible manufacturing and personalized 342 customization requires the production domain to be flexibly 343 reconfigured according to requirements, and intelligent machines may 344 be adjusted and migrated between different production domains. This 345 requires the network architecture in the factory to be able to adapt 346 to the needs of fast networking and flexible adjustment. 348 The factory internal network proposed in this chapter can be 349 understood from two aspects: functional view and network view. 351 3.2. Functional View 353 Functional view: According to the specific functions of the system 354 and devices, and the location of the network, the factory internal 355 network can be divided into device layer, control layer, and factory 356 management layer, as shown in Figure 2. 358 _______ _____________________________________ 359 | |<--->| Factory management device | 360 | | |_____________________________________| 361 | | ^ ^ 362 | | | | 363 | | _______v________ | 364 | |<--->| Monitor device |<---+ | 365 | | |________________| | | 366 | | ^ | | 367 | Edge | | | | 368 | server| | | | 369 | | _______v_________ | | 370 | |<--->| Controll device |<--+--+ 371 | | |_________________| | 372 | | ^ | 373 | | | | 374 | | | | 375 | | _______v_______ | 376 | |<--->| Manufacturing |<----+ 377 | | | device | 378 |_______| |_______________| 380 Figure 2: Functional View 382 (1) Device layer: realize the sensing and execution of the 383 manufacturing process, and define the activities involved in the 384 perception and execution of the manufacturing process. The time 385 resolution granularity can be seconds, milliseconds, and 386 microseconds. Various sensors, transmitters, actuators, RTUs, 387 barcode scanners, RFID readers, and intelligent manufacturing 388 equipment such as CNC machine tools, industrial robots, AGVs, 389 conveyor lines, etc. run on this layer. These devices are 390 collectively referred to as field devices. 392 (2) Control layer: Realize the monitoring and control of the 393 manufacturing process, and define the activities of monitoring and 394 controlling the manufacturing process. The time resolution 395 granularity can be hours, minutes, seconds, and milliseconds. 396 According to different functions, this level can be further 397 subdivided into: 399 * Monitoring and control layer: With operation monitoring as the 400 main task, it also has some management functions such as advanced 401 control strategies and fault diagnosis. Visual data acquisition 402 and monitoring system (SCADA), HMI (human-machine interface), DCS 403 operator station, real-time database server, etc. run on this 404 layer; 406 * On-site control layer: measure and control the production process, 407 collect process data, perform data conversion and processing, 408 output control signals, and realize logic control, continuous 409 control and batch control functions. Various programmable control 410 equipment, such as PLC, DCS controller, industrial computer (IPC), 411 other special controllers, etc. run on this layer. 413 (3) Factory management: realize the production management of the 414 factory and define the workflow/recipe control activities for the 415 production of expected products, including: maintenance records, 416 detailed production scheduling, reliability assurance, etc. The time 417 resolution granularity can be day, shift, hour, minute, second. 418 Manufacturing execution system (MES), warehouse management system 419 (WMS), quality management system (QMS), energy management system 420 (EMS), etc. operate at this layer. 422 In order to achieve the scalability of the IIoT (after a new device 423 joins the network, other devices can access data or call related 424 services), this architecture designs device registration and device 425 discovery functions. 427 Device registration: When a new device is connected to the network, 428 it will register its name with the edge gateway. The format of the 429 registered name is /Service-Name/Gateway-Name/Device-Name, and the IP 430 address of the device is stored and bound with the name. 432 Device discovery: When a device needs to access data in other devices 433 or call services in other devices, it can be queried in the edge 434 gateway. It can find the IP address of a corresponding group of 435 devices based on the service name and gateway name, and based on 436 Service name, gateway name, device name to find the corresponding IP 437 address of a certain device. After finding the IP address, device 438 can communicate with the corresponding device. 440 3.3. Network View 442 Network view: The factory internal network can be divided into three 443 parts: edge network, backbone network, and factory cloud platform. 444 They can be interconnected through industrial PON. As shown in 445 Figure 3. 447 Due to the diversification of connected production factors, the edge 448 network presents a variety of types: according to business needs, the 449 edge network can be an industrial control network, office network, 450 monitoring network, positioning network, etc.; according to real-time 451 requirements, the edge network can be real-time network, non-real- 452 time network; according to the transmission medium, the edge network 453 can be wired network or wireless network; according to the 454 communication technology adopted, the edge network can be industrial 455 Ethernet, 5G wireless network, etc.; the range of the edge network 456 may be a workshop, An office building, a warehouse, etc.; each edge 457 network is composed of edge servers, edge gateways, and field 458 devices. Industrial enterprises can comprehensively consider 459 business requirements and costs, and select appropriate technologies 460 to deploy corresponding edge networks. 462 The backbone network is used to realize the interconnection between 463 edge networks, cloud platforms/data centers in the factory, etc., 464 requiring high bandwidth and high speed. Depending on the size of 465 the enterprise, the backbone network can be large or small. It can 466 be a cluster of fully interconnected routers, or it can include only 467 one or two backbone routers. 469 For example, industrial device, control device, and monitoring device 470 that need wired connections can be connected to switches that support 471 industrial Ethernet protocols through optical fibers. The specific 472 physical layer protocol can use industrial PON, and the data link 473 layer protocol can use TSN protocol to form TSN Ethernet edge 474 network. 476 Industrial device, control device, and monitoring device that need 477 wireless connections can be connected to 5G base stations through 5G 478 wireless connections to form a 5G wireless edge network. 480 ___________________________________________________ 481 { _______ _______ _______ _______ _______ } 482 { | MES | | SCM | | ERP | | CRM | | APP | } 483 { |_______| |_______| |_______| |_______| |_______| } 484 { } 485 { Factory internal cloud platform } 486 {___________________________________________________} 487 | 488 | 489 ___________|____________ 490 | | 491 | Backbone network | 492 |________________________| 493 / \ 494 / \ 495 _______/_____ ______\_________ 496 | Wired edge | | Wireless edge | 497 | gateway | | gateway | 498 |_____________| |________________| 499 ____________|__________________________|_______ 500 | | | | 501 ___|___ _____|_________ ____|___ ___|_____ 502 | | | Manufacturing | |Controll| | Monitor | 503 |Product| | device | | device | | device | 504 |_______| |_______________| |________| |_________| 506 Figure 3: Network View 508 In order to realize the communication between edge networks of 509 different protocols and the IP of industrial device, control device, 510 and monitoring device, the IPv6 protocol can be used at the network 511 layer. However, there are still a large number of devices and 512 applications of the IPv4 protocol. In the transition phase to the 513 IPv6 protocol, if the number of IPv4 devices and applications is 514 large, the GI DS LITE tunnel technology solution can be used. If the 515 number of IPv4 devices and applications is small, IPv4/IPv6 dual- 516 stack technology solutions can be used 518 The backbone network is used to realize the interconnection between 519 edge networks and cloud platforms in the factory, and requires high 520 bandwidth and high speed. Depending on the size of the enterprise, 521 the backbone network can be large or small. It can be a cluster of 522 fully interconnected routers, or it may contain only one or two 523 backbone routers. 525 The factory cloud platform can be upgraded to a TSN network on the 526 basis of the original standard Ethernet, which can meet the 527 requirements of industrial cloud platforms for high bandwidth and low 528 latency. TSN also has excellent upper-layer support compatibility 529 and can support a variety of upper-layer communication protocols. 530 For example, TSN and OPC UA can solve data intercommunication 531 problems in the factory, and extend OPC UA data collection and cloud 532 services to the field level. Our architecture will realize all-round 533 real-time data collection and real-time operation in the production 534 environment. 536 3.4. Way of Communication 538 The relationship between the functional view and the network view: 539 the communication between the device layer and the control layer can 540 be realized in the edge network; the functions of the factory 541 management layer can be deployed in the factory cloud platform; the 542 backbone network is responsible for the communication between the 543 device layer, the control layer and the factory management layer. 545 (1) Communication between device and device: The one-to-one 546 communication between devices can adopt the C/S architecture in OPC 547 UA, and support the transmission protocols of TCP, WebSocket, and 548 HTTP. OPC UA server and client are separately deployed in the two 549 devices. When device need to access data or send instructions, it 550 can use its own client to initiate communication with the other's OPC 551 UA server. As shown in Figure 4. 553 ____________ Return data ____________ 554 | _______ | Operation result | _______ | 555 | |OPC UA |--|------------------|>|OPC UA | | 556 | |Server |<-|------------------|-|Client | | 557 | |_______| | Query data | |_______| | 558 | | Send operation | | 559 | Device A | | Device B | 560 | | Return data | | 561 | _______ | Operation result | _______ | 562 | |OPC UA |<-|------------------|-|OPC UA | | 563 | |Client |--|------------------|>|Server | | 564 | |_______| | Query data | |_______| | 565 |____________| Send operation |____________| 567 Figure 4: The C/S Architecture in OPC UA 569 The communication between one-to-many devices can use the Pub/Sub 570 mechanism in OPC UA, and supports multiple mechanisms such as UDP 571 broadcast, MQTT, AMQP, etc. If multiple devices have requirements 572 for the data in one device, multiple devices can subscribe to this 573 device. This device will publish this data to multiple devices when 574 it collects or detects data changes. As shown in Figure 5. 576 subscribe 577 _____________ message _____________ 578 | |<-------| OPC UA | 579 | |------->| Subscriber | 580 | |publish |_____________| 581 | OPC UA |message 582 | Publisher | 583 | |subscribe 584 | | message _____________ 585 | |<-------| OPC UA | 586 | |------->| Subscriber | 587 |_____________|publish |_____________| 588 message 590 Figure 5: Pub/Sub mechanism in OPC UA 592 (2) Communication between device and edge server. 594 Use the server/client mode in OPC UA, which is suitable for 595 application scenarios such as larger data volume and industrial 596 automation control. For example, in the scene of machine vision 597 product quality inspection, device uses a camera to collect machine 598 vision pictures of the product after the product is manufactured or 599 assembled, and the picture is sent to the edge server's intelligent 600 detection algorithm for analysis and processing through the OPC UA 601 protocol. Then the edge server returns the detection result to the 602 industrial equipment, and the industrial equipment performs the next 603 step according to the detection result. 605 Use the subscription/push mode in MQTT, which is suitable for 606 communication between devices with small data volume, low bandwidth, 607 and low hardware resources and edge servers. For example, in the 608 scenario of factory temperature intelligent adjustment, the energy- 609 saving management program in the edge server needs to automatically 610 turn on or control the adjustment device according to the change of 611 temperature and humidity. The energy-saving management program in 612 the edge server can first subscribe to the edge gateway with the 613 theme of temperature and humidity. After the sensor device in the 614 factory periodically collects the temperature and humidity data, it 615 publishes relevant messages to the edge gateway with the theme of 616 temperature and humidity. Then the edge gateway pushes this message 617 to the energy saving management program in the edge server, and then 618 realizes the automatic adjustment function. 620 (3) Communication between device and cloud server: A variety of 621 production management applications are running on the factory cloud 622 platform, which realizes data collection, process monitoring, 623 industrial device management, quality management, production 624 scheduling, and data statistical analysis for the entire production 625 process, so as to realize the informatization, intelligence and 626 flexibility of the smart manufacturing management. In order to 627 realize the communication between device and cloud server, you can 628 use OPC UA protocol to deploy OPC UA server on device and deploy 629 client on cloud server, so that cloud server can read real-time 630 production data on device and send it control instruction. Or the 631 cloud server first subscribes to the device for data, and when the 632 data is ready, the device sends the data to the cloud server, and the 633 cloud server sends instructions or data to the device. 635 4. The Factory External Network 637 The factory external network is designed to support various 638 activities in the entire life cycle of the industry and is used to 639 connect the upstream and downstream of the enterprise, the network 640 between the enterprise and the product, and the enterprise and the 641 user. 643 4.1. Situation 645 Due to the different levels of informatization development in 646 different industries and fields of industry, the breadth and depth of 647 the development and utilization of industrialized data and 648 information are not the same, so there is an uneven network 649 construction and development outside the factory, and some industrial 650 enterprises only apply for ordinary Internet access. There are still 651 islands of information between different areas of some industrial 652 enterprises. 654 4.2. Development Trend 656 With the development of industrial networking and intelligence, the 657 systems and applications in the factory are gradually expanding 658 outward, and the industrial Internet services outside the factory are 659 showing a trend of generalization, refinement and flexibility. 661 Network services outside the factory are universal. The traditional 662 network outside the factory mainly provides the communication of 663 commercial information, and the information systems of the enterprise 664 are also deployed on the network inside the factory. The network 665 outside the factory has few connection objects and single service. 666 With the development of cloud platform technology, some enterprise 667 information systems (such as ERP, CRM, etc.) are being externalized, 668 and more and more IT software is also based on the Internet to 669 provide services on the cloud. With the development of the remote 670 service business of industrial products and device, the remote 671 monitoring, maintenance, management, and optimization of massive 672 device will be carried out based on the network outside the factory 673 in the future. 675 Refined network services outside the factory. The factory external 676 network will realize the ubiquitous interconnection of the entire 677 industrial chain and value chain. The complex and diverse connection 678 scenarios promote the refined development of services. On the one 679 hand, the connection demand of massive device has promoted the 680 construction of mobile networks outside the factory and the rapid 681 development of wide-coverage services; on the other hand, the shift 682 in enterprise Internet demand to cloud demand has promoted the 683 refinement of private line services. Provide segmented services for 684 different scenarios such as enterprise Internet access, business 685 system cloud access, public cloud and private cloud interoperability. 687 Flexible network services outside the factory. The development of 688 network virtualization and softwareization has improved the 689 flexibility of network services, so that the network outside the 690 factory will be able to quickly open services and adjust services 691 according to enterprise requirements; the application of a large 692 number of mobile communication network technologies has improved the 693 convenience and convenience of network access. The speed of 694 deployment provides a more flexible way for enterprises to achieve 695 extensive interconnection. 697 4.3. Enterprise Dedicated Line 699 The wide-area Internet business requirements of industrial entities 700 mainly include the following aspects: 702 The Internet access requirements of industrial entities, the 703 interconnection and isolation requirements between industrial 704 entities across regions, the interconnection requirements of 705 industrial networks and hybrid clouds, and the differentiated 706 requirements (QoS, security/protection, etc.) of the industrial 707 Internet for wide-area bearer networks. 709 At present, to meet the above requirements, the widely used carrier 710 private line services mainly include: MPLS VPN dedicated line, and 711 OTN-based optical network dedicated line. 713 MPLS VPN virtual private network builds enterprise virtual private 714 network on the public MPLS network, to meet the needs of safe, fast 715 and reliable industrialized communication between branches in 716 different cities (international and domestic), and can support 717 multimedia services that require high-quality and high reliability, 718 such as office, data, voice, and images. 720 The MPLS VPN dedicated line is based on IP and high-speed label 721 forwarding technology. Through the setting of QoS bits, the 722 distinction of service levels and quality service guarantee can be 723 realized. 725 The intelligent optical network based on OTN (Optical Transport 726 Network) is an ideal solution for large-particle broadband service 727 transmission. If the main dispatching particle of the external 728 private network of an enterprise reaches the Gb/s level, the OTN 729 technology can be considered as a priority for network construction. 731 With the increase in enterprise network application requirements, 732 large enterprises also have large-particle circuit scheduling 733 requirements. The introduction of OTN technology can realize the 734 flexibility of large-particle circuit scheduling. Compared with MPLS 735 VPN, OTN technology can realize an end-to-end physical private 736 network, which is more attractive for specific enterprises that 737 require large bandwidth (above Gbps) and require higher data and 738 service reliability and security. 740 In addition, emerging technologies such as SD-WAN and CloudVPN can 741 complement existing technologies, integrate various dedicated line 742 resources, and open the call platform through a unified capability to 743 form a transparent, integrated, and shielded part of the technical 744 complexity for users. The factory's extranet solution can more 745 economically meet the rapidly changing needs of enterprises for 746 private line services. 748 (1) The CloudVPN cloud dedicated line is new generation enterprise 749 private line network solution redefines enterprise interconnection 750 centered on cloud services, simplifying business deployment to the 751 greatest extent. CloudVPN can reduce the time of opening and 752 adjusting VPNs traditionally on a weekly or monthly basis to the 753 minute level, thereby providing convenient and flexible business 754 options and realizing enterprise interconnection on demand. 756 The CloudVPN cloud private line solution includes the basic network 757 equipment layer, management control layer, collaboration layer, and 758 user interface. The operator's private line access capability is 759 encapsulated as a simple OpenAPI interface, which supports 760 developers' applications to quickly order, activate, and adjust on- 761 demand services such as enterprise private line services and Internet 762 access private lines by directly calling the interface. CloudVPN 763 dedicated line network can be opened on demand in real time and 764 elastically expanded: it supports real-time adjustment of dedicated 765 line network bandwidth in industrial environments such as distance 766 education, data intercommunication, and video conferencing. 768 SD-WAN is an extranet interconnection service formed by applying new 769 SDN technology to WAN scenarios. This kind of service is used to 770 connect enterprise networks, data centers, Internet applications and 771 cloud services in a wide geographical area. 773 The technical features of SD-WAN include: 775 SD-WAN cloudizes the control capabilities of hardware networks 776 through software, thereby supporting the opening of user-perceivable 777 network capabilities; 779 The introduction of SD-WAN technology reduces the complexity and 780 technical threshold of user-side WAN operation and maintenance; 782 SD-WAN technology has a high degree of self-service capabilities, and 783 users can open, modify, and adjust private network interconnection 784 parameters. The core concept of SD-WAN is the user's networking 785 requirements and networking intentions, which can be translated and 786 managed through the centralized control orchestrator provided by the 787 communication service provider, shielding the complexity of the 788 underlying network technology; 790 SD-WAN supports heterogeneous network (access can be done in many 791 different ways including the Internet, other access methods such as 792 OTN, other dedicated lines, etc.), the access equipment is generally 793 on the user side, and the service differentiation point is on the 794 user side; Support users to make flexible business adjustments 795 through the self-service interface. 797 SD-WAN has the advantages of heterogeneous network and flexible 798 operation, but because its virtual private network may be implemented 799 based on Internet access, it may cause some hidden dangers in network 800 attacks and data security, and end-to-end encryption needs to be 801 implemented through encryption protocols. 803 4.4. Mobile Communication Network 805 With the development of the IIoT, the industrial production process 806 is no longer limited to the factory, and gradually integrates 807 industrial production with Internet business models, factories and 808 products, and customers through the factory external network. In 809 some production processes, the communication demand between the 810 factory and the devices outside the factory has also increased 811 significantly. 813 In these scenarios, mobile communication networks have been 814 increasingly used in industrial production due to the characteristics 815 of wide coverage, high speed, high network reliability and mature 816 industrial chain, which greatly expands the connotation and extension 817 of traditional industrial networks. Mobile communication network has 818 provided a good foundation for the development of IIoT. 820 3GPP's 5G defines three types of application scenarios: enhanced 821 mobile broadband (eMBB), large-scale machine communication (mMTC), 822 and high-reliability and low-latency communication (uRLLC). Among 823 them, the eMBB scenario can support the gradual emergence of high- 824 traffic services on IIoT, such as virtual factories and high- 825 definition video remote maintenance. Large-scale machine 826 communication scenarios are mainly aimed at massive field device 827 communications. 829 The 5G network is a network that separates control and forwarding. 830 The forwarding plane focuses more on the efficient routing and 831 forwarding of business data. It has the characteristics of 832 simplicity, stability and high performance to meet the forwarding 833 needs of massive mobile traffic in the future. The control plane 834 uses a logically centralized approach to achieve unified policy 835 control, ensure flexible traffic scheduling and connection 836 management. The centralized control plane realizes the programmable 837 control of the forwarding plane through the mobile flow control 838 interface. 840 The 5G core network supports various services with low latency, large 841 capacity, and high speed. The core network forwarding plane further 842 simplifies the sinking, and at the same time moves the business 843 storage and computing capabilities from the network center down to 844 the network edge to support high traffic and low time delay business 845 requirements, and realize flexible and balanced traffic load 846 scheduling function. 848 Main features and advantages: 850 The 5G network is a new type of network based on the separation of 851 control and forwarding. It improves the overall access performance 852 of the access network in complex 5G-oriented scenarios, simplifies 853 the core network structure, provides flexible and efficient control 854 forwarding functions, supports high intelligence operation, opens 855 network capabilities, and improves the overall service level of the 856 entire network. 858 The separation of the control plane and the forwarding plane makes 859 the network architecture flatter, and the gateway device can be 860 deployed in a distributed manner, thereby effectively reducing the 861 service transmission delay. 863 Diversified business scenarios have diverse performance requirements 864 and functional requirements for 5G networks. The 5G network has the 865 ability to adapt to business scenarios, and provides appropriate 866 network control functions and performance guarantees for each 5G 867 business scenario to achieve the goal of on-demand networking. 869 Applicable scene: 5G provides a more reliable, more open, and on- 870 demand network for IIoT. The 5G network will better support the 871 large-traffic services that are gradually emerging in the industrial 872 Internet, such as virtual factories and high-definition video remote 873 maintenance. The 5G network also supports a large number of 874 equipment monitoring inside and outside the factory, such as remote 875 monitoring and control of various device, remote control of wireless 876 video surveillance, remote monitoring and reporting of environmental 877 parameters and control machinery data, to meet the needs of the IIoT 878 applications. 880 5. Information Model 882 Information model is a method used to define information 883 representation, standardize data generated in industrial production, 884 and facilitate communication between different devices and different 885 applications. The information model should clarify three levels of 886 content: (1) define which objects and the data contained in the 887 objects; (2) how to organize these objects and data; (3) how to 888 define the data format. The information of each device in the 889 digital factory includes various parameters of the device itself, 890 runtime data and data composition of the components in the device. 891 This information is the object to be modeled. 893 The device information model can be divided into: static attribute 894 set, dynamic attribute set and component assembly set. The data in a 895 device is defined by attributes, and the collection of all 896 information data contained in the device is called its attribute set. 897 In the information model, information data is divided into static and 898 dynamic. Static information represents information data that does 899 not change or changes slowly after definition. In the device, it is 900 mainly manifested as asset identification, order data, etc., such as 901 material coding, processing device number, etc.; and dynamic 902 information represents data that is generated, disappeared or changed 903 in real time with the production process, generally device status 904 data, part production process record data, such as working status, 905 part processing size, logistics information, start and completion 906 time and many more. According to the static and dynamic nature of 907 information data, attributes are divided into static attributes and 908 process attributes. Static attributes form a static attribute set, 909 and process attributes form a process attribute set. 911 Each attribute set contains attribute data of several information 912 objects. Information objects are described by attributes, and 913 attributes are composed of attribute elements. This defines the 914 hierarchical structure of the information model as shown in Figure 6. 915 The elements of information model are explained from small to large 916 as follows in Figure 6. 918 Attribute elements: the basic elements that make up attributes, the 919 basic units of attributes, such as attribute identification, name, 920 data type, etc. 922 Attribute: the data describing the nature and characteristics of an 923 object. Each attribute consists of multiple attribute elements, but 924 not every attribute contains all attribute elements. 926 Information object: A body of information in the factory domain that 927 describes a general, real, or abstract entity that can be 928 conceptualized as a whole. Examples of information objects are the 929 spindle of a machine tool, the processing route of a certain part, 930 and the receipt of a certain material. The information object 931 completes its digital definition and digital description through its 932 attributes. 934 ___________________ 935 |Device information | 936 | model | 937 |___________________| 938 | ______________________ ____________________ __________ 939 +----| Static attribute set |---| Information object |---| Attribute| 940 | |______________________| |____________________| |__________| 941 | ______________________ ____________________ __________ 942 +----|Process attribute set |---| Information object |---| Attribute| 943 | |______________________| |____________________| |__________| 944 | ______________________ ____________________ ______________________ 945 +----| Component set |---| Component |-+-| Static attribute set | 946 |______________________| |____________________| | |______________________| 947 | ______________________ 948 +-| Process attribute set| 949 | |______________________| 950 | ______________________ 951 +-| Component set | 952 |______________________| 954 Figure 6: Information Model 956 Attribute set: A collection of a series of attributes. The attribute 957 set can be composed of sub-attribute sets or the attributes of 958 several information objects. According to the static and dynamic 959 nature of information, the attribute set is divided into static 960 attribute set and process attribute set. 962 Component: a physical object or logical object, which is a physical 963 or logical part of the upper-level object, and its characteristics 964 are described by the attribute set. Components can be nested, 965 components can have their own subcomponents, and all subcomponents of 966 the same object form a component set. 968 The device information model is an expandable tree structure that 969 allows nesting between attribute sets and components. In the above 970 definition, the attribute set and the component set are abstract 971 structural elements that constitute the description of the factory 972 information model. They are not a mapping of an actual object and do 973 not contain actual content. They are only used for the framework and 974 level of the organization model. 976 The device information model defined above is only an abstract 977 framework. When modeling the information in the actual device and 978 developing functions based on the information model, the actual 979 device and function need to be based on the category and semantics of 980 the frame. Various information model elements are filled to form an 981 information model object with practical meaning. This process is 982 called the instantiation of the information model. When the 983 information model is implemented, it needs to be based on the 984 specific description method and communication mechanism to realize 985 the organization and storage of the instantiated information model. 986 This section provides an information model implementation scheme 987 based on the OPC UA protocol, as shown in Figure 7. 989 According to various information in the actual device, use the device 990 information model to model, and use the OPC UA model generator to 991 generate the corresponding XML file according to the established 992 information model, and put it in the process model of the OPC UA 993 server. The process model can obtain real-time data of the physical 994 device through the data access module, save and update the value of 995 the corresponding attribute in the information model. 997 The information model can be displayed through the address space of 998 the OPC UA server, and the OPC UA client accesses the address space 999 of the server to obtain the data and information defined by the 1000 information model. When the OPC UA client accesses or modifies the 1001 attribute information defined in the information model to the server, 1002 the UA service will access or modify the corresponding attribute 1003 information in the process model and return the result to the OPC UA 1004 client. 1006 ____________________________________________________________________ 1007 | | 1008 ___________________ | _____________ _______________ ______________ | _________________ 1009 | OPC UA Client | | | UA Server | | Process Model | | Data Access | | | Physical Device | 1010 | |<---|--->| |<---->| |<--->| Module |<----|---->| | 1011 |___________________| | |_____________| |_______________| |______________| | |_________________| 1012 | | 1013 | OPC UA Server | 1014 |____________________________________________________________________| 1016 Figure 7: Information model realization scheme based on OPC UA 1017 protocol 1019 6. Security Challenges and Recommendations 1021 With the rapid development of sensor networks, cloud computing, 1022 artificial intelligence, and 5g technologies, the number of network 1023 devices in the future will rise sharply, and the corresponding market 1024 scale will also become larger, which will also cause corresponding 1025 security problems. Information leakage, virus proliferation, and 1026 even the destruction of public infrastructure, such as the impact of 1027 the national grid, communication equipment, servers, etc., before 1028 that, the security of IIoT has not attracted much attention, and the 1029 leakage of data collected by medical device has aroused widespread 1030 discussion in today's Internet era. People are becoming more aware 1031 of the importance of data security. With the recent extensive 1032 national-level management and control, more attention has been paid 1033 to the security of IIoT. It has also received attention from 1034 relevant agencies and enterprises in various countries. Regardless 1035 of life or technology, IIoT security will become a problem that must 1036 be solved for future development. 1038 The current IIoT architecture is roughly based on the classic three- 1039 tier model, which is essentially logically divided into: sensing, 1040 transport, and application. 1042 6.1. Sensing Security 1044 The sensing layer is to realize the sense and collection of data in 1045 the physical world, use sensors, cameras, RFID and other smart 1046 devices to realize data collection, and realize the secure 1047 transmission of data through limited networks and wireless networks. 1048 Its key technologies are RFID technology and sensor networks. The 1049 IIoT sense front-end is responsible for real-time detection and 1050 collection of data, and uploads it to the cloud data center for 1051 processing through the transmission network, while the presenter of 1052 the sense terminal is vulnerable to various security issues such as 1053 virus intrusion, information leakage, tampering, etc. Therefore, for 1054 weak terminals with limited cost and performance, two-way 1055 authentication, encrypted transmission, and remote upgrade 1056 capabilities should be met. Terminals with strong resource 1057 performance should meet stronger security capabilities, such as 1058 security certificate management, antivirus, and intrusion detection. 1059 For smart factory application scenarios, there are low latency 1060 requirements and fast response to services. Therefore, it is 1061 necessary to design efficient and lightweight security algorithms to 1062 deal with security threats, such as PRESENT block ciphers [PRESENT], 1063 DES lightweight ciphers, KATAN/KTANTAN lightweight ciphers [KATAN], 1064 and LBlock [Lblock] have all provided Different solutions. 1066 6.2. Transport Layer Security 1068 Consistent with the security requirements of the sensing layer, the 1069 task implemented by the transport layer is to re-responsibly transfer 1070 the data of the sensing layer to the application layer for 1071 processing. It also requires the transmission network and 1072 communication protocol, and the network node has been attacked by the 1073 network (such as man-in-the-middle, and counterfeit attacks), causing 1074 node paralysis, which may further cause the leakage of communication 1075 keys and affect the security of the entire network. At the same 1076 time, a large number of nodes and data can easily cause network 1077 congestion and cause denial of service attacks, which will also 1078 affect the transmission layer. Security puts forward higher 1079 requirements. Due to the need for communication between networks 1080 with different architectures in the transport layer, it is necessary 1081 to face security issues such as cross-network authentication, key 1082 negotiation, data confidentiality and integrity protection of 1083 heterogeneous networks. There are some confrontational security 1084 technologies, homomorphic encryption technology, secure multi-party 1085 technology, and anonymization technology. 1087 6.3. Appliacation Layer Security 1089 The application layer is the logical highest layer of the 1090 architecture. The tasks implemented in it are very many and complex, 1091 and the number of application categories is also different, such as 1092 monitoring services, smart grid, industrial control, green 1093 agriculture, etc. The application layer needs to process effectively 1094 the data from transport layer. Taking into account the huge data and 1095 network node calculations of IIoT, huge storage and computing 1096 capabilities are required, and the use of cloud computing technology 1097 can carry these tasks at a significant cost-effectiveness. The 1098 current architecture is based on cloud computing, and cloud platforms 1099 realize applications. The processing response of business logic 1100 emphasizes the combination of IIoT and cloud computing. Therefore, 1101 there are also cloud computing and cloud platform security issues, 1102 including platform data storage, exchange, processing and other 1103 security issues, as well as data security and interaction issues 1104 arising from the integration of different platforms. At present, the 1105 cloud platform uses WAF, firewall, and HIDS. To a certain extent, it 1106 has played a role in data protection, but further security technical 1107 support is still needed. The distributed structure based on edge 1108 computing can share the computing pressure, decrease response time, 1109 and to a certain extent limit security risks to a certain area. 1110 Reduce the security risk of the core network, so the application of 1111 edge computing will be a good opportunity. The cloud intelligent 1112 platform can deal with huge data. It is easy to have many abnormal 1113 data and abnormal behaviors. It is not easy to detect and exclude. 1114 Security has a strong impact, and the use of various emerging 1115 technologies such as data mining, machine learning, AI, etc. to 1116 analyze data can further detect data anomalies and improve data 1117 security. At the application level, it is relevant in many large 1118 enterprises those applications all collect a large amount of private 1119 data, such as health status, purchase behavior, travel routes, group 1120 contact, value orientation, etc., which also generate data privacy 1121 protection problems. Therefore, scholars have proposed homomorphic 1122 encryption algorithms. Blockchain also provides a new solution for 1123 this. For example, blockchain can realize an anonymous sharing 1124 method of IIoT devices [permissioned-blockchains]. Blockchain is 1125 widely used in the field of IIoT, which can effectively improve the 1126 lack of the traditional centralized data storage mode of IIoT. The 1127 full nodes of the blockchain network record complete data information 1128 to jointly maintain the data security of the IIoT device and reduce 1129 the traditional cost of maintaining a centralized database for the 1130 application of IIoT. The tamper-proof modification of the 1131 blockchain, the timing guarantee the security and traceability of the 1132 data of the entire network node, the use of block chain technology 1133 can ensure data privacy and security. 1135 6.4. IIoT Security Solutions 1137 Combining the security issues of the IIoT architecture, summarize the 1138 existing security issues and corresponding solutions, mainly 1139 including device protection, device identification, authentication 1140 mechanisms, secure communication mechanisms, data privacy protection, 1141 anomaly detection and intrusion detection security status, the 1142 corresponding solutions are as follows As shown in the Figure 8. 1144 +---------------------------------+---------------------------------------------+ 1145 | Security problem | Solutions | 1146 +---------------------------------+---------------------------------------------+ 1147 | Device protection | Lightweight data encryption algorithm | 1148 | | | 1149 | Device identification and | RFID, blockchain | 1150 | authentication mechanism | | 1151 | | | 1152 | Secure communication mechanism | Edge computing, converged gateways, routing | 1153 | | protocols, Homomorphic encryption algorithm | 1154 | | | 1155 | Data privacy protection | Blockchain, encryption algorithm, cloud | 1156 | | computing | 1157 | | | 1158 | Anomaly detection and | Machine learning, data mining | 1159 | intrusion prevention | | 1160 +---------------------------------+---------------------------------------------+ 1162 Figure 8: Security problems and solutions 1164 7. Informative References 1166 [smart-factory] 1167 Chen, B., Wan, J., and S. Lei, "Smart factory of industry 1168 4.0: key technologies, application case, and challenges", 1169 2017. 1171 [iiot-5g] Cheng, J., Li, D., and W. Chen, "Industrial IoT in 5G 1172 environment towards smart manufacturing", 2018. 1174 [tsn] DetNet Data Plane: IP over IEEE 802.1 Time Sensitive 1175 Networking, detnet., "https://tools.ietf.org/html/draft- 1176 ietf-detnet-ip-over-tsn-03", 2020. 1178 [I-D.ietf-6lowpan-usecases] 1179 Design and Application Spaces for 6LoWPANs, ipv6., 1180 "https://tools.ietf.org/html/draft-ietf-6lowpan-usecases- 1181 10", 2012. 1183 [edge-computing] 1184 Mach, P. and Z. Becvar, "Mobile edge computing: a survey 1185 on architecture and computation offloading", 2017. 1187 [I-D.ietf-core-coap-pubsub] 1188 Publish-Subscribe Broker for the Constrained Application 1189 Protocol, pubsub., "https://tools.ietf.org/html/draft- 1190 ietf-core-coap-pubsub-09", 2020. 1192 [PRESENT] Bogdanov, A., Knudsen, L., and G. Leander, "PRESENT: An 1193 Ultra-Lightweight Block Cipher. Cryptographic Hardware and 1194 Embedded Systems", 2007. 1196 [KATAN] Canniere, C. and O. Dunkelman, "KATAN and KTANTAN -- A 1197 Family of Small and Efficient Hardware-Oriented Block 1198 Ciphers", 2009. 1200 [Lblock] Wu, W. and Lei. Zhang, "Lblock: a lightweight block 1201 cipher", 2011. 1203 [permissioned-blockchains] 1204 Hardjono, T., "Cloud-Based Commissioning of Constrained 1205 Devices using Permissioned Blockchains", 2016. 1207 Authors' Addresses 1209 Chaowei Tang 1210 Chongqing University 1211 No.174 Shazheng Street, Shapingba District 1212 Chongqing 1213 400044 1214 China 1216 Email: cwtang@cqu.edu.cn 1217 Haotian Wen 1218 Chongqing University 1219 No.174 Shazheng Street, Shapingba District 1220 Chongqing 1221 400044 1222 China 1224 Email: wenhaotianrye@foxmail.com 1226 Shuai Ruan 1227 Chongqing University 1228 No.174 Shazheng Street, Shapingba District 1229 Chongqing 1230 400044 1231 China 1233 Email: rs@cqu.edu.cn 1235 Baojin Huang 1236 Chongqing University 1237 No.174 Shazheng Street, Shapingba District 1238 Chongqing 1239 400044 1240 China 1242 Email: baojin-huang@foxmail.com 1244 Xinxin Feng 1245 Chongqing University 1246 No.174 Shazheng Street, Shapingba District 1247 Chongqing 1248 400044 1249 China 1251 Email: xxfeng@cqu.edu.cn