congatec AG

Overriding Data Security Challenges

Smart City Case Studies

Christian Eder
Director Marketing

Smart City
Smart Parking Case Study
30% of traffic in cities is caused by cruises for
parking.
Based on 2001 and earlier research
Worldwide cars

2001: 450 Mio. cars

(World Book Encyclopedia. Chicago: World Book, 2001)

2010: 1015 Mio. cars

(http://wardsauto.com/ar/world_vehicle_population_110815)

It went worse since then.

IoT can help to improve the situation.

Oct 20, 2015

2015 congatec AG

Cruising for parking - Donald C. Shoup

Department of Urban Planning, University of California
http://shoup.bol.ucla.edu/Cruising.pdf
3

Smart City
Smart Parking Case Study

Source: Intel / Siemens https://www.youtube.com/watch?v=07wXIi9hxEw

Oct 20, 2015

2015 congatec AG

Smart City
Smart Parking Case Study
Clever combination of existing technologies
Radar sensors
Wireless communication

Rugged gateway (~one per road)

Utilizing proven industrial technology

Specified for extended temperature operation
Based on Intel Atom processor for local data preprocessing

Proven software stack

Providing communication features, security levels and manageability

Business model

Local retail stores help to finance the system

Oct 20, 2015

2015 congatec AG

Gateways
Why Gateways

85%* of existing industrial embedded devices are unconnected

Systems need to be always connected and continuously monitored
Economics of data require local filtering and analysis

Mission

Connecting different communication protocols

Aggregate sensor data
Analyze data locally: filtering, real-time response
Provide security to deliver trust, reliability

Oct 20, 2015

2015 congatec AG

* IHS, IDC Research

Internet-of-Things
connect existing devices

Intel Atom / Celeron

Device

2015 congatec AG

Device
Sensor Hub

Connect ivit y

Sensor Hub

M anageabilit y

Secur it y

EDMS - Custom Design

LAN

Reliabilit y

Oct 20, 2015

Pico-ITX

GATEWAY

Qseven

AMD G-Series

Freescale i.MX6

BIG DATA

Mini-ITX

Devices that are connecting to the

internet
Integrating greater computer capabilities
Using data analytics to extract meaningful
information

COM Express

INTERNET
CLOUD

IoT
basic challenges

COM Express

Mini-ITX

BIG DATA

Connectivity

Pre-integrated connected capabilities enable

rich network options to save development
time and costs
Extensive network of connectivity (wired,
wireless, cellular, short-range)
2015 congatec AG

Intel Atom / Celeron

Embedded computer modules and boards

from congatec are the core technology to
enable intelligent IOT devices
From COM to SBC up to full custom design
computers (EDM Solution)

Security

Pico-ITX

GATEWAY

Qseven

LAN

Device

Device
Sensor Hub

Reliabilit y

Connect ivit y

Sensor Hub

M anageabilit y

Secur it y

Protect devices for trust and control

Protect the device & application
Protect the data at rest and in flight

Manageability

Enable common provisioning frameworks

Enable remote, secure upgrades
Provide web-based configuration utilities

EDMS - Custom Design

AMD G-Series

Freescale i.MX6

Reliability

Oct 20, 2015

INTERNET
CLOUD

IoT
Hardware
Topology
Intel Atom / Celeron

EDMS - Custom Design

LAN

Device

Device
Sensor Hub

Reliabilit y

Oct 20, 2015

Pico-ITX

GATEWAY

Qseven

AMD G-Series

Freescale i.MX6

BIG DATA

Mini-ITX

COM Express

INTERNET
CLOUD

2015 congatec AG

Connect ivit y

Sensor Hub

M anageabilit y

Secur it y

COM Express

Intel Atom / Celeron

Pico-ITX

GATEWAY

Qseven

LAN

Device

Device
Sensor Hub

Reliabilit y

Connect ivit y

Sensor Hub

M anageabilit y

EDMS - Custom Design

AMD G-Series

Freescale i.MX6

Mini-ITX

IoT
Connectivity

INTERNET
CLOUD
BIG DATA

Secur it y

Connectivity options include both local connectivity and IoT system or cloud connectivity. Popular IoT
application protocols such as Message Queue Telemetry Transport (MQTT) are included. Intelligent
Device Platform XT is designed to take advantage of drivers and systems software available in the
operating environmentlowering development cost, optimizing reuse, and saving development time.
MQTT
Lightweight (low power, low network
bandwidth) publish-and-subscribe messaging
protocol
Paho client
Command-line utilities for publishing and
subscribing to MQTT topics
Mosquito server
Bluetooth
Local wireless connectivity
Bluetooth 4.0 with BLE support

Oct 20, 2015

2015 congatec AG

ZigBee
Local wireless connectivity
Complete, robust implementation that allows
manufacturers and software developers to
easily incorporate ZigBee connectivity into
their designs
Cloud Connector
Device connector to cloud-based services
Flexible interface

10

COM Express

Intel Atom / Celeron

Pico-ITX

GATEWAY

Qseven

LAN

Device

Device
Sensor Hub

Reliabilit y

Connect ivit y

Sensor Hub

M anageabilit y

EDMS - Custom Design

AMD G-Series

Freescale i.MX6

Mini-ITX

IoT
Management

INTERNET
CLOUD
BIG DATA

Secur it y

Device management requires facilities for provisioning, software, and configuration updates, along with
providing device status. Intelligent Device Platform XT provides a wide range of options for device
management. Along with the standard device management protocols, the platform also offers a
lightweight web-based management tool.
Secure Updates
Package updates
Firmware updates
Device Authentication
Certificate-based remote attestation

Oct 20, 2015

2015 congatec AG

Standards-Based Management Protocols

OMA DM
TR-069
Web Interface
webif UI

11

COM Express

Intel Atom / Celeron

Pico-ITX

GATEWAY

Qseven

LAN

Device

Device
Sensor Hub

Reliabilit y

Connect ivit y

Sensor Hub

M anageabilit y

EDMS - Custom Design

AMD G-Series

Freescale i.MX6

Mini-ITX

IoT
Security

INTERNET
CLOUD
BIG DATA

Secur it y

Security is a primary design consideration for connected devices within an IoT system. Intelligent
Device Platform includes features to implement a robust security plan for a wide array of IoT systems.
Security features include access control of critical system resources and digital signature validation for
trusted software, in addition to the network security features, such as IPsec or L2TP, of the supporting
operating environment.
TCG Standards
TSS Service Provider Interface (TSPI)
TSS Core Services Interface (TCSI)
TSS Device Driver Interface (TSDI)
Role-Based Access Control
System protection from applications
Ability to set resource access policies for each
application
Protection of system resources, including
memory, CPU cycles, files, and network
resources
Oct 20, 2015

2015 congatec AG

Signed Software
Certificate-based signing tool for bootloader,
kernel, and applications
Trusted stack for critical software
Integrity Monitoring
Verification of the RSA signature before
running an application
Ability to set policies for integrity failure
No execution of an application without the
signature of an authorized certificate
No execution of an application that has been
tampered with
12

COM Express

Mini-ITX

Intel Atom / Celeron

Pico-ITX

GATEWAY

Qseven

LAN

Device

Device
Sensor Hub

Reliabilit y

Connect ivit y

Sensor Hub

M anageabilit y

EDMS - Custom Design

AMD G-Series

Freescale i.MX6

IoT
Application Programming Interface

INTERNET
CLOUD
BIG DATA

Secur it y

The application programming interface (API) layer is designed to support popular application
environments for IoT software, including Java, OSGi, and Lua scripting language. These environments
are configurable and can be selected by a system developer via the development tools for inclusion
into a particular IoT gateway or device.
OpenJDK
Support for both Java SE 6 and 7
Usage of system libraries such as zlib
Support for different virtual machines (VMs)
such as Zero and Cacao
SQLite
Embedded SQL lightweight database
Storage and organization of local data store
Simple command interface

Oct 20, 2015

2015 congatec AG

Lua VM
Portable application environment
Small footprint (500K)
Proven language used in many industrial
applications
OSGi
Addition of Java applications to an IoT gateway
Independent application lifecycles
Run-time controls for Java applications

13

Ecosystem Apps and Services, SI/ ITOs, Customers

Security
Manageability
Wind River
Helix Device
Cloud agent

OMA DM
TR-069
Web Config

DM-Crypt
OpenSSL
IPsec Vpn

iptables
Encrypted Storage

OS and Apps

Run-Time Environment
Lua
Java

OSGi
Python

Embedded Cont rol

Role-Based Access Control (RBAC)
Signed RPM Package
Hardware

Connectivity
2G/3G/4G
Bluetooth
Ethernet
ZigBee Stack*
Serial/USB
VPN
Wi-Fi Access Point
MQTT

Discrete TPM
Secure Boot
Wind River Linux

Intel BSP: Board and Modules (Intel Quark Soc, Intel Atom SoC, Intel Core Soc)

Bootloader (images signature validated)

congatec Boards and Modules (Secure Boot, TPM)

Intel AtomTM Processor E3800 Series

*Requires purchase of third-party hardware

Wind River
Development
Enviroment

conga-QKIT/IOT
Qseven IOT Gateway Development Kit

Oct 20, 2015

2015 congatec AG

15

congatec IoT Gateway Development Kit

Intel qualified hard-/software combination
Based on Intel Atom E3800
Qseven Module + Carrier Board
Software included (time limited trial license)

A hardware root of trust, data encryption, attestation, and software

lockdown for security
Connectivity up to the cloud and enterprises
Connectivity down to sensors and existing controllers embedded in
the system
Preprocess filtering of selected data for delivery
Local decision making, enabling easy connectivity to legacy systems
Local computing for in-device analytics

Oct 20, 2015

2015 congatec AG

16

congatec IoT Gateway Development Kit

hardware view

Oct 20, 2015

2015 congatec AG

17

IOT Gateway Development Kit

for fastest design-in
The congatec IOT kit provides the ability
to immediately start evaluating
devices or gateways for Industry 4.0

conga-QA3 Intel Atom Qseven module

Full featured Qseven IoT mini carrier board
7 touch display with cable set
Intel dual band wireless AC 7260 card & antenna
Bootable USB stick Intel IOT Gateway Solution OS (Windriver IDP trial)
Accessories (cables, adapters, power supply )
Documentation

Oct 20, 2015

2015 congatec AG

18

Transportation
Bring new data and analytic insights to
ensure safe, efficient, and predictable
transportation systems.

Oct 20, 2015

2015 congatec AG

19

Building Automation

Bring new control, visibility, and

efficiencies for reducing power
consumption, ensuring safety, and
providing services to new and existing
buildings.
Oct 20, 2015

2015 congatec AG

20

Application Stories
links
Cruising for Parking

publication of Donald Shoup: http://shoup.bol.ucla.edu/Cruising.pdf

Smart Parking Videos

Intel and Siemens: reducing traffic congestion by making parking smarter

https://www.youtube.com/watch?v=07wXIi9hxEw
Smart Parking https://www.youtube.com/watch?v=jrOzTGz9fvE

Further Information

What Does The Internet of Things Mean? https://www.youtube.com/watch?v=Q3ur8wzzhBU

Intel Gateway Solutions for IoT : https://www.youtube.com/watch?v=5Q9elxfYSqE
congatec IoT: http://www.congatec.com/en/industries/iot
Oct 20, 2015

2015 congatec AG

21

Contact
congatec AG

Future Electronics

Auwiesenstr. 5
94469 Deggendorf

46140 Herzliya, Israel

+49 (991) 2700-0

tel: +972 9970 1408

info@congatec.com

Oct 20, 2015

2015 congatec AG

22