a technologist’s viewpoint · 2018-09-20 · [email protected] . title: powerpoint...

© Tejas Networks Proprietary Software Enabled Transformation www.tejasnetworks.com

A Technologist’s Viewpoint

Workshop on 5G & IoT Security, Sept 10-11, 2018

Dr. K.J. Singh, VP Technology, Tejas Networks Ltd.

© Tejas Networks Proprietary Software Enabled Transformation 2

Drivers, Vision, and Challenges taken up by 5G and IoT

5G and IoT in the Indian Context

BharatNet and Rural Connectivity as 5G Drivers

Open WiFi Access Network effort

Smart Cities Mission and Data Middleware

Interesting areas for Security Research

Edge / Fog / Cloud implementations leveraging SDN and SD-WAN

Distributed Ledger Technologies for Data Marketplace without centralized

trust

Outline


IMT2020 aka 5G

Cloud Infra

Network Function Virtualization (NFV)

Central office Re-architected as

Datacenter

Software Defined Networking (SDN)

Wireless 5G (>1Gbps)

Wireline xPON (10Gbps)

High speed optical “cross”Haul 10Gbps to 20Tbps

Connectivity (Telecom Infra)

Source: NGMN

eMB

B

mM

TC

urL

LC


Lifecycle Services Orchestration

Manages the cluster's

switching fabric

Manages virtual resources (VMs, VNs)

on a cluster of commodity servers

XOS + Openstack + OVX + ONOS

RO

AD

M

Ap

ps

E-CORD VPN WANAcc CE2.0

R_CORD

BNG CDN CG-NAT Firewall

M-CORD PGW SGW SON CDN

A Network Hypervisor that supports Topology, Address Space, and Control Isolation

IMT2020: Cloud-ification

SDN (Netconf, YANG i/f)

IP-aware Network

Virtual Network Function

Infrastructure vCPE/uCPE

VNF (Virtual Network Function)

NFV


vCPE (Virtual CPE)

• Commodity CPE

• Inexpensive hardware with only demarcation and basic processing

• Not able to do fast or powerful operations

• VNFs run inside cloud to complete functionality

• May not be manageable

• Examples are network-interface devices (NIDs) and low-cost switches

uCPE (Universal CPE)

• Commodity CPE

• Expensive hardware with connectivity and processing

• Able to do complex functions

• VNFs are run locally and in cloud

• Manageable

• Remotely deploy, modify or delete VNFs

• Examples will be products that combine transport and WAN routing

What is vCPE and uCPE?

5


Access product with enhanced VNF (Virtual Network Function) processing capability

Open interfaces compliant with MEF LSO (Lifecycle Services Orchestration) or MEF 55 interfaces

Integrated WAN router (NFVI/Network Function Virtualization infrastructure) and transport function with ability to connect to public and private cloud in a fungible fashion

Multiple connectivity options (Internet + Leased line + MPLS VPN) for redundancy

Enterprise uCPE

6

Traditional WAN

SD-WAN


The Cloud(s) roll in….

Internet Public cloud

Enterprise uCPE = WAN + Transport

VNF CU VNF

5G uCPE = DU+RRU+Transport

vOLT

Residential vCPE = WAN+ONT

© Tejas Networks Proprietary Software Enabled Transformation

A Peek into the Indian Landscape BharatNet and Rural Connectivity as 5G Drivers

Open WiFi Access Network effort

Smart Cities Mission and Data Middleware


Cost effective Rural Mobile BroadBand(MBB) is becoming universal through government efforts

9

BTS Tower

School


BharatNet and Vision of Digital India


Phase I and Phase II projects aim to complete the connectivity layer between Block HQs to GPs

Large investment and not much financial payback for private operators to do this

Phase-1 100,000 GP’s, Revised Target – December 2017 Nodal Agency- DOT

Phase –II Additional 150,000 GP’s, Target – December 2018 Nodal Agency- DOT

Phase –III Horizontal connectivity to Government Institutions at District, Block and GP

In the scope of State Governments and approved by DOT and BBNL

Many States taking up Phase-II and Phase-III together

Rural Fiber Connectivity via BharatNet


TSDSI is taking a lead in proposing 5G-specific enhancements over and above TSDSI transposed 3GPP Rel 15 specifications.

India has formed a 5G High-Level Forum in “mission mode” to position India as a design, development and manufacturing hub of 5G technology products.

A dedicated 5G test lab involving IITs/IISc is being set up with 240 Cr funding

Tejas is working with IITs as a development partner for the 5G platform

India is planning to rollout 5G by 2020 in rural areas based on 5G LMLC requirements added into ITU-R WP5D and is planning to get it funded by USOF

5G India Enhancements

12


Rural Broadband – 5G and xPON

13

3-sector Macro eNodeB

(at existing BSNL tower)

Outdoor CPE

(at village)

Community

Center

School

Hospital

ONT+WiFi CPE

LTE eNB / 5G gNB

ePC

IP cloud

Mid frequency

bands (Band 40,

38/41, 42)

Outdoor (No FDD)

Outdoor CPEs

installed on

rooftop or 3m pole

Reuse existing towers

wherever possible

Up to 10 Km

Entrepreneur or operator will provide WiFi

broadband at key sites and users can

connect through WiFi enabled devices

XGS-PON/NGPON OLT

Enable GPON connection to

those rural households which

need higher BW


One Time Flow

PDO/PDOA completes Self-Registration with Provider Registry using their public certificate (for signature validation). They also register their WiFi Access Points, SSIDs, and locations.

User App provider is also registered with Provider Registry along with their authentication URL and public certificate (to validate their digital signature).

User completes one time KYC with App Provider through their App. User App caches trusted SSIDs from Provider Registry from time to time.

https://trai.gov.in/sites/default/files/Public_Wifi_Architecture_12072017.pdf


Connection Flow

1. User opens the App and browses for nearby WANI compliant SSIDs and then chooses one SSID to connect to.

2. WiFi Captive Portal of the PDO initiates user authentication with App provider backend using the token passed from the app.

3. App provider backend returns a signed user profile token back to PDOA Captive Portal.

4. WiFi Captive Portal displays data packs available with their charges. User selects desired data packs, click to confirm.

5. PDOA Captive Portal sends request for payment through their payment gateway.

6. User completes payment.

7. PDO activates all devices that were part of the signed profile and allows them to connect to the session without additional authentication.

User starts browsing!

CDX: City Data Exchange Stack

A Work in Progress

Smart City Vision

Case study from Agra’s Smart City RFP

A Layered approach to Smart City Solution

Data layer is the key foundational layer

● Data Layer is the key, foundational layer for Smart City Solutions

● Should be developed as a platform with ○ Open APIs and Data Models ○ Open Reference Implementation

● Design it to be future proof ○ Support for AI, Video Analytics, Distributed Edge

Computing, Privacy as a first class concern ● Needs a consortium of academic-industry to join hands

to make this happen.

Normal Course of Operations

Silos are inefficient & rigid

● Only point solutions to current needs

○ Leads to Silos addressing only that need

● No standard framework for exchanging data

○ across different applications, devices, cities

○ No support for data economy and no

mention of privacy

● We need a platform approach

○ Standardized API, Data Models to

support application developers

○ Support to efficiently take advantage of the

emerging AI revolution

○ Unleash innovation and entrepreneurship

for new smart city applications

Need a well defined Data Exchange Layer

Siloed approach replaced by an Open

Platform approach

- Open APIs and Data Models

Enable Complex Applications: Emergency Response, Flood Warning, Crowd Monitoring,

Accident Prediction/Detection - Need integrated analytics across video + other data sources.

Inspired by AADHAR: Enable new app ecosystem based on data analytics & AI

Enable portability across cities, vendors

Consortium for City Data Exchange Stack

Consortium Members Contact Person

Indian Institute of Science Bharadwaj Amrutur

Intel Sidhartha Mohanty

Dell Chanakya Nadapada

VMWare Sairam V.

Tejas Networks K J Singh

Bosch Vivekanand K.

ERNET Paventhan A.

Videonetics Tuhin Bose

Others ….. TBD

Form an Academia - Industry Consortium

- Special Purpose Vehicle (SPV) within an

academic institution to begin with.

SPV’s Charter

- Define the Stack: APIs and Data Models

- Create an open source reference

implementation

- Deploy and test in one or more city

testbeds with one major use case

- Mobility is a rich use case

- Traffic monitoring (video IoT),

crowd monitoring, AQM,

Parking , accidents alerts...

- Conduct a Hackathon for new

applications

City Data Exchange and Edge Analytics Stack

Concept 1: Registry of IoT Data Sources ● Catalogue of IoT Dat

● List of resources and their

associated meta information

● Synergistic with other registry

efforts

“luxOutput”: {

“type”:”number”,

“description”:”LED output

intensity”,

“units”:”lux”,

“permissions”:”read”,

“accessModifier”: “protected”

}

Concept 2: Video Meta-Data Stream

Concept 3: Fog + Edge Analytics

● IoT gateways and local

Compute/Data Centre forms an

edge cloud

● Data (especially video) will be

locally terminated in the local

data centre (privacy and

bandwidth)

● Fog+Edge Analytics will be run at

local data centre.

○ Framework to deploy

analytics runtime (VMs,

Dockers etc)

● Distributed Programming,

Runtime

○ Naming, Debugging, etc.

Concept 4: Spaces as Assets

Key problem: Each solution identifies the spaces (dwelling/ commercial establishment/ retail units/ public spaces/ Government units) with their own identifier. This does not allow for correlation of data

• City Stack proposes to attach smart devices deployed to a concept of smart spaces. Using the concept of smart spaces, city operations team can manage

▪ Lifecycle of deployed Devices

▪ Lifecycle of Data collected

▪ Respond to & notify stakeholders on Operational Alerts

▪ Provide city with a unified view of the Operational SLA’s being met

• City Stack proposes to create a unique Virtual Private Space Address (VPSA) leveraging GIS, Latitude, Longitude and Postal Address data

• VPSA is used to measure operational metrics of the city, define response hierarchies and manage the infrastructure.

Concept 5: Security, Privacy and Monetization

● Security: Strong authentication framework ○ Users, Device and app identity and security ○ Levels of security based on resources: PUFs, TPM, API keys,

X.509 certificates

● Privacy: Strong authorization framework ○ Marking of data by the owner: Private, Protected, Public ○ Sharing of data - under authorization from the owner of data ○ Track and prevent redistribution of data ○ Integrate with Consent layer: India Stack ○ Sharing limits (Time/Volume), Audits & Accounts

● Monetization: Enable buying and selling of Data ○ Integrate with UPI Layer : India Stack

Deployment Architecture


Key takeaway from Indian Large-Scale Programs

Unbundle the solution and Define standard APIs

Let Innovation flourish by increasing competition in each facet

without having to put together an end-to-end solution


Courtesy: Karthik KS Community iSPRIT Foundation


Rigid vs. on-demand Networking

Conventional Operator Networks are built to monetize investment in

network infrastructure and are rigid

Service Provisioning, SLA Guarantees

Who will make the network investment for IoT ?

Can we leverage secure on-demand network overlay using smart

edge-devices based on COTS hardware and “networking smarts”

embedded


Most systems today rely on Laws and Government oversight

Distributed Trust Systems today the basis for some crypto-currencies

and smart contracts that enable data exchange and payments

www.iota.org claims to be relevant

What class of IoT/m2m systems are these worth exploring

Issue of Trust, Governance, Privacy, Security

http://www.iota.org/

a technologist’s viewpoint · 2018-09-20 · [email protected] . title: powerpoint...

Documents