a technologist’s viewpoint · 2018-09-20 · [email protected] . title: powerpoint...
TRANSCRIPT
© Tejas Networks Proprietary Software Enabled Transformation www.tejasnetworks.com
A Technologist’s Viewpoint
Workshop on 5G & IoT Security, Sept 10-11, 2018
Dr. K.J. Singh, VP Technology, Tejas Networks Ltd.
© Tejas Networks Proprietary Software Enabled Transformation 2
Drivers, Vision, and Challenges taken up by 5G and IoT
5G and IoT in the Indian Context
BharatNet and Rural Connectivity as 5G Drivers
Open WiFi Access Network effort
Smart Cities Mission and Data Middleware
Interesting areas for Security Research
Edge / Fog / Cloud implementations leveraging SDN and SD-WAN
Distributed Ledger Technologies for Data Marketplace without centralized
trust
Outline
© Tejas Networks Proprietary Software Enabled Transformation 3
IMT2020 aka 5G
Cloud Infra
Network Function Virtualization (NFV)
Central office Re-architected as
Datacenter
Software Defined Networking (SDN)
Wireless 5G (>1Gbps)
Wireline xPON (10Gbps)
High speed optical “cross”Haul 10Gbps to 20Tbps
Connectivity (Telecom Infra)
Source: NGMN
eMB
B
mM
TC
urL
LC
© Tejas Networks Proprietary Software Enabled Transformation 4
Lifecycle Services Orchestration
Manages the cluster's
switching fabric
Manages virtual resources (VMs, VNs)
on a cluster of commodity servers
XOS + Openstack + OVX + ONOS
RO
AD
M
Ap
ps
E-CORD VPN WANAcc CE2.0
R_CORD
BNG CDN CG-NAT Firewall
M-CORD PGW SGW SON CDN
A Network Hypervisor that supports Topology, Address Space, and Control Isolation
IMT2020: Cloud-ification
SDN (Netconf, YANG i/f)
IP-aware Network
Virtual Network Function
Infrastructure vCPE/uCPE
VNF (Virtual Network Function)
NFV
© Tejas Networks Proprietary Software Enabled Transformation 5
vCPE (Virtual CPE)
• Commodity CPE
• Inexpensive hardware with only demarcation and basic processing
• Not able to do fast or powerful operations
• VNFs run inside cloud to complete functionality
• May not be manageable
• Examples are network-interface devices (NIDs) and low-cost switches
uCPE (Universal CPE)
• Commodity CPE
• Expensive hardware with connectivity and processing
• Able to do complex functions
• VNFs are run locally and in cloud
• Manageable
• Remotely deploy, modify or delete VNFs
• Examples will be products that combine transport and WAN routing
What is vCPE and uCPE?
5
© Tejas Networks Proprietary Software Enabled Transformation 6
Access product with enhanced VNF (Virtual Network Function) processing capability
Open interfaces compliant with MEF LSO (Lifecycle Services Orchestration) or MEF 55 interfaces
Integrated WAN router (NFVI/Network Function Virtualization infrastructure) and transport function with ability to connect to public and private cloud in a fungible fashion
Multiple connectivity options (Internet + Leased line + MPLS VPN) for redundancy
Enterprise uCPE
6
Traditional WAN
SD-WAN
© Tejas Networks Proprietary Software Enabled Transformation 7
The Cloud(s) roll in….
Internet Public cloud
Enterprise uCPE = WAN + Transport
VNF CU VNF
5G uCPE = DU+RRU+Transport
vOLT
Residential vCPE = WAN+ONT
© Tejas Networks Proprietary Software Enabled Transformation
A Peek into the Indian Landscape BharatNet and Rural Connectivity as 5G Drivers
Open WiFi Access Network effort
Smart Cities Mission and Data Middleware
© Tejas Networks Proprietary Software Enabled Transformation 9
Cost effective Rural Mobile BroadBand(MBB) is becoming universal through government efforts
9
BTS Tower
School
© Tejas Networks Proprietary Software Enabled Transformation 10
BharatNet and Vision of Digital India
© Tejas Networks Proprietary Software Enabled Transformation 11
Phase I and Phase II projects aim to complete the connectivity layer between Block HQs to GPs
Large investment and not much financial payback for private operators to do this
Phase-1 100,000 GP’s, Revised Target – December 2017 Nodal Agency- DOT
Phase –II Additional 150,000 GP’s, Target – December 2018 Nodal Agency- DOT
Phase –III Horizontal connectivity to Government Institutions at District, Block and GP
In the scope of State Governments and approved by DOT and BBNL
Many States taking up Phase-II and Phase-III together
Rural Fiber Connectivity via BharatNet
© Tejas Networks Proprietary Software Enabled Transformation 12
TSDSI is taking a lead in proposing 5G-specific enhancements over and above TSDSI transposed 3GPP Rel 15 specifications.
India has formed a 5G High-Level Forum in “mission mode” to position India as a design, development and manufacturing hub of 5G technology products.
A dedicated 5G test lab involving IITs/IISc is being set up with 240 Cr funding
Tejas is working with IITs as a development partner for the 5G platform
India is planning to rollout 5G by 2020 in rural areas based on 5G LMLC requirements added into ITU-R WP5D and is planning to get it funded by USOF
5G India Enhancements
12
© Tejas Networks Proprietary Software Enabled Transformation 13
Rural Broadband – 5G and xPON
13
3-sector Macro eNodeB
(at existing BSNL tower)
Outdoor CPE
(at village)
Community
Center
School
Hospital
ONT+WiFi CPE
LTE eNB / 5G gNB
ePC
IP cloud
Mid frequency
bands (Band 40,
38/41, 42)
Outdoor (No FDD)
Outdoor CPEs
installed on
rooftop or 3m pole
Reuse existing towers
wherever possible
Up to 10 Km
Entrepreneur or operator will provide WiFi
broadband at key sites and users can
connect through WiFi enabled devices
XGS-PON/NGPON OLT
Enable GPON connection to
those rural households which
need higher BW
© Tejas Networks Proprietary Software Enabled Transformation 14
© Tejas Networks Proprietary Software Enabled Transformation 15
© Tejas Networks Proprietary Software Enabled Transformation 16
© Tejas Networks Proprietary Software Enabled Transformation 17
One Time Flow
PDO/PDOA completes Self-Registration with Provider Registry using their public certificate (for signature validation). They also register their WiFi Access Points, SSIDs, and locations.
User App provider is also registered with Provider Registry along with their authentication URL and public certificate (to validate their digital signature).
User completes one time KYC with App Provider through their App. User App caches trusted SSIDs from Provider Registry from time to time.
https://trai.gov.in/sites/default/files/Public_Wifi_Architecture_12072017.pdf
© Tejas Networks Proprietary Software Enabled Transformation 18
Connection Flow
1. User opens the App and browses for nearby WANI compliant SSIDs and then chooses one SSID to connect to.
2. WiFi Captive Portal of the PDO initiates user authentication with App provider backend using the token passed from the app.
3. App provider backend returns a signed user profile token back to PDOA Captive Portal.
4. WiFi Captive Portal displays data packs available with their charges. User selects desired data packs, click to confirm.
5. PDOA Captive Portal sends request for payment through their payment gateway.
6. User completes payment.
7. PDO activates all devices that were part of the signed profile and allows them to connect to the session without additional authentication.
User starts browsing!
© Tejas Networks Proprietary Software Enabled Transformation 19
© Tejas Networks Proprietary Software Enabled Transformation 20
© Tejas Networks Proprietary Software Enabled Transformation 21
© Tejas Networks Proprietary Software Enabled Transformation 22
CDX: City Data Exchange Stack
A Work in Progress
Smart City Vision
Case study from Agra’s Smart City RFP
A Layered approach to Smart City Solution
Data layer is the key foundational layer
● Data Layer is the key, foundational layer for Smart City Solutions
● Should be developed as a platform with ○ Open APIs and Data Models ○ Open Reference Implementation
● Design it to be future proof ○ Support for AI, Video Analytics, Distributed Edge
Computing, Privacy as a first class concern ● Needs a consortium of academic-industry to join hands
to make this happen.
Normal Course of Operations
Silos are inefficient & rigid
● Only point solutions to current needs
○ Leads to Silos addressing only that need
● No standard framework for exchanging data
○ across different applications, devices, cities
○ No support for data economy and no
mention of privacy
● We need a platform approach
○ Standardized API, Data Models to
support application developers
○ Support to efficiently take advantage of the
emerging AI revolution
○ Unleash innovation and entrepreneurship
for new smart city applications
Need a well defined Data Exchange Layer
Siloed approach replaced by an Open
Platform approach
- Open APIs and Data Models
Enable Complex Applications: Emergency Response, Flood Warning, Crowd Monitoring,
Accident Prediction/Detection - Need integrated analytics across video + other data sources.
Inspired by AADHAR: Enable new app ecosystem based on data analytics & AI
Enable portability across cities, vendors
Consortium for City Data Exchange Stack
Consortium Members Contact Person
Indian Institute of Science Bharadwaj Amrutur
Intel Sidhartha Mohanty
Dell Chanakya Nadapada
VMWare Sairam V.
Tejas Networks K J Singh
Bosch Vivekanand K.
ERNET Paventhan A.
Videonetics Tuhin Bose
Others ….. TBD
Form an Academia - Industry Consortium
- Special Purpose Vehicle (SPV) within an
academic institution to begin with.
SPV’s Charter
- Define the Stack: APIs and Data Models
- Create an open source reference
implementation
- Deploy and test in one or more city
testbeds with one major use case
- Mobility is a rich use case
- Traffic monitoring (video IoT),
crowd monitoring, AQM,
Parking , accidents alerts...
- Conduct a Hackathon for new
applications
City Data Exchange and Edge Analytics Stack
Concept 1: Registry of IoT Data Sources ● Catalogue of IoT Dat
● List of resources and their
associated meta information
● Synergistic with other registry
efforts
“luxOutput”: {
“type”:”number”,
“description”:”LED output
intensity”,
“units”:”lux”,
“permissions”:”read”,
“accessModifier”: “protected”
}
Concept 2: Video Meta-Data Stream
Concept 3: Fog + Edge Analytics
● IoT gateways and local
Compute/Data Centre forms an
edge cloud
● Data (especially video) will be
locally terminated in the local
data centre (privacy and
bandwidth)
● Fog+Edge Analytics will be run at
local data centre.
○ Framework to deploy
analytics runtime (VMs,
Dockers etc)
● Distributed Programming,
Runtime
○ Naming, Debugging, etc.
Concept 4: Spaces as Assets
Key problem: Each solution identifies the spaces (dwelling/ commercial establishment/ retail units/ public spaces/ Government units) with their own identifier. This does not allow for correlation of data
• City Stack proposes to attach smart devices deployed to a concept of smart spaces. Using the concept of smart spaces, city operations team can manage
▪ Lifecycle of deployed Devices
▪ Lifecycle of Data collected
▪ Respond to & notify stakeholders on Operational Alerts
▪ Provide city with a unified view of the Operational SLA’s being met
• City Stack proposes to create a unique Virtual Private Space Address (VPSA) leveraging GIS, Latitude, Longitude and Postal Address data
• VPSA is used to measure operational metrics of the city, define response hierarchies and manage the infrastructure.
Concept 5: Security, Privacy and Monetization
● Security: Strong authentication framework ○ Users, Device and app identity and security ○ Levels of security based on resources: PUFs, TPM, API keys,
X.509 certificates
● Privacy: Strong authorization framework ○ Marking of data by the owner: Private, Protected, Public ○ Sharing of data - under authorization from the owner of data ○ Track and prevent redistribution of data ○ Integrate with Consent layer: India Stack ○ Sharing limits (Time/Volume), Audits & Accounts
● Monetization: Enable buying and selling of Data ○ Integrate with UPI Layer : India Stack
Deployment Architecture
© Tejas Networks Proprietary Software Enabled Transformation 37
Key takeaway from Indian Large-Scale Programs
Unbundle the solution and Define standard APIs
Let Innovation flourish by increasing competition in each facet
without having to put together an end-to-end solution
© Tejas Networks Proprietary Software Enabled Transformation 38
Courtesy: Karthik KS Community iSPRIT Foundation
© Tejas Networks Proprietary Software Enabled Transformation 39
© Tejas Networks Proprietary Software Enabled Transformation 40
© Tejas Networks Proprietary Software Enabled Transformation 41
© Tejas Networks Proprietary Software Enabled Transformation 42
© Tejas Networks Proprietary Software Enabled Transformation 43
© Tejas Networks Proprietary Software Enabled Transformation 44
© Tejas Networks Proprietary Software Enabled Transformation
Research Areas to explore further
© Tejas Networks Proprietary Software Enabled Transformation 46
Rigid vs. on-demand Networking
Conventional Operator Networks are built to monetize investment in
network infrastructure and are rigid
Service Provisioning, SLA Guarantees
Who will make the network investment for IoT ?
Can we leverage secure on-demand network overlay using smart
edge-devices based on COTS hardware and “networking smarts”
embedded
© Tejas Networks Proprietary Software Enabled Transformation 47
Most systems today rely on Laws and Government oversight
Distributed Trust Systems today the basis for some crypto-currencies
and smart contracts that enable data exchange and payments
www.iota.org claims to be relevant
What class of IoT/m2m systems are these worth exploring
Issue of Trust, Governance, Privacy, Security
© Tejas Networks Proprietary Software Enabled Transformation www.tejasnetworks.com
Thank you