12.1 Introduction to Reverse Mapping
12.2 Reverse Mapping ETSI M2M
12.2.1 Mapping to the IoT Domain Model
ETSI M2M | IoT Domain Model | Comments |
---|---|---|
Device | Device | Sensors and Actuators are hosted on Devices, they are not special cases of Devices |
Sensor | Sensor | The Sensor in ETSI M2M is not a Device |
Actuator | Actuator | The Actuator in ETSI M2M is not a Device |
Network application | User | In ETSI M2M, there are no Human Users, but only applications that process the data coming from the “Device and Gateway Domain”. This concept of an application as a User is reflected in IoT-A |
Gateway application | User | In ETSI M2M, there are no Human Users, but only applications that process the data coming from the “Device and Gateway Domain”. This concept of an application as a User is reflected in IoT-A |
Service | Service | In ETSI M2M, Services are not defined as exposing Resources on Devices, but can interact with the Devices. A Resource concept as in IoT-A does not exist |
Resource | Service | Resources in ETSI M2M are defined in analogy to RESTful Service Interfaces |
12.2.2 Mapping to the Management FG
-
General Management (GEN): Allows retrieving general information of the M2M Device or gateway, and provides generic mechanism applicable to different specific management functions;
-
Configuration Management (CFG): Allows configuration of the device capabilities and features for supporting M2M Services and applications, including activating/deactivating device hardware components or I/Os in the M2M Device or gateway;
-
Diagnostic & Monitoring Management (D&M): Allows running specific diagnostic tests on a device and collecting the results or alerts from the M2M Device or gateway. This package is also called Fault and Performance Management;
-
Software/Firmware Management (SFW): Allows installation/update/removal of application specific or SCL related software/firmware in M2M Device or gateway;
-
Area Network Management (ANW): Allows M2M Gateway-specific configuration and M2M Area Network and Device management through a M2M gateway;
-
SCL Management (SCL): Allows remote configuration and retrieval of M2M Device or gateway service capability layer parameters.
-
Configuration: Initialising the system configuration. Gathering and storing configurations from FCs and Devices, tracking configuration changes;
-
Fault: The goal of the Fault FC is to identify, isolate, correct and log faults that occur in the IoT system;
-
Member: This FC is responsible for the management of the membership and associated information of any relevant entity (FG, FC, VE, IoT Service, Device, Application, and User) to an IoT system;
-
Reporting: The Reporting FC can be seen as an overlay for the other Management FCs. It distils information provided by them. One of many conceivable reporting goals is to determine the efficiency of the current system;
-
State: The State FC monitors and predicts state of the IoT system. For a ready diagnostic of the system, as required by Fault FC, the past, current and predicted (future) state of the system are provided.
12.2.3 Mapping to the IoT Communication Model
12.2.4 Mapping to the Security Model
12.2.5 Threat Analysis Mapping
ETSI M2M | IoT-A |
---|---|
Threat 1: Discovery of long-term service-layer keys stored in M2M devices or M2M gateways | Attacker gains knowledge of sensitive exchanged data |
Disclosure of identities and cryptographic material | |
Threat 2: Deletion of long-term service-layer keys stored in M2M devices or M2M gateways | Disruption of a global Service |
Threat 3: Replacement of long-term service-layer keys stored in M2M devices or M2M gateways | Disruption of a global Service |
Threat 4: Discovery of long-term service-layer keys stored in the SCs of the M2M core | Attacker gains knowledge of sensitive exchanged data |
Disclosure of identities and cryptographic material | |
Threat 5: Deletion of long-term service-layer keys stored in the SCs of an M2M core | Disruption of a global Service |
Threat 6: Discovery of long-term service-layer keys stored in MSBF or MAS | Attacker gains knowledge of sensitive exchanged data |
Disclosure of identities and cryptographic material | |
Threat 7: Deletion of long-term service-layer keys stored in the MSBF/MAS | Attacker gains knowledge of sensitive exchanged data |
Disclosure of identities and cryptographic material | |
Threat 8: Discover keys by eavesdropping on communications between entities | Attacker gains knowledge of sensitive exchanged data |
Disclosure of identities and cryptographic material | |
Threat 9: Modification of data stored in the M2M service capabilities | Alteration of the return value upon service invocation |
Attacker alters leaf-device content so that a user will eventually be redirected to a malicious content | |
Attacker alter sensor device so that monitoring of a Physical Entity fails | |
Threat 10: Provisioning of non-legitimate keys | Disruption of a global Service |
Threat 11: Unauthorised or corrupted application and service-layer software in M2M | Attacker impersonates infrastructure Services, compromising IoT functionalities and/or other dependent infrastructure services |
Threat 12: Subverting the M2M device/gateway integrity-checking procedures | Alteration of the invocation of a Service |
Threat 13: Unauthorised or corrupted software in M2M core | Attacker impersonates infrastructure Services, compromising IoT functionalities and/or other dependent infrastructure services |
Threat 14: Subverting the integrity-checking procedures in the M2M core | Alteration of the invocation of a Service |
Threat 15: General eavesdropping on M2M service-layer messaging between entities | Attacker gains knowledge of sensitive exchanged data |
Threat 16: Alteration of M2M service-layer messaging between entities | Alteration of the invocation of a Service |
Threat 17: Replay of M2M service-layer messaging between entities | Compromised intermediary devices alter traversing data |
Alteration of the invocation of a Service | |
Threat 18: Breach of privacy due to inter-application communications | User is involved in transactions with a malicious peer |
Attacker gains knowledge of user private parameters | |
Threat 19: Breach of privacy due to attacks on M2M device/gateway service capabilities | User is involved in transactions with a malicious peer |
Attacker gains knowledge of user private parameters | |
Threat 20: Discovery of M2M long-term service-layer keys from knowledge of access-network keys | Attacker gains knowledge of sensitive exchanged data |
Disclosure of identities and cryptographic material | |
Threat 21: Transfer of module containing access-network keys and/or M2M long-term keys to a different terminal/device/gateway | Attacker gains knowledge of sensitive exchanged data |
Disclosure of identities and cryptographic material |
12.2.6 Conclusion
12.3 Reverse Mapping EPCglobal
12.3.1 Mapping to the Domain Model
EPCglobal concept | IoT ref. model concept | Comments |
---|---|---|
Entity | Physical entity | Is the Physical object been tracked by the EPCglobal system |
End-user | User | The user managing and using the EPCIS, and reading the EPC |
Partner user | User | The user willing to access EPC information for their own business |
Physical entity | Physical entity (special case of) | Corresponds to physical objects like parcels, objects etc.… |
Location | Physical entity (special case of) | Places, room, lift,… |
RFID tag | Tag | The physical tag embedding the EPC |
Tag reader | Device/Sensor | |
Reader interface | Service | |
EPC manager | Service | Is granted a portion of the naming space and assigns EPC to products |
EPCIS accessing application | User | Located at end-user side that is willing to access EPC related information |
EPCIS service | Service | Service that encompasses interfaces for data exchange (through the EPCIS Query Interface e.g.) and specification of Data (EPCIS data standard) |
EPCIS query interface | Service | Interface exposed by the EPCIS and accessed by the EPCIS Accessing Application |
EPCIS capture interface | Service | |
EPCIS repository | Service/Resource | Exposes the EPCIS Query Interface. Stores info about EPCs events…The actual functionality of storing (e.g. in a data base) could/should be modelled as a Resource whereas the component that exposes the interface would be a Service. Of course that could be implemented tightly coupled as one software component |
EPC record | Virtual entity | Consists of all info related to EPC (stored in EPC Data Base) |
EPC data base | Network resource | |
EPCIS capturing application | Service | Exposes the EPCIS capture interface |
Filtering & collection | Service/Resource | Exposes the filtering and collection interface. Collects tag reads over time intervals constrained by events definition by the EPCIS Capturing Application. Filtering functionality may be modelled as a Resource, whereas exposing the interface as a Service |
12.3.2 Mapping to Information Model
EPCglobal concept | IoT ref. model concept | Comments |
---|---|---|
RFID tag | Device/Tag | Virtual entity representing RFID tag associated with the Physical Entity |
EPC | Virtual entity | Electronic product code. It is encoded on the RFID tag |
EPCIS event | Value | Might be just a wrapping of IPCIS data in the form of an event… |
EPCIS data | Value | Is the data associated with the Physical Object and therefore contained in the EPCIS Virtual Entity |
EPC record | Virtual entity | Consists of all info related to Physical Object identified by EPC (stored in EPCIS Data Base), i.e. IPCIS Data |
EPCIS static data | Value | Contains class level Data and Instance level Data |
EPCIS transactional data | Value | Relates to observations (instances, quantity within a class) |
-
Static Data: class level and instance level data, which do not change over time during the physical object life span
-
Class Level Data: there remain identical to any object which is an instance of that class
-
Instance-Level Data: the data may vary within objects instance of a class. Typical examples are lot number, expiry date, number within a lot, S/N etc.…
-
-
Transactional Data: which changes and grows over the physical object life span, possibly created by more than one actor along a supply chain for instance:
-
Instance observation: it records events concerning the Physical Objects and often relates to dimensions like time, location, other EPC, and business process steps
-
Quantity observation: records events concerned with measuring the quantity of objects within a particular class. Five dimensions: time, location, object class, quantity, business step.
-
Business Transaction Observation: records association between one or more EPC and a business transaction. Four dimensions time, one or more EPCs, business process step, business transaction id.
-
12.3.3 Security Model
12.4 Reverse Mapping Ucode
12.4.1 uCode Model
-
Objects: tangible objects of the real world (industrial product, piece of art, everyday objects,..) as well as intangible ones like pieces of digital media or source code;
-
Spaces: monuments, streets, etc.
-
Concepts: relationships between objects and spaces of the real world, which are also named “entities”. Those relationships are used to define complex context information, and are defined using a description framework called ucode Relation (ucR) model. Simple context information relates to objects and places directly.
12.4.2 ucode Resolution Server
uID concept | IoT reference model concept | Comments |
---|---|---|
Tangible object | Physical entity | |
Intangible object | Digital artefact | If the intangible object is a representation of a tangible object, then it is also a Virtual Entity |
Location | Physical entity | Location is not modelled explicitly in the IoT Domain Model. However, a specific (possibly tagged) place can be regarded as a Physical Entity |
uCR model | Relates to information model | uCR can be used for representing IoT-A Information Model instances |
ucode | No direct relation | The ucode can be used as an globally unique identifier for any instance of the IoT-A RM concept |
ucode resolution gateway | Network-based resource | Provides a ucode resolution over HTTP |
ucode signature server | Network-based resource | Prevents ucode counterfeiting by verifying and generating signatures |
ucode management server | Network-based resource | Manages the allocated ucode space |
ucode issue gateway | Network-based resource | Provides a HTTP interface for obtaining ucode issued by ucode management server |
ucode entry update gateway | Network-based resource | Provides a HTTP interface for updating ucode resolution entry |
Top level domain server | Network-based resource | Hierarchical component of the ucode resolution server |
Second level domain server | Network-based resource | Hierarchical component of the ucode resolution server |
ucode resolution server | Network-based resource / Service | The resource would be exposed through a resolution service |
Application information service | Service | Provides infrastructure and application services |
ucode tag | Tag | |
User terminal | (Device) | Is a device that reads ucodes and provides services based on the ucode to a user. A user terminal that is just used to run an application or display some information is not in the scope of the IoT Domain Model. However, a user terminal containing a reader is in the terms of the IoT Domain Model a Device with an embedded Sensor Device |
Reader | Device/Sensor |
12.4.3 Conclusion
12.5 Reverse Mapping BUTLER Information Model
12.5.1 Introduction
12.5.2 Reverse Mapping of IoT Domain Model
12.6 Reverse Mapping MUNICH Platform
12.6.1 Use Case Description
-
Mayo stand (instrument table): towel is unused;
-
Operation table: towel is in use;
-
Used towel container: towel is used
12.6.2 Use Case Objective
12.6.3 Current System Architecture
12.6.4 Enhancement by Using IoT Reference Architectural Model
12.6.5 Specification of IoT Business Process Model
12.6.6 Specification of IoT Domain Model
12.6.7 Specification of Functional View
12.6.8 Specification of IoT Information Model
12.6.9 Specification of IoT Services and Interactions
-
Origin: {RFID reader instrument table; RFID reader operation table; RFID reader waste bin}
-
Type: {RFID tag gone; RFID tag added; unrecognised tag}
-
Time stamp
12.6.10 MUNICH Platform Conclusion
12.7 Conclusions About Reverse Mapping
12.8 Business Case Evaluation Example
12.8.1 Introduction
12.8.2 Cost and Benefit Models
12.8.3 Cost-Benefit Analysis
12.8.4 Sensitivity Analysis
Model element changed | |||
---|---|---|---|
Cost model | Benefit model | (c) General calculation assumptions | |
Change in variables | Critical risk factors: | Benefit variation factor (BSF) | Discount Rate (DF) |
Software risk = SR | Frequency of surgeries (TAoS) | ||
Hardware risk = HR | |||
Personnel risk = PR | |||
Maintenance risk = MR | |||
System service fee (SFS) |