design" Webthings With IoT.js on TizenRT and more #MozFest, Privacy and Security track Ravensbourne University, London UK <2018-10-27> Philippe Coval <[email protected]> Samsung Open Source Group / SRUK
am I ? • Philippe Coval – Samsung Software engineer • belongs to OpenSource Group • member of SRUK team – based in Rennes, France • Interests: – Libre Soft/Hard/ware communities – Embedded, IoT, Web, DIY… • Need help? Find me online: – https://wiki.tizen.org/wiki/User:Pcoval
The Internet of Things is a system of physical objects – that can be discovered, monitored, controlled, – or interacted with by electronic devices – that communicate over various networking interfaces • and eventually can be connected to the wider Internet. • Addresses many domains: – Health, Agriculture, Transport, Cities, Industry • Critical in many cases: Need to Secure & Privacy Proof
Trust and Control • Ownership of personal data – Shared, Transferred, Revoked, Logged, Retrieved and DELETED • depend on time and context • Services operators should comply regulations: – EU: General Data Protection Regulation (GDPR 2018) • Risk to privacy in the IoT is HIGH!!! • “Privacy by design” opportunities – Prevent data collection in first place→Keep data local if possible • Limit usage of cloud, apps or “captive models” – New security challenges (Decentralize, reduce surface of attacks)
Web Of Things • Open web platform promises: – Security (isolation in browser) – Enhanced privacy (DNT) • Security is not same as Privacy ! • Think decentralized ! – may be harder to secure • But more resilient – Edge: Computation on nodes • Web of Things (WoT) – An application layer for IoT – with interoperability – Specification work by W3C – And FLOSS implementations
Things Overview • Framework of software/services – for connecting "things" to the web • Things Model: Semantic to describe properties • WebThings: provide Http(s) REST API • Gateway to connect WebThings – Rule engine and nice Web UI (PWA) • Cloud: Remote access facilities
• Purpose: – Connect all webthings in a LOCAL network – Provides GUI: Progressive web app • to monitor and control things – Create Users and Access control using JWT – Optional remote control using mozilla’s proxy • GNU/Linux Support: – Download Reference RaspberryPi image (2, 3) – Port to ARTIK5 or ARTIK7 (ARMv7) use node-10 or docker container – https://github.com/rzr/webthing-iotjs/wiki/Gateway
owner and user • Owner setup gateway (connect lamp): – create and allow user(s) to control thing • User login to GW using OAuth (JWT issued) gateway="https://sosg.mozilla-iot.org" or "gateway.local" thing="things/http---esp8266.local-things-dimmable-color-lamp" property="properties/color" curl "$gateway/$thing/$property" \ -H "$auth" \ -H 'Accept: application/json' {"color":"#ffff6f"} ← Or use alternative app: webthings-webapp: Tizen or Android/SamsungInternet (PWA)
Solutions • Constrained IoT devices: – Cloud connected • Privacy issues – Easy to prototype: • Arduino – Harder to deploy at scale • Limited on resources • Native development – on many RTOS • Few experts developers • Technical strategies: – Edge computing • Data stay on nodes or in LAN – Abstraction with high level API • Port runtimes not apps code – Portability and standards • Script languages for MCU – JavaScript, Python, LUA… • Target existing developers base
the Web for IoT ? • JavaScript is everywhere! – Many web developers → Many application developers – Easy leaning curve, Faster and Lower cost of development: • Standardized and established communities: – is the leading JavaScript runtime (based on V8 engine) – NPM repo over 500K modules • JS Interpreter can fit even into constrained devices – Few embedded devs to focus more on platforms than apps – Can run on even low end devices using JerryScript • (RAM:64K+ROM:200K) Integrated in IoT.js, Zephyr.js, Tizen:RT "Any application that can be written in JavaScript, will eventually be written in JavaScript" ~Jeff Atwood
ecosystem • Tizen – Is based on Linux Kernel – Shipped into • High end consumer electronics – Mobile, TV, Wearables etc – Open to developers • Native, C/C++ (EFL) • HTML5 • DotNet • TizenRT – Is based on NuttX Kernel • for constrained devices: – Ie: Cortex M3 (RAM=30KB Flash=512KB) – For low end IoT devices: • Open APIs (C, JavaScript) • Connectivity • Reliability • Security – Support: • Qemu, ARTIK05x
WebThings on IoT.js • IoT.js runtime is powered by JerryScript – Features: GPIO, I2C, https and more – Prototype on GNU/Linux Debian derived OS – Deploy to constrained device: 05x on RT • Webthing-iotjs is a fork of webthing-node for IoT.js – Continuously rebasing to align – Limitations: ES5.1, and some parts removed: • mDNS, Websockets (actions, events)… – https://github.com/rzr/webthing-iotjs/wiki
Create a webthing – it will be an Actuator • That post to notification through social network – ActivityPub: adding social features without scarifying privacy – using IoT.js (or node) • Connect to some gateway • Establish a rule to trigger an action
Social Web using ActivityPub https://github.com/rzr/webthing-iotjs/wiki/Social • ActivityPub is an open, decentralized social networking protocol – Heritage from GNUSocial/StatusNet, Diaspora, Ostatus to Standard (2018) • Join Mastodon network – 1st create a user account if you don’t use it yet: • https://mastodon.social (or any decentralized instance) – Test it by sending a “toot” from web: “ping @TizenHelper about #WebThingIotJs” – Create app: https://mastodon.social/settings/applications • New Application/ name=”webthing-iotjs” / Submit • Then click on page and note “Your access token”
make -C mastodon-lite run error: TODO: edit configuration file ~/.mastodon-lite.json "access_token": "[TODO: Update with app token …]" ... Example: Using IoT.js’ HTTP module • Download and configure credentials in client: • Post message manually: cd mastodon-lite && iotjs example/index.js \ "Hi @TizenHelper from #Iotjs" • Run a webthing server to post on property update: – make -C example/webthing run – curl -H "Content-Type: application/json" \ -X PUT --data \ '{"message": \ "#WebThingIotJs is working @TizenHelper" }' \ http://localhost:8888/properties/message
highlevel APIs var thing = new Thing('MastodonActuator',['String']); thing.addProperty( new Property(thing, 'message', new Value('#WebThingIotJs Hello', function(value {mastodon.post(String(value));}), {label: 'Message', type: 'string'} ); var server = new WebThingServer(new SingleThing(thing)); server.start(); Name Type
matters for IoT ! • Open Web of Things: to link WWW to physical world • Mozilla Things framework to connect devices in LAN • Privacy Is about user's data control of flows • Javascript aims to reduce integration complexity • Try webthing-iotjs on GNU/Linux or TizenRT ! • Support & comply to W3C standards, contribute to FLOSS
rzr
bkeepers
inesmontani
frankvandijk
tomoyanonymous
codingconduct
badams
jonyablonski
dugsong
jonrohan
mlcsv
scottboms
thoeni
