Masahiro Ishiyama

FIAP: Facility information access protocol for data-centric building automation systems

Intelligent buildings are getting data-centric - they archive the historical records of motion detectors, power usages, HVAC statuses, weather, and any other information in order to improve their control strategies. The engineering cost of installation and maintenance of such systems should be minimized as the system owner has to operate them for several decades: i.e., the lifetime of the building. However, there are several design pitfalls that multiply such engineering costs, which make the operation heavy burden. This paper identifies those pitfalls and presents technical challenges that enable lightweight installation and maintenance. We, then, design facility information access protocol (FIAP) for data-centric building automation systems. We carried out FIAP-based system integration into a building of the University of Tokyo, and demonstrate that FIAP enables incremental installation for wide varieties of applications with small engineering costs.

Security architecture for control networks using IPsec and KINK

There are many kinds of control networks which have been used in various nonIP network areas, such as BA (building automation), FA (factory automation) and PA (process automation). These do not incorporate reasonable security mechanisms as they have been mainly used for closed networks. Recently the security of control networks is becoming important because of the popularization of the Internet, the deployment of wireless technologies and the security requirements of such infrastructures. Control networks require security mechanisms which 1) enable end-to-end security that do not depend upon specific network topology, 2) work with multiple control network technologies, and 3) are suited to small embedded devices commonly used in control networks. This paper shows security mechanisms which can meet the above requirements, assuming that IP is applied to the control networks.

Secure mobile IP using IP security primitives

As the commercial use of the Internet becomes common and the demand for mobile computing through the Internet is emerging, it is necessary to construct a secure mobile environment. This paper presents an implementation example of such a system which employs a secure mobile IP protocol on stationary security gateways and mobile hosts. The IETF standard Mobile IP protocol is modified with IP security primatives, which control the packet flow from a mobile host through multiple security gateways. Using IP security primitives, the packet going into a corporate network and the packet going out the visiting network are both securely processed. This IP security based packet control allows transparent mobile access from anywhere on an IP network even with sufficient security support by encrypting and authenticating IP packets. The current implementation status and the performance evaluation is also reported.

A network mobility protocol based on LIN6

This paper describes the network mobility protocol based on LIN6 called LIN6-NEMO. The mobile IPv6 based network mobility protocol (MIP6-NEMO) is being discussed and proposed in IETF. MIP6-NEMO as well as Mobile IPv6, however, has some fundamental problems in their communication procedures, such as redundant routing and header overhead due to tunneling. LIN6-NEMO provides mobile networks with efficient communication procedures by introducing mapping agent (MA) which administers the location of the mobile nodes in the Internet and by introducing the mobile router with some special functions. LIN6-NEMO achieves packet forwarding through the optimal route without header overhead. This paper proposes and evaluates LIN6-NEMO. It was implemented on NetBSD 1.6K. Our measurement made sure that the overheads of communication process in LIN6-NEMO is allowable.

XML-less EXI with code generation for integration of embedded devices in web based systems

XML is a widely used as message serialization format in web-based open and heterogeneous systems because of its flexible data model. Internet-of-Things (IoT), or network with constrained nodes, is expected to be heterogeneous, and flexibility and expressiveness of XML are also good for IoT. However, RAM and bandwidth constraints on such nodes make handling of XML difficult. The authors are developing XML-less EXI to solve the problem. Our approach adopts Efficient XML Interchange (EXI) as alternative serialization form of XML. It solves the bandwidth problem of XML. At the same time, the authors apply code generation techniques to encode/decode EXI stream without XML data models on constrained nodes. Static state machines from a schema-informed EXI grammar enable constrained nodes to convert EXI data directly from/to its internal data. The authors show that XML-less EXI is highly efficient in RAM usage regardless of the size of an EXI stream and more compact in ROM size than other implementations. The authors also provide code size estimations for a set of schema-informed EXI grammars and insights on how to make the grammars compact.

Ecosystem of naming systems: discussions on a framework to induce smart space naming systems development

In this paper, we discuss the ecosystem of naming systems for smart spaces. Since we think resolution of detected object names should be a common trigger of smart space applications, we focus on naming systems. We aim at a naming system framework to enable the following. First, each application developer of smart spaces can design and implement new applications freely. Minimal limitations should be imposed on developers. Second, users can interact with applications opaquely. We propose combination of the following two approaches to induce naming systems evolution for smart space applications. The first approach is integration of independent naming systems for simple client resolvers. The second approach is a client resolver model to handle independent naming systems concurrently. We also describe some case studies concerning smart space application scenarios.

On scalability of DHT-DNS hybrid naming system

In this paper, we describe our evaluation work of a DHT-DNS hybrid naming system together with our prototype design and implementation of the DHT-DNS mounter. For the evaluation we conducted a series of experiments in a large-scale emulation testbed. We found a bottleneck limiting scalability of the proposed hybrid naming system at the mounter.

Implementing a Secure Autonomous Bootstrap Mechanism for Control Networks*This research is supported/funded by the Ministry of Internal Affairs and Communications of Japan.

There are many kinds of control networks, which have been used in various non-IP network areas, such as BA (Building Automation), FA (Factory Automation) and PA (Process Automation). They are now introducing IP and face the issues of security and configuration complexity. The authors have proposed a model which intends to solve these issues while satisfying restrictions, i.e. small embedded devices, isolated networks and private naming system/name space, which are required when introducing new functionality into existing control networks. Secure bootstrap sequence and device-to-device communication using the chain of trust are the points of the model. This paper shows the practicability of the model through implementing the model experimentally.

A prototype of a secure autonomous bootstrap mechanism for control networks

There are many kinds of control networks, which have been used in various non-IP network areas, such as BA (building automation), FA (factory automation) and PA (process automation). They are introducing IP and face the issues of security and configuration complexity. The authors have proposed a model which intends to solve the issues while satisfying restrictions, i.e. small embedded devices, isolated networks and private naming system/name space, which are required when introducing new functionality into existing control networks. Secure bootstrap sequence and device-to-device communication using the chain of trust are the points of the model. This paper shows the practicability of the model through implementing the model experimentally

Secured Anonymous ID Assignment Support for LIN6

Although mobility support protocols such as Mobile IPv6 and LIN6 are essential for a real mobile computing environment, there is an privacy issue: these protocols have to disclose an identity of the node to receive the benefit of mobility support. In this paper, we attempt to address this issue by assigning an identity to a mobile node dynamically and securely without disclosing the statically-assigned ID of the node in the LIN6 protocol. In our method, a mobile node generates an ephemeral public/private key pair and decides a LIN6 ID that is given by a hash of the public key. This LIN6 ID is called “anonymized LIN6 ID”. Then the mobile node requests to assign this ID dynamically to the Mapping Agent that maintains location information of the ID. The Mapping Agent issues a shared secret for updating the location information to the mobile node by using the public key. A mobile node can discard the ID or request a new ID whenever the node wants, thus it is hard to track the mobile node with the anonymized LIN6 ID. We also discuss the characteristics of anonymity and the potential of DoS attack in our proposed method.