Professional Documents
Culture Documents
DESIGN SOLUTIONS
… with Interconnect Components & Hardware
Battery Clips, Contacts & Holders Fuse Clips & Holders Terminals and Test Points
E L E C T R O N I C S C O R P.
Market-leading online
community of over
600,000 engineers
DESIGN WORLD
FOLLOW THE WHOLE TE AM ON T WIT TER @ DE S IGNWORLD
VP, Editorial Director VP, Creative Services VP, Digital Marketing Events Manager
Paul J. Heney Mark Rook Virginia Goulding Jen Osborne
pheney@wtwhmedia.com mrook@wtwhmedia.com vgoulding@wtwhmedia.com jkolasky@wtwhmedia.com
@wtwh_paulheney @wtwh_graphics @wtwh_virginia @wtwh_Jen
Senior Contributing Editor Art Director Digital Marketing Specialist Event Marketing Specialist
Leslie Langnau Matthew Claney Sean Kwiatkowski Olivia Zemanek
llangnau@wtwhmedia.com mclaney@wtwhmedia.com skwiatkowski@wtwhmedia.com ozemanek@wtwhmedia.com
@dw_3Dprinting @wtwh_designer
Webinar Coordinator
PRODUCTION SERVICES
Executive Editor Graphic Designer Halle Kirsh
Leland Teschler Allison Washko hkirsh@wtwhmedia.com Customer Service Manager
lteschler@wtwhmedia.com awashko@wtwhmedia.com Stephanie Hulett
@dw_LeeTeschler @wtwh_allison Webinar Coordinator shulett@wtwhmedia.com
Kim Dorsey
Executive Editor Graphic Designer kdorsey@wtwhmedia.com Customer Service Representative
Lisa Eitel Mariel Evans Tracy Powers
leitel@wtwhmedia.com mevans@wtwhmedia.com tpowers@wtwhmedia.com
@dw_LisaEitel @wtwh_mariel
ONLINE DEVELOPMENT
& PRODUCTION
Customer Service Representative
Senior Editor Director, Audience Development JoAnn Martin
Web Development Manager
Miles Budimir Bruce Sprague jmartin@wtwhmedia.com
B. David Miyares
mbudimir@wtwhmedia.com bsprague@wtwhmedia.com
dmiyares@wtwhmedia.com
@dw_Motion
@wtwh_WebDave
DESIGN WORLD does not pass judgment on subjects of controversy nor enter into dispute with or between any individuals or organizations. DESIGN WORLD is also an independent forum for the expression
WTWH Media, LLC of opinions relevant to industry issues. Letters to the editor and by-lined articles express the views of the author and not necessarily of the publisher or the publication. Every effort is made to provide
accurate information; however, publisher assumes no responsibility for accuracy of submitted advertising and editorial information. Non-commissioned articles and news releases cannot be acknowledged.
1111 Superior Ave., Suite 2600 Unsolicited materials cannot be returned nor will this organization assume responsibility for their care.
Cleveland, OH 44114 DESIGN WORLD does not endorse any products, programs or services of advertisers or editorial contributors. Copyright© 2020 by WTWH Media, LLC. No part of this publication may be reproduced in any
form or by any means, electronic or mechanical, or by recording, or by any information storage or retrieval system, without written permission from the publisher.
Ph: 888.543.2447
Subscription Rates: Free and controlled circulation to qualified subscribers. Non-qualified persons may subscribe at the following rates: U.S. and possessions: 1 year: $125; 2 years: $200; 3 years: $275;
FAX: 888.543.2447 Canadian and foreign, 1 year: $195; only US funds are accepted. Single copies $15 each. Subscriptions are prepaid, and check or money orders only.
Subscriber Services: To order a subscription or change your address, please email: designworld@omeda.com, or visit our web site at www.designworldonline.com
POSTMASTER: Send address changes to: Design World, 1111 Superior Ave., Suite 2600, Cleveland, OH 44114
APR IL
(IIoT) technology, from position sensors on cylinders to system flow sensors
and smart edge gateways. However, the rich data these tools produce also
presents a challenge: How to put this technology to work that makes the
most of opportunities.
•
14 DEVELOPING CONNECTED MEDICAL DEVICES
Super-small radio SoCs are being paired with innovative battery
HANDB OOK
technologies to bring inexpensive medical electronics online.
THI NGS
has taken a while to find its feet, but progress has in fact been sure
and steady, with some standout examples of successful niches.
30 BREAKING BLE
Despite built-in safe-guards, Bluetooth Low Energy IoT
devices are vulnerable to hacks when they communicate
over the air. Here are the basics of the problem.
There can be a lot of mystique attached comprised of silicon steel, nickel-iron, cobalt- expressed as the flux density, B, divided by
iron, and amorphous metal alloys. the magnetic field, H. Thus the lower the value
to the specs of magnetic cores used in power
Tape-wound devices can be useful up to of μ, the greater the value of H (or current)
inductors, due partly to the fact that magnetic 10 to 20 kHz depending their material. The that the core supports when B is below the
maximum usable frequency is usually lower maximum value of flux density (Bsat) inherent
materials may not be well characterized for
than for ferrites because their resistivity is to the magnetic material. Commercially useful
handling high levels of magnetic flux. Thus a lower, resulting in high eddy currents and magnetic materials have a Bsat that ranges from
higher core losses. The thinner the tape about 0.3 to 1.8 T.
few basic concepts may come in handy when
material, the higher the usable frequency. The gaps in power inductors can be
working with these components. A benefit of tape-wound cores is that they either discrete or distributed. Powder cores
saturate at higher levels than ferrite cores so are distributed gap materials. Microscopically,
There are three general types of materials they can be physically smaller at high power magnetic alloy powder grains are separated
used for inductor magnetic cores: powder levels. On the other hand, ferrites have lower from one another by binder insulation or
cores comprised of various iron alloys, ferrites, core losses and cost less per unit weight. Also, by a high-temperature insulation that coats
and wound cores comprised of thin magnetic nickel-iron alloys can be brittle, so tape-wound each grain. Distributing the gap throughout
steel strips. Of these, the most common go-to core toroids wound with this material can the powder core structure eliminates the
materials are ferrites for transformers, iron- be sensitive to shock and vibration. Tapes of disadvantages of a discrete gap structure, which
powder for inductors. silicon-steel alloy don’t have this problem. include sharp saturation, fringing loss, and EMI.
One reason is the behavior of these Additionally, distributed gap materials control
materials in the presence of ripple currents. MIND THE GAP eddy current losses to permit use of higher Bsat
Ferrites have a power loss comparable to that The magnetic cores used in power inductors alloys at relatively high frequencies though they
of iron powder but can handle higher ripple frequently have an air gap within their have a comparatively low bulk resistivity.
currents. Because transformers typically have structure. The gap is used to boost the flux Ferrite cores are where you typically
a high ripple current but zero average current, level at which the core saturates under load. find discrete gaps. A ferrite core with a gap
ferrite cores work well. Specifically, the air gap reduces and controls becomes a hybrid ferrite-air material. Its
In contrast, most inductors handle a small the effective permeability of the magnetic magnetic qualities move toward those of iron
amount or ripple current but a large average structure. Permeability, μ, is a measure of how powder in that the field inductance drops and
current. Iron-powder cores typically maintain much magnetization a material receives in the saturation current rises.
their magnetic qualities in the presence an applied magnetic field. Recall μ can be Ferrite’s main advantage for inductor
of high dc currents, though the ripple
current must be relatively small to avoid A comparison of core materials made by Magnetics Inc.
overheating. Thus iron-powders are usually
MPP High flux Kool Mμ XFlux 75 series Kool Mμ MAX
the first choice for inductor cores.
The geometry often used for power Permeability 14-300 14-160 14-125 26-60 26-60 26-60
inductors and transformers is the toroid
Saturation (BSAT) 0.7 T 1.5 T 1.0 T 1.6 T 1.5 T 1.0 T
because its shape maximally constrains
the magnetic field while providing a large Max temp (°C) 200 200 200 200 200 200
area for windings. Both powder cores and AC core loss Lowest Moderate Low High Low Very low
ferrites are commonly obtained shaped as
Toroid, E, Toroid, E,
toroids, but also tape-wound (also called Core shapes Toroid Toroid Toroid Toroid
U, Block Block
strip-wound or cut wound) cores can be
used as toroidal transformers. The strips DC bias Better Best Good Best Better Better
can be as thin as 0.000125 in and may be Alloy composition FeNiMo FeNi FeSiAl FeSi FeSiAl FeSiAl
LIFE *
Looking to have your remote wireless device complete a 40-year Tadiran Batteries
marathon? Then team up with Tadiran batteries that last a lifetime. 2001 Marcus Ave.
Suite 125E
Lake Success,
NY 11042
1-800-537-1368
516-621-4980
* Tadiran LiSOCL2 batteries feature the lowest annual self-discharge rate of any competitive battery, less than 1% per year, enabling these
batteries to operate over 40 years depending on device operating usage. However, this is not an expressed or implied warranty, as each
application differs in terms of annual energy consumption and/or operating environment. www.tadiranbat.com
INTERNET OF THINGS HANDBOOK
Developing connected
medical devices for the IoT Adrie Van Meijeren, Low Power Connectivity • Dialog Semiconductor
The Internet of Things (IoT) has disrupted many industries Finally, there’s the disposability issue. The nature of disposable
medical devices is that they will only be used for anywhere between
in short order. However, when it comes to adopting the IoT, the
14 days and two months. Given that short lifetime and their cost,
medical and pharmaceutical space has largely been held back. insurance companies are naturally reluctant to support them.
The answer to all these challenges lies in the battery and
It’s not entirely surprising. The high level of regulation in the specifically, in implementing disposable silver-oxide or printed
medical field and the (literal) life-or- death stakes of introducing new batteries. Recently both high-energy thin film lithium batteries and
technologies for patient care understandable lengthen development printed rechargeable zinc batteries have become commercially
cycles for new medical devices. But engineering roadblocks around available. But there are questions about whether or not these
power, size and cost have been the biggest factors in making technologies are ready for mass deployment.
widespread development and adoption prohibitive for disposable The fabrication of batteries via 3D printing has several
connected medical devices. advantages over conventional battery fabrication technologies. For
There is a path forward, though, for developers who want to one thing, battery components may be printed directly on the PCB
devise IoT-based medical designs that meet the necessary size, holding the rest of the electronics. Thus there is the possibility of
power and cost requirements. eliminating assembly and packaging steps that discrete batteries
One of the major roadblocks to developing disposable require. Additionally, the printing process can also conceivably
connected medical devices is cost. It can be a prohibitively fabricate complex battery architectures that may be impractical via
expensive venture to create designs in a small form factor that other means. Printing methods can adjust the shape and thickness of
integrate a system-on-chip (SoC) and the necessary external the electrodes and print solid-state electrolyte that is stable and safe.
components for, say, measuring blood pressure or glucose levels or Printed zinc batteries look promising. One such device from
inhaling medicine. That cost is driven up by the need for components Impact Energy uses a High Conductivity Polymer Electrolyte (HCPE)
like two crystals rather than a single low-power version; four-layer that is stable, rechargeable, and does not need a sealed container.
PCBs rather than cheaper and simpler two-layer boards; and costly Because the chemistry is based on zinc rather than lithium, it avoids
batteries. As long as the bill of materials (BOM) remains high and the safety issues associated with many lithium technologies In
the product isn’t miniaturized, mass market adoption of connected additoin, lithium titanate (LTO) and lithium iron phosphate (LFP) are
medical devices will slow to a crawl. commonly used anode and cathode materials in 3D-printed batteries,
In addition to BOM cost, medical designers often must contend but carbon nanomaterials are promising for use as electrodes as
with power consumption problems. Medical disposable products well. Carbon nanotubes and carbon nanofibers are widely used in
must last a long time. Shelf lives of 18 months up to several years are printing inks because of their high mechanical strength, high chemical
not unusual, followed with a relatively short active life measured in stability, large specific surface area, and excellent electrical and
weeks to months. During its time on the shelf, battery capacity can thermal properties.
drop from both self-discharge and leakage current to the application It also looks as though printed battery electrolytes will help
itself. Once active life starts, the battery may not have enough reduce fabrication costs as well. The electrolyte serves as catalyst
capacity available to support it. Clearly, both patients and doctors by promoting the movement of ions from the cathode to the anode
need IoT medical devices to be dependable – both to treat the on charge and in reverse on discharge. Electrolyte material plays a
patient and also to provide the data necessary to ensure dosages key role in electrochemical performance, cycle life, and safety of the
and tests happen correctly. battery.
There are still numerous challenges before printed batteries can on the supply rails. When power is applied initially, the charging of these
be widely commercialized. One problem is that currently there are only capacitors can result in an in-rush current that can exceed the nominal
a few printable active materials that can be used as inks. Additionally, load current. If left unaddressed, this high current can cause the voltage
much work remains to be done in characterizing how battery inks behave rails to fall out of regulation, perhaps making the system unstable or
when patterned over top other inks. And though there has been a lot of putting it in an unpredictable state. There are various ways of limiting
work done on the materials for the electrodes and electrolytes, current in-rush current. For example, some BLE devices incorporate built-in
collectors will likely need a similar amount of optimization. current limiters .
Once the technology is ready, healthcare applications will likely All in all, the review cycles for medical devices are justifiably long,
benefit greatly from super-thin 3D-printed batteries. Skin patches and it can be several years before they can hit the mainstream. But
using printed batteries are already commercial. Smart skin patches these devices have game-changing potential for patient care, and it all
use laminar batteries, often partially printed, combined with printed starts with finally cracking these longstanding design challenges.
electrode patterns to deliver drugs, cosmetics, and other chemicals
through the skin. Medical diagnostic devices will likely benefit as well.
Wireless sensor/network applications will also benefit. Here, the References
trend is to combine energy harvesting with thin batteries to keep the Dialog Semiconductor, www.dialog-semiconductor.com
package size down. Similarly, new small batteries will be a boon to
battery-assisted passive RFID although coin-cells are the main power
sources now. Smart card apps are another application wherein several
thin-film battery technologies have been optimized for lamination into
cards, though the prices are probably too high for disposable uses.
High peak currents can reduce battery capacity and lifespan. High
in-rush currents can arise in dc-dc converters which tend to incorporate
a high amount of capacitance on the power input to avoid voltage drops
As data are increasingly aggregated across manufacturing lines, the reality of autonomous lines is
likely to be reached in the next five years. Here’s a look at what a typical journey towards autonomous
manufacturing looks like and best practices for how manufacturers can begin to achieve this.
Within the industrial world, leaders When reflecting on the concepts of Industry 4.0, we need to consider where
production systems have come from and the changes that have been made over
are defining their journey to autonomous
time to improve throughput and efficiency.
manufacturing. Manufacturers are focusing on Production improvement starts with robotic process automation (RPA), where
you take a repetitive process and apply some form of mechanization to improve
digitization strategies that will help to drive
the throughput rate. The interesting thing here is that it doesn’t improve the
efficiency across their plants. processes quality, but does make it less variable—simply because the process
is more repeatable. For example, if your T H E STAT E O F A U T O N O M O U S through a complex process is difficult
current process produces 1,000 defects, RPA M A N U FA C T U R I N G T O D AY to achieve. Unless the system achieves
will make 10 times as many defects, but also The journey to autonomous manufacturing a rigorous sampling and tracking of the
produce 10 times as many good parts. This is is complicated. It’s not as trivial as simply component flow, people alone are not able to
great for throughput but not very effective for turning on a solution. In the final step join the data from step A through to step Z.
improving quality. described previously, the AI solution needs to The solution to this complexity is a
Once manufacturers started shifting offer guidance, making corrective suggestions system that allows manufacturers to express
paradigms to become more data-led in their to the production team to improve quality. the relationship between the start of a
production systems (by using historians, PLCs, This helps to reduce the manufacturing risk process and the end of the process, without
etc.), it enabled them to draw on that data because the quality result is assured despite a having to enforce the rigorous traceability
to inform the expert analysis of the process. large variance in input material. Total system that would typically be required. This system
This results in improved control limits and a efficiency is improved because less scrap requires looking at the process with a slightly
reduction in the variance and in the number means greater production capacity, as well as different view. It´s important to understand
of quality defects. It does however make the the production of better-quality parts. the quality result from each step in the
operators´ job more difficult, as they need to Most plants today draw data from their process to make a final quality improvement
manually maintain the process within these production systems and send it to their at the end of the process.
finite control bounds. engineering or production teams. Operators
The next level of improvement is to are left to follow their own inquisitiveness E X I ST I N G SY ST E M S C A N B E U S E D
make these adaptive changes as quickly as they look through the data to devise an The paradigm of autonomous manufacturing
as possible, with an understanding of the optimization or system improvement. There is specifically designed to work with existing
system from start to finish, to improve isn´t a holistic view or use of data from the processes. The only change is that the
production. This final step brings us closer start to the end of a process to achieve an manufacturing system becomes more
to the goal of autonomous manufacturing. overall system improvement. data-led, by using production data and
Production systems need to be flexible to These data led investigations are quality data to make the prescribed process
tolerate the variance in upstream processes, also limited by the complexity of the changes that result in improved quality. The
without compromising on the quality of the manufacturing system. These systems-of- journey to autonomous manufacturing is,
final output. processes are often too complex to express in in fact, predicated on having an existing
The future of industry 4.0 is definitely the terms of classical engineering descriptions production system - although it can also
more flexible. We´re at a point where of their processes. An engineering model that work in greenfield spaces. Autonomous
artificial intelligence (AI) systems are able to would be able to handle material from the manufacturing only requires enough data
correct at the highest rate possible, which start of the process through to the finished to describe the process in order to make a
is ahead of real-time, to produce the best goods is too complex to express analytically substantial impact on the system.
quality at the lowest cost, without the need or interrogate with traditional methods. In
for a human expert. addition, the traceability of the component
B E ST P R A C T I C E S F O R A U T O N O M O U S
M A N U FA C T U R I N G References
The two most important things manufacturers can do to DataProphet, https://dataprophet.com/
prepare production systems to achieve the goal of autonomous
manufacturing are:
Topics include:
• Power electronics
• Embedded computing
• Test & measurement
• Sensors
• Connectivity
The USB Type-C connector has received significant Test points for USB4 compliance testing
adoption with ubiquitous standards like USB, DP, and
Test point Description Comments
Thunderbolt. The next-generation variant of USB is USB4.
TP1 Transmitter IC output Not used for electrical
USB4 will transmit and receive on all four lanes of the Type-C testing.
connector in parallel, with bonded rates of 40 Gbps in each TP2 Transmitter port Measured at the plug side
direction for an 80-Gbps link. connector output of the connector.
TP3 Measured at the
As these signals get sent through even longer passive Receiver port connector receptacle side of
cables, specialized transmitter and receiver techniques are output the connector. All the
necessary to preserve signal integrity. They involve new measurements at this
equalization requirements, signaling technologies, and point shall be done
measurement methodologies. Here, equalization at the while applying reference
transmitter and/or receiver serves to mitigate the effect of equalization function.
intersymbol interference and hence, to minimize the bit
error rate (BER). In equalization, the signal passes through TP3 Receiver port connector Measured at the plug size
a filter having its frequency response equal to the inverse input of the connector.
of the channel frequency response. A high gain is applied TP4 Receiver IC input Not used for electrical
at higher frequency to counter the signal attenuation at testing.
the high frequencies. In simple words, equalization is an
adaptive filter with coefficients determined at runtime
depending upon the physical channel. It takes ultra-low- Source: USB Implementers Forum
noise test instruments to properly characterize these high-
speed signals.
The USB4 standard was announced in Q1 of 2019
and the specification published in August 2019. Typically,
there is often a more lengthy
time-lag between the standards TP1 TP2 TP3’ TP3 TP4
announcement and the
specification release. But there
PCle DN USB3 DN
Adapter USB4 Port USB4 Port Adapter
USB 2.0
USB4/Enhanced SS Bus
Insertion loss budget for USB4 Insertion loss budget for USB 3.2
Speed Total budget (dB) Host (dB) Cable (dB) Device (dB) Data Rate Host Connector Cable Connector Device
Gen2 (10G) 23 5.5 12 5.5 5G 10dB Std A 7.5dB Std B 2.5dB
Gen3 (10G) 22.5 7.5 7.5 7.5 5G 10dB Std A 3.5dB Micro B 6.5dB
5G 6.5dB C 7dB C 6.5dB
Insertion Loss Budget for USB 3.2 and USB4. 5G 10dB Std A 3.5dB C 6.5dB
Source: USB Implementers Forum
5G 6.5dB C 4dB Std B 2.5dB
5G 6.5dB C 4dB Micro B 6.5dB
was only a short period between the USB4 announcement and spec 10G 8.5dB Std A 6dB Std B 8.5dB
release because USB4 is based on the Thunderbolt 3 protocol. 10G 8.5dB Std A 6dB Micro B 8.5dB
Earlier generations of USB like USB3.2 could be implemented on
the Std A or B connectors, but USB4 must be implemented using the
10G 8.5dB Std A 6dB C 8.5dB
Type-C connector. The USB4 physical data rate is 20 Gbps on one lane 10G 8.5dB C 6dB Std B 8.5dB
with a requirement to run in x2 mode for a 40-Gbps bonded effective 10G 8.5dB C 6dB Micro B 8.5dB
bit rate. There are numerous high-speed standards that run much
faster. The challenge with USB4 is that the link must work with a low- 10G 8.5dB C 6dB C 8.5dB
cost cable that is running as a 20bGbps x4 pipe or 80 Gbps.
Mag [dB]
Mag [dB]
-6 8dB
-15
9dB
-7
-20
-8
-25
-9
7 8 9 10 11
0 2 4 6 8 10 12
10 10 10 10 10
Freq. [Hz] Freq. [Hz]
Short channel transmitter specifications. Here a short channel represents a device that plugs directly into the host
connector (such as a memory stick) with a host controller that is as close as possible to the host port connector.
Transmitter Equalization Pre-Shoot and De-Emphasis 2.0, and potentially also DisplayPort and PCIe. It might be natural
to assume that if the link runs correctly at 20 Gbps, then for sure it
Informative filter coefficients would run at 10 Gbps and the slower rates. So why bother testing
Present Pre-shoot De-emphasis
number (dB) (dB) C-1 C0 C1 the lower rates if testing at 20 Gbps passed?
The reason is each of these speed rates takes place under a
0 0 0 0 1 0 different set of conditions and experience a different channel loss.
1 0 -1.9 0 0.90 -0.10 So, though a bit rate may be slower, the cable used will be much
longer and lossier. There are numerous instances where a link will
2 0 -3.6 0 0.83 -0.17
test fine at 20 Gbps and yet fail at 10 Gbps when tested with a
3 0 -5.0 0 0.78 -0.22 longer cable model.
4 0 -8.4 0 0.69 -.31 An understanding of the entire link’s loss budget is critical
to designing, testing, and implementing a low-BER system.
5 0.9 0 -0.05 0.95 0
Comparing USB4 IL to the USB 3.2 IL spec, the loss budget for the
6 1.1 -1.9 -0.05 0.86 -0.09 link partners has shrunk from 8.5 dB to 5.5 dB at the 10-G rate.
7 1.4 -3.8 -0.05 0.79 -0.16 So the USB3.2 link implementations may not work with the much
tighter USB4 IL budget.
8 1.7 -5.8 -0.05 0.73 -0.22 The good news is the cable loss increases from 6 to 12 dB at
9 2.1 -8.0 -0.05 0.68 -0.27 10 Gbps. The negative to this relaxed cable loss is that although
10 1.7 0 -0.09 0.91 0 USB4 10 G runs at the same rate as USB3.2 10 G, it must work with
a 12-dB cable and not a 6-dB cable. Thus it’s important to have a
11 2.2 -2.2 -0.09 0.82 -0.09 thorough understanding of the insertion loss budget.
12 2.5 -3.6 -0.09 0.77 -0.14 The next step is understanding where and how the compliance
13 3.4 -6.7 -0.09 0.69 -0.22 test points are defined. There are no specific rules for naming
test-points, so TP0, TP1, TP3’, TP3EQ will mean different things in
14 3.8 -3.8 -0.13 0.74 -0.13 different specifications.
15 1.7 -1.7 -0.05 0.55 -0.05 For USB4 Tx testing, TP2 is the near-end or short channel test
point at the Type-C connector. TP3 is the far-end or long channel
use case test point - note the definition of TP3 includes the
receiver equalization.
For Rx testing, TP3’ would be the short channel test point. TP2
would be the long channel use case. It’s important to know the
test points precisely to accurately set up the tests and perform the
compliance measurements.
Long Channel Transmitter Specifications There are significant channel losses
with the passive cable use case, so both
Symbol Description Min Max Units Comments Tx and Rx equalization are required in
the implementation and when testing.
TJ Total jitter -- 0.60 UI pp See note 2, note 3. When performing Tx testing, it is critical
Sum of uncorrelated DJ and RJ to find the optimal continuous time linear
UJ components (all jitter components -- 0.31 UI pp See note 2. equalization (CTLE) and decision feedback
except for DDJ) equalization (DFE) setting that provides
the largest eye opening. CTLE is a linear
Deterministic jitter that is
UDJ -- O.17 UI pp filter applied at the receiver that attenuates
uncorrelated to the transmitted data low-frequency signal components, amplifies
Measured for 1E6 components around the Nyquist frequency,
UI. See Note 2, and filters out higher frequencies. DFE is
X1 TX eye horizontal deviation -- 0.23 UI
Note 4, and figure a filter that feeds back a sum of detected
3-15. symbols to the symbol decoder for the
Measured for 1E6
TX eye inner height (one-sided voltage
Y1 49 mV UI. See Note 1, Note
opening of the differential signal Long channel refers to the situation
2, and figure 3-15.
where the USB device connects to the
Measured for 1E6
TX eye outer height (one-sided voltage controller through a 3-m-long cable.
Y2 -- 650 mV UI. See Note 1, Note
opening of the differential signal
2, and figure 3-15.
Case 1:
Neighbor Short channel and long channel
TX PJ RJ SSC
receiver test cases. The short
channel case represents a device
TP3’
that plugs directly into the host
Device Plug Pattern connector (such as a memory
under test Fixture TX FIR Generator stick) with a host controller that
is as close as possible to the
host port connector. .The long
channel represents the situation
ACCM
Noise where the USB device connects
Software Channel to the controller through a
3-m-long cable.
Case 2:
TP3
Receptacle
Fixture
Calibration Path PJ RJ SSC
ACCM
Noise
Software Channel
Is predictive maintenance
the ‘killer app’
of Industrial IoT?
Once headlined as the ‘killer app’ for IIoT, predictive maintenance has
taken a while to find its feet, but progress has in fact been sure and
steady, with some standout examples of successful niches.
PREVENTIVE VS PREDICTIVE
One of the biggest challenges to predictive
maintenance adoption has been the fact
that many industry sectors are still working
their way through the implementation of
preventive maintenance systems. Arguably
the forerunner of predictive, preventive
maintenance systems can range from quite
simplistic, such as a ‘traffic light’ health system
for individual machines or plant elements,
to far more complex networks of sensors
feeding data back to centralized dashboards.
However, it generally relies on manufacturer
lifetime predictions, human operators or
direct sensor data to highlight potential
problems, rather than use complex algorithms
to predict maintenance schedules.
This means that the benefits of preventive
maintenance are becoming well-entrenched,
but the staged adoption has left many
industrial players waiting for the machine
learning and AI market to mature further,
easing adoption pains, and lowering costs.
conditions. However, by deploying IIoT sensors and analytics maintenance remotely, rather than requiring highly-trained teams to
technologies rail operators can move from wasteful inspection cycles tour windfarms and conduct routine testing.
(where perfectly serviceable equipment is checked and rechecked
irrespective of condition) towards preventive, conditions-based and PREDICTIVE COMES OF AGE
predictive maintenance. Overall, while predictive maintenance may have taken some time
For example, Nokia created a rail asset lifecycle optimization to mature, there are signs that the market is beginning to open
application that brings all three elements together, not only up, especially in niche use cases. More generalized ‘plug-and-play’
modelling maintenance schedules for each asset based on learned systems targeting wider industry sectors are also beginning to
operating parameters and incorporating external data such as emerge, highlighting that R&D investment is beginning to translate
weather conditions, but also building in crucial risk-related data into real-world demand. It seems that predictions of demise have in
around the consequences of a component failure. this business case at least, been exaggerated.
designfast.com
INTERNET OF THINGS HANDBOOK
Breaking BLE
Despite built-in safe-guards, Bluetooth If you eyeball internet-of-things Many vulnerabilities pertain to the
Low Energy IoT devices are vulnerable to process of pairing devices, verifying and
items ranging from smart ac plugs to motion
hacks when they communicate over the authenticating the identity of BLE nodes
sensors you typically find connectivity via wishing to connect up. Part of the problem
air. Here are the basics of the problem.
the Bluetooth Low Energy (BLE) standard. is that there are several ways of pairing
Leland Teschler, Executive Editor devices, and not all of them have a high level
A lot of IoT devices use BLE because the of security. Ditto for BLE traffic encryption.
protocol is well suited for transferring small Data encryption is used to prevent MITM
eavesdropping attacks on BLE links by
amounts of data while consuming little
making data unintelligible to all but the BLE
power. But though BLE incorporates several master and slave devices forming the link.
Earlier versions of BLE had communication
security measures, vulnerabilities in the
modes that didn’t incorporate a public
protocol have emerged over time. key exchange for encryption/decryption,
probably because more computing power
For example, BLE communications can (and a faster battery drain) was involved in
be hacked via man-in-the-middle (MITM) running encryption/decryption algorithms.
attacks where an attacker secretly alters Recent versions of the BLE standard
messages between parties who think they incorporate modes where users must enter
are communicating with each other. BLE credentials to connect with IoT devices.
credentials can also be sniffed using a Unfortunately, researchers have found that
sniffing device that examines data sent on many BLE IoT devices don’t implement app-
the advertising channels used to let BLE level authentication properly.
devices find each other. In BLE spoofing, In particular, numerous BLE IoT devices
an attacker mimics the MAC address of a use “Just Works” for pairing (no invocation of
BLE device as a means of impersonation. app-device bonding at all), which allows any
Denial-of-service attacks are also possible nearby attackers to arbitrarily connect and
because peripheral BLE IoT devices are possibly do something devious.
usually designed to connect with only To understand the problem with Just
one master at a time. Bombarding the Works pairing, consider that there are four
BLE device with connection requests in different pairing methods, but they all take
response to advertising packets can prevent place in three phases. In phase one, the two
legitimate users from connecting. In addition, devices let each other know what pairing
unauthorized co-located apps can also hijack method is going to be used and what the
the connection between legitimate mobile BLE devices can do and expect. In phase
apps and BLE devices. two, a Short Term Key (STK) gets generated
Established LL connection
(Optional) Security_Request
Pairing_Request
Phase 1
Pairing_Response
by having the devices agree on a Temporary Key (TK) mixed with some They also performed a field test in which 7.4% of 5,822 BLE devices
random numbers to yield the STK. The STK itself is never transmitted were vulnerable to unauthorized access.
between devices. In phase three, the key from phase two is used to
distribute other keys needed for communications. FINGERPRINTING
What may be the most secure of the four pairing methods is called The Ohio State researchers also said their field test uncovered 5,509
OutOfBand, OOB, so called because it involves authentication outside BLE devices that were “finger printable” by attackers. The fingerprinting
the BLE communication channel. The Apple Watch is a good example. involves the universally unique identifier (UUID) from the advertisement
For pairing, a swirling pattern of dots displays on the watch face. The packets broadcast by the BLE devices. UUIDs are typically 128-bit
user points the camera of the iPhone to be paired at the watch face to hexadecimal strings. The point of broadcasting UUIDs is so a BLE peripheral
link the two. can advertise what services it provides, such as measuring a heart rate.
Another strong pairing method is called Passkey Entry. Here a six- Thus some of the information in the UUID-- i.e. that defining the predefined
digit value displays on one device and is entered manually into the other. services-- is universal. Nearby mobile apps must know what the UUID
The two other pairing methods have more problematic security. means to discover the device sending it out. Also, UUID packets are not
With Numeric Comparison pairing, devices to be paired both display the encrypted-- all other kinds of BLE packets are.
same six-digit value. Pairing generally involves just hitting “OK” on both Ohio State researchers say this use of UUIDs is a design flaw. UUIDs
devices. The main purpose of Numeric Comparison is to identify devices can be obtained from not only the BLE traffic but also from the IoT
to be paired rather than thwart bad actors. MITM attacks are possible. companion mobile apps. Attackers can use UUID information to fingerprint
The last pairing method, called Just Works, is said to be the most widely a BLE device this way: Attackers bent on mischief would first scan all
used. It was intended for devices that lack a display. As in Numeric mobile apps in an app store, such as Google Play, to find all possible UUIDs,
Comparison, a six-digit value gets passed, but the six digits are all allowing them to fingerprint all BLE devices statically. It is likely that multiple
zeros. Thus any nearby BLE device sending out a Just Works connection apps use the same scheme-specific BLE chip or UUID configuration,
request can pair up with those nearby that use the same pairing scheme. preventing any nearby attackers from precisely knowing which device the
The Just Works method has come into wide use because it victim is using. To further narrow things down, attackers can inspect the next
consumes less power than the other pairing methods. BLE schemes that layer UUIDs (because BLE devices often organize UUIDs in a hierarchical
employ Just Works pairing may build-in other security measures that are structure) and use the structure of the UUIDs to fingerprint a victim
less power intensive, typically at the app level. For instance, the app can BLE device. With the fingerprinted UUID information, they can sniff all
ask users to enter credentials and deliver them (through encryption) to advertising packets nearby (e.g., a metropolitan area such as New York City)
the IoT devices to authenticate the connection. to locate these devices. If mobile apps also tell them Just Works or weak
Nevertheless, security researchers say vulnerabilities during pairing pairing is in use, attackers can directly exploit these BLE devices.
constitute a severe security risk. For example, researchers at The Ohio In tests, the researchers discovered 168,093 UUIDs, 13,566 of which
State University recently developed an automated app analysis tool and were unique, when they analyzed free BLE apps in Google Play. They
used it to identify 1,757 vulnerable free BLE apps in Google Play store. also point out that there are special receivers available that can be used
to sniff BLE signals up to 1 km away, though the app for security, the approach is to look are external inputs (e.g., received from the
BLE signals typically travel only up to 100 m. at the disassembled app code for any use of BLE network or user inputs), then the app has
To prove their point, the OSU researchers built cryptography. If there’s no cryptography, the used hardcoded commands including possible
their own BLE sniffing device using not much conclusion is the channel is not secure, and passwords to interact with the BLE devices
more than a Raspberry Pi and a BLE antenna. both passive/active sniffing and unauthorized Researchers also note that further
This DIY sniffer identified 431 vulnerable access can be successful. intelligence may be gained by knowing
devices, including 369 units where the Even in apps employing cryptography, where the UUIDs are used (i.e., the execution
researchers could eavesdrop on conversations, flawed authentication can rear its ugly context). There are seven documented APIs
within an area of just 1.28 square-miles. head. One such flaw is the hardcoding of all defined by the Android BLE framework that
Work by the OSU researchers shows what credentials in the app, potentially discernible carry the UUIDs as parameters, to generate
steps attackers must take when trying to decipher by disassembling the code. However, OSU the instances for accessing the related service,
UUIDs. Sometimes UUIDs are directly hardcoded researchers say it can be challenging to characteristic and descriptor in the paired BLE
in the app. In this case, they may be extracted identify authentication flaws because there devices. While an app could have multiple
simply by looking for regular strings of characters is no specific code pattern for implementing UUIDs, their usage may have dependencies
(grepping) in the decompiled app code. app authentication. Thus there’s no that can be exploited.
UUIDs associated with an IoT device also documented APIs to identify for extraction of
typically have a hierarchical structure. A service the hardcoded credentials. COUNTERMEASURES
UUID can have “children” UUIDs derived from It turns out that flawed authentication To head off vulnerabilities, researchers say
its characteristics. Such a UUID hierarchy could involving hardcoded credentials can be the app should encrypt the data sent with
provide information useful for determining identified systematically. The key insight is that no hard-coding of any factors involved in the
which IoT app maps to a particular BLE device. to securely authenticate a mobile app to a BLE encryption. Developers should also hide the
One complicating factor is that no structural device, the app must provide a credential that authentication credentials in the cloud or let
rules define relationships between parent and comes from the external input, such as letting users enter them in the app.
children UUIDs, so some educated guessing the user enter a password. OSU researchers The root vulnerability that enables
may be involved. say this opens up the possibility of using a UUID fingerprinting is that BLE devices must
OSU researchers also explain the general data flow analysis algorithm to identify such broadcast advertised packets to inform nearby
approach attackers would likely take in figuring apps. This approach, if used for nefarious apps. The UUID can be sniffed either from
out whether an app itself is insecure. The only purposes, implies an extremely determined the advertisement packets or by browsing for
way a nearby attacker can sniff vulnerable attacker: The technique would likely involve services after the connection has happened.
IoT devices paired via Just Works is to figure creating data-flow equations for each node of In addition, UUIDs are fixed values and do not
out whether the app involved uses flawed or the app’s control flow graph and solving them change over time.
insecure authentication. To implement proper by repeatedly calculating the output from the The fingerprinting attack relies on mobile
authentication, the app must use cryptography input locally at each node. app analysis to reveal the UUIDs and their
to prevent a relay attack either by encrypting In particular, researchers say data sent out hierarchies, So anything that discourages this
the authentication token with nounces to BLE peripheral must go through low-level sort of analysis can be helpful.
(arbitrary numbers used only once to ensure APIs, allowing use of program slicing-basically Researchers also say that although
communications can’t be reused) or by using looking at a subset of program statements that protection methods in the app-level are
an additional layer of encryption of the traffic affect a variable of interest--to trace back to the seemingly plausible, they can’t fundamentally
atop BLE link-layer encryption. Thus to check source of the data. If none of the data sources prevent the UUIDs from being reverse
engineered from mobile apps. Obfuscation and encryption can only programming interfaces to configure UUIDs for advertisement packets,
make it more difficult for attackers to retrieve UUIDs because the services, characteristics, and descriptors.
app will work with plain-text UUID somewhere along the line. Storing Clearly it would take a determined hacker willing to spend time
UUIDs outside the mobile app can prevent the UUIDs from being parsing through disassembled app code to exploit some of the
statically reverse engineered, but attackers can still obtain the plain- vulnerabilities the OSU researchers uncovered. That’s probably beyond
text UUIDs at run-time. the capabilities of casual mischief makers, but not out of the question
Researchers additionally advocate the piecing out of UUIDs as they for state-sponsored hackers and criminals.
get transmitted in the BLE RF channel. In this way, attackers can only
see segments of UUIDs instead of continuous signals, The downside is
that this approach probably entails use of additional hardware.
References
Another fundamental countermeasure would be to construct
Automatic Fingerprinting of Vulnerable BLE IoT
one-time dynamic UUIDs. The OSU researchers claim this scheme only
Devices with Static UUIDs from Mobile Apps,
requires an update of both the app and device firmware. Because
https://dl.acm.org/doi/10.1145/3319535.3354240
multiple users can access one BLE device, they suggest using the
cloud help synchronize the UUIDs among users. Then once an app has
Bluetooth SIG Inc., https://www.bluetooth.com/
successfully connected with an IoT device for the first time, it negotiates
specifications/protocol-specifications/
a dynamic UUID for future communication. To prove this scheme
actually works, the OSU team says they implemented a prototype
using a real BLE chip in a software development board which provides
0402CT Series
Low-profile Ceramic Chip Inductors
• Maximum height of 0.45 mm ... 30% lower than competition
• 23 inductance values available ... from 1.2 to 56 nH
• Excellent Q Factors ... up to 84 at 2.4 GHz
• Very high SRF ... as high as 27.5 GHz
3 only on the radio numbers for the SoC specifications when selecting a BLE
current drain is a common mistake. The SoC. These current numbers must
front-page of the device documentation be inserted into a model that closely
2
often must be validated with a thorough matches the application environment to
analysis of the data-sheet. produce a fair estimate of the average
Another example is the CPU power power consumption. Such models
consumption reported in microamps- typically include the ON/OFF duty-cycle,
1
per-megahertz. This number can knowing that a low duty cycle will favor
become a decisive selection criterion an SoC with the lowest deep-sleep
in the case of intensive compute current. A high duty cycle will favor an
0 applications. It is typically reported in SoC with the lowest active current.
-40 -20 0 20 40 60 80 100 120
Temperature (Degrees C)
the best-case scenario, which is often Another parameter could be
the maximum frequency of the CPU. the ambient temperature of the
In other words, the value shown in the end product, understanding that
data-sheet could prove to be vastly the leakage current of a BLE SoC at
EFR32BF22 current consumption in inaccurate when the SoC CPU works at 25°C is significantly different from the
sleep mode using dc-dc converter a different frequency than that specified leakage at 85°C or higher. The leakage
5 in the manufacturer’s documentation. current at a high temperature can be
1 MHz
A third example is the deep-sleep a key selection criterion in industrial
16 MHz
26 MHz current, critical for battery-operated applications such as sub-metering,
4 38 MHz end products. This number typically which need a guaranteed battery life at
ranges between hundreds of nanoamps high temperatures.
to a few microamps. It is essential Another important element of
Supply current (mA)
to ensure the deep- sleep current the application relates to the type of
3
numbers are associated with the size of battery technology used (in the context
the RAM retained and include the real- of battery-operated end products).
time-clock (RTC) current consumption. The battery powers the on-chip dc-dc
2 The RTC is used to maintain the timing converter integrated in the latest BLE
necessary for proper BLE operation. In SoCs. Using the dc-dc converter will
the case of the EFR32BG22 SoC, the significantly reduce the active current
1
front page of the data-sheet mentions consumption of the entire SoC. Some
a deep-sleep current of 1.05 µA in EM3 sophisticated SoCs may integrate
mode with 8 kB of RAM retained and separate dc-dc converters for the radio
the RTC running from the ULFRCO and for the CPU. This practice provides
0
-40 -20 0 20 40 60 80 100 120 (ultra-low-frequency RC oscillator) on- an optimized solution, but the trend is
Temperature (Degrees C) chip module. The current consumption clearly to have only one converter to
section of the data-sheet provides minimize the cost of the SoC.
additional information. Finally, it is also important to
The leakage current of a BLE SoC at 25°C differs Thus the lack of standardization understand how on-chip or off-chip
significantly from that at 85°C or higher as for power numbers in datasheets can memories are used. A common
demonstrated in these supply current graphs produce erroneous comparisons that requirement for BLE end nodes is to
for the EFR32BG22 BLE SoC. Also evident in the could ultimately lead to selecting the perform over-the-air (OTA) updates of
graphs is that supply current can depend a great wrong device. software. Depending on the size of the
deal on the SoC clock frequency. Here the top image to be transferred, an external
graph is for the EM0 active mode while the lower UNDERSTANDING APPLICATION flash device can be economical. But
graph is for the EM1 sleep mode. Both graphs REQUIREMENTS its added power consumption and
depict chip current when the internal dc-dc It is important to consider the potential for security problems can,
converter is employed with a 3-V supply. application requirements when however, prove to be quite higher
assessing BLE SoCs. Most suppliers try than that when using on-chip flash.
BLE BLE
O/S 12C LPF notify CRC 12C LPF notify CRC
BLE
Server - Queue Queue
DUT
PhyLink Tx Rx Tx Rx
PhyLink Rx Tx Rx Tx
BLE
Client -
Radio Queue Queue
Manager
BLE BLE
O/S write Verify Verify
write
VREGSW
HFXTAL_I
VREGVSS 38.4 MHz The combination of sophisticated hardware and
HFXTAL_O
powerful software enables application developers to
DVDD LFXTAL_1 perform their own benchmarking on multiple devices.
32.768 kHz
(optional) This is the recommended approach that should be
LFXTAL_O
taken before selecting a BLE SoC. While initially more
time consuming, this approach proves to be extremely
DECOUPLE
VDD valuable and helps reveal hidden challenges resulting
CDECOUPLE RFVDD PAVDD
from either missing hardware features or non-optimal
software capabilities.
The development of a standardized benchmarking
strategy can also help developers compare devices
from multiple suppliers. The IoTMark-BLE benchmark
profile developed by the Embedded Microprocessor
Benchmark Consortium (EEMBC) provides a useful tool
EFR32BG22 typical application for assessing power consumption. The IoTMark-BLE
using dc-dc converter benchmark profile models a real-world IoT edge node
VDD consisting of an I2C sensor and a BLE radio through
Main sleep, advertise and connected-mode operations.
supply CIN
While this IoTMark-BLE benchmark might not suit
all use cases, it can serve as a foundation for developing
appropriate scenarios for any given application.
VREGVDD AVDD IOVDD In a nutshell, side-by-side comparisons of vendor
datasheets can lead to costly misunderstandings and
VDCDC LDCDC misrepresentations. The analysis of BLE SoCs must take
VREGSW place at a system level as illustrated when comparing
HFXTAL_I
CDCDC VREGVSS 38.4 MHz on-board and external dc-dc converter blocks within an
HFXTAL_O
SoC. Third-party benchmarks can often help determine
DVDD LFXTAL_1
32.768 kHz what the comparative analysis should look like.
(optional)
LFXTAL_O
DECOUPLE
References
RFVDD PAVDD
CDECOUPLE The EFR32BG22 datasheet:
https://www.silabs.com/wireless/
gecko-series-2/efr32bg22
and involves many players. Each layer In all these cases, however, the end
Josh
adds complexity, which affects the overall user faces a similar set of challenges with
security and scalability of the system, not to unlocking the full value of equipment data.
mention added labor and cost (Figure 1). First, communication protocols
Fortunately, new technologies themselves impose some limitations.
are coming to the fore that bypass the Proprietary protocols, obviously, inhibit
traditional technology stack. There are interoperability, even if the manufacturer
several key technologies for machine supplies a client application for
integration called MQTT, a lightweight, communication with their device. To enable
publish-subscribe communications protocol true integration, the manufacturer needs to
for the internet of things (IoT). Including offer a custom communications driver that
MQTT as an interface option multiplies can be incorporated into other applications.
the reach of machine data, providing new However, even common industrial
options to end users and even making protocols, like Modbus/TCP or Ethernet/IP,
direct-to-cloud integration a possibility. have limited compatibility with IT systems—
Wire sensor to
Write code Write code Configure
temperature Store data in the cloud
to get data sending to firewall
input or on-premises
database
Write code
Log data
to log data
Install, and Figure 1: Providing even basic equipment information
Sensor
configure
input module to central business applications involves a complex
hierarchy of software and hardware systems.
where data is in highest demand—and require further software and bandwidth, with each making its own connection to field devices and
hardware support for integration. The most common approach requires requesting the same data over and over again.
the use of an open platform communications (OPC) server with drivers for All these one-to-one connections also create security issues, for
each type of protocol in use on the plant network. No problem, right? which traditional industrial protocols and equipment, like PLCs, lack
An unfortunate by-product of this model is that the more the native support (Figure 2). Additional equipment and networking, like
network grows, the more congested it becomes. Poll-response VLANs and firewalls, are required to provide security after the fact.
communication protocols, like the ones mentioned, on control and Unfortunately, with many different protocols in use, network protections
corporate networks send frequent requests for information to maintain become peppered with exceptions or become so restrictive that large-
a sense of the state of the system and to act on the latest data. scale integration is impeded.
Additionally, business applications accessing field data through an OPC Speaking of large-scale integration, these communications systems,
network may be competing with industrial SCADA (supervisory control of course, do not maintain themselves. Every controller, every gateway,
and data acquisition) or historian applications on the control network for every server and firewall, needs to be installed, configured, and updated
rdworldonline.com
eeworldonline.com | designworldonline.com 4 • 2020 DESIGN WORLD — EE NETWORK 39
INTERNET OF THINGS HANDBOOK
over time, rarely by the same person. Not SCADA projects in the oil Figure 2: The typical industrial device contributes to
only does that mean more personnel handling & gas industry. Beginning the complicated web of unsecured, point-to-point
operating system updates and security policy in the early 2010s, MQTT connections that make up industrial networks.
configuration, it also means more cost in grew in popularity to emerge
software licensing and upgrades. in recent years as the top
With the influx of data required for highly IoT-specific protocol. Since applications and IIoT. Rather than establishing
connected, intelligent plant environments, then, it has been enhanced for mission-critical multiple one-to-one connections between
plant engineers are looking for more scalable industrial applications through an additional master applications and slave devices, and
solutions; and OEMs who are looking to the specification, called Sparkplug B (SpB). then polling those devices repeatedly for
future need to consider a different set of What makes MQTT different? Efficiency. information, MQTT establishes a shared server,
integration offerings for their equipment. Cirrus Link Solutions, the company that known as a broker, as the endpoint for all field
developed the SpB spec, reports an 80-95% devices and applications (Figure 3). Devices
ENTER MQTT reduction in bandwidth consumption by users publish data to the broker, but they do so
MQTT, formerly MQ Telemetry Transport, who move to an MQTT infrastructure. only when a change occurs in a given process
was developed in the 1990s under IBM’s MQTT achieves this efficiency using variable—a feature called report by exception.
Smarter Planet initiative to provide bandwidth- a radically different communication model Network applications can connect to the same
efficient I/O communications for distributed from other protocols used for industrial MQTT broker, subscribe to updates from any
device, and the broker will deliver them as they the addition of SSL/TLS encryption, MQTT
occur. If a device goes offline, the broker also traffic can be safely routed over public networks, Figure 3: MQTT creates a secure, highly
delivers that notification to any subscribers. and in fact, is the standard for all the major scalable, many-to-many architecture
This publish-subscribe communication cloud IoT platforms, like Amazon Web Services, for industrial applications and IIoT.
model allows for reliable, many-to-many IBM Cloud, and Microsoft Azure.
communication with reduced network traffic But it is the OEM who unlocks the full Sparkplug B are available in many programming
overall, making MQTT the kind of scalable potential of MQTT for end users, because languages through the Eclipse Paho and Tahu
infrastructure that plant engineers are looking for. direct support for MQTT in field devices and projects, and can be incorporated into PCB
MQTT is also inherently more secure than equipment produces the simplest integration firmware without royalties.
traditional protocols. With the MQTT broker as experience. For manufacturers that use a dedicated
the single node in charge of routing all traffic, gateway as a customer data interface,
data access rights for the entire network can be GET ON THE BANDWAGON there are also MQTT-enabled controllers
managed in one location. And because MQTT Fortunately for manufacturers, MQTT was and I/O gateway options available (Figure
connections are established by the device client, designed for use with resource-constrained 4). This approach can be used to combine
not the MQTT server, there is no need to create devices, and as such, has a simple specification communication functions with real-time control
firewall exceptions for inbound MQTT traffic, with a small in-memory footprint. Open source or visualization in one device, but it also has
even from outside the company network. With reference implementations of MQTT and the advantage of tailoring data processing
W H AT ’S I N I T F O R M E ?
There are also direct benefits to OEMs who
provide MQTT support. Just like your end users,
you might be interested in extracting useful
information from your installed equipment base
but likely face a similar set of complications.
Typically, monitoring remote equipment equipment or provide equipment with live data
Author Bio:
requires creating exceptions in local firewalls from external web services. In one case, for
Josh Eastburn, Director of
to permit outside connections through to the example, wind farm operators can use the spot
Technical Marketing
equipment. This can raise security concerns price of electricity to automatically adjust the
with end user IT groups. However, because output level of individual turbines.
After 12 years as an automation
MQTT connections are always device-
engineer working in the
originating, it’s possible to establish secure LEAD THE CHARGE semiconductor, petrochemical,
connections to the outside that are transparent End users struggle with specific pain points
food and beverage, and life
to your customers’ IT policies. around the scope of digital transformation
sciences industries, Josh
MQTT-enabled equipment can be and the obstacles inherent in the traditional
Eastburn works with the
pre-configured to establish a connection technology stack. Traditional communication
engineers at Opto 22 to
to a remote MQTT broker that you technologies will continue to be in demand for
understand the needs of
control, allowing you to securely monitor some time, of course, but by pairing MQTT
tomorrow’s customers. He
equipment usage for billing, regulatory, or with your existing offerings, you give your
is a contributing writer at
troubleshooting purposes. This monitoring customers a way to evolve. As the industry
blog.opto22.com.
can be performed without requiring continues to shift in response to the demand
modifications to your customers’ local security for more data, tools like MQTT give designers
measures and can be done in parallel to their the opportunity to position themselves at the
own data collection. If you opt for a metered front of that transformation.
cellular connection, instead of piggybacking References
on your customer’s network, you can reduce Opto 22, www.opto22.com
your own transmission costs thanks to MQTT’s
low bandwidth requirements. All figures courtesy of Opto 22
Other scenarios are possible as well, like
using a shared MQTT broker connection to
exchange data between multiple pieces of
STAFF R EPORT CO M M O N P O IN TS
Successfully implementing an Internet of Things solution requires The IIC offers the IIRA standard as an architecture framework
expertise in a number of areas. Not all companies have such template and methodology for users to identify architectural
expertise so collaboration with members of an IoT ecosystem concerns, concepts, and patterns. The IIRA standard consists of
is often necessary. Two organizations, the oneM2M and the several perspectives, many of which work well with the oneM2M
Industrial Internet Consortium (IIC), are collaborating to “drive standard:
global scale in standards development and avoid standards
balkanization,” notes a recent paper from the IIC. • The business viewpoint is not commonly found in IIoT
The IIC has been working to help accelerate the adoption of architectures, including oneM2M. IIoT designers who leverage the
the Industrial Internet of Things (IIoT). In 2018, the IIC joined with oneM2M common service layer may benefit from the analysis of
the OpenFog Consortium (OFC) to advance edge computing in business concerns as described in this viewpoint.
IoT applications.
• The IIRA functional viewpoint describes This service layer consists of a three-layer IIC’S IIR A
domain and crosscutting functions for IIoT architecture that consists of applications, a The IIRA helps users rapidly install
systems end-to-end. oneM2M defines common services layer (middleware), and interoperable IIoT systems. It identifies and
functions common across industrial verticals. networks. The interfaces between these layers highlights important architectural concerns,
It uses service abstraction within middle layer have a standard format to enable a secure concepts and patterns applicable within and
services to hide device layer complexity and means for connecting data producers and across industrial sectors that might interfere
bridge applications to devices. data consumers. In particular, Machine-to- with interoperability.
Machine (M2M) and IoT applications will likely The IIRA suits system implementers,
• A number of synergies between IIRA and need a common service layer such as this. where it functions as a starting point to
oneM2M show up in the implementation This layer’s functions include device shorten system development. It makes use of
viewpoint. Users can follow the IIRA management, registration and security. reusable, commercially available, or open-
architecture patterns and use oneM2M According to the IIC paper, the layer source system building blocks. Many industrial
common services to support those patterns. “horizontally joins the middle layers of several sectors can take advantage of IIRA, including
separate, heterogenous, vertical IoT solutions, manufacturing, transportation, energy,
• Functional components not covered by to share common capabilities and ensure re- agriculture, healthcare and others. IIRA helps
the common service layer can be part of the usability and economies of scale.” reduce the cost of design and operations by
application layer components in oneM2M A key aspect of this horizontal giving users a common language.
and developed for a specific IIoT system. architecture is enabling cross-silo This standard addresses communication
oneM2M common services can be shared interoperability. Thus, individual IoT solutions architecture concerns with vocabulary,
by different industrial verticals, enabling can share data and resources through structures, patterns and a methodology. It
interoperability across these verticals. common service layer functions. One result is adapts architectural concepts, constructs and
that developers can easily share data between approaches from the ISO/IEC/IEEE 42010-
From a system-usage analysis perspective, applications and reduce dependence on 2011 Systems and Software Engineering—
the IIRA usage viewpoint provides a way single-vendor products. Architecture Description standard. A goal
to analyze how the system is to be used to Both the oneM2M and IIC architectures is to clarify how such a framework can help
achieve its objectives. use similar technologies. They connect to create the reference architecture, and then
various communication systems such as the help create IIoT architectures.
O NEM2M web and RESTful services, Data Distribution According to the paper, architectural
oneM2M is a global standard defining a Service (DDS), OPC UA) and computational concerns are identified and classified into
common service layer with a set of services technologies, such as cloud computing, big four viewpoints per the ISO/IEC/IEEE 42010-
required by IoT systems regardless of data and machine learning. Thus, some of 2011 Systems and Software Engineering—
industry. These services help application the specifications’ elements map to each Architecture Description.
developers focus on building, deploying and other. But there are differences in focus and
commercializing their IoT applications. approach. Here’s a closer look.
The oneM2M organization
has 200 active members. One
of its goals was to develop
a common service layer with
the IoT. This layer sits between
applications, networks, and aids
functions that are needed across
different industry segments.
This common service layer
functions as a layer between an
application’s business logic and
the communications network. It
helps connect end-point devices
and sensors. It also makes it easier
for users of oneM2M specifications
to integrate, design and manage
stack technologies of multiple IoT
applications within a company or in
different industry verticals.
These viewpoints are: reuse for a second or third IoT application. The same logic applies to
• The business viewpoint identifies stakeholders and their business vision, other service enablers necessary for the deployment and management
value and objectives of an IIoT system. Business decision-makers, plant of IoT applications.
managers and IT managers can use this perspective to better understand oneM2M addresses this by using a horizontal model based
and drive IIoT system development for business goals. on a common services layer. This layer includes communications
management, device management and security functions. It makes
• The usage viewpoint describes how the IIoT system will deliver the devices and their data discoverable and accessible to more than
intended business objectives. a single parent application. One benefit of this approach is that it
doesn’t lock users with one vendor.
• The functional viewpoint focuses on the functional components and The common services layer is standard on oneM2M and includes
structure to support the intended uses. It defines the domains most specifications for end-device and gateway entities. Users can deploy
important to consider in an IIoT system and clarifies the relationship native oneM2M systems, which comprise oneM2M compliant
between them along with cross-cutting functions that must be end-devices communicating with one or more oneM2M platforms.
available across many of the system components. Users can also choose systems that include a mix of oneM2M and
proprietary devices. Such an approach may involve interworking proxy
• The implementation viewpoint determines the technologies needed gateways to manage non-oneM2M devices communicating with a
to implement functional components, their communication schemes oneM2M platform.
and their lifecycle procedures. Functionally, oneM2M defines fourteen common service functions
(CSFs). These relate to network connectivity, device security, transport
The IIRA defines system characteristics as system properties and protocols, content serialization, IoT device services and management
behaviors. It bases its definitions on an IIoT system’s constituent sub- and IoT semantic ontologies.
systems, their interactions, and the environment in which they operate. Developers can use each service to focus on application-specific
For example, one system characteristic might be trustworthiness, functions, such as turning a switch on or off. Abstraction techniques
which can include safety, security, privacy, reliability and resilience. can be used to mask the underlying technology specific details, and
Other system characteristics examine how the IIRA functional allow the use of different communications stacks and protocols such
domains work with other systems ranging from edge to cloud as IIoT as HTTP, CoAP and MQTT. For example, a switch might use a fixed or
architectures evolve. Wi-Fi network, a CoAP or HTTP transport. It might use a JSON or XML
Even though IIC and oneM2M take different approaches in serialization technique, an Open Connectivity Foundation (OCF) or
dealing with IoT and IIoT challenges, they share a common objective thread service, or an ontology based on Smart Appliances REFerence
of ensuring interoperability and reusability. The common goal is (SAREF) or W3C’s Thing Description.
to reduce the complexity and costs of designing, developing, and oneM2M offers security-related APIs to simplify security for
deploying IoT systems. devices and applications to secure IoT devices and prevent and
mitigate attacks. This standard is constantly evolving to address new
O NEM2M A RCHITE CTURE IoT requirements.
A common method of implementing IoT in applications is to use silos
in a vertical solution stack. However, this method does not always IIR A AN D O N E M 2 M — W O R K IN G TO G E TH E R
scale well or handle resource reuse well. The IIRA organizes an IIoT system into functional domains and
In an IoT application, if a device management function is crosscutting functions. The functional domains focus on major
implemented for a narrowly defined use, this could easily prevent its system functions that support generic IIoT usages and IIoT system
emerge, architectures will need new of multiple connectivity technologies. It will complement
and standard enablers that interlink and interwork various proximal industrial communication
multiple sub-systems to peers and to technologies (e.g. DDS, OPC-UA, WirelessHART, IWLAN)
central cloud systems. to the internet. This permits the use of established
Fundamental to successful standards from the fixed-network, mobile-network and
implementations is the selection of a internet sectors (left-hand side of illustration) to be
core connectivity standard to bridge applied in support of applications from the industrial
applications and devices in an IIoT sector, smart homes and eHealth, for example. It
system. The IICF identifies potential maximizes the re-use of established industry standards.
standards for core connectivity with In light of their respective organizational goals, the
detailed assessment templates to IIC and oneM2M will continue to foster the development
evaluate connectivity technologies. of IoT and IIoT markets. Following the joining of forces
These templates will help developers between the IIC and OFC, the IIC will expand its
choose a IIoT compatible core effort to clarify distributed computing at and near the
standard that fits the application. cyberphysical boundary of IIoT systems and continue to
A core connectivity standard provide an ecosystem for the advancement of the IIoT.
requires standard mappings (i.e.
bridges) to other core connectivity
standards as referred in the IICF.
The source for this information was
Core gateways are the means used to implement these
a paper from the Industrial Internet
standard mappings. This approach limits the number of
Consortium and oneM2M.
core connectivity standards, reducing complexity.
The gateway functions may be simple bridges
converting data and protocols between connectivity
core standards, or they may include more complex
edge computing functions. Edge processors can
perform analytics, data reduction, artificial intelligence,
machine learning, security processing, storage and
other functions. They convert between core connectivity
standards and process the data that passes through the
gateway functions.
The IICF recommends that system architects select
a framework-layer standard for core connectivity. A
framework-layer standard (e.g. DDS, OPC-UA, Web and
RESTful Services) provides the ability to exchange data.
It standardizes the format of the communicated data
and provides more data handling and communication
management capabilities over lower-level transport-
layer standards (e.g. MQTT, CoAP, HTTP). The IICF
provides detailed assessments of several framework-
and transport-layer standards to help system architects
choose the best connectivity technology for their needs.
The IICF addresses syntactic interoperability, but
not the data or information model standards needed
to address what the data means, or its context; for
example, is a data reading about temperature or
pressure? The IIC is working on information model
guidance for future publication. oneM2M, however,
addresses the need for standard information models
and bridging or translating between different framework
layer standards.
The goal of the standardization roadmap for
oneM2M is to provide a protocol abstraction layer on top
@DESIGN
2014 Winner 2011 - 2019