VIETNAM NATIONAL UNIVERSITY, HO CHI MINH CITY

UNIVERSITY OF TECHNOLOGY
FACULTY OF COMPUTER SCIENCE AND ENGINEERING

COMPUTER NETWORK PROJECT (CO3119)

Project

"Research and build an Internet

of Things (IoT) infrastructure
architecture framework
for Ho Chi Minh City"
CLASS: CC01

Lecturer: Nguyễn Lê Duy Lai

Students: Dương Xuân Anh Tú - 1852845

Phan Thế Minh - 1852580
Nguyễn Quốc Anh - 1852238

HO CHI MINH CITY, December 2023

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

Contents
1 Task 1: Research the IoT infrastructure architecture framework in the world. 3
1.1 The simplified form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 The meaning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 The alternative form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Task 2: Evaluation of IoT applications in Ho Chi Minh City. 6

2.1 Smart Traffic Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Thu Thiem New Urban Area Smart Lighting . . . . . . . . . . . . . . . . . . . . 7
2.3 Environment Monitoring in Saigon Hi-tech Park . . . . . . . . . . . . . . . . . . 8
2.4 Others projects to come . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3 Task 3: Research and propose an IoT infrastructure architecture framework

for Ho Chi Minh City. 10
3.1 Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 The proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

4 Task 4: Research and propose standards for security and privacy for IoT ap-
plications. 13
4.1 Existing standard: "European EN 303 645" . . . . . . . . . . . . . . . . . . . . . 13
4.2 Proposal standard, plus other aspects concerning the "Safe Railway Framework" 14

5 Task 5: Research and propose Camera transmission infrastructure architecture

for the city. 15
5.1 Basic camera data transmission infrastructure . . . . . . . . . . . . . . . . . . . . 15
5.2 The proposal: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

6 Task 6: Research and propose infrastructure architecture for transmitting sen-

sor devices for the city. 16

7 Task 7: Evaluate IoT infrastructure architecture through specific applications. 17

7.1 The application: Vilight Smart Lightning . . . . . . . . . . . . . . . . . . . . . . 17

Computer Network Project - Academic year 2023 - 2024 Page 1/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

Member list and contributions

No. Fullname Student ID Workload Contribution
- Task 1
- Task 2
1 Dương Xuân Anh Tú 1852845 33%
- Task 4
- Task 4
2 Phan Thế Minh 1852580 - Task 5 33%
- Task 6
- Task 3
- Task 7
3 Nguyễn Quốc Anh 1852238 33%

Computer Network Project - Academic year 2023 - 2024 Page 2/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

1 Task 1: Research the IoT infrastructure architecture frame-

work in the world.
The Fourth Industrial Revolution 4.0 is vividly happening around the world. Since the backbone
of the revolution is "Technology", we can’t have a common standard across the globe: the level
of technology varies from continent to continent and is usually drastically different on a smaller
scale: region to region. For example, Europe and North America generally possess higher tech-
nology, whereas Africa is often considered at the bottom of advancement. On the other hand,
to unify/simplify the method and implementation of the IoT system, a set rule or structure
is desired, in order to streamline the industry, and further down the line, ease the process of
technology transfer.

1.1 The simplified form

Hình 1: IoT Reference Architecture

The architecture of the Internet of Things (IoT) can be depicted as a stratified composition
comprising of the subsequent strata: device, network, session, application, business, manage-
ment, and security. While the actual implementation for specific projects may vary, this is the
backbone/template of an IoT architecture.

1.2 The meaning

The device layer includes "external" or "collecting" devices such as sensors, cameras, and sound
recorders, ... This layer serves the purpose of collecting the data in the system’s environment,
and then passing it to the other layer for further processing. Traditionally the layer does nothing
but gather information, however, more recent systems also include processing capability to the
Device layer, to lighten the workload of other layers. For example: a camera that collects images
of certain types of bird can be "trained" (via implementing AI) to only collect the correct type
of bird and leave out the others, rather than automatically capture any kind of bird, which leads
to a necessary sorting phase further down the workflow.
The collected data is subsequently transferred to the network layer, which supplies networking
connectivity and transport capabilities, permitting the secure transmission of data to the session

Computer Network Project - Academic year 2023 - 2024 Page 3/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

layer. Basically, it plays the role of a transport "hub" to allocate data.

The session layer is accountable for managing services, including establishing and terminating
connections between IoT connection points. The chosen protocol is usually either UDP or TCP.
The application layer administers the IoT system by utilizing data from the session layer and
encompasses IoT services such as smart farming, smart cities, and smart homes.
The business layer defines business logic and workflows, manages all IoT systems, services,
and applications within the domain, and analyzes data from the application layer to construct
necessary business models and strategies. In this case, the business layer is split into 2 separate
layers, and in this case, describes the Management aspect of the business layer.
Last but absolutely not least, the security layer provides security functionality, while the
management layer supports capabilities like device management, local network topology man-
agement, and traffic and congestion management. Many people tend to overlook the security
aspect of IoT (and/or any other project involving data collecting). More often than not, the
security of a system is a second thought and not strictly tied to the project development cycle.
Therefore, this might (or have been) lead to unfortunate incidents where the collected informa-
tion can cause harm not only to the users but to society as a whole. In the latter half of 2023,
there was a major leak of security footage inside a large number of households, which directly
violated the privacy of the users.

1.3 The alternative form

The framework can also be represented as follows.

Hình 2: IoT Modern Framework Architecture

The essential layers, roles, and functionalities are reorganized to further emphasize the secu-
rity aspect of the overall system. On the other hand, it redefines layers to include cutting-edge
technology (AI, machine learning, robust collecting devices with processing capability, and more).
In other words, this can be interpreted as a modernized representation of an IoT Architecture.
The applications and analytics element is responsible for the processing and presentation of
data obtained through the Internet of Things (IoT). This component encompasses various tools

Computer Network Project - Academic year 2023 - 2024 Page 4/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

such as analytics, artificial intelligence (AI), machine learning, and visualization capabilities.
Integration component. This is the component that ensures that the applications, tools, se-
curity and infrastructure integrate effectively with existing companywide ERP and other man-
agement systems.
The security and management aspect is an essential component of the Internet of Things. To
ensure the security of the entire system, it is imperative to safeguard the physical components
using firmware and embedded security providers. These providers include both traditional secu-
rity providers with the capability to support the Internet of Things and specialized IoT security
providers.
The infrastructure component includes various physical elements, specifically intelligent sen-
sors for data collection and actuators for regulating the surrounding conditions. Furthermore, it
includes the network that accommodates these sensors and actuators, commonly but not exclu-
sively manifested as a wireless network such as Wi-Fi, Bluetooth, 4G, or 5G. Other emerging
wireless alternatives include Long Range WAN and low-power WAN.

Computer Network Project - Academic year 2023 - 2024 Page 5/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

2 Task 2: Evaluation of IoT applications in Ho Chi Minh

City.
Ho Chi Minh City (HCMC) is one of, if not the leading city of Vietnam in multiple categories:
industry, tourism, ... In conjunction with the rapid development, HCMC seeks the most modern
solutions for further improvement in the prosperity of the city and the locals. One of the solutions
is to implement IoT solutions to solve the trivial civil crises.
Many projects are funded, either by the government or by the private sector. Consequently,
there should be numerous IoT projects located all over the city to aid the local management
and increase the living standard. However, due to media coverage and the overall disinterest in
the science and technology research paper, the detailed reports/presentations are often locked
out from the public. Not that they are hidden, but the general demand for such items is so
limited that it is not readily available for everyone at any time. Therefore, we can only find
some notable projects that are reported on the media, or listed on the private company finished
projects showcase. Some of those are the Smart Traffic Signals with IoT Datalogger (CESTI
and VNU-HCM), Thu Thiem New Urban Area Smart Lighting, and Environment Monitoring in
Saigon Hi-tech Park.

2.1 Smart Traffic Signals

Hình 3: Smart Traffic Signal with PLC-IoT Datalogger

The Ho Chi Minh City National University (HCM VNU) Office’s research team has success-
fully implemented a project entitled "Research and Manufacture of IoT DataLogger for smart
traffic light systems." The project aims to build a smart traffic management solution by reno-
vating the existing traffic infrastructure. The team has demonstrated proficiency in microchip
technology and PLC-IoT devices. The manufactured Datalogger can be seamlessly integrated
into homegrown smart traffic processing and operating systems, as well as foreign existing coun-
terparts.
The PLC-IoT Datalogger, as a comprehensive set, is designed to integrate with the current
traffic lights. It serves as a terminal device that provides parameters to the intelligent traffic
management system. This system effectively processes and automatically adjusts the light signal
time based on prevailing conditions. The coordination of remote traffic controllers is facilitated

Computer Network Project - Academic year 2023 - 2024 Page 6/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

through a WIFI network. This solution offers the advantage of utilizing and upgrading traffic
light poles that employ outdated technology. Consequently, it establishes a foundation for the
development and enhancement of Ho Chi Minh City’s traffic systems from two perspectives:
providing information to traffic participants and enabling efficient management.
Essentially, the project was successfully deployed and tested at the HCM University Campus
in Di An, Binh Duong, and was further adopted by the Municipal Administration office in Ho
Chi Minh City for more research and implementation in 2020.

2.2 Thu Thiem New Urban Area Smart Lighting

Not only is the government interested in the IoT development of HCMC, but the private sector
has several major companies/cooperations that want to be involved in the process. One of which
is Vilight Co. Ltd and its Smart Lightning project in Thu Thiem New Urban Area. The system
comes up with a product that takes the form of an electric box that resides along the roads.
Main goal:
• Operate the whole lightning system at one "central center". This will centralize the process
of management and enhance the security feature of the whole project.
• Monitor the entire system in real-time, quickly detect and react to any incident.

• There will be digitally stored data reports of the lighting operation to provide insights and
improvement.
• Automatically adjust/control the light system for convenience and reduce electricity usage.

Hình 4: Vilight Smart Lightning system takes the form of an electricity box

Computer Network Project - Academic year 2023 - 2024 Page 7/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

The project was successfully adopted, deployed, and transferred to the HCMC Department of
Transportation for future implementation throughout the HCMC area. On the other hand, the
cooperation products often prove their effectiveness and have been trusted by multiple regions
in Vietnam to install tailored versions of the system.

2.3 Environment Monitoring in Saigon Hi-tech Park

In order to solve the problem of collecting environmental data locally inside Saigon Hi-tech Park
without heavily relying on the Telecom infrastructure, in 2020, the research team of SHTPLABS
introduced multiple devices called "IoT Node" and "IoT Gateway".

Hình 5: IoT Note device and the security extension

The system consists of an IoT Gateway device, an IoT Node device responsible for monitoring
the air statistics, and a suite of transmission security encryption hardware, as well as software
deployed on the cloud server. Additionally, it includes application software for air quality mon-
itoring and traffic serving, as well as the ability to store and process data collected from IoT
devices. The IoT Gateway devices offer support for real-time applications and enable protocols
for remote control and access, thereby facilitating direct communication between applications
running on the Gateway and the cloud server (Cloud Server). Furthermore, the IoT Node device
used for air environment monitoring employs various sensors to track a wide range of indicators
such as SO2, NO2, PM2.5, PM10, temperature, and humidity.
The devices are autonomously operated by software executing on a cloud server platform,
designed to automatically refresh data about images, and indices for monitoring air quality, as
well as incorporate notification capabilities to indicate status. This aids in evaluating pollution
and the environment within the designated region. The software incorporates various modules
that facilitate the management of network-connected devices, including but not limited to Gate-
ways responsible for security management, user administration, the establishment of routes and
connections, as well as the registration of new devices...
In the end, the research produced 5 IoT Gateway sets and 10 IoT Node sets plus 6 hardware
encryption devices. Most if not all of these were approved by the authority. On a side note,
the research also proposed an encryption protocol, which was patented. The system proved to
be highly effective, especially during the COVID period, significantly aiding the Saigon Hi-tech
Park in monitoring the whole area environment.

Computer Network Project - Academic year 2023 - 2024 Page 8/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

2.4 Others projects to come

With the urge for modernization and civic development, HCMC eagerly adopts, funds, and
researches IoT solutions. Many of these have proven themselves, and there will be other prominent
projects to come. From the government side, or the private sector side, every party joined hands
to achieve the common goal: a modern and secured "smart city".

Computer Network Project - Academic year 2023 - 2024 Page 9/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

3 Task 3: Research and propose an IoT infrastructure ar-

chitecture framework for Ho Chi Minh City.
Tasks 3 to 6 will utilize one single "project proposal": Safe Railroad in Ho Chi Minh City and
her vicinity.

3.1 Context
In the year 2022, the Vietnam Railway Authority (VNRA) reported 213 railroad accidents, and
166 was the number of casualties. At a glance, the number is not significant, however, this only
counts traffic accidents which usually happen between the railroad and other transportation. I.e.
the pedestrian doesn’t follow the traffic signal and then proceeds to get struck by the incoming
train. However, whenever there is an accident, the train (and the surrounding traffic) often be
halted for further investigation. This would cause hours, sometimes even half a day in order to
continue the traffic. At the same time, nearly every train on the entire line got halted, thus
delaying not only the train that caused the accident but also cost others time delay. And in
business, any delay means the loss of (a high amount of) money. This doesn’t count other incidents
such as livestock/obstructions on the railway, the degradation of the line, and damaged tracks
due to natural causes, ... Every single incident, albeit small or major, involves human lives or
does not often cause disorder and time delay to either the local schedule or on the entire line
from North to South Vietnam. In order words, time losses, and further down the line, money
losses are prominent.

Hình 6: Railway activity at junction

The current train monitoring system does have multiple proposed projects, such as an au-
tomatic warning system, by-the-railroad visual surveillance, and a systematic train operation
management system, ... However, there still are the needs of humans to fully operate the whole
system. Staff are needed to stay on guard at each major checkpoint along the railroad, or there
are countless "survey teams" to routinely patrol their assigned area to find any abnormalities.

Computer Network Project - Academic year 2023 - 2024 Page 10/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

The proposal aims to mitigate the workforce needed to stay on guard/stay on patrol while pro-
viding the same, if not more precise surveillance of the entire railroad system, either at traffic
junctions or carefully observing any degradation of the system.

3.2 The proposal

Hình 7: Safe Railroad Framework

The core functionalities of the system are to provide real-time surveillance, and remote control
utilities (lights, barriers, ...). The surveillance system will be divided into 2 separate sections:
one for direct control (via a command center) and the other one for public service: via a tool
(web interface for example), the public gains access to the necessary data of the railway: trains’
locations, approximate time arrival, stations’ status, ... It also allows user to contribute to the
system: people can provide extra information about a situation for further insights.
The system is as follows:
• Core: This is the utter most important part of the system, which plays a role in finalizing
the collected data and is represented in 2 ways: an "internal" command center where direct
control can be made towards vital components of the system.
• Backbone: this serves as the link between the Edge and the Core. In summary: it is the
communicator within the system.
• Edge: numerous devices come in the form of imagery collectors to survey key areas; pressure
sensors to monitor the railway conditions at critical points on the system (i.e. Weak bridges,
potential landslide areas, ...); those devices and the like can be considered "Passive data
collectors"; there shall be drones or small robots that serve as movable surveillance actors
to provide rapid responding observation to any unplanned situation (accidents, railroad
system damages, ...); the last "edge" data collector comes in the form of an application,
where local people can report abnormalities to the system, thus trigger a system response

Computer Network Project - Academic year 2023 - 2024 Page 11/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

to counteract the incident (users report a major incident at location A, the system will
dispatch appropriate countermeasures to this location).

• Security: any surveillance system is a double-edged sword, the gathered information can
bring useful applications and also potentially attract dangerous exploitation. For example
in the current context: normally the "exact" or real-time location of certain trains can’t
be easily accessed. However, with a ready access system, anyone can have the pinpoint
location of any train in the system, thus opening numerous vulnerabilities such as robbing,
kidnapping, and terrorizing, ... Therefore, the system should be made secured at any point
of interaction, either "internally" (within the system communication, data transfer) or
"externally" (the data can be accessed from the outside world.

Computer Network Project - Academic year 2023 - 2024 Page 12/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

4 Task 4: Research and propose standards for security and

privacy for IoT applications.
Information is the key to the future. On the other hand, it also serves as the key for illegal
personnel to access your sensitive data. Therefore, security has been one of the most vital aspects
of any IoT system.

4.1 Existing standard: "European EN 303 645"

The primary objective of the EN 303 645 standard encompasses a set of thirteen exemplary mea-
sures that must be adhered to, wherein three fundamental principles hold paramount importance:
the absence of default passwords, the disclosure of vulnerabilities, and the regular updating of
software.

• No default passwords: Ideally, it is recommended that default passwords be obtained from

the device itself or introduced into the device. An intelligent approach would involve the
creation of a password through the utilization of a diversification algorithm that is intri-
cately tied to the device, employing an appropriate hashing method.

• Implement a vulnerability disclosure policy: in short, preferably no data disclosure.

• Keep software updated: when time moves on, there will be more and more potential vul-
nerabilities. Gradually updating the software helps prevent potential break-ins.
• Securely store credentials and security-sensitive data: specific data must be encrypted and
safely stored.
• Communicate securely: layers of anti-eavesdrop are needed to shield from the intruders.
• Minimize attack surfaces.
• Ensure software integrity.

• Protect personal data.

• Ensure systems resilience.
• Monitor system telemetry data: if collected, all telemetry such as usage and measurement
data from IoT devices and services should be monitored for security anomalies within it.

• Enable simple personal data deletion.

• Simple installation and maintenance of devices.
• Validate input data: This underlying doctrine asserts the importance of exercising caution
when relying on incoming data and emphasizes the need to consistently validate all in-
terconnections. It is imperative to ascertain, discern, and authenticate the various devices
that are linked to the network before establishing trust, while simultaneously safeguarding
their integrity to ensure the reliability of both solutions and services.

Computer Network Project - Academic year 2023 - 2024 Page 13/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

4.2 Proposal standard, plus other aspects concerning the "Safe Rail-
way Framework"
Existing standards, such as the one mentioned above, cover a wide range of applications and
implementations. This proposal extends one clause of the standard, in order to prevent an un-
expected angle of attack: internally.
Clause number 7 states: Ensure software integrity. This means the system must have a me-
chanic to ensure only authorized actions are allowed and detect and prevent illegal ones. However,
there is still one actor that plays the uttermost vital role in operating any system: the human.
Humans are not software, and should be mentioned in another category, such as human resource,
or operator training, ... But, we do believe that the software (development) should seriously
consider the following scenario: the operators themselves are the ones who sabotage the system
in any form: data leak, create backdoor, ...
History proved that whenever there is a centralized power (i.e. a top brass of an organization)
there can be misuse of power. One common way to combat this is to decentralize the power, and
for major actions: it need approval from multiple actors in order to proceed. Many organization
works well with this mechanic: the United Nation Security Council, nuclear missile launch control
needs multiple keys from different personnel to approve the launch, ...
Things to do: for every major action (delete the database, change vital passwords, add new
administrators, ...), the software must have a mechanic to gather the approval from appropriate
personnel to be done. Either by designing a specific role-based system, or outright preventing a
single person from holding too much power. On the other hand, the operator’s training should
also account for this matter, thus providing suitable knowledge and skills.
Specifically for the "Safe Railway Network": the command application that provides the
ability to dispatch responding countermeasures to any crises: it should limit the number of
"units" one operator can deploy at the same time. For example: hypothetically, users informed
that there was an accident at Bien Hoa. The operator (without any form of limiter) can dispatch
multiple if not all the drones available in the area to the accident site, thus exhausting the entire
(local) system and preventing any flexible response if there were another crisis in the same area.

Computer Network Project - Academic year 2023 - 2024 Page 14/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

5 Task 5: Research and propose Camera transmission in-

frastructure architecture for the city.
5.1 Basic camera data transmission infrastructure
The most basic form of camera transmission will be as follows:

Hình 8: Basic camera infrastructure

Traditionally, cameras are statically installed, therefore, one reliable way to have an entire
surveillance system is to have multiple cameras that are connected by wire into a "central"
storage system. From this storage, the demanded data shall be transferred to somewhere else,
like a display system to review the footage, or some processing unit to make analytics operations.
"Reliable" but not secured or immune to the weakness of centralized systems: if any major node
in a system (in this case let’s say the central hub) is disabled, the entire system will consequently
be disabled. Furthermore, basic systems often leave out the processing operations to specific
subsystems, say there will be a data processing subsystem. This eliminates the scalability of the
system: whenever there is too much input information or too many processing requests, the data
processing subsystem can be easily overrun and thus cause instability.

5.2 The proposal:

One easy improvement over the traditional infrastructure is to "decentralize" appropriate nodes
within the system. This way, if a node is disabled, it will cause fewer problems to the whole
system.
The

Computer Network Project - Academic year 2023 - 2024 Page 15/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

Hình 9: Proposed camera infrastructure

6 Task 6: Research and propose infrastructure architecture

for transmitting sensor devices for the city.

Computer Network Project - Academic year 2023 - 2024 Page 16/17

 University of Technology, Ho Chi Minh City
Faculty of Computer Science and Engineering

7 Task 7: Evaluate IoT infrastructure architecture through

specific applications.
7.1 The application: Vilight Smart Lightning

Hình 10: The overall lighting system

Vilight is a cooperation whic

Computer Network Project - Academic year 2023 - 2024 Page 17/17