OCF Secure IP Device Framework
The OCF Secure IP Device Framework is an infrastructure that enables secure IP communication for vertical defined applications.
The OCF Secure IP Device Framework enables device discovery, onboarding and application-layer security, for Device-to-Device and Device-to-Cloud IoT device connectivity. As an ISO/IEC adopted standard, this framework is internationally agreed upon by experts and is compliant with most of the known IoT security requirement baselines.
The Secure IP Device Framework utilizes the majority of the OCF standard used in the smart home, however, it strips away the data models, allowing it to be vertical-agnostic. The open source implementation is easily accessible and can be accessed on the OCF GitHub.
What are the benefits of the Secure IP Device Framework?
Because the OCF Secure IP Device Framework is vertical-agnostic, it allows for secure IP-based communication. You can carry the data that you require in the format that you require, making the framework ideal for applying to a variety of verticals with particular use cases.
With the open API implementation, IoTivity, developers can easily build their application, take existing bus protocol applications and map their data models on top of the device framework. This open API is compliant to the OCF standards and implementations can be verified using the OCF Certification Program.
Discovery and Security
The Secure IP Device Framework provides device discovery and security on the network, meaning it can interrogate a network, discover devices, discover the resources that those devices may have, and securely onboard them. For example, the Secure IP Device Framework can onboard a light bulb with an off facility, dimming facility and certain type of RGB capability, and control it using the most secure methods available for internet protocol (IP) connectivity.
Utilizing the onboarding tool, the Secure IP Device Framework enables devices to communicate with each other in the secure domain, and only devices onboarded in the secure domain are allowed to talk to each other. Defined Access Control Lists give granular control of who is allowed to interact with which part of the functionality on the device. The access control mechanisms are based per resource (URL) and Methods that are allowed on the resource. For example, a guest would be allowed to read the current temperature of the thermostat but not allowed to change the set point of the thermostat.
Compile Your Compliance
Using the Secure IP Device Framework ensures that your IoT products and solutions will be secure by design. OCF has done the legwork to map the OCF specifications to key industry and government IoT security baselines around the world. This means you can “compile your compliance” to IoT security baselines, as the OCF specifications have already met all or most of the security requirements in standards such as NIST 8529, CAC2 Conveners, ENISA IoTSec, UK IoT Requirements and ETSI IoT Baseline Requirements.
To learn more about OCF security, visit our security webpage.
Communication Mechanisms Covered by the Secure IP Device Framework
The three device connectivity methods the Secure IP Device Framework supports are:
- Device-to-Device communication
- Device-to-Cloud communication
- Cloud-to-Cloud communication (OCF Universal Cloud Interface)
Through Device-to-Device connectivity, the Secure IP Device framework enables secure communication between OCF devices across a protocol network such as Wi-Fi, Ethernet or Thread. This method also allows for bridges and proxies so you can connect an OCF device via a bridge to a non-IP-based protocol such as Zigbee or Bluetooth, or even via a proxy to a non-OCF transport such as MQTT.
With Device-to-Cloud communication, you can connect through a cloud between two OCF devices, which allows you to control a device in a different building or even in a different part of the world.
Finally, the Secure IP Device Framework enables Cloud-to-Cloud communication using the OCF Universal Cloud Interface (UCI), which standardizes connectivity between different manufacturers’ cloud servers. This helps facilitate cloud partnerships for manufacturers, reduces the need for manufacturers to develop custom APIs and improves the end-user experience.
OCF Secure IP Device Framework on the (Embedded) device
The Secure IP Device Framework has:
- A small footprint of code, for embedded devices and RTOS's
- Small payloads, e.g. communication packages
- Best in class security (including PKI), by using the latest technologies
- A base of widely accepted internet technologies, based on IETF RFCs
- A minimal required set of features
- A huge set of optional features that are already available for a vendor to use
- A design that allows vendors to concentrate on device function, not on the communication and security aspects
- An ISO/IEC content format, hence it is upgradable
- Payloads that can be defined using any (existing) content type:
- For example: CBOR, JSON, XML
- CoAP, allowing the same communication paradigms as used on top of HTTP, but then with smaller communication packages
- The OCF Secure IP Framework architecture is RESTful, but the application is not limited to that paradigm
OCF Specifications included in the OCF Secure IP Device Framework
The following OCF specifications are agnostic of the function of the device (e.g. vertical-agnostic). The Secure IP Device Framework includes all of the following:
- Secure IP Device Framework
- Core Optional Framework (optional, depends on deployment scenario)
- Easy Setup (optional, depends on deployment scenario)
- Bridging (optional, the architecture only, depends on deployment scenario)
- Onboarding Tool
- Device to Cloud Services (optional, depending on deployment scenario)
- Cloud Security (optional, of course required when doing cloud)
- OCF Cloud API for Cloud Services (optional, depending on deployment scenario)