Written by Ian Lindsay, Principal Software Engineer, IOT

Neudev and LostPuppy

There are a number of deep and complex challenges associated with Internet of Things technology. When we try to connect tiny computers together, issues of protocol, hardware, and security all converge in the most unyielding manners imaginable.

Today, we're releasing Neudev and LostPuppy, services to connect and test different OCF/OIC devices. These programs are concerned with OCF discovery and secure onboarding and comply with OCF Specifications.

Overview

Neudev is a tool that forms the first point-of-contact with OCF/OIC IoT devices. It is the client. It is a front-end service for hubs and gateways,abstracting the nuances of transport and security away from the hub application. It is also usable as a stand-alone tool for prying open local OIC networks.

LostPuppy is a simple template of a secure, OIC device. It is the server, and is meant to be a test "device" to tinker with different OIC security arrangements.

More detail surrounding installation and usage can be found in the package README and the HOWTO.

Both programs are written in C++ and are built on top of ManuvrOS, an iotivity-constrained application framework. An iotivity-constrained framework is important for OIC implementation because of its minimal platform assumptions and efficient memory footprint. Since it leaves application structure largely in the hands of the firmware author, ManuvrOS was chosen as the firmware application framework.

Neither of those choices are binding. Both programs should be interoperable with other OCF/OIC implementations to the extent that such interoperation is supported by the OIC packages in use. Interoperability is still a hotbed of bugs and ambiguity, although the situation improves monthly. Your mileage may vary.


Why Discovery is Non-Trivial

Even if we are only concerned with IP discovery, the assumption won't save us from addressing variabilities such as...

  • Some devices run a WiFi access point and expect to be discovered by SSID.
  • Other devices will only respond to IP multicast after the user gives them existing connection details out-of-band.

OIC gives some recommendations on these points, but brownfield will always be with us, and there will always be "that device" with quirks that must be accommodated.

When we consider discovery over non-IP transports, the permutations become mind-numbing.

Neudev is an early strategy for encapsulating those permutations in a system service that conducts application-level interchange in a yet-to-be-defined canonical message format. Thus, it forms the low-level bridge with packages like Open ZWave, Telehash, Bluetooth, and the growing list of 802.15.4 protocols.

Security further compounds the problem. Some devices introduce their security alongside discovery. Those OCF workflows require Neudev to relay key material or ownership impartation at the time of discovery. Therefore, Neudev must have the ability to use the security protocols and cryptographic algorithms specified by the device.

Neudev Simplifies Discovery and Onboarding

If the strategy succeeds, the gateway application will configure a running Neudev service with whatever credentials and keys are needed and wait. From that point, Neudev sends discovery and onboarding messages back to the application without bothering the application with the specific constraints and mechanisms of how discovery and onboarding were accomplished.

As things stand today, once a new IoT device has been discovered (and optionally onboarded), further interaction with the device will be the application's purview. Neudev's scope may be expanded in the future to broker all communication between the gateway application and certain classes of devices.

LostPuppy Simulates Devices to Demonstrate OIC Workflows

Lostpuppy was meant to be a demonstration of the OIC "just-works" onboarding workflow and is not intended to be anything more substantial than a test-case. However, the included Makefile has recipes for a docker container that simulates a fleet of devices, as well as a Raspberry Pi target for running the program on actual hardware.

More puppies will be added to the Makefile as support is extended to other OIC onboarding workflows.