Design World-Internet of Things Handbook 2017-P2P PDF

April 2017 How Mr.
Robot hacked the IoT Page 6 Modulating 5G Page 12
Internet
of Things
HANDBOOK
IoT Cover Final .indd 1 4/17/17 9:43 AM

170301_FUEL_EEW_US.indd
digikey -- IoT handbook 4.17 2.indd
1 1 3/1/17 11:44
4/13/17 1:09 PM
AM
Connect to a KEB controller, or any other PLC. Were flexible.
KEBs C6 Router has been designed for use where wireless Learn more on our YouTube channel
youtube.com/KEBAmericaInc
communication and advanced networking tools are necessary
for operation. We also made it hardware independent so it can or on our blog
work with your existing system - no restrictions. kebblog.com/industrial-router
5100 Valley Industrial Blvd. S Shakopee, MN | 952.224.1400 | sales@kebamerica.com
KEB -- IoT handbook 4.17 .indd 1 4/13/17 1:10 PM

INTERNET OF THINGS
Will connected homes catch on?

Reality doesnt match the
marketing.
H A N D B O O K
Many of the applications envisioned as part

of the internet of things revolve around
connecting everyday home appliances to the cloud. As
more of this kind of connected gadgetry has come onto
the market, we are getting a better idea of what an IoT-
LEE TESCHLER
connected home looks like. Indications are the reality EXECUTIVE EDITOR
doesnt match up with the marketing.
According to surveys and focus groups conducted
by the research firm PriceWaterhouseCoopers (PWC),
much of the motivation for installing connected devices
is to get a home security system. The idea of smart
thermostats and other home automation gear only
resonates with consumers as a means of saving money
on utility bills. The convenience aspect of such devices
sounds appealing, but few consumers are willing to
pay anything extra for more convenience, according
to PWCs data. That may be one reason why only
about 26% of all internet users in the U.S. currently own a smart
home device. Moreover, recent market projections anticipate the Echoes in use. That would mean about
use of smart home devices slowly creeping up rather than growing 6.5% of all U.S. households have one.
exponentially, as optimists once believed. Research shows that the most popular
It is easy to understand the reasons behind the slow growth: use for voice controllers today is to
Working with smart home devices is a hassle. At our offices here, change TV channels. Time will tell
we have done teardowns of smart home devices such as smart LED whether other uses will catch on.
bulbs. Our experience with them is that the commissioning process It is interesting to note, however,
is not one most consumers would put up with. that surveys of households already
For example, consider whats required to get the third- using voice controllers find that people
generation Nest Thermostat going. Because of well-chronicled dont really worry about the privacy
security problems, Nest added two-factor authentication to its smart concerns. Cynics might say most
phone app. Now, Nest thermostat users must open the app, go to conversations in their homes are boring
an account security setting, activate two-step verification, then sign anyway, so no one cares if an Amazon
in, enter a password, get a text with the verification code, tap in the Echo overhears them.
code, and finally get into the app. To make matters slightly more But we suspect there might be
complicated, everyone in a household can have their own separate a reason for the popularity of voice
Nest account and, of course, must be separately authenticated. All controllers that surveys dont catch:
this just to set the temperature for your home. Home owners accustomed to having
Perhaps the complicated nature of smart home apps explains their kids and their spouse ignore what
the attraction some people have toward voice control telling an they say might see a voice control unit
Amazon Echo to turn the heat up sounds a lot simpler than punching as a godsend. With a voice controller,
in arduous key sequences on a smart phone. Consumer Intelligence finally there is something in the house
Research Partners estimates that there are now 8.2 million Amazon that listens to them.
2 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com
Commentary EE IoT 04.17 V1.indd 2 4/13/17 2:50 PM

Without us...
He wouldnt be
going...
and going...
and going...
MPD -- IoT handbook 4.17 .indd 3 4/13/17 1:11 PM

inside
Cover photo courtesy of iStock.
THE
INTERNET OF THINGS
HANDBOOK
39 28
35
02 Will connected homes catch on? Reality doesn't 28 Bet ter development systems for IoT apps
match the marketing. It can be tough for engineers to plan IoT systems
around services based in the cloud. New generations of
06 How Mr. Robot hacked the IoT development systems simplify the task.
The popular TV drama Mr. Robot once portrayed a
penetration of a building automation system. Security 32 Building security into IoT/IIoT end devices
experts say the same exploit could have happened in real Tools, operating systems, platforms, and services help
life. open new doors for developers building security into
their connected, modern-day IoT infrastructure.
12 Modulating 5G
The IoT will make heavy use of fifth-generation mobile 35 Thwarting hackers on the IoT
networks that use a yet-to-be-determined modulation A few best practices can drastically improve the security
scheme. Here are the major contenders. of IoT devices and help maximize the benefits they
provide.
16 Who is after big data?

The rush to gather data--the new currency--from every
39 Bat teries boost wireless
device connecting to the internet makes it a tempting connectivity to the IIoT
target to those who seek to monetize it before you do. Self-powered electronic devices that define the
What can and should you do to protect this new currency? Industrial Internet of Things (IIoT) have special needs
that can be addressed through the judicious selection
of battery chemistry.
19 What's new for implementing the IIoT
Developers continue to create tools that will help
designers install IoT functions into their designs. 44 The case for multiprotocol, multiband
connectivity in the IoT
23 The new face of machinery Wireless protocols that are widely used in the IoT have
Thanks to interconnected devices, traditional human a lot of common attributes. Multiprotocol SoCs able to
machine interfaces may no longer be needed. run them all can simplify many kinds of wireless designs.
Contents & Staff IoT Handbook 4-17 V1.indd 4 4/14/17 2:32 PM

EDITORIAL DESIGN & PRODUCTION Digital Media Manager Marketing Coordinator
SERVICES Patrick Curran Lexi Korsok
Editorial Director pcurran@wtwhmedia.com lkorsok@wtwhmedia.com
Paul J. Heney VP Creative Services @wtwhseopatrick @wtwh_Lexi
pheney@wtwhmedia.com Mark Rook
@dw_Editor mrook@wtwhmedia.com Senior Web Developer Digital Marketing Specialist
@wtwh_graphics Patrick Amigo Josh Breuler
Managing Editor pamigo@wtwhmedia.com jbreuler@wtwhmedia.com
Leslie Langnau Art Director @amigo_patrick @wtwh_Joshb
llangnau@wtwhmedia.com Matthew Claney
@dw_3Dprinting mclaney@wtwhmedia.com Web Production Associate Marketing Associate
@wtwh_designer Skylar Aubuchon Aly Ryan
Executive Editor saubuchon@wtwhmedia.com aryan@wtwhmedia.com
Leland Teschler Graphic Designer @skylar_aubuchon @wtwh_Aly
lteschler@wtwhmedia.com Allison Washko
@dw_LeeTeschler awashko@wtwhmedia.com Web Production & Reporting
Associate VIDEO SERVICES
Senior Editor Jennifer Calhoon
Miles Budimir Traffic Manager jcalhoon@wtwhmedia.com Videographer Manager
mbudimir@wtwhmedia.com Mary Heideloff @wtwh_Jennifer John Hansel
@dw_Motion mheideloff@wtwhmedia.com jhansel@wtwhmedia.com
@wtwh_Jhansel
Senior Editor Production Associate Digital Marketing Director
Mary Gannon Tracy Powers Virginia Goulding Videographer
mgannon@wtwhmedia.com tpowers@wtwhmedia.com vgoulding@wtwhmedia.com Bradley Voyten
@dw_MaryGannon @wtwh_virginia bvoyten@wtwhmedia.com
Director, Audience @bv10wtwh
Senior Editor Development Manager Webinars
Lisa Eitel Bruce Sprague Stacy Combest Videographer
leitel@wtwhmedia.com bsprague@wtwhmedia.com scombest@wtwhmedia.com Derek Little
@dw_LisaEitel @wtwh_Stacy dlittle@wtwhmedia.com
DIGITAL MEDIA/MARKETING
Associate Editor
Mike Santora Marketing Manager, Social FINANCE
Web Development Manager
msantora@wtwhmedia.com Media & Events
B. David Miyares
@dw_MikeSantora Jen Kolasky Controller
dmiyares@wtwhmedia.com
jkolasky@wtwhmedia.com Brian Korsberg
@wtwh_WebDave
@wtwh_Jen bkorsberg@wtwhmedia.com
Accounts Receivable Specialist

Jamila Milton
jmilton@wtwhmedia.com
WTWH Media, LLC
6555 Carnegie Ave., Suite 300
Cleveland, OH 44103
Ph: 888.543.2447
FAX: 888.543.2447
DESIGN WORLD does not pass judgment on subjects of controversy nor enter into dispute with or between any individuals or organizations. DESIGN WORLD is also an
independent forum for the expression of opinions relevant to industry issues. Letters to the editor and by-lined articles express the views of the author and not necessarily of
the publisher or the publication. Every effort is made to provide accurate information; however, publisher assumes no responsibility for accuracy of submitted advertising and
editorial information.
2014 Winner
Non-commissioned articles and news releases cannot be acknowledged. Unsolicited materials cannot be returned nor will this organization assume responsibility for their care.
DESIGN WORLD does not endorse any products, programs or services of advertisers or editorial contributors. Copyright 2017 by WTWH Media, LLC. No part of this publication
may be reproduced in any form or by any means, electronic or mechanical, or by recording, or by any information storage or retrieval system, without written permission from
the publisher.
Subscription Rates: Free and controlled circulation to qualified subscribers. Non-qualified persons may subscribe at the following rates: U.S. and possessions: 1 year: $125; 2
years: $200; 3 years: $275; Canadian and foreign, 1 year: $195; only US funds are accepted. Single copies $15 each. Subscriptions are prepaid, and check or money orders only.
Subscriber Services: To order a subscription or change your address, please email: designworld@halldata.com, or 2011 - 2016
visit our web site at www.designworldonline.com
POSTMASTER: Send address changes to: Design World, 6555 Carnegie Ave., Suite 300, Cleveland, OH 44103
eeworldonline.com|designworldonline.com 4 2017 DESIGN WORLD EE Network 5
Contents & Staff IoT Handbook 4-17 V1.indd 5 4/14/17 1:37 PM

INTERNET OF THINGS
How Mr. Robot

hacked the IoT LEE TESCHLER
EXECUTIVE EDITOR
H A N D B O O K
The popular TV drama

Mr. Robot once In 2015, TV viewers who tuned into episode five (having the
catchy title eps1.4_3xpl0its.wmv) of a series called Mr. Robot
watched the main character try to destroy magnetic tape data
portrayed a penetration backups held at a facility that was portrayed as both well-fortified and
of a building automation remote. The plan was to slowly raise the temperature of the storage
system. Security experts room to point where the tapes would be compromised. The means
say the same exploit of raising the temperature was to connect an ordinary Raspberry Pi
computer board into the climate control system. The Pi would simply
could have happened in override climate commands from the building automation controller.
real life. In Mr. Robot, this scheme actually worked as planned. To the
average viewer, the whole building-penetration scenario probably
seemed pretty simple perhaps too simple. Of course, script writers
have a reputation for playing fast and loose with facts in the interest
of a compelling story. Technology-literate viewers might wonder
whether the events of episode five could really unfold in real life the
way writer David Iserson envisioned.
We wondered the same thing. So we contacted two cybersecurity
experts with experience in building automation systems. Michael
Chipley is the president of The PMC Group LLC, a firm which
helps companies make their building control systems cyber-
secure. Billy Rios is the founder of WhiteScope, a security
consulting firm with experience in IoT and embedded
device security assessments. Among other things, they run
penetration tests and size up facilities for security issues.
We asked both Chipley and Rios about the events
depicted in episode five.
The thermostat being hacked on Mr.

Robot.
In season two, the FBI discovers the

hacked thermostat. Eagle-eyed Mr.
Robot fans noticed that the Raspberry Pi
pulled from the wall was a model not-yet
available when the hacking episode
aired, and that it was attached to the
back of the thermostat. When originally
installing it, Elliot had simply shoved
it through the hole for the thermostat
without attaching it to anything.
Images courtesy of USA Network.
Mr Robot EE IoT 04.17 V2.indd 6 4/14/17 2:33 PM

I N T E R C O N N E C T C O m P O N E N T S & h a R d wa R E
Battery Clips, Contacts & Holders Fuse Clips & Holders Terminals and Test Points
Spacers & Standoffs Plugs & Jacks Multi-Purpose Hardware
Its whats on the InsIde that counts

E L E C T R O N I C S C O R P.
www.keyelco.com (718) 956-8900 (800) 221-5510
EE-IT-THiNK
keystone -- IoT
Corp_4-17.indd
handbook 4.17 1
.indd 7 3/9/17 10:46
4/13/17 1:11 PM
AM
INTERNET OF THINGS
What a t hermost at looks l ike o n a BACnet
INSIDE THE WALL

One of the scenes depicts how the Pi
was introduced into the climate control
network. It involves the main character,
Elliot Alderson, removing a thermostat
to reveal a large hole in the wall behind
it. Elliot splices the Pi into the network
lines coming into the thermostat, pushes
the Pi through the hole in the wall, and
re-mounts the thermostat.
H A N D B O O K
Perhaps the most basic question BACnet objects have a set of properties used to exchange
information with other objects. This example of a thermostat
about this scenario is whether or not shows a few properties which might be available, although
youll typically find a hole behind a wall thermostat big in practice there would be many more.
enough to push a Pi through. After all, removing the
thermostat in your home will typically reveal only a small
hole big enough for a couple wires. No chance there for a The bigger question is whether a Pi added
Mr. Robot-style Pi hack. to a climate control network could legitimately
But the situation can be different in commercial cause the kind of destructive overheating depicted
buildings, according to the security experts. The holes in Mr. Robot. The answer to the question lies in
behind these devices can be quite large, says Billy Rios. I the make-up of industrial building automation
don't think inserting a Raspberry Pi behind one them would protocols typically used for buildings.
be difficult. It's certainly not something I would worry Major HVAC vendors such as Honeywell and
about if I were doing something similar. Johnson Controls have their own proprietary
Nevertheless, interviews given by Mr. Robot staff network protocols, and there are also standard
indicate that getting the Pi into the wall had its challenges, protocols for building automation systems. Expert
though it was only done for TV. Speaking to Rolling Stone familiar with these protocols say they all lack
magazine, Mr. Robot chief technical adviser Kor Adana said security features that would recognize and isolate
on ordinary Pi was too big to fit through the thermostat bogus devices.
hole and had to be modified. He explained that a network To cite a specific example, consider BACnet,
cable had to be soldered directly to the board after the for Building Automation and Control network. It is
removal of a wireless network port. (Of course, the an ASHRAE, ANSI, ISO 16484-5 standard. Some
version of the Pi available in 2015 when the show aired 842 HVAC vendors now use it. So it is probably
didnt contain wireless capabilities. We surmise Adana was a good candidate for controlling E Corp.s Steel
referring to the RJ45 jack for an Ethernet connection.) Mountain tape back-up facility.
Typical BAC net system

MR. ROBOT
BacNET can be implemented via serial or

TCP/IP. We see both quite often. BacNET doesn't
usually provide for authentication or integrity
validation, so once you get access to the BacNET,
it's game over for the building. And there are
a variety of ways to get access to a building's
BacNET. The scenario shown in Mr. Robot is totally
plausible, both in serial BacNET and via TCP, says
Rios.
The BACnet protocol defines a number of
services used to communicate between building
devices and also 59 object types that the services
act on. But only in 2016 did the BACnet committee
in charge of the protocols definition release an
addendum adding IT security concepts. As of this
writing it is still out for advisory public review.
So a Pi attached to BACnet network lines
would look like any other low-level node on the
network. Most control systems use a reference
This cursory search for BACnet systems on Shodan revealed
architecture where level five is your typical internet installations at Enteracloud Solutions, Watertown Public
outside connection, level four is engineering operator consoles and Schools, and AT&T Internet Services, among others.
traditional IT assets that communicate down to level three devices,
says Michael Chipley. The level-three devices then communicate
down to level-two devices. The Raspberry Pi is a level-two device.
But theres no authentication of the command line communication settings, it takes a snapshot of the connection and
between any of these devices. BACnet is peer-to-peer protocol so moves on.
it can have thousands of devices trusting each other on its network. As a quick review, ports are pieces of software
As long as the command thats issued is valid, the device will obey generally used by transport-layer protocols
it. The same problem exists on proprietary networks. for identifying specific processes or types of
network services. Specific port numbers are often
OUT ON THE NET used to identify specific services. Ports became
Once Elliot had done his dirty work with the Raspberry Pi, he was necessary after computers became capable of
able to access the Steel Mountain BACnet from an ordinary laptop executing multiple programs simultaneously and
with an internet connection. Once again, experts say this scenario connected via packet-switched networks. Back
uses existing technology thats widely available. when connections were strictly point-to-point and
The website used in the show to see the Steel Mountain computers ran just one program at a time, there
building automation network also exists in real life. Its called was no need for the concept of a port.
Shodan (www.shodan.io) and is a search engine that lets users A port is always associated with an IP
find not just HVAC systems but also routers, servers, and other address of a host and the protocol used by
equipment connected to the internet. Though designed for use by the communication. A port is identified for
web security personnel, Shodan became notorious a few years ago each address and protocol by a 16-bit number,
when news sites noticed it could be used to access unprotected commonly called the port number. For example,
traffic lights and video baby monitors. an address might look like "protocol: TCP, IP
The way Shodan finds these unprotected devices is by crawling address: 10.22.33.44, port number: 554", which
the internet looking for IP addresses with open ports. The reason may be written 10.22.33.44:554 when the protocol
Shodan can find computer-controlled HVAC systems is that theyve is known from context.
been plugged into a company web server that reaches the internet. In the previous example, the port number 554
(Conversely, Shodan wont see HVAC systems operating on their is used by devices that employ real time streaming
own closed networks.) When Shodan notices a port left open protocol. BACnet messages use the user datagram
without password protection, or with only the default password protocol port number 47808.
Mr Robot EE IoT 04.17 V2.indd 9 4/14/17 9:53 AM

INTERNET OF THINGS
H A N D B O O K
A Raspberry Pi 3 (a later model

than that used in Mr. Robot) next
to a thermostat for a commercial
building. The Pi measures about
3382316 in.
Every day thousands more control systems Given that the Mr. Robot
show up on Shodan, says Michael Chipley. episode was filmed a few years
People dont realize that when they have a ago, you might wonder if a similar
misconfigured thermostat or HVAC controller, it is scheme would still work today.
exposed. And technically, when you see an HVAC Odds are that it would, say the
system on Shodan you havent hacked anything security experts.
because the owner has posted the information for Network security for these
the whole world to see. devices hasn't improved very much
since 2014, says Billy Rios. The
INSIDE THE NETWORK underlying BacNET protocol simply
Elliot Alderson and his cohorts used one other doesn't have security built into it.
piece of software in their penetration of the That's something that cannot easily
Steel Mountain HVAC system. Called Kali Linux, be overcome by a single vendor or
it, too, is a real-world program. It is basically even a collection of vendors.
an operating system designed by two security The vulnerabilities will be out
experts for doing network penetration tests. It there forever, says Chipley. You
contains a toolkit for such tasks as cracking Wi-Fi just have to assume systems are
passwords, creating fake networks, and analyzing going to be exploited. So when
network traffic. There are versions of it available they are compromised, you need
for the Raspberry Pi. It is small enough to run from to design them so they just fail
the Pis SD card. gracefully. You have to adopt that
In the case of the Mr. Robot hack, we might approach because there is no way
RESOURCES
surmise that Kali was the means by which Elliot you are going to stop a determined
and his colleagues watched network traffic and aggressor from taking over. When
White Scope determined which devices were the thermostats we run simulated attacks, it is not
Whitescope.io controlling the tape storage rooms. With that a matter of if we are getting in the
information, the Pi would have mimicked the system, it is a matter of how fast.
PMC Group
Pmcgroup.biz thermostats and generated commands to the For real hackers, it is typically less
HVAC controller to boost the temperature in than 30 minutes before they own
those rooms. everything.

PLC WITH
BUILT-IN
VPN & FIREWALL Y BU I LT-IN
U R IT
SE C
IIoT
READY
PFC Series Performance Class Controllers

VPN technology with IPsec and OpenVPN security protocols
IIoT-ready application security with SSL/TLS encryption
Firewall with whitelisting for increased network security
www.wago.us/PLC-VPN
wago -- IoT handbook 4.17 .indd 11 4/13/17 1:12 PM

INTERNET OF THINGS
Modulating 5G
The IoT will make heavy use of fifth-generation mobile
networks that use a yet-to-be-determined modulation
scheme. Here are the major contenders.
LEE TESCHLER | EXECUTIVE EDITOR
H A N D B O O K
Fifth-generation mobile
networks,
Several of the ideas proposed for 5G are hybrids of QAM
and OFDM principles.
abbreviated 5G, will form the telecommunications First a few basics. Quadrature techniques represent a
standards for the internet of things. Planners say transmitted symbol as a complex number and modulate a
5G will have a higher capacity than the current cosine and sine carrier signal with the real and imaginary
4G equipment partly to support the device- parts. This lets the symbol be sent with two carriers. The
to-device, ultra reliable, and massive machine two carriers are generally referred to as quadrature carriers.
communications expected to help define the A coherent detector can independently demodulate
IoT of the future. Among the goals of 5G: lower these carriers. This principle of using two independently
latency than 4G equipment and lower battery modulated carriers is the foundation of quadrature
consumption, data rates of tens of megabits modulation.
per second for tens of thousands of users, QAM conveys information by modulating the
several hundreds of thousands of simultaneous amplitudes of the two carrier waves, using either amplitude-
connections available for wireless sensors, along shift keying (ASK) for digital data or straight amplitude
with better spectral signaling efficiency. modulation for analog. The two carrier waves of the same
The better spectral efficiency will partly be a frequency, usually sinusoids, are out of phase with each
function of the modulation schemes used in 5G. other by 90. The modulated waves are summed, and the
However, those modulation schemes have yet to final waveform is a combination of both phase-shift keying
be standardized. There are several contenders, and (PSK) and amplitude-shift keying (ASK).
derivatives of the same quadrature-style schemes in QAM is said to be spectrally efficient, and the reason
use by mobile networks today havent been ruled becomes clear by comparing a QAM signal with that of
out for 5G. So it is interesting to review the major an ordinary AMed carrier. A straight amplitude-modulated
modulation techniques now up for consideration as signal has two sidebands. The carrier plus the sidebands
part of 5G. occupy twice the bandwidth of the modulating signal. In
Techniques discussed for 5G tend to contrast, QAM places two independent double-sideband
use multiple carriers as a means of obtaining suppressed-carrier signals in the same spectrum as one
spectral efficiency. At present 4G LTE uses QAM ordinary double-sideband suppressed-carrier signal.
(quadrature amplitude modulation) with OFDM QAM can give arbitrarily high spectral efficiencies
(orthogonal frequency division multiplexing) as by setting a suitable constellation size. As a quick review,
modulation and OFDMA (OFDM multiple access)
as access scheme. 5G will provide a high bit rate so
it will need to make efficient use of the spectrum.
5G EE IoT 04.17 V2.indd 12 4/14/17 9:16 AM

MODULATING 5G
S i m p l e QAM tra n sm i t ter Simple QA M receive r
Quadrature amplitude modulation conveys two analog message signals, or two digital bit
streams, by changing (modulating) the amplitudes of two carrier waves, using the ampli-
tude-shift keying (ASK) digital modulation scheme or amplitude modulation (AM) analog mod-
a constellation diagram represents the signal ulation scheme. The two carrier waves of the same frequency are out of phase with each other
as a scatter diagram in the Q and I axes and by 90 and are thus called quadrature carriers. The modulated waves are summed, and the final
represents the possible symbols as points on waveform is a combination of both phase-shift keying (PSK) and amplitude-shift keying (ASK),
or, in the analog case, of phase modulation (PM) and amplitude modulation.
the plane. The more symbols defined in the
modulation scheme, the more points on the
constellation diagram. The number of points
at which the signal can rest, i.e. the number The primary advantage of OFDM over using a single carrier is
of symbols, is indicated in the modulation its ability to cope with severe interference as caused by RF sources
format description: 16QAM uses a 16-point at nearly the same frequency or frequency-selective fading from
constellation, and so forth. multipath. OFDM may be viewed as using many slowly modulated
Constellation points are normally arranged narrowband signals rather than one rapidly modulated wideband
in a square grid with equal vertical and horizontal signal. The low symbol rate makes the use of a guard interval between
spacing. Use of higher-order modulation symbols affordable, making it possible to eliminate intersymbol
formats, i.e. more points on the constellation, interference (ISI) and use echoes and time-spreading to improve
makes it possible to transmit more bits per signal-to-noise.
symbol. However, use of higher-order symbols The orthogonality of OFDM comes from the selection of the
positions constellation points closer together, sub-carrier frequencies so they are orthogonal to each other. This
making the link more susceptible to noise. basically means the spectrum space between sub-carriers obeys a
Specifically, it takes less noise to move the signal mathematical relationship where it is inversely proportional to the
to a different decision point on the constellation symbol duration. Sub-carriers spaced this way dont experience any
diagram. cross-talk and thus eliminate the need for inter-carrier guard bands,
A point to note about QAM is that it is simplifying the design of both the transmitter and the receiver.
considered a single-carrier system. The two
digital bit streams come from one source that is
split into two independent signals.
QAM signals are often sent via multi-
Simple O FD M t ransmit ter & receiver m a ke - u p
carrier modulation schemes that transmit one
QAM signal over one of several subcarriers.
The point of doing this is to simplify the task
of compensating for distortions arising in the
communication channel. Each of the subcarriers
has a small bandwidth. The communication
channel has a relatively flat frequency response
over each of these small bands. So it is relatively
easy to compensate for distortions over each of
the small subcarrier bands.
In OFDM, many closely spaced orthogonal
sub-carriers carry data on several parallel
data streams or channels. Each sub-carrier is
modulated with a conventional modulation
scheme such as QAM at a low symbol
rate, maintaining total data rates similar to
conventional single-carrier modulation schemes
in the same bandwidth.
5G EE IoT 04.17 V2.indd 13 4/14/17 2:48 PM

INTERNET OF THINGS
G eneric f ilter bank mult icarrier (F MB C) t ra ns m it te r
There are a few inherent

difficulties with OFDM. One is that
an OFDM signal can have a high
instantaneous peak compared to
its average level. There can also
be a large signal amplitude swing
when the signal traverses from
a low to a high instantaneous
H A N D B O O K
power. The power amp used must

be linear over a wide bandwidth
to prevent a high out-of-band harmonic distortion. This
phenomenon can potentially interfere with adjacent F-QAM combines MF-FSK (multiple frequency
channels. FSK) and MQ-QAM (multiple QAM modulation levels).
Other difficulties arise with the time and frequency F-QAM has many similarities with OFDM-IM (OFDM
synchronization between the OFDM transmitter and with index modulation). In both cases the information
receiver. Numerous techniques have been proposed is not only conveyed through the modulated symbols
for estimating and correcting both timing and carrier but also via the indices of the active subcarriers. At the
frequency offsets at the OFDM receiver. For example, one receiver side, the detection process is similar to that
idea is to embed pilot tones into OFDM symbols, then use of the OFDM-IM. The receiver employs whats called
timing and frequency acquisition algorithms to sync on a log-likelihood-ratio (LLR) detector to determine the
them. active subcarrier in each sub-block and, afterwards,
estimates the received symbols using a maximum
HYBRID SCHEMES FOR 5G likelihood (ML) detector.
Several of the modulation schemes under review for One drawback of current OFDMA schemes is
5G are hybrids employing elements found in QAM and that they require accurate synchronization of the user
OFDM. One is called F-QAM or FSK-QAM. F-QAM is a signals at the base station. Such synchronization is
combination of QAM and frequency shift keying (FSK). It not straightforward and demands a lot of resources.
has been proposed in conjunction with OFDMA, the multi- So a lot of the work on 5G aims at a way around this
user version of OFDM where individual users are assigned base station syncing. One idea from AlcatelLucent Bell
subsets of subcarriers. Labs is a modified OFDM waveform dubbed universal
filtered multicarrier (UFMC). UFMC passes each bundle
of adjacent subcarriers that belong to a user through
a filter to minimize multi-user interference. Bandwidth
Gen eri c f i l ter b a n k mult icarrier receiver efficiency is kept at the same level
( G FD M) as OFDM, but UFMC uses no cyclic
prefix (CP). The interval the CP
normally occupies instead absorbs
the transient of the underlying filters,
making the filtering more effective.
Generalized frequency division
multiplexing (GFDM) is another
candidate waveform. GFDM may
be thought of as a modified OFDM,
where each subcarrier is shaped
by a high-quality filter. To allow the
addition of the CP, the subcarrier
filtering operation in GFDM is based
on a circular convolution.
Another 5G contender is based
on filter bank multicarrier with offset
5G EE IoT 04.17 V2.indd 14 4/14/17 9:17 AM

MODULATING 5G
G eneric F -QA M t ransmit ter
In an F-QAM transmitter, the N subcarriers of

the OFDM block are divided into sub-blocks of
MF subcarriers. A bit splitter splits the bits into
QAM (FBMC-OQAM). FBMCs employ two sets of bandpass filters called analysis groups. The first log2 MF bits of each group
and synthesis filters, one at the transmitter and the other at the receiver, to are used to select that subcarrier out of the MF
filter the collection of subcarriers being transmitted simultaneously in parallel available that will carry the symbol of the MQ-
ary signal constellation to which the next log2
frequencies. FBMC filter bandwidth, and therefore selectivity, is a parameter MQ bits of the group are mapped. Each sub
that can be varied during design. FBMC also offers better bandwidth efficiency block transmits log2 MF + log2 MQ bits. The rest
when compared to OFDM. FBMC eliminates the need for CP processing while of the transmitter components are the same as
efficiently attenuating interferences within and close to the frequency band. in the classic OFDM.
FBMC systems are also comparatively more resistant to narrowband noise.
OTHER IDEAS
RESOURCES
Though multi-carrier systems seem to be getting most of the attention for 5G,
experts say single-carrier modulation could still be part of the spec. There are
also what might be termed odd-ball techniques still in the mix. One is called QAM,
Onlinelibrary.wiley.com/
faster than Nyquist (FTN) modulation. It is a non-orthogonal subcarrier system
doi/10.1002/0471219282.eot284/abstract;-
that actually makes use of intersymbol interference to pack more data into a jsessionid=8B34B69579559C1A80066D-
communication channel. Another non-orthogonal idea is called time-frequency 15266C41A1.f03t04?userIsAuthenticated=-
packing. The carriers are close together, and a super-sophisticated detector in false&deniedAccessCustomisedMessage=
the receiver decodes the closely packed signals. TFS is implemented either with
QAM or OQAM. F-QAM,
Finally, a couple of ideas from independent companies have been floated as Metis-ii.5g-ppp.eu/wp-content/uploads/
publications/2016/2016-09-PIMRC-FQAM-FB-
5G specs. One is called wave modulation (WAM) which comes from MagnaCom,
MC-Design-and-Its-Application-to-Ma-
an Israeli startup acquired by Broadcom. Here a set of algorithms implement a chine-Type-Communication.pdf
form of spectral compression. Details about WAM are sparse, but the spectral
compression is said to enable a higher signaling rate thereby affording the use of OFDM,
lower-order symbol alphabet, which reduces complexity. It is also said to give an Radio-electronics.com/info/rf-technology-de-
overall 10% system gain advantage, up to 4x increase in range, a 50% spectrum sign/ofdm/ofdm-basics-tutorial.php
savings, improved noise tolerance, and increase in data speed.
Another company called Cohere Technologies patented a modulation
technology called Orthogonal Time Frequency and Space (OTFS). Again, details
about OTFS are sparse, but press releases put out by Cohere speak highly of it.
5G EE IoT 04.17 V2.indd 15 4/14/17 2:49 PM

INTERNET OF THINGS
Who is after big data?

The rush to gather data--the new currency--from every
device connecting to the internet makes it a tempting target
for those who seek to monetize it before you do. What can
and should you do to protect this new currency?
H A N D B O O K
A few successful anecdotes aside, the promise of the Internet

of Things (IoT) contributing to greater productivity
and efficiency (wherever its applied) is still a work in progress.
But that does not stop IoT developers from pushing forward with
this technology, even though a thorough understanding of IoT
drawbacks is a must.
One major drawback revolves around the security measures
users dont take to protect IoT data from cyber criminals.
SonicWall, a developer and implementer of cybersecurity
systems, recently released its 2017 Annual Threat Report on the
threats seen in 2016 and what IoT developers can expect to
see in 2017. Here are key threats they claim developers need
to anticipate when designing end use products.
The number of cyber threats targeted at companies
did not slack off in 2016. These threats targeted
companies of all sizes. According to SonicWall, It
would be inaccurate to say the threat landscape either
diminished or expanded in 2016 rather, it appears
to have evolved and shifted. The good news is that
security professionals used new technologies to fend
off many of these attacks. The bad news is that cyber
criminals continue to find innovative ways to hack
data.
Malware has been a favorite vector of attack,
but that is changing. Noted SonicWall, the number
of unique malware samples collected in 2015 was
64 million. It fell a bit in 2016 to 60 million, a 6.25%
decrease. And total attack attempts dropped from 8.19
billion in 2015 to 7.87 billion in 2016.
Malware is on the decline, and replacing it is
ransomware. Part of this development is due to ransomware-
as-a-service (RaaS), which makes it easy to deploy ransomware
kits. Other factors increasing ransomware are that the perverse
PH
OT code is easy to spread and theres minimal risk of getting caught.
OC
O U RT SonicWall reports ransomware attack attempts were around
E SY
OF iS
TOC K 4 million in 2015 but hit 638 million in 2016! About 15% of those
attacks were in mechanical and industrial engineering companies.
Feature 1 EE IoT 04.17 V4.indd 16 4/14/17 2:36 PM

WHO IS AFTER BIG DATA
The costs to the companies were significant--

$209 million in ransom was paid out by the end
of the first quarter of 2016. Payment often had to
be made in Bitcoins because such transactions are
harder to trace by law enforcement.
SonicWall offers several
Payment of the ransom will not guarantee that
the data will be returned. Noted SonicWall, only
recommended practices to help
42% of companies attacked were able to recover
their data fully, and those data mostly came from a
secure devices connecting to the IoT.
backup.
Ransom payment is only part of the cost victims 1. Stay on top of all updates and patches for browsers,
encounter. More money is required to cover the operating systems and IoT firmware.
costs of a cyber response team, restoration efforts,
and then changes to the cybersecurity technology
2. Increase browser security levels, disable remote desktop
to deal with the next attack. In addition, companies
face increased insurance premiums. protocol (RDP) and select Show File Extensions. Also,
Another popular line of attack is in the form of restrict Microsoft Office files containing macros.
hidden detection using SSL/TLS encryption. About
62% of web sessions were affected in 2016.
3. Install a solution that helps you detect a system thats been
SSL/TLS encryption is supposed to make it
harder for cyber criminals to intercept payment compromised outside the network and that lets you flag for
information from consumers. Unfortunately, it correction.
provides an uninspected backdoor into a network,
which cyber criminals exploit with malware. Many
4. Use multiple layers of defense and properly integrated
companies still do not have the right network
protection infrastructure installed for deep packet products. Start with a security policy that trusts nothing
inspection (DPI) that would help detect malware (network, resources, and so on) and nobody (vendors,
hidden in SSL/TLS encrypted web sessions. franchisees, internal personnel), and add exceptions where
Next generation firewalls perform DPI, but
needed.
doing so can compromise the efficiency of the
network, so many companies simply do not use
this form of inspection. Thus, most network traffic
is not being inspected, leaving a company open to
security hacks.
Backing up data is certainly a way to recover from
ransomware, but it is advised that the backup systems
themselves either be offline for extended periods or require
authentication. Otherwise, theres a risk of reintroducing the
ransomware into the system through the backup.
Of course, a very ripe market for hackers and cyber
criminals is the Internet of Things, especially as IoT spreads to
more devices and systems. All categories of IoT devices are
vulnerable: smart wearables, any smart home device, smart
entertainment, smart vehicles and so on. Distributed Denial of
Service (DDoS) attacks is the common form of disruption. And
SonicWall found the U.S. was targeted the most.
Internet of Things (IoT) devices were successfully
compromised on a massive scale and used to mount DDoS

INTERNET OF THINGS
attacks that disrupted highprofile companies The security dangers with the
including Airbnb, Netflix, Reddit, Twitter and IoT should not be underestimated.
Spotify, said SonicWall. In September and Cyber criminals will continue to
October 2016, attackers leveraged hundreds use ransomware and malware with
of thousands of IoT devices with weak telnet IoT connected devices. Notes
passwords to launch DDoS attacks using the SonicWall, attackers will use malware
Mirai botnet management framework. to take control of IoT devices,
The main reason IoT devices are easy to possibly even demanding ransom.
H A N D B O O K
attack (and you already know this) is because An attacker could, suspend
its more important to get to market fast/first, company production lines, affect
then to deliver a strong, safe design. city power grids, and even tap into
A few design changes can help, however. personal health devices in exchange
Install programming that forces users to for ransom.
change default passwords, for example. If More IoT devices will be subject
possible, install features that look for specific to DDoS attacks thanks in part to the
IoT malware like Mirai. success of the Mirai virus.
For users, a best practice is to segregate If sufficient protection is not
IoT devices into separate zones in case one is included in drones and smart cars,
compromised. That way, only part of a network hacker will take control of them.
is compromised. Incidents of such attacks will rise.
you could incorporate the switch

functionality of a circuit breaker with
the high protection level of a fuse?
New Fused Disconnect Switch

UL98 Rated for CC fuses up to 30A & 600V
The new Fused Disconnect Switch (FDS) series incorporates the switch functionality of
a circuit breaker with the high protection level of a fuse. The FDS allows end-users to
shut off and isolate branch circuits in electrical control systems in order to safely perform
maintenance on the downstream circuit components.
To view the product data sheet and learn more about the FDS, please visit:
www.marathonsp.com/New Products/Fused Disconnect Switch
Regal and Marathon are trademarks of Regal Beloit

Corporation or one of its affiliated companies.
2016 Regal Beloit Corporation, All Rights Reserved. MCAD16061E SB0045E

WHATS NEW
Whats new for

implementing the IIoT
Developers continue to create tools that will help
designers install IoT functions in their designs.
LESLIE LANGNAU | MANAGING EDITOR
Despite increasing demand for IoT enabled components and

devices, the IoT market is still extremely fragmented,
says Tom McKinney, Business Development Manager for HMS Industrial
It is an open-source, cross-platform
technology available on GitHub.com and
npmjs.org, and is currently available for a
Networks Inc. variety of platforms.
In general, IoT based products tend to be suited to specific industries Opto 22s groov Box fuses together
rather than flexible enough to be used across a range of them. Even so, an industrially rugged hardware platform,
every developer is pursuing the IoT market because customers expect all data visualization for mobile and web
devices to be network compatible, regardless of vendor. Heres a look at clients, industrial automation protocol
some of the more recent IoT product developments. support including Modbus/TCP and OPC
UA, and advanced data flow processing.
EASIER IOT SYSTEM DESIGN It is a zero-programming, web-based
Several companies offer development systems way to build, deploy, and view effective,
to aid the design engineer in installing IoT scalable operator interfaces and system
features into a product. dashboards to monitor and control
One example is the Node-RED systems and equipment using mobile
development environment that runs on the devices and other computer-based
groov Box industrial appliance from Opto systems.
22. Node-RED will decrease IIoT application Node-RED, running on the groov
development time and complexity, making appliance, enables developers to rapidly
it easier to prototype, develop, and deploy prototype and develop IIoT applications
applications for connecting physical assets to to connect data streams from industrial
cloud applications and IT systems. assets to IT assets, bridging the gap
Node-RED is a visual wiring tool to between physical equipment and digital
connect edge-computing systems such as computing systems.
industrial automation controllers to cloud Schneider Electric also offers a
services such as Amazon Web Services (AWS) development platform. Its next generation
IoT, IBM Watson IoT, and Microsoft Azure. EcoStruxure architecture and platform
delivers IoT-enabled solutions at scale for
building, grid, industry and data center
The Node-RED development environment customers. The architecture and platform
runs on the groov Box industrial appliance is open, scalable and interoperable,
from Opto 22. Node-RED decreases IIoT
connecting the three core layers of
application development time and complexity,
making it easier to prototype, develop, and Schneider Electrics technology stack, from
deploy applications for connecting physical connected products, to edge control, to
assets to cloud applications and IT systems.
applications, analytics and services.

INTERNET OF THINGS
EcoStruxure helps users develop scalable and converged IT/OT ANALYTICS

systems at every level of an organization or enterprise. It leverages Rockwell Automation offers FactoryTalk
connectivity and data to create controls and actionable insights. Analytics for Machines, a Microsoft Azure
The architecture fosters open innovation and interoperability and is cloud-enabled application that accesses
developed in partnership with leading standards organizations and performance analytics from deployed
best-in-class technology leaders. systems. It helps drive productivity and
EcoStruxure provides a portfolio of interoperable and cloud- output while reducing maintenance costs.
connected or on-premise features organized around its three layers. OEMs can embed a FactoryTalk
The first layer builds on developing connected products with Cloud gateway device onto the machines
embedded intelligence, such as sensors, medium and low voltage they provide. Once commissioned, the
H A N D B O O K
breakers, drives and actuators. The Edge Control layer helps users machine starts collecting data. The data
manage their operations on-premise as well as from the cloud. This from selected controllers are sent to the
management includes connected control platforms with remote FactoryTalk cloud application securely
access, advanced automation and operator override capabilities. with minimal configuration by either the
Local control and firewall protection is included for mission-critical equipment builder or the end user. The
applications. equipment builder then has access to real-
EcoStruxure also enables vendor-agnostic apps, analytics and time analytics and actionable information
services on open IP protocols to work with any hardware, system, through prebuilt dashboards. This is a
or control. It is designed to meet the core customer challenge of cloud-based application provided as
implementing IoT solutions seamlessly, cost-effectively and at scale. software-as-a-service (SaaS).
Schneider Electric also offers cybersecurity protection IoT data is noisy and complex to
services that help industrial customers manage and secure their analyze, which has limited its impact on
connected plants. Cyber Update services automatically distribute business applications to date. We created
the companys operating system patches and endpoint protections, Eureqa to overcome this challenge, said
reducing the risk of applying improper patches and updates. Michael Schmidt,
Nutonians founder
and CTO.
Autodesks Fusion Connect,

an IoT cloud platform,
embeds Nutonians artificial
intelligence odeling engine,
Eureqa, to interpret IoT
data. Eureqa discovers the
simplest possible predictive
models from raw data,
enabling users to solve data-
driven business problems.
Nutonian, a
machine intelligence
company, announced
an OEM relationship
with Autodesk, a
global leader in
design software and
It also eliminates potentially unsecure sources of data from services. Autodesks Fusion Connect, an
affecting plant and business operations. IoT cloud platform, will embed Nutonians
The services, which meet IEC62443 and other leading industry artificial intelligence (A.I.) modeling engine,
standards, automatically deliver third-party-tested operating Eureqa, to interpret IoT data.
system security patches and anti-virus endpoint protection updates Eureqa automatically discovers the
through a secure, authenticated and encrypted Windows Software simplest possible predictive models from
Update Server to a customers on-site server. raw data, enabling users to solve data-

No place PROVEN
to replace
a battery. 40
YEAR
OPERATING
LIFE *
Highly remote locations call for Tadiran batteries.
Battery replacement is costly and often ANNUAL SELF-DISCHARGE

dangerous work. Reduce the risk with
Tadiran bobbin-type lithium thionyl TADIRAN COMPETITORS
chloride (LiSOCl2) batteries. With an annual

self-discharge rate of just 0.7% per year,
Tadiran LiSOCl2 batteries enable low power
consuming wireless devices to operate for up 0.7%
to 40 years on a single battery, up to 4 times
longer than the competition. Our batteries
also feature the highest capacity, highest
energy density, and widest temperature
range of any lithium cell, plus a glass-to-
metal hermetic seal for added ruggedness and Tadiran Batteries
reliability in extreme environments. Up to 3% 2001 Marcus Ave.
Suite 125E
Take no chances. Take Tadiran batteries that last a lifetime. Lake Success,
NY 11042
1-800-537-1368
516-621-4980
www.tadiranbat.com
* Tadiran LiSOCL2 batteries feature the lowest annual self-discharge rate of any competitive battery, less than 1% per year, enabling these batteries to operate
over 40 years depending on device operating usage. However, this is not an expressed or implied warranty, as each application differs in terms of annual energy
consumption and/or operating environment.
Tadiran Batteries_ 4-17.indd 21 4/13/17 1:13 PM

INTERNET OF THINGS
H A N D B O O K
FactoryTalk Analytics for Machines,

from Rockwell Automation, is a
Microsoft Azure cloud-enabled
application that accesses performance
analytics from deployed systems. It
helps drive productivity and output
while reducing maintenance costs.
driven business problems. With Eureqa enhancing Fusion

Connect, companies can automatically churn through
connected machine IoT data to predict product failure,
receive recommended improvements for product designs
and identify potential new designs.
Said Bryan Kester, director of IoT at Autodesk, We
evaluated the A.I. and machine learning ecosystem and
in the
found Nutonian has many significant advantages that
enable us to deliver a one-of-a-kind IoT analytics service.
AR
Eureqa can be used to determine the baseline
for how a piece of machinery behaves under normal
conditions. If a machines sensors indicate abnormal or
suboptimal behavior, Fusion Connects predictive analytics,
powered by Eureqa, will generate end-user alerts and
Heat Curing, dashboards explaining whats happening and why. This will
Two Part Epoxy EP112LS enable customers to automatically anticipate machinery
maintenance, identify product flaws and develop smart,
proactive business processes.
Outstanding optical clarity &
non-yellowing properties Continued Schmidt, The integrated power of Eureqa
and Fusion Connect enables businesses to use IoT
Refractive index: 1.55
data to automatically predict and explain in real time why
events happen, like equipment failure or maintenance.
High temperature resistance With scalable analysis and predictive foresight,
Serviceable from -60F to +450F businesses can optimize their operations and gain
competitive advantage.
RESOURCES
Reliable electrical insulation
Volume resistivity: >1014 ohm-cm Rockwell Automation Inc.
Autodesk
Autodesk.com Rockwell.com
Opto 22 Schneider Electric

Opto22.com Schneider-electric.com
154 Hobart St., Hackensack NJ, 07601 USA +1.201.343.8983 main@masterbond.com
www.masterbond.com
22 DESIGN WORLD EE Network 4 2017

THE NEW FACE
The new face of

machinery
PETER THORNE | DIRECTOR, CAMBASHI
Thanks to interconnected devices,

traditional human machine interfaces
may no longer be needed.
There are new ways of interacting with

connected products. Why build
instrumentation and controls into machines if
every user will have a tablet or phone? Just
run an app to see the displays and buttons,
and operate the machine. Manufacturers
will change their approach to development,
operations and service.
SMARTPHONES AS CONTROLLERS
I remember feeling mildly alarmed during
a 2012 research interview with a medical
equipment designer. At that time, her main
project was to estimate the potential cost
savings of using the electronics and display of
smart phones as part of the control system. The
idea was for every user to dock their phone into
the equipment.
The design study was looking at user
identification, login, and privacy. My instant reaction
was hygiene - this is medical equipment, are those
phones clean? And what about the operating theatre -
would there be enough staff with phones to operate all
the machines? Then the security gorilla reared its head -
how could anyone be confident the phones were free
of malware?
Then also in 2012, I first became aware of Ecomove's Qbeak
electric vehicle design. At that time, it used a similar concept.
The driver docks their phone into the car, and the phone becomes
K
the instrument cluster, sat-nav, and the infotainment system. I don't remember OC
IST
Y OF
IMAGE COURTES
feeling alarmed by the Qbeak. It's a few years ago, but I imagine this means the
phone did not control the brakes or steering!
NEW IOT INTERACTION WITH PRODUCTS

The growth of technologies around the Internet of Things has made these kind of
ideas just one part of a whole host of new ways of interacting with all kinds
of products.
New Face EE IoT 04.17 V5.indd 23 4/13/17 3:46 PM

INTERNET OF THINGS
Lets try and break that statement down. THE NEED TO CHANGE DEVELOPMENT,
Communication with a connected-product can be both OPERATIONS, AND SERVICE
ways - in and out. The communication can be with the product With barriers of distance and location
itself, and with its digital twin, and with some variation of the eliminated, people, other machines, and
digital twin or its environment - to try out 'what-if' scenarios. external systems can observe a connected
Cloud-connected products can be accessed from any product (and its digital twin) and respond in
Internet access point. new ways.
The interaction can include any or all of the sensor readings If youre involved in product
and control settings. Data sources and systems external to the development for machinery, youve been
product can be fed into the interaction. For example: thinking about these possibilities for some
H A N D B O O K
in a production machine, visibility of customer orders helps time. Your priority is probably new product
for agricultural machines, crop yield histories help farmers function, and better service options. And, of
to optimize their fertilizer application. course, the cost reduction pressure is always
product sensor readings and cloud-based analytics there.
enable predictive maintenance - the technician arrives Obviously, you know what your
with the right spare part just before the problem results in machines are used for, but this new
unplanned downtime environment means you need more insight
across the whole product lifecycle.
SO WHO NEEDS THOSE DIALS AND SWITCHES? What could your machine do to make
One question, though. itself easier to make, test, buy, configure,
If remote control is possible, then whats the point in having install, learn-to-use, and operate?
connected product with displays and instruments for local Your firm has probably run many
control? Why not remove these expensive components? initiatives focused on the design-to-
The connectivity will allow any authorized user with the manufacturing interface, from early days of
right app on their phone or tablet to stand beside the machine developing the manufacturing concept, to
- or indeed, anywhere on the planet - and use the app to check creating the process, ramping up to volume,
readings and adjust controls. and managing the continuous change to
And the software that provides this capability may offer handle manufacturing and field feedback.
more than you expect - for example, review of recent control So the product development process
inputs and sensor readings. is probably multi-disciplinary, bringing
development, manufacturing (and perhaps
ADD A TOUCH OF AUGMENTED REALITY even service engineers) together to improve
Augmented reality (AR) technologies add information to a live decision-making by taking a broad view of
video of a product. The video feed could come from: the requirements.
a camera built-in to the machine Of course, when you remove the
a camera installed so that is has a view of several machines switches and displays from your machine,
the camera on an operator's phone or tablet you are making some of your manufacturing
colleagues' tasks simpler - fewer parts,
The value comes from breakthroughs. For example, the fewer display, switch and button cut-outs in
ability to display an X-ray of the product, which can be used to the exterior panels so generally simpler
highlight faulty components. production.
In some use-cases, there's not even any need for the and rewrite existing business models.
product itself! Why should a distributor tie up capital in a But this view is just the beginning.
showroom full of machines? Why not markers in place of the Taking the visible controls and displays
machines, and an AR application that provides a viewport for away from a product is a great way of
your customers to walk around and study a detailed product triggering the question "so who is
image from all angles? monitoring and controlling this machine?"
Since it's AR, they could see alternative options and This is where your engineering initiative
configurations, and call up specifications all at the touch of a can help develop your organization's
button (or screen). business model.

THE NEW FACE
The new control concept makes it easy to see

that your company, or a third party, could manage
and control the product - for example, from a central
service center. Your organization could use possibilities
to move from selling products, to selling the use - or
even outcomes - of using these products.
THE SCOPE GETS BIGGER, AGAIN

Removing product switches and displays makes some
things simpler, but not enough to turn the tide of
growing complexity.
Handling the shift to a smart product is tough
because of the multiple technologies involved:
mechanical, electrical, electronic and software.
Trade-off decisions are now even more complex,
so much so that a systems-engineering discipline
may be needed to avoid a committee vote for every
decision!
A smart connected product, sold with operation or
service agreements, means much stronger connection
of the engineering team to the product in operation.
Instead of being largely isolated in the old
'development' and 'production' parts of the
organization, data streams from the product provide a
high fidelity view of the product in operation.
This will help calibrate simulations. The new
service team will be fiercer than any customer in
feedback of any problems.
NEW LIFE IN THE FIELD

Product function and performance depends on all its
components (including the software), as well as the
capabilities of the connected back-end systems.
So, development engineers (and, of course, the
sales and marketing teams) have a new method of
providing new capabilities - update the software (and
remember to update the as-maintained records).
CAUGHT IN THE DATAFLOWS?

It is easy to imagine engineering teams getting caught
out by the volume, frequency, scope and detail of even
these new dataflows, and we haven't even mentioned
software configuration and support for resellers
wanting to demonstrate the new capabilities, or
coordinating a new software baseline with production
and test.
Fortunately, for most design and manufacturing
organizations, this is familiar territory, given that
engineering dataflows and processes have been
getting more and more complicated for decades, for
4 2017 DESIGN WORLD EE Network 25

INTERNET OF THINGS
a range of reasons including: distributed development teams, global supply chains, and
gaining regulatory approvals.
Software from the Product Lifecycle Management (PLM) stable provides the tools
needed to manage data, and manage workflows. PLM has the structures needed to handle
the new dataflows.
H A N D B O O K
THE NEW ENGINEERING SOFTWARE BATTLEGROUNDS

The transition of smart connected products from the special case (NASA has been building
smart connected products for decades) to more widespread adoption is a shift in the
tectonic plates of the engineering software landscape.
Handling new dataflows is just one example, but there are loads of other opportunities
for competing engineering software vendors to gain an edge over their rivals.
THINK OF:
Agile systems definition: Agile methods are established in software development,
and include characteristics that would be described as "just good engineering" by
traditionalists and hardware developers. But few tools for agile software development offer
the visibility and control needed for exchange of complex requirements databases between
customer and a complex supply chain.
Configuration management, product line engineering and platform architectures
all offer partial answers, but smart connected products will create demand for new agile
systems definition tools to support concept and early stage architecture development,
capable of driving consistent use of the
many early stage simulations product
architects will need.
ALM or PLM or both? In software
development, Application Lifecycle
Management (ALM) tools play the role
that PLM plays for the physical parts of a
product. So how can integrated software/
hardware teams manage their work?
There are several ways of answering this
question.
One is to separate out
'management' of everything into a
higher level function that supports
access control, versions, workflows,
baselines, variants, dependencies
everything excluding the content of
the object being managed. Others
compete with this concept by creating
integrated environments - the Integrated
Some of the Development Environment (IDE) used
emerging
engineering in software development is an example
dataflows. - in which authoring and test tools are
included, so the result manages the

THE NEW FACE
content as well as the status of the managed objects. Our research Simulation. Embedded software is critical
interviews have indicated that engineering managers feel that 'software to smart product performance. Simulation
is different, yet still expect PLM vendors to take the lead on how to technologies have grown to handle multi-
configure tools for integrated hardware/software development. physics and interconnected sub-systems,
software is a new technology to handle.
The BoM boundaries. When talking about product definition, the The simulation battle ground for
problem has always been "Which Bill?" As designed, as planned, as engineering software vendors is active on
manufactured, as installed, as maintained - they all have a claim. many fronts, including:
This situation has been a traditional battle ground between PLM simulation data management
providers and ERP providers. PLM has been secure in control of the the practicality of flexible ways of
engineering parts list. The battle starts as this is translated into the as enabling hardware (and software) "-in-
designed bill of materials. For many companies, this is where ERP takes the-loop" as the various prototypes of
over, and becomes of the owner of the BoM (bill of materials) used for electronics, sensors, actuators become
production scheduling, including all the handling of alternate parts. available
Similarly, PLM has control of development of the manufacturing process, the feedback of actual test and product
and the manufacturing process plan for each product, sometimes performance to calibrate and improve
called the 'Bill-of-Process." But ERP providers can get involved as this simulation models, enabling simulation
gets translated into shop floor documentation and electronic work at an early stage in development
instructions. Adding embedded software as a component of the product making simulation accessible to a wider
will disrupt this battle. range of engineers
Service and Over-the-Air update: Most service organizations will
want to make sure that engineering has no more than read-only access In addition, as the role of the digital
to products in the field. Similarly, service organizations will want control twin of a product becomes larger, there will
over the applications that handle data (especially alarms) from in-service be more demand for simulation to support
products. product operation decisions.
The service organization will want their process of escalation Getting used to a product with no
and adherence to service-level-agreements, to take priority over visible means of control is just the start.
engineering's desire to identify root causes. This is a new and Security, Internet access, the likely need to
interesting area, because PLM systems already contain all the replace controllers with new generations of
configuration dependencies. Could PLM be extended so that these electronics during the lifetime of a machine,
dependencies can drive service decisions in the field? Or does service these are just some of the new factors for
need to own an as-maintained BoM and configurator rules? product developers to think about.
As with previous technologies,
Test management: Some design methods start with 'how can this engineering processes and dataflows will
capability be tested.' It is also possible to parameterise tests, and link adapt.
these parameters to product parameters - so the final choice of the For PLM vendors with ALM capability,
product parameter in effect generates the test specification: this is a time of opportunity - the
Will these concepts help manage and automate test creation and information their technology holds about
execution for smart products? a product now has even more value in
To what extent will the tests on software that allow the master manufacturing, as well as for operation and
version to be released to manufacturing need to be supplemented maintenance.
with further tests once the software is loaded onto the smart But ERP vendors will point out that
product? their systems help match processes to
Will the simulation environments used during product development costs, and that is often the message budget
define the external operating conditions or the response of the holders want to hear.
product in a way that allows re-use in testing?

INTERNET OF THINGS
Better development
systems for IoT apps
It can be tough for engineers to plan IoT systems
H A N D B O O K
around services based in the cloud. New generations of

development systems simplify the task.
WIREN PERERA
ON SEMICONDUCTOR
All indications are that after a long-

protracted period of discourse
and speculation, 2017 is going to be
the year when the Internet of Things
(IoT) finally begins to see serious
traction. Industry research firm IHS
predicted in January that there will
be a 15% ramp up in the number
of connected devices by the end
of the year, resulting in the total
number reaching 20 billion.
From a fairly early stage, it has
been evident to semiconductor
manufacturers what IoT
implementations were going to need
to be effective. The number of IoT
nodes is certain to be measured in
tens of billions, and in many cases the
applications involved will be relatively cost-
sensitive. So the bill-of-materials associated
with each node clearly must be a fundamental
consideration.
The power drawn by each node also must be
factored in because a large number of IoT nodes will go
into remote locations lacking power lines. Battery-powered
operation will therefore be the only viable option. Thus it will be critical
to extend battery life for as long as possible (to avoid the time and cost of
sending engineers out into the field to replace battery cells). Depending on
the application, other factors such as space constraints, harsh application
environments, and so forth, could affect the design of the IoT nodes.
A variety of communication protocols are destined to be employed within
IoT deployments - both wireless and wireline. Some are firmly established,
ON Semi EE IoT 04.17 V3.indd 28 4/13/17 2:51 PM

BETTER DEVELOPMENT SYSTEMS
while some are still emerging. Among the wireline protocols limited functions available at individual nodes. The ability
will be power-line communications (PLC), power-over- to use relevant apps via the cloud will free IoT system
ethernet (PoL), KNX and CAN for both industrial and designs from node limitations and allow full use of the
building automation. valuable data that has been captured.
Most wireless communication protocols will focus on To date, electronics hardware vendors and cloud
short-range, ultra-low power operation. Examples include service providers have tackled IoT development in almost
Thread, zigbee, and Bluetooth Low Energy (BLE). Other total isolation of one another. Both parties have stayed
wireless options include Low-Power Wide-Area Network within the boundaries of their own core competencies
(LPWAN) protocols, which cover long range, low data This practice has, however, limited the proliferation
volumes while dissipating little power (such as SIGFOX). As of IoT -- the thought of combining hardware and cloud
an alternative to the low-power protocols, there will also be software development has understandably been off-
cellular-based protocols for higher performance wide area putting. Hardware engineers dont want to move outside
network (WAN) coverage - such as LTE-M, NarrowBand IoT their comfort zone and face the difficulties of writing large
(NB-IoT) and in a few years time, 5G. amounts of code. Likewise, software developers dont want
Sensors/actuators are what will make IoT work. All the to be confined by a development platform that wont give
data can be captured and subsequently analysed through them enough room to maneuver.
sensors. Conversely, actuators can be used to drive motors, IoT implementations have several concerns. At the
initiate lighting, etc. Here are a couple of examples where node level, the primary concern will be making operations
the combination of sensors and actuators (along with the as efficient and reliable as possible - so data captured by
supporting connectivity) will be of real value. sensors can be passed back for analysis/manipulation, or
In a home/building automation application, a network actuators can be initiated when needed. The connectivity
of passive infrared (PIR) detectors can sense the presence employed must be optimized for the task at hand. Moving
of room occupants and LED drivers can accordingly activate further back through the system, the focus will be on
the lighting. An industrial application, such as a large-scale ensuring effective interaction with the cloud.
horticultural site, can employ several different sensors to The IoT sector has been in real need of technology
monitor the ambient light, temperature, humidity, soil that simultaneously addresses the disparate elements
moisture, and so forth. involved. Engineers need the connectivity, sensor
The system can activate when certain parameters are and actuator functions to create IoT nodes that match
not within the accepted pre-set thresholds. For instance, application requirements. Software developers need a
if the temperature was too high and had to be regulated, foundation upon which they can build the cloud-based
motors could open the greenhouse windows. Alternatively, apps that support the hardware.
were light levels not optimal
for crop yields, connected LED
drivers could make adjustments.
The makeup of an ID K
The combination of
space, cost and power budget
restraints all force IoT nodes
to follow streamlined design
concepts, with no provision for
extra functions beyond what
they can comfortably support.
This strategy will call for use of
microprocessor and memory ICs
that are budget priced, dont
consume much power or take
up excessive board real estate.
Therefore, nodes will use cloud-
based services (where data can
be processed and subsequently
analysed) to make up for the Schematic showing hardware and software
elements of ON Semiconductors IDK.

INTERNET OF THINGS
To date, companies providing development The IDK is based on the sophisticated

platform software dont really deal with all the issues NCS36510 system-on-chip (SoC) which has a 32-bit
discussed here. Hardware offerings are basically ARM Cortex-M3 processor core and two banks of
single-board solutions that incorporate certain 320KB flash memory. An extensive range of daughter
sensor and communication functions. They provide cards can be attached directly to the baseboard.
little scope when it comes to matching application For connectivity, engineers can pick daughter cards
requirements. For example, the platform might not for various wireless and wireline communication
support the best connectivity or sensing option, so protocols such as Thread, zigbee, SIGFOX, CAN,
compromises must be made. Whats called for is more Ethernet, and so forth. For sensors, there are
flexibility in the options for supporting typical IoT daughter cards that incorporate temperature,
H A N D B O O K
functions. motion, moisture, heart rate, ambient light, pressure

The dynamics that are defining IoT deployment and bio sensors. In addition, stepper or brushless
have given rise to a new type of IoT development motor drivers, as well as LED drivers, can be added.
platform - one of merit to both hardware engineers Availability of different sensor, actuator and
and software developers and which factors in their communication functions through a collection of
respective aptitudes. The result of this endeavor is daughter cards lets engineers mix-and-match options
the ON Semiconductor IoT Development Kit (IDK). to optimize system designs. It addition, hardware
Rather than taking a one-size-fits-all approach, the engineers, who often lack a good grasp of cloud-
IDK is modular, meaning there is a far greater choice based software development, have a simple route
of options for sensors, actuators and connectivity. It to the cloud based services for their IoT systems.
presents engineers with a versatile out-of-the-box Conversely, software developers have ample
development resource which, as well as taking care opportunity to develop their own proprietary services
of the hardware, also incorporates a sophisticated if they choose to.
software framework upon which device-to-cloud IoT The IDK is backed up by an Eclipse-based
applications can be built. integrated development environment (IDE). This
comprises a C++ compiler, debugger and code
editor, along with an array of application-related
Typ i cal ID K system libraries. Access to a versatile,
configurable platform, such as the
IDK, will let engineers hit their design
objectives without having to make
trade-offs or moving outside their
area of expertise. These kinds of
development systems will be pivotal
in taking a large proportion of IoT
systems from the concept phase
through to actual deployment.
RESOURCES
ON Semiconductor,
Onsemi.com
IDK baseboard accompanied by

several daughter cards.

Its not a web page, its an industry information site
Stay current with the latest electronic tips, resources, and news, visit
eeworldonline.com and stay on Twitter, Google plus, Facebook
and Linkedin. Its updated regularly with relevant technical information
and other significant news to the electrical design engineering community.
eeworldonline.com
EE Online house ad 2017.Vers2.LL.indd 31 4/13/17 5:00 PM

INTERNET OF THINGS
Building security into

IoT/IIoT end devices
H A N D B O O K
WA R R E N K U R I S U | M E N T O R G R A P H I C S
Tools, operating systems,

platforms, and services help open
Industries increasingly rely on their
connected devices and
networks, and they are also becoming aware that
new doors for developers building they must deter or prevent cyber attacks. It is nearly
security into their connected, impossible to field an IoT device that is 100% secure,
modern-day IoT infrastructure. but software developers and architects can do their
part to minimize the chances of a data breach or
attack. Many of the precautions required are readily
available. In some cases, the thing that needs to
be addressed is the mindset around designing for
security.
Essentially, security can no longer be approached
as an after-thought to embedded system design.
Security must be considered from the first day a
concept begins. The process of building security into
a design must be thought of as an investment, rather
than a cost nobody cares to cover.
Clearly, security is a broad topic that begins
with device conception and spans planning, process,
activities, and technology. A few key technology
topics are useful, if not critical, when building secure
IIoT infrastructures. The focus is on IIoT endpoints or
edge devices.
Code Authentication requires

the use of both a Public Key and
a Private Key. The Public Key is
made available to everyone on the
network via a publicly accessible
repository or directory. The Private
Key must remain confidential to
its respective owner. Because the
key pair is mathematically related,
whatever is encrypted with a
Public Key may only be decrypted
by its corresponding Private
Key and vice versa. This type of
authentication realizes a high level
of confidentiality.
Mentor Graphics EE IoT 04.17 V2.indd 32 4/13/17 4:03 PM

BUILDING SECURITY
Code authentication is essentially

binary operating system (OS) image
authentication. Developers can set
up their system to check whether
data coming in originated from the
original equipment manufacturer
(OEM). Further, as the developer,
you need to investigate whether Secure-boot authentication starts by executing a first stage boot loader stored within secure flash
memory provided by the Trusted Platform Module (TPM) hardware. This boot loader resides within
any of the code has been modified. protected memory so it cannot be replaced by hackers. Also, stored in protected memory is the
Code authentication and secure- signature and crypto-key for the second-stage boot loader. The first-stage boot loader calculates
boot authentication are some of the the signature of the second-stage boot loader using the hardware crypto support and crypto key.
If the calculated signature for the second stage boot loader matches the stored signature, the
most basic steps developers can second stage boot loader is valid and allowed to run.
take to secure their embedded IoT
device.
Once the initial boot stage has been SPACE PARTITIONING
confirmed, the process can continue to create a In a full-featured RTOS, such as the Nucleus RTOS from Mentor Graphics,
chain of trust. By using the same Public/Private the process model capability offers a light-weight approach for space
key approach, subsequent executable modules partitioning that creates protected memory regions. This partitioning, in
can be downloaded, verified, loaded, and run. turn, offers full isolation of kernel and middleware resources. Consequently,
This approach becomes particularly interesting scribblers, stack overflows, rogue pointers, etc., in application code cannot
in the case of complex devices that might be corrupt or interfere with system software operation.
loading different operating environments and Utilizing the MMU or MPU, the Nucleus process model partitions
applications, depending on the functional memory to create protected memory regions without virtualizing memory
requirements required at any given time. which is extremely important for performance and in constrained spaces
Software developers will be challenged where a minimal footprint is essential. Space partitioning provides the
to field complex applications using limited framework to load new applications using cloud services, or the ability to
memory resources while also minimizing partition large algorithms into smaller components that load slightly ahead
size, power consumption, and cost. And this of execution time.
situation is where process separation can be As with using a process model, running a safety-certified operating
used. Process separation that makes use of system by itself does not guarantee security. However, by building on top
a system memory management unit (MMU) of a safety-certified foundation, developers have an additional level of
or memory protection unit (MPU) does not confidence that the code will behave as intended, which improves system
guarantee security. But it does help contain reliability. Safety-certified environments also help avoid situations that
misbehaving applications and keep them from might result from software faults that could cascade across the system and
harming other process applications or the result in security vulnerabilities in unrelated sections
kernel itself. of code.
Chain of Trust starts from the root, or

the hardware. The process begins at the
authentication step to make sure the
hardware authenticates the boot ROM, the
boot ROM authenticates operating systems,
and then, of course, the operating systems
authenticate the application layer. The goal
of this strategy is to prevent applications
from executing before they have been
signed and authenticated. When the system
is up and running, the procedure is to look
at every file that is downloaded, ensuring its
signed and authenticated.

INTERNET OF THINGS
Nucleus SafetyCert RTOS allows developers include the UART and USB interface, but exclude Ethernet
to shorten the path to regulatory certification. It access. The Ethernet might instead be dedicated to the
encompasses a complete certified solution that secure world where a separate RTOS or application runs
includes artifacts required for the development for the sole purpose of managing all Ethernet traffic,
of mission-critical applications. This safety- independent of the normal world software stack.
certified RTOS has been documented to meet the ARM TrustZone architecture contributes to the overall
certification requirements for IoT devices requiring system security by preventing normal-world software from
International Electrotechnical Commission (IEC) accessing the secure-world resources. It is important to
standard 61508 SIL 3 certification. understand that ARM TrustZone does little to improve the
safety or security of the software that runs in the secure
H A N D B O O K
SECURITY THROUGH ARM TRUSTZONE world except to prevent unwanted secure-world access by
ARM TrustZone architecture carves out or normal-world software. It goes without saying that for the
segregates a hardware subset of the SoC. It secure world to be completely trusted, the system must
does this by defining processors, peripherals, initially boot in a trusted state (see the earlier discussion
memory addresses, and even areas of L2 cache about trusted boot). Beyond that, it is the developer who
to run as secure or non-secure hardware. An determines which software is trusted, typically through
SoC that utilizes ARM TrustZone technology can rigorous development processes, testing, certification, and
dynamically, with only a few clock cycles delay, supporting a chain of trust strategy in the secure world.
transition a system into secure world processing, All in all, IIoT system security is a complex subject.
where a subset of the hardware is partitioned, and Security for an IIoT edge device involves secure boot, code
data and processing is completely invisible to the authentication, chain of trust, and several other well-known
rest of the system. measures. These fundamental security capabilities should
The normal world (or non-secure world) be part of any connected device development.
created and enforced by the ARM TrustZone
can be used to define a hardware subset of the
RESOURCES
SoC. ARM TrustZone ensures that non-secure
processing can access only non-secure resources
and receive only non-secure interrupts. For Mentor Graphics, ARM-based design,
example, a normal-world hardware subset might Mentor.com/solutions/arm/
The ARM TrustZone is well-suited for single-core

configurations. Mentor Embedded Multicore Framework The ARM TrustZone is also well-suited for multicore
plays a key role in such a scenario. architectures. Mentor Embedded Multicore Framework
plays a significant role in this scenario as well.

THWARTING HACKERS
Thwarting hackers on the IoT

C H R I S T O P H E T R E M L E T, A few best practices can drastically improve the security of
SCOTT JONES IoT devices and help maximize the benefits they provide.
M A X I M I N T E G R AT E D
The news back in March was certainly alarming WikiLeaks There are more than six billion connected devices
announced it had internal CIA documents revealing that in use globally, expected to hit 20 billion by 2020. So
the spy agency had found a way to access Android and Apple the stakes certainly are highfor both hackers and
smartphones, Samsung smart TVs, and internet-enabled cars. The their victims. ForeScouts IoT Enterprise Risk Report1,
leak named dozens of device-specific vulnerabilities and attacks. developed with research by ethical hacker Samy
A regular string of headlines brings stories about the hacking Kamkar, identified seven internet of things (IoT) devices
of seemingly innocuous items like baby monitors, home security that can be hacked in just three minutes:
cameras, and even dolls. The scary part is, entry into these types IP-connected security systems
of devices can potentially open avenues into the larger enterprise IP-connected infrastructure such as climate control
network. From here, scenarios such as spying, physical break-ins, and energy meters
identity theft, malware injection, and further attacks can become Smart video conferencing systems
reality. Connected printers
Unfortunately, the smarter and more connected our devices, Voice-over-IP phones
the more vulnerable they can be to hackers. Scripts and bots Smart refrigerators
are on the hunt, randomly scanning ports for opportunities to Smart lightbulbs
attack. Products themselves are often developed with plenty of
entry points and little in the way of security. For example,
proprietary RF technology may lack authentication
or encryption. Sometimes, the issue is on the
part of the end user employing default
passwords and usernames, not updating
apps, or using weak passwords on
vulnerable devices such
as routers.
Maxim EE IoT 04.17 V2.indd 35 4/13/17 4:17 PM

INTERNET OF THINGS
H A N D B O O K
The report says hackers who gain

access to these devices can plant
backdoors that let them launch automated
IoT botnet distributed denial-of-service
(DDoS) attacks. For example, with smart
enterprise security systems, the threat is
that cybercriminals could use jamming or
spoofing techniques to gain control over
motion sensors, locks, and surveillance
equipment. Configuration settings of
VoIP phones can be exploited to evade
authenticationand unveil opportunities
to listen in on and record calls. And the
breaching of connected HVAC systems
and energy meters could let criminals
manipulate them to, for instance, overheat
critical infrastructure.
For those on the wrong side of the
law, pursuing an attack often comes down
to a risk-versus-reward game. So its up
to their opponentsincluding design
engineersto build-in security early in a
design. Often, though, design security is
an afterthought because of the perceived
cost and time involved in implementing
it. Addressing security when its too late
comes with drawbacks, too, as a band-
aid approach doesnt necessarily seal all
potential points of entry.
A completely unbreakable security
system isnt realistic, but it is feasible
to design products that incorporate
state-of-the-art cryptographic protection
that can only be hacked with a large
investment in both money and time. A
connected product must be infused with
security from the sensor to the cloud.
Its important to verify all connections
and interfaces, comply with appropriate
standards, and root out possible issues via
quality assurance testing. For example,
implementing secure boot helps ensure
that an electronic device only operates
when it executes authenticated (trusted)
software. A secure IC with dedicated
functionality can help accomplish this level
of security, and more.
36 DESIGN WORLD EE Network 4 2017

THWARTING HACKERS
Asymmetric key
authentication
relies on public
and private keys.
It is critical to deploy technology that provides an It is critical to use a function with adequate mathematical
authenticated data chain, from a protected sensor node properties to ensure the result cant be mimicked, known as
to the web server. Also important is strong protection of a replay attack. SHA-256 and similar secure hash functions
the IoT device via a secure microcontroller, for example, meet this need. In fact, because SHA-256 is non-reversible,
one that provides a secure boot and can establish secure it is computationally infeasible to determine the input, which
communication between the host system and device. includes the secret, corresponding to a message authentication
Secure authentication is essential, offering the code (MAC). Theyre collision-resistant as well, making it
assurance that an IoT device and any endpoints are impractical to find more than one input message producing a
genuine, trusted, and safe. Also important is ensuring given MAC.
that the information either consumed or produced by the These characteristics make SHA-256 highly effective
device has cryptographic integrity. There are different for secure authentication. For a comparable security level,
methods for implementing authentication. They range symmetric key authentication offers less algorithm complexity
from password-based, which is weak, to the stronger and shorter computation time than another approach
cryptographic digital signature method. This latter called asymmetric cryptography. However, the shared key
method comes in two different flavors of algorithms: requirement results in a key distribution challenge.
symmetric and asymmetric. Well take a closer look at
each approach. ASYMMETRIC CRYPTOGRAPHY
Symmetric cryptography-based authentication Asymmetric cryptography-based authentication uses a
utilizes a shared secret key between the host and the mathematically linked key pair, a private key and public key.
device to be authenticated. This shared key is securely Only the device that needs to be authenticated knows the
stored in both locations and never disclosed. The host private key. The public key, on the other hand, can be shared
sends a random number, the challenge, to the device. with any entity with a requirement to authenticate the device.
The device then computes a digital signature as a As with symmetric cryptography, the host sends a
function of the secret and the challenge, sending it back challenge to the device. The device then computes a signature
to the host. based on the challenge and the private key, sending it back to
Next, the host runs the same computation and the host. In this method, the host uses the public key to verify
compares the result. The device is considered authentic the signature.
if both computations match. Similarly, the host could Also, as in the previous example, information consumed
request information from the device by sending a or produced by the device can be authenticated within this
command with a random challenge. The device would asymmetric structure. Again, the function used to compute the
generate the information -- for example an environmental signature must have certain mathematic properties to prevent
measurement -- and compute a digital signature with replay attempts and key disclosure.
the secret, challenge, and measurement, sending the An efficient solution for embedded environments is the
signature and measurement back to the host. For this asymmetric Elliptic Curve Digital Signature Algorithm (ECDSA).
example, the host can verify the measurement has not It provides strong security for systems where its hard or even
been modified and comes from an authentic device. impossible to secure host keys. As compared to the symmetric

INTERNET OF THINGS
H A N D B O O K
approach, asymmetric
key authentication has a
more complex algorithm Authentication based on symmetric
and longer computation cryptography relies on a secret number
shared between the host and the device.
time for a comparable
security level. However,
key distribution is efficient given theres no security For example, Maxims MAXREFDES155# IoT
risk in openly transmitting a public key. embedded security reference design provides a
Secure microcontrollers and authenticators, means to implement ECDSA public-key asymmetric
such as those offered by Maxims DeepCover cryptography to protect IoT devices and data paths.
portfolio, integrate advanced hardware-based Optionally, the MAXREFDES143# protects devices
cryptography with physical security to provide and data paths with SHA-256 secret-key cryptography.
strong protection against tampering and reverse Use of these reference designs can help simplify the
engineering. In the portfolio are microcontroller and process of developing devices that can authenticate
authenticator products that support both symmetric and manage a sensing node with control and
and asymmetric cryptography for digital signature, notification from a web server or a network controller.
authentication, and encryption algorithms. The task of designing security for an IoT design
The devices selectively have hardware neednt be onerous, nor must it be costly. Developers
accelerators for SHA, RSA, ECDSA, and AES, a full just need to ensure the amount of security tips the
cryptography library with a turnkey API aligned to risk-versus-reward balance. A system that is too
standards, and built-in secure boot capabilities to difficult, expensive, and/or time-consuming to hack
guarantee firmware or file download authenticity. could turn the attention of cybercriminals toward
One example is the DeepCover cryptographic other devices with more lax security.
controller for embedded devices, the MAXQ1061. Furthermore, technologies like secure
A turnkey pre-programmed secure microcontroller, microcontrollers and authenticators, along with fully
the MAXQ1061 offers secure key storage, digital integrated reference designs, make it faster and
signature, and encryption services. easier to guard designs from the prying intentions
To shorten design time and accelerate time of hackers. Design safeguarding can go a long way
to market, Maxim provides an evaluation kit that in protecting reputations, customer experiences,
can plug directly onto a Raspberry Pi board. A networks, and, ultimately, bottom lines.
comprehensive set of software libraries including a
full TLS stack makes it a turnkey solution.
Reference designs provide another way to RESOURCES
design for security early on and efficiently. Todays
high-quality reference designs are highly integrated
ForeScout IoT Enterprise Risk Report,
and thoroughly vetted. Providing much more than Forescout.com/wp-content/uploads/
just hardware and source software, good reference 2016/10/iot-enterprise-risk-report.pdf
designs now commonly include Gerber files, test
data, a detailed bill of materials (BOM), drivers, and Maxim Integrated,
evaluation and development tools. Maximintegrated.com

BATTERIES BOOST WIRELESS CONNECTIVITY
Batteries boost
wireless connectivity
to the IIoT S O L J A C O B S | TA D I R A N B AT T E R I E S
Self-powered electronic devices that define the

Industrial Internet of Things (IIoT) have special
needs that can be addressed through the
judicious selection of battery chemistry.
Going truly wireless typically necessitates the use of

primary (non-rechargeable) or rechargeable
lithium-ion (Li-ion) batteries. Besides untethering
applications from ac lines, use of rechargeable batteries
eliminates the need for hard-wiring, which costs
roughly $100/ft. or more. And the cost of hard-
wiring often skyrockets in industrial settings due
to environmental, regulatory and permitting
requirements.
Application requirements dictate the choice
of battery. For example, a device that is easily
accessible and that operates within a moderate
temperature range may be able to suffice with a
consumer grade battery. However, the low initial
cost of consumer cells can end up making the
total lifetime cost expensive. One reason: Total
lifetime cost factors in all expenses associated with
future battery replacements. Generally, the more
remote the application, the greater the need for an
industrial grade battery.
As the lightest non-gaseous metal, lithium offers
the highest specific energy (energy per unit weight) and
energy density (energy per unit volume) of any battery
type. Lithium cells feature a normal operating current
voltage (OCV) ranging from 2.7 to 3.6 V. Lithium chemistries
are also non-aqueous, with the absence of water allowing certain
cells to deliver an extended temperature range of 55 to 125C.
Wireless devices that draw low average daily current are
predominantly powered by bobbin-type lithium thionyl chloride
(LiSOCl2) batteries that offer exceptional performance qualities,
Tadiran EE IoT 04.17 V2.indd 39 4/13/17 4:30 PM

INTERNET OF THINGS
including the highest energy density, highest Bobbin-type LiSOCl2 batteries were first deployed
capacity, the widest temperature range, and back in the 1980s to power meter transmitter units
extremely low annual self-discharge rate. These (MTUs) for water and gas utilities. In the process of
performance qualities permit the construction being replaced by newer generation devices, these
of small power sources having incredibly long pioneering RFID devices were tested and found to
operating lives. Certain cells can operate for up to still have plenty of available capacity even after 28+
40 years. years in the field. But such incredible long-life is not
Standard bobbin-type LiSOCl2 cells are not a guaranteed certainty. Inferior quality bobbin-type
designed to deliver high pulses, so they must be LiSOCl2 batteries can exhibit annual self-discharge rates
combined with a patented hybrid layer capacitor two or three times higher than leading brands. This is
H A N D B O O K
(HLC) to serve high-pulse applications. The standard important, as many devices lose more energy through
LiSOCl2 cell delivers low background current to annual battery self-discharge than through actual
power the device in stand-by mode, while the HLC battery use.
delivers the periodic high pulses necessary for A bobbin-type LiSOCl2 battery is manufactured
wireless communications. such that the quality of its raw materials can greatly
Consumer electronic devices often rely on impact the self-discharge rate. For instance, a superior
supercapacitors to store the energy for high pulses quality bobbin-type LiSOCl2 cell can feature a self-
in an electrostatic field rather than as chemical discharge rate of 0.7% per year, retaining 70% of its
energy. However, supercapacitors are poorly suited original capacity after 40 years. By contrast, a lesser
for most industrial applications because of inherent quality bobbin-type LiSOCl2 cell can have a 3% annual
limitations that include short-duration power, linear self-discharge rate, thus exhausting 30% of its capacity
discharge qualities that do not allow for use of every 10 years, making 40-year battery life virtually
all the available energy, low capacity, low energy impossible. These performance differences may not
density, and high self-discharge (up to 60% per become apparent for over a decade, so thorough
year). Supercapacitors linked in series also require diligence is required when evaluating competing
cell-balancing circuits that draw additional current. brands.

When specifying a battery for long-term deployment remotely

or in extreme environments, engineers need to predict the
depletion of available battery capacity over time based on a
variety of factors. These factors include annual self-discharge
rate, low voltage point at load, and temperature. Instead of
relying on theoretical data, calculations should be based
on actual historic test data and then be further validated
by actual results from the field. Such intensive long-term
testing should be performed multiple ways to cross
check results. Here is a brief overview of just a few of the
recommended test procedures:
1. Actual long term testing Many cells of different

ages are tested concurrently in the lab for decades to
demonstrate that they can still operate reliably under
different loads and test profiles.
2. Accelerated testing A method known as the Arrhenius
test (two-fold increase of reaction rate for every 10C rise
in temperature) reduces the amount of time needed to run
tests on extremely long-term applications. Arrhenius tests should
take place at 72C (equivalent to roughly 32 lifetimes compared to
operation at 22C). It is important to interpret these test results properly,
as an inferior cell that suffers from passivation can show a false positive
result. Therefore, it is important not just to store a cell at 72C and then
perform the test, but to actually test the cell during 72C storage. The
following example highlights the importance of accelerated testing:
Sample cells are tested at 72C for one month while enough current
is drawn to fully deplete each battery after one month. The same test
is performed for two months at a rate of energy consumption that
depletes the battery after two months. Other cells are similarly tested
for three, four, five and six months, one year, and for 90 months, which is
equivalent to hundreds of years of operation.
After one and two-month testing, bobbin-type LiSOCl2 cells
designed for decades of operation may exhibit extremely low capacity.
The reason is they are not meant to be depleted so quickly -- lithium
batteries can be designed either to deliver a high use rate or a low
self-discharge rate, but not both. By contrast, cells designed for
shorter operating lives will exhibit higher available capacity at such fast
discharge rates, but their self-discharge rate will be higher in other tests. Resensys sensors monitor important structural
Starting with the three-month test at 72C (the equivalent of eight quantities such as strain, cracks, vibration, tilt,
inclination, moisture, and humidity in real time.
years of operation at 22C) the higher self-discharge rate of competing When installed on a bridge or other infra-
cells starts to become apparent. The better-quality cells will demonstrate structure element, the sensor transmits data
higher available capacity, indicating a lower self-discharge rate. The wirelessly, powered by a Tadiran bobbin-type
LiSOCl2 battery that features a self-discharge
longer this test is performed, the greater the margin of difference rate of 0.7% per year, thus allowing a long
between the cells. This is a clear indication that the superior battery is guaranteed service life.
losing less available capacity to self-discharge. Better quality cells can
run for 90 months at 72C (the equivalent of hundreds of years).
3. Calorimeter testing Calorimeters test the self-discharge of a battery
by measuring any rise in temperature of water surrounding the battery;

INTERNET OF THINGS
these calories of energy are

caused by battery self-discharge.
Before undergoing this test, the
battery should be completely
stabilized for one year to ensure
reliable results.
4. Field results In addition to
laboratory testing that calculates
projected annual self-discharge
rates, actual results from the field
H A N D B O O K
can provide additional validation.

For every product application,
developers should sample
batteries to ensure the amount
of capacity left in the battery
coincides with predictive models
generated by ongoing test
data. Another way to measure IPS solar-powered parking meters use industrial grade
long-term battery performance rechargeable Li-ion batteries to form mesh networks
that deliver true wireless connectivity to the IIoT.
is by counting the number of
FITs (Failures In Time) in billions
of device operating hours. A
comparatively low FIT rate ranging between five and 20 further operate mainly in a low-power, stand-
verifies the accuracy of the various test procedures. by mode, periodically drawing high
5. Lithium titration In special instances where historical data pulses for a short duration to initiate
points are not available (i.e. extreme temperature, prolonged data retrieval and transmission. A
high current pulses, short life time applications, etc.) cells are standard bobbin-type LiSOCl2 battery
tested to verify the precise amount of lithium remaining in the supplies the low-current power while
anode under specific test conditions (i.e. partial discharge, the HLC delivers pulses up to 15 A.
temperature soaking, etc.). For example, after a battery has Batteries with extended lifetimes need
been tested for several months at elevated temperature fewer replacements throughout the life
and various discharge currents, it is cut open to dissolve its of the meters. And they greatly reduce
remaining lithium. From the titration test results, one can the risk of a premature system-wide
calculate the self-discharge rate as a function of the applied battery failure that can prove costly by
currents and/or temperature. The higher the self-discharge rate, disrupting normal billing cycles.
the less lithium will remain in the cell. Structural integrity sensors
6. Competitive testing - Similar testing should take place measure stress, strain, tilt, inclination,
on competing batteries as a basis of comparison. Before vibration, displacement, deformation,
performing these tests, verify that all cells have been in use for temperature, and humidity in
about one year to both ensure they are properly stabilized and applications that include bridges,
to show the influence of any impurities in the electrolyte. tunnels, large commercial buildings,
towers, and pipelines. Resensys
REAL EXAMPLES manufactures SenSpot structural
Long-term testing has provided a growing body of empirical data integrity sensors that draw only
indicating that 40-year battery operating life is indeed achievable for microamps of energy while taking
IIoT applications. Here are some real-life examples demonstrating measurements once a minute. They
the importance of extended battery life: use a standard AA LiSOCl2 battery.
Advanced AMR/AMI meter reading devices used by water and They also use a proprietary low power
gas utilities now identify leaks, track customer usage and billing, and communications protocol to minimize
allow for remote shut-off and reactivation. These wireless devices energy consumption.

Resensys chose a bobbin-type LiSOCl2 battery that the IIoT. They save millions of dollars in initial
features a self-discharge rate of 0.7% per year, thus allowing installation costs by eliminating the need to hard-
a long guaranteed service life. The cost of accessing a sensor wire metropolitan sidewalks.
attached to a bridge abutment far exceeds the cost of the These wireless networked solar powered
sensor itself, so it was critical that Resensys offer long-term, parking meters are state-of-the-art and include
no-maintenance power that works reliably in all environments. multiple payment system options; access to
The question sometimes arises about the difference real-time data; integration to vehicle detection
between inexpensive consumer grade rechargeable Li-ion sensors; user guidance and enforcement modules.
cells and more rugged industrial versions. Consumer grade All parking meters are wirelessly networked to a
Li-ion batteries have a life expectancy of less than five years comprehensive web-based management system.
and 500 recharge cycles. They also operate within a moderate Small photovoltaic panels gather solar energy,
temperature range of 0 - 40C. For applications involving with industrial grade rechargeable Li-ion batteries
remote, inaccessible locations and extreme temperatures, used to store energy and to deliver the high
an industrial grade rechargeable Li-ion battery has been pulses required for advanced, two-way wireless
developed that delivers up to 20 years of operating life communications, thus ensuring 24/7/365 system
with 5,000 full recharge cycles. It also works over an reliability for up to 20 years.
expanded temperature range of -40 to 85C, and Technological advancements are creating
can deliver high pulses (5A for a AA-size cell). dynamic opportunities for bobbin-type LiSOCl2
Industrial grade Li-ion cells are constructed batteries and industrial grade Li-ion rechargeable
with a hermetic seal, whereas batteries to deliver intelligent, long-term power to
consumer grade rechargeable all sorts of remote wireless devices, thus enabling
batteries use crimped seals the IIoT to become truly wireless.
that may leak.
For example, IPS
solar-powered parking
meters use industrial RESOURCES
grade rechargeable Li-ion
batteries to deliver true Tadiran
wireless connectivity to Tadiranbat.com
XEL6030 Power Inductors for

High Switching Frequencies
Superior current handling ... up to 41.0 Amps
Extremely low DCR ... and ultra-low AC losses
Optimized for high frequencies ... up to 5+ MHz
Soft saturation ... withstands high current spikes
Compact footprint: 6.36 x 6.56 mm Request Free Samples @ coilcraft.com
INTERNET OF THINGS
The case for

multiprotocol, multiband
connectivity in the IoT
H A N D B O O K
T O M PA N N E L L | S I L I C O N L A B S
Wireless protocols that are widely used in the IoT have a lot
of common attributes. Multiprotocol SoCs able to run them
all can simplify many kinds of wireless designs.
We have many innate expectations for The promise of the IoT is raising the bar. New
controlling the myriad devices and systems wireless-sensor-node deployments are now much
in our lives. When I enter a room in my home or easier with the advent of multiprotocol technology.
office, I expect to be able to control the lights with This technology includes hardware and software
a switch. When I leave home, I expect to set my that enables a single system-on-chip (SoC) device to
security alarm and lock the door. Many of these support multiple wireless protocols such as Bluetooth
systems are already installed and part of a well- low energy, zigbee and Thread. And it spans multiple
established infrastructure. frequencies scaling from sub-gigahertz bands to 2.4
The promise of the Internet of Things (IoT) is GHz.
changing our expectations. Now, I expect to be However, because IoT infrastructure is built on
able to monitor and control the temperature of my legacy systems, we must also consider the challenge
home remotely through my smartphone. I expect of adding new 802.15.4 wireless technologies to
my office building to inherently conserve energy by existing infrastructure deployed in the early days
turning off lights when no one is present. I expect of the IoT. The support of legacy systems is not the
the building to know when I am there and make only challenge. In addition, there is a complexity that
sure my surroundings are comfortable and safe. arises out of the competing protocol standards often
To enable our increasingly connected world, used to solve similar connectivity challenges.
countless IoT devices and systems have been
deployed that we barely notice. Wireless security A TYPICAL IoT NODE
systems, access cards, occupancy sensors, remote The first thing to understand about the vast web of
temperature sensors, and many other connected sensor networks around us is that they are based
devices are omnipresent in our homes, offices, on microcontroller (MCU) technology coupled with
factories, and urban infrastructure. some sort of sensing element. Together they convert
The complex network of wired and wireless the analog surroundings to digital packets. Once
sensors that underpins the IoT has been developed quantized, data often must go to the cloud for
and deployed over decades. To replace these further processing. The transport method of choice
sensor networks would be an expensive proposition. in many cases is wireless. The wireless sensor data
Silicon Labs EE IoT 04.17 V2.indd 44 4/14/17 8:28 AM

THE CASE
packets are generally small, and the

wireless nodes themselves must make
efficient use of size, cost and power.
To accomplish this connectivity
in the past, many suppliers used
sub-gigahertz radio frequencies as
well as lightweight wireless protocols
optimized for battery life. They were
forced to create their own protocols
out of necessity because existing
options were too power hungry or
didnt extend to the desired range.
Now, however, there are many robust, power-efficient, standards-based Switched multiprotocol schemes let
options available to developers including Zigbee, Thread and Bluetooth low connected devices change the wireless
energy (BLE). protocol they run by boot-loading a new
firmware image when the device is already
IoT device designers often face a dilemma in designing a single product deployed in the field. For example, this
able to work with all these wireless standards while minimizing BOM cost and technique may use smartphone connectiv-
complexity. Few device makers have the resources or time to create special ity to switch from Bluetooth low energy to
zigbee, Thread, or other wireless networks.
designs supporting every possible wireless standard used in the IoT.
Industry's Lowest On-Resistance

Ultra-Junction MOSFETs at 650V and 850V
Enabling Very High Power Density
VDSS RDS(on) Qg EAS dv/dt
Part max. typ. Package
Number TJ=25C Type
(V) (m) (nC) (J) (V/ns)
IXFB150N65X2 650 17 355 4 50 PLUS264
IXFN150N65X2 650 17 355 4 50 SOT-227
IXFN170N65X2 650 13 434 5 50 SOT-227
IXFB90N85X 850 41 340 4 50 PLUS264 SOT-227
IXFN90N85X 850 41 340 4 50 SOT-227
IXFN110N85X 850 33 425 3 50 SOT-227
Features: Applications:
Ultra low on-resistance RDS(on) and gate charge Qg High-eciency switched-mode and resonant-mode power supplies
Fast body diode Electric vehicle battery chargers
Superior dv/dt ruggedness AC and DC motor drives
Avalanche capability DC-DC converters
Low package inductance Robotics and servo control
PLUS264
Power Factor Correction (PFC) circuits
Renewable energy inverters
EUROPE USA ASIA

IXYS GmbH IXYS Power IXYS Taiwan/IXYS Korea
marcom@ixys.de sales@ixys.com sales@ixys.com.tw
+49 (0) 6206-503-249 +1 408-457-9042 sales@ixyskorea.com
www.ixys.com

INTERNET OF THINGS
independently without adding bloat or Multiprotocol, multiband SoCs free developers from this
inefficiency. When two stacks run on the design dilemma by supporting sub-gigahertz proprietary
same SoC with shared hardware, the frequencies as well as standards-based protocols in the 2.4-
implementation must take place in a way that GHz band all within one highly integrated device. Ideally, a
maintains the integrity of the network. This is multiprotocol, multiband SoC features a wireless transceiver
an intricate task. with two radio paths: one for sub-gigahertz and one for 2.4
Multiprotocol/multiband systems are GHz transmissions. This integrated radio architecture gives IoT
proving to be useful in a wide variety of uses. developers a lot of leeway for fielding diverse applications.
Programmable multiprotocol connectivity is Consider the signal chain of a typical multiband
the easiest use to explain and implement. transceiver integrated into a wireless SoC. Some elements
Engineering managers recognize a lot of of the radio transceiver are shared and some are separate.
H A N D B O O K
code reuse and efficiency can be gained For example, the RF portion must have separate elements to
when a single device can be deployed across handle the different frequency requirements. But the modem
many end products. Engineers can specify a -- which consists of a modulator, demodulator and some of the
single SoC part number that can run zigbee, encryption hardware -- can be shared across both radio front-
Thread, BLE, or proprietary protocols. They ends.
can then decide at the time of production This radio architecture creates a highly optimized,
whether the product will run Bluetooth consistent and economical approach to multiprotocol,
or operate as a sub-gigahertz product. multiband SoC design. Different protocol stacks can share the
This approach enables manufacturers to modem to implement various communications standards. The
minimize financial exposure while maintaining modem is also multiplexed between RF portions to receive and
maximum flexibility in production. transmit packets. This shared architecture is also well suited to
Switched multiprotocol has a strong software development because it provides a common interface
value proposition for the end consumer. This to the radio functions. So it allows developers to create a
technology, for example, enables installers radio configuration layer that can be shared between different
on job sites to provision and calibrate protocol stacks.
products via smartphone apps. This feature is The software necessary to implement a multiprotocol,
particularly useful when deploying a Thread multiband system is complex. Wireless protocol stacks must
or zigbee node. be efficient and must work across a broad set of hardware
Provisioning across a wide range products. They must also work in multithreaded environments
of networks can be difficult. Switched with real-time operating systems (RTOS). In a multiprotocol
multiprotocol technology simplifies this task application, the stacks must work seamlessly together or
Table 1 . Mult iprotcol use cases
Type Complexity Description Example Use Case
Create single design that can

Protocol programmed at
Programmable Low be configured for either BLE
manufacturing
or zigbee
Application can switch
Simplify zigbee sensor setup
Switched Medium between 2 protocols via a
with BLE commissioning
bootloader
Combine BLE beacons and
Application time-slices local smart phone control
Dynamic High Four types of
between 2 protocols with a zigbee connected
multiprotocol
light use cases that
are common in
Application operates on IoT applications.
2 networks using multiple Home gateway supporting
Concurrent High
protocols and a single radio both zigbee and Thread
(same RF channel)

THE CASE
by enabling an IoT product to start its life using

BLE and then be provisioned and switched to
some other protocol for mesh networking. The
advantage of switched multiprotocol over dynamic
multiprotocol is that fewer device resources are
required because there is no need to physically
store and run multiple protocols among multiple
wireless devices.
With dynamic multiprotocol, it is possible
to support two protocols (or more) with one SoC
by time-sharing physical resources. Dynamic
multiprotocol generally uses more device
resources, such as flash memory, and has a more
complex software architecture. It also requires
careful radio design to dynamically share radio
resources among dissimilar protocols.
Although dynamic multiprotocol schemes
use more hardware resources, this tends to
be a small, incremental tradeoff considering An illustration of dynamic multiprotocol connectivity with three
communication stacks running on a single radio. A time-slicing
the value this approach brings. In many cases, mechanism shares the radio between protocols. This dynamic
dynamic multiprotocol techniques reduce approach allows use of Bluetooth low energy with other wireless
protocols. In this simple illustration, a device that normally operates
design complexity and overall system cost by on zigbee periodically uses the Bluetooth beacon function.
at least 50%. These savings come from using
only one SoC device instead of two or more ICs
with a distributed rules engine and dissimilar stack architectures. A single
multiprotocol SoC coupled with a robust RTOS, well-designed wireless conflicts arise and/or energy is wasted.
stacks, and the local application can easily implement an IoT design Wasted CPU cycles can have a devastating
requiring multiple modes of connectivity. effect on battery life. Inefficiency in the
Concurrent multiprotocol is particularly useful in a gateway design stacks can also result in a need for more
deploying Thread and zigbee networks. Here, many software and hardware memory, which drives up system cost. To
resources can be reused as-is because of the similarities among protocols ensure successful applications, developers
and radio configurations. For example, Thread and zigbee share the same must carefully consider each component
PHY and MAC layers, minimizing the need to reconfigure the transceiver. such as the device hardware (SoC or
In addition, Thread and zigbee share some common elements higher in module), radio schedulers, stacks, and
the communication stack, which makes resource sharing more efficient and RTOS.
straightforward to manage. Consequently, devices can use a smaller memory The need for multiprotocol, multiband
footprint, which can help reduce cost in the end product. solutions will continue to proliferate because
no single wireless protocol is perfect for
PUTTING IT ALL TOGETHER every IoT application. In a more connected
Only a handful of SoC suppliers are currently delivering multiprotocol world, we will continue to see connected
products based on highly integrated SoCs and optimized software. Even devices and embedded software growing
fewer offer the development tools necessary to simplify the complexities ever more complex to serve the diverse
of multiprotocol wireless design. It can be challenging to field a system in needs of the IoT.
which the stacks work seamlessly with each other.
What can make things difficult is that sometimes wireless design
teams are spread around the world, have different design goals, or may be
part of different business units. When multiple stacks come from different
companies or community sources, it can be tough to fashion a reliable RESOURCES
system out of them that is power- and memory-constrained.
Protocols must use hardware efficiently in a constrained system to Silicon Labs
avoid wasting CPU cycles and memory resources. It is particularly important Silabs.com
that the switch between protocol stacks be handled efficiently. Otherwise,
Silicon Labs EE IoT 04.17 V2.indd 47 4/14/17 2:40 PM

ad
Allied Electronics ............................................................................. IBC
Chroma Systems Solutions ............................................................... BC
Coilcraft ............................................................................................. 43
Digi-Key ................................................................................ Cover, IFC
Fotofab .............................................................................................. 36
index
IXYS ................................................................................................... 45
KEB America, Inc. ................................................................................ 1
Keystone Electronic Corp. ................................................................... 7
Marathon Special Products ................................................................ 18
Master Bond ...................................................................................... 22
Memory Protection Devices, Inc. ......................................................... 3
Rutronik ............................................................................................. 25
Tadiran Batteries ................................................................................ 21
WAGO Corp. ..................................................................................... 11
LEADERSHIP TEAM SALES
Publisher EVP Mike Caruso Michelle Flando Tom Lazar

Mike Emich Marshall Matheson mcaruso@wtwhmedia.com mflando@wtwhmedia.com tlazar@wtwhmedia.com
memich@wtwhmedia.com mmatheson@wtwhmedia.com 469.855.7344 440.670.4772 408.701.7944
508.446.1823 805.895.3609 @mflando @wtwh_Tom
@wtwh_memich @mmatheson Garrett Cona
gcona@wtwhmedia.com Mike Francesconi Jim Powers
Managing Director 213.219.5663 mfrancesconi@wtwhmedia.com jpowers@wtwhmedia.com
Scott McCafferty 630.488.9029 312.925.7793
smccafferty@wtwhmedia.com Jessica East @jpowers_media
310.279.3844 jeast@wtwhmedia.com David Geltman
@SMMcCafferty 330-319-1253 dgeltman@wtwhmedia.com Courtney Seel
@wtwh_MsMedia 516.510.6514 cseel@wtwhmedia.com
@wtwh_david 440.523.1685
Michael Ference @wtwh_CSeel
mference@wtwhmedia.com Neel Gleason
408.769.1188 ngleason@wtwhmedia.com
@mrference 312.882.9867
@wtwh_ngleason
DESIGN WORLD does not pass judgment on subjects of controversy nor enter into dispute with or between any individuals or organizations. DESIGN WORLD
is also an independent forum for the expression of opinions relevant to industry issues. Letters to the editor and by-lined articles express the views of the author
WTWH Media, LLC and not necessarily of the publisher or the publication. Every effort is made to provide accurate information; however, publisher assumes no responsibility for
accuracy of submitted advertising and editorial information.
6555 Carnegie Ave., Suite 300 Non-commissioned articles and news releases cannot be acknowledged. Unsolicited materials cannot be returned nor will this organization assume responsibility
for their care.
Cleveland, OH 44103
DESIGN WORLD does not endorse any products, programs or services of advertisers or editorial contributors. Copyright 2017 by WTWH Media, LLC. No part
Ph: 888.543.2447 of this publication may be reproduced in any form or by any means, electronic or mechanical, or by recording, or by any information storage or retrieval system,
without written permission from the publisher.
FAX: 888.543.2447 Subscription Rates: Free and controlled circulation to qualified subscribers. Non-qualified persons may subscribe at the following rates: U.S. and possessions: 1
year: $125; 2 years: $200; 3 years: $275; Canadian and foreign, 1 year: $195; only US funds are accepted. Single copies $15 each. Subscriptions are prepaid, and
check or money orders only.
Subscriber Services: To order a subscription or change your address, please email: designworld@halldata.com, or
visit our web site at www.designworldonline.com
POSTMASTER: Send address changes to: Design World, 6555 Carnegie Ave., Suite 300, Cleveland, OH 44103
Ad Index IoT 4017 v1.indd 48 4/14/17 10:16 AM

JAN17 AC Branding Ad (DW).qxp_Design World 12/2/16 8:31 AM Page 1
Your Source for

Automation
& Control
Over 3.5 million automation, electromechanical,
cabling, and interconnect products
from 300+ manufacturers.
thinkallied.com 1.800.433.5700
Allied Electronics, Inc 2017. Allied Electronics and the Allied Electronics logo are trademarks of Allied Electronics, Inc. An Electrocomponents Company.
Allied Electric 1-17.indd 1 4/13/17 1:06 PM

Simulate DC Transients 62000P Programmable DC Power Supplies
Program DC transient waveforms to simulate

automotive and defense voltage variations
Chromas 62000P series of programmable DC power supplies allows devices to be verified under a wide
range of voltage dropouts, spikes and other voltage variations making the P-series an ideal choice for
production and DVT of products used on mobile platforms or which will experience voltage interrupts.
Applications include products designed for use on ships, cars, planes and other applications with variable
Optional Softpanels or unstable input power.
Due to their constant power operating envelope the P-series power supplies are uniquely suited for test
applications requiring a wide range of high voltage/low current and low voltage/high current stimulus
Chromas 62012P-80-60 thereby reducing the number of supplies needed in typical applications. The 62000P Series also includes
Conventional power supply
built in 16 bit readback capability for accurate input voltage and current readings. This means ATE
systems no longer need complex shunt/multiplexers to make accurate pass/fail readings of the UUTs
input parameters. These instruments also include I/O ports providing 8 bit TTLs, DC-ON, fault output
signal and remote inhibit as well as an output trigger signal for system timing measurements.
12 different models ranging from 600W to 5000W, up to 120A and up to 600V.
Wider Operating Region For more information visit: chromausa.com
Instruments Automated Test Systems

AC Power Sources Hipot Testers and Analyzers Battery
Regenerative Grid Simulators Wound Component Testers EV/EVSE
Programmable DC Power Supplies LCR Meters PV Inverter
AC & DC Electronic Loads Milliohm Meters Power Conversion
Power Meters TEC Controllers Medical Device chromausa.com
Multimeters Thermal Data Loggers LED Lighting and Driver 949-600-6400
sales@chromausa.com
Chroma Systems Solutions, Inc. All rights reserved.
Chroma System_1-17.indd 1 4/13/17 1:07 PM

Design World-Internet of Things Handbook 2017-P2P PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Design World-Internet of Things Handbook 2017-P2P PDF

Hochgeladen von

Copyright:

Verfügbare Formate

April 2017 How Mr.

Robot hacked the IoT Page 6 Modulating 5G Page 12

IoT Cover Final .indd 1 4/17/17 9:43 AM

5100 Valley Industrial Blvd. S Shakopee, MN | 952.224.1400 | sales@kebamerica.com

KEB -- IoT handbook 4.17 .indd 1 4/13/17 1:10 PM

Will connected homes catch on?

Many of the applications envisioned as part

2 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

Commentary EE IoT 04.17 V1.indd 2 4/13/17 2:50 PM

MPD -- IoT handbook 4.17 .indd 3 4/13/17 1:11 PM

16 Who is after big data?

4 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

Contents & Staff IoT Handbook 4-17 V1.indd 4 4/14/17 2:32 PM

Accounts Receivable Specialist

eeworldonline.com|designworldonline.com 4 2017 DESIGN WORLD EE Network 5

Contents & Staff IoT Handbook 4-17 V1.indd 5 4/14/17 1:37 PM

How Mr. Robot

The popular TV drama

The thermostat being hacked on Mr.

In season two, the FBI discovers the

6 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

Mr Robot EE IoT 04.17 V2.indd 6 4/14/17 2:33 PM

Spacers & Standoffs Plugs & Jacks Multi-Purpose Hardware

Its whats on the InsIde that counts

www.keyelco.com (718) 956-8900 (800) 221-5510

INSIDE THE WALL

Typical BAC net system

8 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

Mr Robot EE IoT 04.17 V2.indd 8 4/14/17 2:33 PM

BacNET can be implemented via serial or

eeworldonline.com|designworldonline.com 4 2017 DESIGN WORLD EE Network 9

Mr Robot EE IoT 04.17 V2.indd 9 4/14/17 9:53 AM

A Raspberry Pi 3 (a later model

10 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

Mr Robot EE IoT 04.17 V2.indd 10 4/14/17 2:35 PM

PFC Series Performance Class Controllers

wago -- IoT handbook 4.17 .indd 11 4/13/17 1:12 PM

12 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

5G EE IoT 04.17 V2.indd 12 4/14/17 9:16 AM

S i m p l e QAM tra n sm i t ter Simple QA M receive r

eeworldonline.com|designworldonline.com 4 2017 DESIGN WORLD EE Network 13

5G EE IoT 04.17 V2.indd 13 4/14/17 2:48 PM

There are a few inherent

power. The power amp used must

14 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

5G EE IoT 04.17 V2.indd 14 4/14/17 9:17 AM

G eneric F -QA M t ransmit ter

In an F-QAM transmitter, the N subcarriers of

FBMC systems are also comparatively more resistant to narrowband noise.

eeworldonline.com|designworldonline.com 4 2017 DESIGN WORLD EE Network 15

5G EE IoT 04.17 V2.indd 15 4/14/17 2:49 PM

Who is after big data?

A few successful anecdotes aside, the promise of the Internet

16 DESIGN WORLD EE Network 4 2017 eeworldonline.com|designworldonline.com

Feature 1 EE IoT 04.17 V4.indd 16 4/14/17 2:36 PM

The costs to the companies were significant--

eeworldonline.com|designworldonline.com 4 2017 DESIGN WORLD EE Network 17

Feature 1 EE IoT 04.17 V4.indd 17 4/13/17 2:56 PM

you could incorporate the switch

New Fused Disconnect Switch

Regal and Marathon are trademarks of Regal Beloit

Feature 1 EE IoT 04.17 V4.indd 18 4/13/17 2:58 PM

Whats new for