Machine communication at Resato

(1)

University of Groningen

Integration Project

Machine communication at Resato

Author:

Sanne van Kasteel

Supervisors:

1st supervisor: Dr. ir. A.A. Geertsema 2nd supervisor: Dr. A.J. Bosch Company supervisor: R.J. Boer

Bachelor Thesis

Industrial Engineering & Management

July 2, 2018

(2)

(3)

UNIVERSITY OF GRONINGEN

Abstract

Faculty of Science and Engineering Industrial Engineering & Management

Machine communication at Resato by Sanne van Kasteel

With the modern technology, many companies use data to predict and anticipate on events. This data has to be transported from one point to another in order to use it. Everything can be connected through the Internet of Things, but the connection is not always easily made due to security in companies, such as a firewall. In order to let the connection run smoothly, methods are developed to bypass the firewall constructions and securely transport the data from one company to another.

Resato International BV is a company that develops high pressure and waterjet technology. Resato has machines at customers all over the world but has problems with connecting to those machines.

Methods for bypassing the firewall are necessary to allow for an easier connection to these machines.

In this research, several methods are evaluated and ranked according to the requirements of Resato.

One of the methods is tested to gain insight into the method and provide an example of implementation. This method, STUN, provides the client with an open port and its IP address. From the tests, STUN is capable of communication in most situations. For the cases that STUN is inadequate, the advice for combining methods is given.

iii

(4)

(5)

Terminology

Auto IP is a method that automatically distributes IP addresses to devices without a router or server.

In a Client-server network devices send information to one another through a centralised server.

DCR is a direct connection rate.

DHCP (Dynamic Host Configuration Protocol) is a protocol that can automatically assign IP addresses to devices in a network.

DNS (Domain Name System) is a decentralised naming system for devices that are connected to a private network or the internet. It is used to translate names of devices to IP addresses and vice versa.

Expedited data is urgent data.

HIP (Host Identity Protocol) is a protocol that allows for forming and maintaining IP addresses as both “locators” and “identifiers”. [1]

HTTP (Hypertext Transfer Protocol) is a protocol in place for communication between a client and server.

ICE (Interactive Connectivity Establishment) is a method for direct communication between devices.

IGD (Internet Gateway Device) is a protocol for port control in NATs.

IoT (Internet of Things) is a system that allows devices with different IP addresses to connect.

IP (Internet Protocol) is the main protocol for communication in the internet protocol suite.

IP address is the numerical code given to a device in a network that uses the IP for communication.

IPsec (Internet Protocol security) is a network protocol suite that encrypts and authenticates packets.

Kernel is the core of an operating system.

A log file is a record of every data activity that takes place in a system.

Middlebox is a device that can manipulate data before traversing.

Multihoming is a mechanism that allows to connect to more than one network or IP address.

NAT (Network Address Translation) is a method where IP addresses are appointed and trans- lated.

A Node is a device, structure or peer.

NTT stands for NAT Traversal Technologies.

Octet equals 8 bytes.

Overhead is the network overload.

Payload is the actual message sent in a network, the information without the data to make the transportation possible.

In a Peer to Peer network devices (peers) send information directly to each other.

Polling is a regular check for incoming data or changes.

Protocol suite is a collection of communication protocols.

Relaying is passing on data.

SIP (Session Initiation Protocol) is a protocol for communication of multimedia.

SOAP (Simple Object Access Protocol) is a messaging protocol that uses a XML format.

SSH (Secure Shell) is the protocol that allows for a secure channel over an unsecured network.

SSPR (Self-Service Password Reset) is the technology that one uses when, for example, one has to reset their password because of forgetting it.

1

(8)

2

STUN (Session Traversal Utilities for NAT) is a collection of methods for transport across NATs.

Throughput is the absolute performance of a process.

Tunnel is a manner to transport data while encapsulated.

TURN (Traversal Using Relays around NAT) is a protocol for relaying packages of data from one IP address to another.

VoIP (Voice over IP) is a method where the internet protocol is used to make telephone calls.

XML (Extensible Markup Language) is a simple text format that uses code and is readable to both humans and machines.

(9)

Chapter 1

Introduction

Modern systems communicate in different networks and there are different techniques to do so. Re- sato and more organisations encounter problems with this communication, while at other organisations such as WhatsApp, it does work. The problems arise from the security surrounding the machines because the machines are located at Resato’s customers. These customers use firewalls to protect their network and prevent unwanted communication. Different techniques for communication need to be found and evaluated. In this chapter, the problem context is discussed, such that one can understand the background of Resato and its problem.

Resato is part of a subsidised project where they are to provide knowledge on the subject of transportation and storage. Resato works together with a group of companies from Innovation Cluster Drachten. These companies all have the problem mentioned above.

1.1 Resato

Resato is a relatively small company that develops high pressure and waterjet technology. Even though Resato has less than 100 employees, they have their own distribution offices throughout the world, besides the headquarters in Assen, the Netherlands. Resato makes machines for customers all over the world. They carry two brands related to the technologies they produce. In 1991 Resato started with high-pressure technology. From this technology, the waterjet technology was realised. [2]

In Groningen, several busses from Qbuzz¹ run on hydrogen. Resato is the company that makes the compressor needed to fuel these busses. Resato’s mission is ‘To improve our customer’s business by providing them with High-Pressure technology, products and systems that meet or exceed their expectations.’ [3]

1.2 Innovation Cluster Drachten

Resato is part of Innovation Cluster Drachten, which consists of 18 collaborating companies in the manufacturing industry. Their goal is to make use of their shared knowledge to be able to make high quality, high-tech products. [4]

They work on five future challenges [5]:

• 3D metal printing: a unique combination of 3D printing, fundamental metals science, and post- processing technologies like ECM;

• Remote sensoring and big data: establishing remote connections between appliances, instruments and machines, and collecting, transferring, storing, analysing and using data;

1https://www.qbuzz.nl/

3

(10)

4 Chapter 1. Introduction

• Robotics: nearly or completely unmanned operation of high-tech systems at customers and in factories;

• Visual intelligence: a unique combination of camera technologies, big data and neural networks;

• All-electric propulsion: 100% emission-free drive systems through electric drive trains, including high-performance photovoltaic technology (100% renewable energy).

The research that will be discussed in this paper is related to the subsidised project of Innovation Cluster Drachten. They have a certain amount of knowledge they need to gather on these challenges.

This research is on the subject of smart machines. In case the results of this research are useful, they will be presented to Innovation Cluster Drachten. The subject of smart machines is divided into different work packages, this research is part of work package 2. The province of Friesland is the one providing subsidy for the project of Innovation Cluster Drachten. This is done on the condition that the five challenges mentioned above are worked on in R&D projects. It is important, according to the province, that innovation cluster Drachten collaborates with educational institutions, such as the University of Groningen. [6]

1.3 Project Motivation

The communication between Resato and its machines is needed because the material of Resato’s products can wear quickly. A batch of material might be of the wrong quality. Therefore, Resato would like to be able to communicate with their machines, such that preventive maintenance can be done.

It is difficult to predict behaviour because their machines have strictly nonlinear behaviour. Resato is working on the usage of artificial intelligence, but this is only on one machine and still work in progress. This artificial intelligence is used for the prediction of behaviour in the future. The test machine has sensors everywhere, which are used to read data for analysis of the machine. There are 70 sensors on the machine. These measure everything, such as temperature, pressure, current, leakages and strokes.

Since the strictly nonlinear behaviour of the machine makes analysing difficult, only a 60% prediction rate can be met at this moment. Naturally, this is not enough to be useful. Therefore, it is still being tested on only one machine. In the future, all machines should be able to communicate, but Resato rather wants to be able to predict their behaviour than to monitor the machines. Resato offers service to their customers, but there is much effort and money involved in randomly sending a mechanic to the customer. With the use of communication, a mechanic can be sent only when necessary. Besides the fact that this is better for Resato itself, this is also an improvement for the customer. Since the customer cannot use its machine when it breaks before a check-up, it is costly for the customer to have to wait for repair.

The artificial intelligence used at Resato is “PTC ThingWorx” from PTC, a software company that helps companies use IoT to connect the physical and digital world. IoT (Internet of Things) is a system that connects many devices with different IP addresses. The software ensures that manufacturers can use digital information in order to innovate. [7] ThingWorx is an IoT platform that can also analyse processes and provide predictions, just as it is able to make a connection between devices. [8] However, Resato has trouble with establishing a connection. PTC ThingWorx is further explained in section 1.7.

Sometimes Resato has to wait for half a year before being able to communicate with their machine.

Customers do not generally want to provide Resato with access or have Resato in their network all the time. This is for their own security, thus it takes several months before such access is authorised.

Resato would do the same, nobody can get access to their network. At this moment it will take a day to actually construct a communication line, which can be done faster and more automatic.

(11)

Chapter 1. Introduction 5

The companies from Innovation Cluster Drachten encounter the same difficulties. The companies do have methods in place to communicate at this moment. However, when internationally active, more problems are encountered. For example, Germany is very strict with the traversal of data. An essential aspect of being able to bypass the firewalls automatically is that the customer does not have to do anything. As Resato has their machines all over the world, every customer has a different background and network environment.

1.4 Trade-offs

1.4.1 Ethical limit

One of the trade-offs to consider is ethical responsibility. The meaning of trade-offs in this context relates to the method of bypassing the firewall. There are many methods, of which some can be ethically challenging. The problem is that Resato wants to find a way to bypass the firewall that is ethically responsible. Some methods, however, seem to approach hacking. Naturally, Resato would not like to use a method that is of questionable origin.

Actions that seem harmless can have undesirable consequences that one cannot anticipate. The problem lies in the different perspectives of countries on data transfer. One country can think it is reasonable the provider of a company’s machines reads out data, while in another country the government can think of it as espionage. The governments have different viewpoints, but all the companies do as well. Especially large companies that are more vulnerable to being the victim of a digital attack have trouble with allowing data transfer outside their network. If a port is opened for data transfer through their firewall, then the company is exposed to the possibility of attacks. Therefore, barely any company would allow for data transfer outside their network.

Besides the concern of hacking, the companies also have legal issues. Many companies have customers of their own, in the case of a hospital, patients for example. These customers have the right to their privacy. Therefore, no company would like, or is allowed, to share data that might have customer information in them. When the company gives access to the data, customer information can be gathered as well. Even if one promises not to gather any sensitive information and only log files, the company might still be hesitant because of customer confidentiality. As tunnelling is an option for transporting data in an unobservable manner, these methods should be taken into account in this research. How- ever, it is important to take into account this ethical limit when doing so, since it could be termed as hacking. In the requirements (3) for evaluating the methods, the ethical side is represented by customer approval.

1.4.2 Technical limit

The technical limit lies mostly with the customers, because every customer has different IT knowledge.

This implies the technique should be made such that the customer is not involved in any of the steps.

All firewalls are based on the same techniques, they merely differ in strictness. Thus, if it is possible to cross one, it is possible to cross practically all of them and one does not have to take into account any possible differences in designing a method to pass through the firewall.

It is also important to the customer that their environment, either physical or digital, does not change excessively. For example, if Resato needs the customer to add a certain application to their machine so that it would take up more space. A digital example is that the customer needs to make a portal for Resato in order to access their machine, which happens at this moment but does take up effort from the customer, thus Resato has to wait until they have access. Important to note, is that Resato offers service to the customers, which means they send a mechanic or part when necessary. Naturally, this

(12)

should be Resato’s responsibility, and the customer should not have to put in much effort to enable this.

Equipment can also play a role once implementing a method. However, this is not relevant for this research as the test design will be on a small scale with little data. Resato already has the availability to store data, hence in case of realising a method, not much extra equipment would be immediately necessary.

1.5 Digitalisation at Resato

Resato would like to be able to communicate with their machines without waiting for the customer to act. To define the problem, an example can be given; at a certain company that has a machine of Resato, it took half a year before the company actually made an access point for Resato through their firewall.

This problem revolves around the digitalisation of practices, which is very useful for data gather- ing and prediction models, but can result in difficulties since it is a different level of expertise that a manufacturing company such as Resato might not have at its disposal. This problem is based on IoT, which is a system that connects many devices with an IP address. These devices can consist of many different technologies and applications, such as mechanical machines. Without demanding any human interaction, it can exchange data within a network.

1.5.1 The OSI model

The OSI model is a well-known term in IT; it is an abbreviation of Open Systems Interconnection model. The model was composed such that the different communication systems at the time could become more compatible. The OSI model has seven layers, [9] of which the 4th layer is important to this research. The layers are depicted in Figure 1.1 below.

Figure 1.1: Communication involving relay open systems [9]

(13)

The transport layer provides a connection establishment, connection release, data transfer, expedited data transfer and suspend facility. [9] TCP and UDP are the most well-known protocols in the transport layer.

1.5.2 The TCP/IP model

To be able to understand the process of sending and receiving data, the TCP/IP model is explained in this section. TCP/IP is a network protocol, similar to IPX/SPX and NFS. As a network protocol, the TCP/IP model can be related to the OSI model, where layer 4 is transport. Compared to the OSI model, TCP/IP has the application layer, which is similar to the application, presentation and session layers of the OSI model. Comparable, the network access layer in the TCP/IP model is related to the data link and physical layer of the OSI model. The other two layers are the same.

In the TCP/IP model the transport layer, the protocol suite consists of transport layer services TCP and UDP. TCP has a different data structure than UDP, namely segments compared to packets [10].

TCP and UDP are explained in more detail in section 1.5.3.

Figure 1.2: The TCP/IP layers with some protocols

The TCP/IP model can be seen in Figure 1.2, which shows the four layers of the model. It starts at the application layer, which is the interface. In this layer, one can request a website for example. The request is sent to the transport layer through a port. This can be any port, but with a website most likely the HTTP protocol and thus port 80 will be used. The transport layer divides the data into packets with headers such that they can be put back together the same way they were taken apart. These

(14)

packets go to the internet layer where more information is added to the packet to ensure it reaches its destination and it can be returned. After the internet layer, the network access layer is reached. This is the actual physical layer, where the packet goes to the right device and can even send the right elec- tronic pulses. In the case of the website one is looking for, it is where the request is put on the network.

The layers are passed multiple times, as the request is sent and answered as well. At each cross- point in the route that data passes, a little extra information is added, such that the data can find its way back. An example of this is similar to the header before. A NAT can give different information such as a (public) IP address to the data. A NAT (network address translator) is a technique in a router, designed to assign IP addresses. Once the answer to the request returns, the NAT sees it is addressed to its own IP address and strips away this piece of information, after which the next (local) IP address can be found. This way the NAT knows which device in its network to send the data to. As can be seen in the Figure 1.2 each layer has its own protocols that can be used. The protocols shown in the figure are a few examples, as there are many possible protocols. Another important aspect of the model is the whole process of requesting a website, the route of this request toward the server and the server answering with access. In this process, some steps can be done partly simultaneously. For example, some parts of addressing, such as routing information or destination address, are done at the same time.

Figure 1.3 shows the TCP/IP process with the analogy of writing and sending a letter. In the application layer, one writes the letter, after which the letter can be put in an envelope and addressed in the transportation layer. The letter is then sent, which includes transportation to a distribution centre, sorting the letter and transporting the letter to the recipient. These steps all transpire in the internet layer. The letter is then received by the recipient, which is in the network layer. Here the recipient can read the letter. Using this analogy the difference between TCP and UDP can also become clear. If one writes a letter and addresses it to the wrong address, the letter will simply be lost or returned. If UDP is used, the letter gets lost and one cannot know if it was received or not. In the case of TCP, the letter is returned and an error will occur, as the sender is waiting for a confirmation of the recipient. Without a confirmation, the sender knows that something is wrong with the process of sending the letter. Data is sent in different packets, which could be seen as chapters of a long letter. It is possible that for example one of the five letters sent goes missing. Because the letters are numbered, the recipient knows that for example chapter two is missing. The recipient can return a message to the sender that one chapter is missing, after which the sender can send chapter two again.

This is why TCP is a more reliable method than UDP, where the chapter is simply lost.

This research relates to the transportation part of the TCP/IP model. The methods that will be discussed are methods for traversing from the application layer to the internet layer.

Figure 1.3: Schematic of the TCP/IP analogy

(15)

1.5.3 TCP and UDP

From section 1.5.2 one knows there are different methods for transport, namely TCP and UDP. These methods are protocols for a connection with data transfer within a network. The protocol used for the communication at this moment at Resato is TCP.

TCP is a longer, more elaborate protocol and stands for Transmission Control Protocol. Before two devices can communicate, a three-way handshake should take place. This is the case if one wants a two-way connection, thus two TCP connections: One from device X to device Y, and one from Y to X. The process is shown in Figure 1.4. To begin with, device X sends a request for making a connection (SYN). Then device Y should reply to this with an acknowledgement (ACK) of the request and its own request for a connection, after which device X replies with an acknowledgement again.

Once this is done, the devices can exchange data. With this data exchange, the receiver of data should acknowledge that the package of data has been received every time. Once the data transfer is finished, there will be a four-way handshake. This means device X sends a termination request, which device Y will acknowledge. Then device X will terminate the connection. Since there are two separate connections, device Y should also send a termination request which device X should acknowledge. An example to make TCP more tangible is the protocol POP3, which is used for emails. [11]

Figure 1.4: TCP three-way handshake between two devices

UDP stands for User Datagram Protocol, which is a connectionless protocol, which means there are no UDP sessions set up and acknowledgement or retransmission does not take place. The data is sent in a package, after which the data is extracted from that package by a UDP module at the receiver. [11] This protocol takes less time and, thus, is more efficient. However, there is no need for acknowledgements of data. This results in a less reliable method of data exchange.

1.5.4 NATs

As mentioned in section 1.5.2, a NAT is a network address translator. It is designed for assigning IP addresses in a network, such that external networks can connect. The technique is generally built into routers. It is important to note that a NAT is not a firewall. A NAT can be seen as a sorter, while it does not provide actual security. However, address and port translation in a NAT allow for strictness in a network. There are several basic types of NATs, a full cone NAT, restricted cone NAT, port

(16)

restricted cone NAT and symmetric NAT. The Figure 1.5 shows a decision tree for finding some types of NAT with UDP. The tests are sending a STUN binding request to a server. The first test sends this request without asking for the change-request attribute, it does, however, in the other two tests.

The change-request attribute contains a change IP and port flag, which is used for discovering the type of NAT the client is behind. In the first test, there is no response-address either, which means the binding response is sent to the source IP and port of the request. In the second test, the binding request contains both change IP and port flags. During the third test, the request contains only a change port flag.[12]

Figure 1.5: Schematic finding what NAT one uses (based on [12])

(17)

The full cone NAT allows for any inbound connections that are included in a formerly established rule. These rules are previously configured or can be created by a network administrator. The Figure 1.6a shows the full cone NAT. A restricted cone NAT, or address restricted cone NAT is similar to

(a) Full cone NAT (b) Restricted cone NAT

(c) Port restricted cone NAT (d) Symmetric NAT

Figure 1.6: Schematic of different type of NATs explained [13]

a full cone NAT. The difference with a restricted cone NAT is that an external host can only send a message when the internal host has already sent one before and thus the IP address is recognised. It is not, however, required to be in the same session, as a rule is made and kept at the first outbound connection. Figure 1.6b shows the restricted cone NAT.

With a port restricted cone NAT not only the IP address, but also the port from an inbound connection has to be recognised. Further, this NAT is similar to the restricted cone NAT, as a rule is created with the respective IP address and port. This NAT is illustrated in Figure 1.6c. The symmetric NAT is similar to the port restricted cone NAT, but for each connection a new random port is assigned.

This means only the external host that received a packet can connect and send a packet back to the internal host. The symmetric NAT is shown in Figure 1.6d.

1.6 Use of TCP or UDP

TCP and UDP are the best-known transport protocols. However, there are also other, newer protocols such as SCTP, DCCP and MPTCP. [14]

Stream Control Transport Protocol (SCTP) is another protocol that can be used, instead of TCP or UDP. The protocol has the flexibility of UDP, but the reliability of TCP. In the research of Henrik Ostendahl (2005), TCP and SCTP are compared according to performance over HTTP. [15] This¨ research concludes that SCTP is slower than TCP, which could be because supporting software has to be developed to compete. In this research, they only made a comparison for web browsing, which means it is not clear if the protocol would hold up for transporting loads of data. However, the research in Jinyang Shi et al. (2004) shows that SCTP is a proper solution for multi-access, which is a technique where multiple users can connect and transmit over one medium. [16] The research in Ra- jesh Rajamani, Sumit Kumar, and Nikhil Gupta (2002) also supports SCTP usage and demonstrates

(18)

that SCTP can improve throughput and reduce latency in web traffic. [17] Firewalls tend to discard SCTP packets, [18] thus they are not the best option for this problem.

In the study of Shahrudin Awang Nor, Raaid Alubady, and Wisam Abduladeem Kamil (2017), the researchers compared TCP, UDP, SCTP and DCCP, and concluded that TCP is the protocol with the least package loss and highest delivery rate. [19] However, DCCP, Datagram Congestion Control Protocol, turned out to perform the best on throughput, jitter and delay. The research was on video streaming over LTE but proves that data transfer over TCP or DCCP are the least wasteful methods. DCCP has also been proven to function implemented in practical big data management. [20]

Nonetheless, if no packet loss is important DCCP is not the best method. [21]

MPTCP is the abbreviation for MultiPath TCP and is an extension for TCP, [22] it supports two endpoints that use multiple paths between them simultaneously. [23] With MPTCP multihoming is more accessible, which is especially useful in data centres because it allows for improved performance and higher availability. [18] In fact, MPTCP is already universally implemented in, for example, Ap- ple iOS [23]. There are many other protocols that people made themselves to replace or complement TCP. An example is MPLOT [24], but for the purpose of this research these other protocols will not be considered.

In the Netherlands, generally, the connections are good enough, so that even over UDP packets are unlike to get lost. However, this is not the case in every country over the world. Therefore, it is important that in those countries a TCP connection is used. As Resato desires a single method that they can implement everywhere, it is most likely the best option not to use UDP. There is, however, the possibility of TCP over UDP, which makes for more reliable packets. When TCP packets are sent over UDP, TCP is more likely blocked by firewalls than UDP, which would mean the chances of bypassing the firewall are larger when using UDP.

1.7 PTC ThingWorx

PTC ThingWorx uses ports 80, 8080, 8443 and 443, which are HTTP and HTTPS ports for regular requests. Besides these standard ports, ThingWorx also uses port 8000, 25, and 587, which are SDK and SMTP ports. ThingWorx also uses ports from the external database connection, extensions and the local system. [25] As one can see ThingWorx uses many different technologies and thus ports, which is a method where they combine those different ports. This is a slow method, it is better to use one port, which they will probably do in the future. However, this is not the most important aspect of transferring data; one still needs to be able to bypass a firewall.

For ThingWorx to be able to pass through a firewall, one has to allow access to specific IP addresses.

Naturally, this means that the customer would have to accept these IP addresses, which means the customer has to do something. Therefore, PTC ThingWorx does not suffice in bypassing the firewalls.

However, it is possible to build one’s own tunnel through the firewall and use ThingWorx for the collection, analysis and the further retrieval of data.

1.8 Problem holder and stakeholders

In this section, the problem holder analysis and stakeholder analysis are shown. These analyses are done to have a clear overview of who to keep in mind while doing the research, as each stakeholder has a different perspective of, and ideas about the problem. This can be useful in reflecting on the problem-solving method.

(19)

1.8.1 Problem holder analysis

Anybody that uses machines and wants to make a connection with these machines can have this problem, preferably without modifying the environment. This is the case for manufacturers, but also for people with a smart home. To be specific, the main problem holder is Roelof Jan Boer, since he is the person leading this project. Resato is the main contractor for the project. They want to find a possible method to conduct their communication with their machines. Therefore, R.J. Boer is the main problem holder.

1.8.2 Stakeholder analysis

In Table 1.1 below, one can see the different stakeholders with their goals and requirements towards this research. None of these stakes are conflicting. R.J. Boer is the person who actually experiences the problem as he is responsible for the work package. He is also the person who is responsible for the IT department of Resato. The final requirements of Resato besides the list of methods are the trade-offs they are based on. These trade-offs can be divided into multiple requirements, such as that the method should be standardised and thus take little time and effort. The method should work in almost every country, because Resato has machines all over the world, which is also why the method should be ethically responsible. Every country has different ethical and technical limits, which should be taken into account not to agitate any company or government. The little time to implement is indicated in the requirements in chapter 3 as availability. The fact that it has to work in almost every country is similar to being able to use it at different companies, thus reusability. As mentioned before, the ethical responsibility is represented by customer approval. The costs are relative but can be assumed as high when overe20 000 per year.

Stakeholder Goals Requirements

Resato: Roelof Jan Boer Solve the communication problem between Resato and

their placed machines. Gain knowledge to use for the

subsidised project.

Have a selection of methods on communication between

machines. Have a representation of one or more

methods.

- Take little time to implement - Works in almost every

country (80%) - Be ethically responsible - Doesn’t cost much money - Customer doesn’t have to do

anything Innovation cluster Drachten:

IT departments

Solve the same communication problem Resato has.

Receive information about a possible solution.

Province of Friesland Have research done on the subject.

Receive any information about a possible solution.

Table 1.1: Stakeholder analysis

(20)

1.9 System description

The system is described in Figure 1.7, which shows the actual system of machine communication. The system shows the communication between Resato and the machine, where the data travels through the customers’ and Resato’s network, such that information can be exchanged. Resato asks for information, whereas the machine has to send it. This data should go through the firewall of the customer.

A firewall is either hardware or software that protects a network by scanning any data asking for access. It does so to keep any dangerous data out of the network. The goal for Resato is to use the data to conduct preventative maintenance. This project is situated around the ’pass firewall’ action, from the moment data is sent until the data is received. As Resato would also like to send data to the machine, it should bypass the firewall again. There is artificial intelligence used for the prediction of behaviour. At this moment Resato uses such an artificial intelligence on one machine, with the software of PTC ThingWorx. The goal is to be able to predict behaviour on all machines that are situated at customers.

Figure 1.7: System of machine communication

1.10 Risk analysis

The research consists mostly of a literature study. There is no apparent risk in doing literature research. The only difficulty that might be encountered is when one focuses too much in a particular direction. Knowing this, this problem can be avoided. This is the same case with the problem that has been given. It is important to make sure this is the actual problem and if the solution might lie somewhere else.

With the test design, no problems should occur. If the test is done in a closed environment, there should be no danger to any part of the company. The programming is done by a junior programmer; thus the progress is dependent on the programmer. There is the risk of the test design not working properly.

Nevertheless, a test design is made to be tested and to find any possible difficulties. Thus, the test design not working properly would only be part of the research and can be used to improve the design.

There is the risk that the research will not provide any useful outcome for Resato.

Another risk is that it will not be possible to continue the research due to, for example, illness, or not finding a solution.

(21)

1.11 Planning

In the second block, the research will start full-time. This will be done at Resato, such that anything can be discussed or evaluated immediately. In Figure 1.8 one can see the Gantt chart that goes with the planning in Table 1.2.

Process step Start date End date Start IP / workshops 21-feb 12-mar

RDP 12-mar 15-apr

Literature study 16-apr 13-may Start test design 14-may 20-may Evaluate test design 21-may 27-may Conduct further research 21-may 3-jun Finish preliminary report 5-jun 5-jun Try new test design (if needed) 4-jun 6-jun

Make poster 7-jun 13-jun

Finish research and evaluate 7-jun 17-jun

Write report 12-mar 17-jun

Finish final report 18-jun 18-jun

Presentations 18-jun 25-jun

Symposium 26-jun 26-jun

Table 1.2: Planning for block 2

Figure 1.8: Gannt chart planning block 2

(22)

(23)

Chapter 2

Research Design

In this chapter, the research topic, design goal and scope, research problem, design steps and needed resources are discussed. In the sections, the problem statement, design goal and research questions are given. These are used throughout the research to find a solution.

2.1 Research Topic

As mentioned before, this problem is situated around the topic of IoT, which can be shared under an IT department. With the context of the previous chapter, a problem statement can be made.

Problem statement

‘It is complex and time-consuming for Resato to be able to communicate with their machines while considering their customer’s environment’

In chapter 1, the meaning of trade-offs and the customer’s environment can be found, just as the reasons behind the fact that Resato would like to communicate in the first place. To summarise, the trade-offs need to be found to ensure the method is ethically responsible for using. The customer’s environment should have as little change as possible. Resato would like to communicate with its machines in order to improve their service and develop a prediction model.

2.2 Design goal and scope

In this section, the design goal and scope of the research are mentioned and explained.

2.2.1 The design goal The design goal is:

‘To develop a test design of a method for machines to connect, with limited change in the customer’s environment.’

The main goal of the test design that will be made is to find a prototype, which will help steer in the right direction. Resato wants to have an idea of which methods fits the company. The test design can easily be made with the help of the programmer. It will be constructed with the use of computers. One can use two setups with each their own network to represent Resato and the customer.

As mentioned in the trade-offs, it is important to limit the change in the customer’s environment.

The main goal is to have access to the machine without needing the customer to do anything. This

17

(24)

18 Chapter 2. Research Design

way Resato keeps control over the access to information, without having to rely on the customer. For the customer, it is also better if nothing has to be adjusted, as they purchase a product with service.

2.2.2 Scope

The scope of this project is limited to finding methods to communicate with the machines. According to Resato, the problem lies within bypassing the firewall. However, it is important to additionally consider other options, such as not using their network at all. For example, if one is able to construct their own VPN, bypassing the firewall is not necessary. Thus, methods of communication should be found and evaluated, but also other possibilities should be taken into account.

2.3 Research problem

The research is built up from one research question, with some sub-questions to help along with answering that one research question. In this section, those questions are mentioned.

Research question

‘What is the best method to communicate with the machines, with limited environment change?’

The communication Resato wants with their machines is to be able to do preventive maintenance.

This best method is dependent on the requirements of Resato. Therefore, this is included in the following sub-questions. As mentioned above, these sub-questions are necessary to answer the main question. Some questions have their own sub-questions, in order to be able to answer them.

Sub-questions

• What are methods for communication well known and used?

Does PTC ThingWorx not suffice?

Would TCP or rather UDP fit the situation?

What are other possibilities than bypassing the firewall?

• How do the methods score on their requirements?

• How can a traversal method be tested?

What are important factors to include in the test design?

2.4 Design steps

In this section, the design steps are discussed. Many methods can be used for a design. In this research those of M.C. Jackson will be used. Besides showing the general steps, these are modified to a proper design plan for this research.

Using the system approaches from System of Systems Methodologies (SOSM), see Figure 2.1, the following can be found.[26] The problem does not have many subsystems and the existing subsystems only have a few highly structured interactions. These will not experience much change over time.

(25)

Chapter 2. Research Design 19

Besides that, they are not much affected by the actions of their parts, nor by any environmental influence as long as the network is adequately protected. This means the system of communication between Resato and its machines is simple if the right method is found.

The participants are the ones involved with the system. Those relations should be taken a look at, which results in a unitary relation, since the participants have a common purpose and similar ob- jectives and interests. This is the case as both Resato as the customer want the communication to work. As it is a technical problem focused on optimising the system towards one goal, it is simple and unitary, which means Hard Systems Thinking can be applied.

Figure 2.1: Systems approaches related to problem context in the SOSM [26]

The Hard Systems Thinking approach consists of several steps, shown in Figure 2.2. These steps can be formulated for this research as follows:

1. Understand the context and the problem;

2. Understand the ethical and technical boundaries;

3. Identify and select the (alternative) methods;

4. Select a proper method and build a test design;

5. Evaluate the test design;

6. Use the analysis of the test design for defining more selective requirements;

7. Identify improvement for the test design;

8. Evaluate the test design;

9. Identify further research requirements.

Steps 6 to 8 are left out of the scope of this research, due to the length of the project. It is important that, while doing the research, the context is continued to be considered, since the context might change due to a different perspective on the problem or a different kind of method to bypass the

(26)

problem.

Figure 2.2: Systems analysis methodology [26]

(27)

Chapter 2. Research Design 21

2.5 Needed Resources

Multiple resources are needed to do proper research. In this section, the main resources are explained.

These include literature and a test design.

2.5.1 Literature resources

The most important part of this research is to find methods to bypass firewalls. Literature on communication methods is also useful. According to Resato, the central aspect of this research is a literature study since they do not have the available resources to do this themselves. Therefore, during this research, the literature study is extended. This extended literature study is on the methods and can thus be found in chapter 4. Useful databases to find proper literature are SmartCat and Google Scholar.

The research started with search terms such as:

• IoT

• Manufacturing

• Machines

• Communication

• Firewall

Further in the research more terms were added, such as:

• NAT

• Traversal

• Network

• Tunnelling

From the literature in the beginning, some information could already be found, as this is a subject that many companies deal with. However, there is a difficulty often encountered in literature study.

A great amount of literature gives methods that are meant for one’s own plant, which results in many methods within one’s own network and not specifically outside. It is notable that this literature men- tions the use of a firewall to protect one’s network, which is exactly the problem that Resato would like to bypass.

In, for example, banking services, communication is made between the customer and service provider, which is Resato in this case. In this example, a reservation system is often used, but that does not have real-time interaction. What can be useful for this research is looking into rational incentive mechanisms. However, these methods still require the customers’ participation.[27] An incentive mechanism is based on game theoretical analysis and is designed to promote the desired behaviour of rational players, such as a computer. [28]

From the research in S. Kubler, K. Fr¨amling and A. Buda (2015) it can be found that the QLM, Quantum Lifecycle Management, standard was developed to have the main requirements of IoT ful- filled; to have peer-to-peer communication, also in a secure environment, such as a customers’ at Resato. [29] QLM makes use of a TCP connection. The researchers promote a piggybacking based model that allows for two-way communication through a firewall. This method does require acknowledgement from the customers’ network to be able to enter it.

(28)

Some known communication technologies, such as RFID (radiofrequency identification) or WiFi, can communicate only on a relatively short distance. In the case of WiFi, a range of 100 meters. [30] This information can be used as a start in this research. As can be concluded from these papers, there are many methods available. Nevertheless, many of those methods are not useful to Resato. This shows that this research is supposed to help Resato make a selection of methods that would be proper for the company.

2.5.2 Test design

After the literature research, together with the knowledge of a junior programmer, a test design can be made. This test design will be tested and evaluated at Resato, which is the final step of this research.

As mentioned before, this test design can be made with two computers.

(29)

Chapter 3

Requirements

Requirements are necessary for categorising the methods in this research. With the use of requirements the methods can be ranked, which will result in a clear overview of the methods. In this chapter, the requirements are evaluated and rated on importance.

The requirements in this research are based on software quality assurance, where stakeholder requirements are the basis for deciding which method would fit the problem. Software quality assurance (SQA) is ‘a set of activities that define and assess the adequacy of software processes to provide evi- dence that establishes confidence that the software processes are appropriate for and produce software products of suitable quality for their intended purposes.’ [31] There are multiple aspects to software quality assurance, such as planning, technical and development reviews, software testing and demon- stration. [32]

In A. Mili and F. Tchier (2015) the attributes for testing software are divided into several categories.

Namely, functional, operational, usability, business and structural attributes,[33] where the functional attributes define the input/output behaviour of software products. The operational attributes define the functions and condition of the services that are delivered to its users. There are five attributes that are operational. These are latency, throughput, efficiency, capacity and scalability. Usability attributes are a measure of the services provided to the user, the extent to which the product is easy to use. Business attributes are more in consideration of the software manager in the development of the product, such as costs, maintainability and reusability. The structural attributes are also more in consideration of the developers, but rather the technical aspects of development.

From the attributes mentioned above the following are deemed important in combination with the stakeholder analysis:

• Throughput

• Latency

• Packet loss

• Overhead

• Availability

• Reusability

• Costs

• Customer involvement

• Customer approval

23

(30)

24 Chapter 3. Requirements

Throughput is the absolute performance of the system, which is the volume of processing that can be delivered. The throughput in this research is in transactions per ms. A value for throughput that an average router can handle ranges from 1 kb/s to 2 GB/s. Latency is the perceived response time between the input and output of a system. The time it takes for the request to actually reach the server is called delay. The value for latency in typical internet connections is below 100 ms, but is around 25 to 40 ms average. [34, 35] Packet loss is another important aspect to take into account. When packets tend to get lost, not all the data will be received. This results in incomplete data, which is not useful for processing. The maximum amount of packet loss allowed is 2%, but below 1% is the advised amount. [34,36] Overhead is the network overload, which is the extra delay, bandwidth, memory etc.

necessary for the transaction. The average overhead in a local network range from 4% for a simple task to around 20%, but overhead can easily reach above the 50%. [37,38] Availability is the ease of receiving the software or hardware necessary for implementing the method. Reusability is relative to the amount of effort that has to be put in once the method is implemented at another customer. This means the method is highly reusable if no adaptations need to be made. The reusability also relates to the ability to use the method in most countries, as Resato would like to be able to use the method in almost every country they have machines. The costs are for the implementation and upkeep of the method, which can consist of a monthly payment for the use of a server. These costs are high when they are over e20 000, which should not be the case for keeping a server. Another important requirement is customer involvement, which should be slim to none because Resato does not want to have to rely on any action by the customer. The last requirement is customer approval, which is important for keeping the customer satisfied and allow for data extraction from the machine. This also relates to the different countries that would allow for the method to be used. To ease the outcome, the methods are ranked on each attribute as good, deficient or acceptable, a 10, 1 or 6 respectively.

In order to rank the attributes to their importance and thus find the most important method, a scorecard is used. Each attribute is listed with its ranking, across from the methods. The score of each method is taken relative to the ranking of the attribute, which results in an overall score for each method. Each attribute has a score of 1 because they are of similar importance. However, customer involvement has a score of 2, because a method cannot be used by Resato if customer involvement is necessary. The scorecard is shown in section 4.16 Figure 4.10.

(31)

Chapter 4

Methods

In this chapter, the different methods found for bypassing a firewall and communicate are shown. At first, an example of the use of these methods is given, namely, Skype. This will give an insight in how methods can work and complement each other. After this example, methods are explained and evaluated, next a table is given with the general advantages and disadvantages of each method.

4.1 Introduction

Skype

An example that one can use for this research is the peer-to-peer application called Skype, which allows for one to make phone calls from one device to another. As Skype is a program used all over the world, where it works practically everywhere, it is used as an example of what the methods can be used for. This section explains the known techniques that Skype uses to let peers connect through firewalls in any country.

Skype is an example of a Voice over IP programme, which allows for phone calls to be made over the internet instead of cable. It is not possible to find the exact method that Skype uses, as it makes use of secret, proprietary protocols that cannot be studied. [39] However, it is clear that Skype makes use of something called ‘supernodes’, this are nodes that support firewall traversal. It is probable that they use some sort of STUN server, such that the existence of a firewall can be determined by other nodes. Nevertheless, there is no information on these ‘supernodes’, thus it is not possible to describe their process. [39]

In Ying-Dar Lin et al. (2010) the researchers attempted to find the influence of NAT device to a VoIP connection. [40] One element they found is that Skype has its own technology for port prediction. The table in Figure 4.1 below shows different NAT traversal technologies (NTT) for several VoIP applications. [40] From their research, it can be concluded that in VoIP applications, the NTTs path check, port prediction and relay first are not commonly used. The research also points out that in case both peers are behind a multilevel NAT, a direct connection cannot be established.

From the research in S.A. Baste and H.G. Schulzrinne (2006) the process of making a connection through Skype can roughly be deducted.[41] At first, the Skype client opens a random TCP and UDP listening port, besides opening a HTTP (80) and HTTPS (443) port. It then uses a combination of STUN and TURN protocols to define the type of firewall it is behind. At first, a UDP package is sent to the entry, if after about five seconds there was no reply it would try to create a TCP connection.

In case this was still unsuccessful it would try to establish a connection with the HTTP port and after failure, the HTTPS port. When all these actions fail, it would wait for around 6 seconds and repeat the process four times before reporting an error. There are a couple of Skype nodes that are used by the Skype client to connect to and it randomly picks one of these.

The research concluded that the Skype client was able to determine the type of firewall it was behind 25

(32)

26 Chapter 4. Methods

Figure 4.1: NAT traversal technologies for some VoIP applications [40]

in two possible ways. One exists of exchanging messages with the Skype node by using some sort of STUN protocol. The second option is that during login, the Skype client exchanges data from a few nodes after making a TCP connection with the Skype node. After this step, the Skype node would still have to use a sort of STUN protocol to define the type of firewall. From the experiments, it also became clear that this information is stored in the Windows registry, and refreshed periodically. However, the researchers are unable to say how often it is refreshed, as the messages from Skype are encrypted.

An important aspect of the Skype sessions is that data packets are still transferred, even if there are no noises. These ‘silent packets’ are useful to avoid connectivity problems due to a sudden drop in data exchange. [41] It is possible that the customer uses white listing, which is restricting access to all internet sites except the ones approved. White listing costs much maintenance, but it can prevent any communication other than the approved. [42] It has also been shown that a system comparable to Skype can still be observed because a reproduction is complicated and unattainable in most cases. [43]

In conclusion, Skype is a program that uses different approaches together. This way it is most likely that a connection can be established one way or the other. This is likely to be the best approach, as every company has a slight difference in the restriction of their NAT.

4.2 STUN

Session Traversal Utilities for NAT (STUN) is a protocol that provides a device with its location behind a NAT and the kind of NAT it is behind. STUN works as follows: The client sends a message to the STUN server containing its IP address and port in the payload. The server can then examine this message and reply with the IP address and port after the client receives this message, it can compare the information and thus see if there is a NAT in-between. If the information is different, it will send new messages to the STUN server to find the NAT behaviour and type. [44] For STUN messages TCP and UDP both support transport. [45] There are multiple STUN servers that exist and one can make use of, for example, Google has multiple servers one can use. Therefore, besides the development costs of a program to use STUN, no further costs are required. As STUN only provides the device with information, it does not affect the general throughput, latency, packet loss or overhead. With the use of STUN, no customer involvement is necessary and the sending of information will go through a regular, relatively safe route. Figure 4.2 shows the use of STUN and TURN, the last of which is explained in the next section.

STUN is only useful when the NAT device has an independent filtering rule, which means any device

(33)

Chapter 4. Methods 27

can send a packet. However, when the NAT has an address and port dependent filtering rule (symmetric NAT), which means a packet can only be sent to a device if there was previously communication, STUN does not suffice. [40] When this is the case, the TURN or PS-STUN protocol can be used. The table in Figure 4.4 summarises the STUN, TURN and ICE protocol. ICE is explained in section 4.4.

Method Advantages Disadvantages

STUN - Throughput: protocol dependent: 10 - Latency: protocol dependent: 10 - Packet loss: protocol dependent: 10 - Overhead: protocol dependent: 10 - Availability: STUN servers available: 10 - Costs: already exists: 10

- Customer involvement: none: 10 - Customer approval: acceptable: 6

- Reusability: does not work with all NATs: 6

Table 4.1: STUN evaluation

Figure 4.2: Schematic of the use of STUN and TURN

4.3 TURN

TURN (Traversal Using Relays around NAT) is a protocol that allows for a device to connect to another device with the use of relay. This way the devices can establish a connection, even if a NAT would not allow for a Peer-to-Peer connection. TURN can have a delay, because the packets go through the server twice as it has to relay. [40,42] This can result in more overhead, because of more nodes on the route of the data packets. One can create their own TURN server or make use of a company to host one. Since TURN can use a TCP connection, it also tends to have the reliability of a TCP connection. This would mean the packet loss is low. Because a TURN server has to be provided with a high-bandwidth connection to the internet, it can be costly. [46] A TURN server including

(34)

other services can be rented for $500 per month, which equals $6000 per year. [47] Therefore, the TURN server should only be used when a peer-to-peer connection is not possible. If a high-bandwidth connection is necessary, this means the throughput is likely high. Initially, TURN was created to support multimedia sessions signalled using SIP, and as part in the ICE method as an extension to STUN. [46] Which also means no customer involvement is necessary and the connection is relatively safe. Figure 4.2 shows a schematic of the use of STUN and TURN in a system.

TURN - Throughput: acceptable: 6 - Packet loss: low: 10 - Availability: acceptable: 6

- Reusability: works for every NAT: 10 - Customer approval: TCP reliability: 6 - Customer involvement: none: 10

- Latency: delay: 6

- Costs: relatively high, but below max: 6 - Overhead: chance of higher overhead: 6

Table 4.2: TURN evaluation

4.4 ICE

Interactive Connectivity Establishment (ICE) is a method that combines the use of a STUN and TURN server. It then uses a communication protocol to establish a connection between two devices.

ICE uses hole punching techniques [46] to find if, before relaying a connection, it can make one directly between devices, if not it will proceed using a relay server. [40] The method is described in J. Rosenberg (2010) and starts with finding a transport address candidate.[48] This is for a specific transport protocol and consists of the combination of an IP address and a port. The local interface is called the host candidate and allows to allocate ports, after which further candidates can be located.

These can be either on the TURN server or in the public network, which is used when only STUN is utilised. If it is the last case, the STUN server informs the client of the candidate through copying the transport address. The TURN server assigns a port from its IP address to generate a response when the request arrives.

Figure 4.3: Deployment solution ICE [49]

(35)

Then it advises the server of the relayed candidate, after which it will act as a relay and forward traffic between the two nodes. Connectivity checks will be executed, when the candidates are sorted according to the priority of the pair. These checks issue a four-way handshake, where both clients execute a check, after which this pair is nominated for use and they can start exchanging messages.

Besides the full implementation of ICE, there is also a lite version, [50] which can be used when full implementation is not yet possible. In the research of Yang and Lei (2016) ICE is combined with the SIP protocol, such that the candidate addresses found by ICE are added to the SIP protocol as supplementary features, after which the addresses can be exchanged through SIP. [49] The Figure 4.3 shows the structure of this method and Figure 4.5 the belonging procedure. From the research, it can be concluded that the combination of these methods works for traversal of all NAT types. As ICE can be configured in the way that has the least delay, overhead, packet loss etc. as the TCP connection allows for, these factors are dependent on that connection.

ICE - Reusability: works for all NAT types:

10

- Availability: is available in code: 6 - Customer involvement: none: 10 - Latency: chooses fastest connection: 10 - Throughput: network dependent: 10 - Packet loss: network dependent: 10 - Overhead: network dependent: 10 - Customer approval: acceptable: 6

- Costs: of TURN server: 6

Table 4.3: ICE evaluation

The table in Figure 4.4 shows a comparison of the STUN, TURN and ICE methods mentioned before.

One can see that STUN is not possible for certain types of NATs, except in combination with other methods.

Figure 4.4: Comparison on STUN, TURN and ICE [40]

(36)

Figure 4.5: Procedure NAT traversal [49]

(37)

4.5 PS-STUN

In Wang, Lu and Gu (2006) research is done on a protocol to use if STUN does not suffice because of a symmetric NAT. [51] The algorithm was designed such that a middle server is not needed, which should ensure less delay. Yet, not every type of NAT can be traversed with PS-STUN. The table in Figure 4.6 shows the combinations of NATs divided into classes where STUN does not suffice. How- ever, PS-STUN is only adequate for classes A, B and C. In this table P and R type are progressive symmetric and random symmetric NATs respectively. The PS-STUN method is based on UDP packets and provides the ability to make a direct connection between clients. The goal is to increase NAT traversal capability and system performance. With the use of PS-STUN, there is a chance of packet loss due to a high sending speed. [51] The method is not well known and no further research was done into it, which results in no clear image of the throughput, latency, overhead and the program itself.

Figure 4.6: Situations where NATs can’t be traversed by STUN [51]

PS-

STUN - Customer involvement: no NAT adjustments: 10

- Latency: less delay: 10

- Customer approval: acceptable: 6 - Overhead: UDP based: 6

- Throughput: UDP based: 6

- Costs: development costs: 6

- Reusability: does not work for all NAT combinations: 6

- Availability: STUN servers available, extension not: 1

- Packet loss: can occur due to UDP: 1

Table 4.4: PS-STUN evaluation

4.6 3G/4G/LTE

The use of 4G/LTE is a relatively easy method, as it goes around the network of the company. Besides this, 4G/LTE has the same frequency almost all over the world, which means it is a viable option to use. Some institutions use it in for example anchored measurement equipment throughout the Netherlands. From the research in Kamil, Nor and Alubady (2015) it can be concluded that for a connection over LTE with the least package loss, the use of TCP is possible. [21] The average latency for a 3G network is 80 ms and that of a 4G network 45 ms, [52] whereas the new cat 9 and 5G networks

(38)

have an average latency of 24 and 8 ms respectively. [53] The research in Nor, Alubady and Kamil (2017) also made a comparison on jitter, which is directly proportional to delay. [19] The overhead in a LTE network generally ranges between 15 and 25 percent. [54, 55] The study in Lao and Teng (2011) shows the possibility of using a 3G network to make a connection to a machine, [56] resulting in the use of VPN technology to control a private IP together with the protocol L2TP and IPSec.

L2TP is the abbreviation of layer two tunnelling protocol and allows for tunnelling in a network. [57]

However, the use of a method such as LTE, can result in many costs, especially with the number of machines Resato has. The costs for using LTE will definitely exceed the e20 000 per year. At this moment Resato has around 200 machines, in a quickly expanding market. In case a 4G connection costse10 per month, this would be e120 per year per machine, thus at least e24 000 per year. Some companies also pointed out that the customers will not be happy knowing that there is a separate connection placed within their network, which could serve as a weak spot to their security. Some buildings scramble wireless connections due to their construction. For example, buildings with much metal will not allow for a good connection through 3G, 4G or LTE.

3G/4G/LTE - Reusability: applicable almost everywhere: 10

- Latency: acceptable: 6

- Customer involvement: none: 10 - Throughput: acceptable: 6 - Availability: good: 10 - Packet loss: none: 10

- Customer approval: dislike customers: 1

- Costs: high: 1 - Overhead: some: 6

Table 4.5: 3G/4G/LTE evaluation

4.7 SWEET

SWEET is a system developed by Houmansadr et al. (2017) for unobservable communication over the internet. [43] The traffic patterns of an imitated method such as Skype make the system more noticeable than a non-imitated system, therefore, SWEET is developed. [58] SWEET uses a public mail provider such as Gmail to exchange encapsulating emails, which allows for the emails to go through the standard email filtering mechanisms. The emails are sent to a general email address or SWEET server, the IP address and recipient’s email address are not observable, which all results in the emails going through filtering mechanisms and remain unidentifiable. [43] The Figure 4.7 shows the main architecture of the SWEET server. The email agent in the figure consists of a SMTP and IMAP server and receives traffic and registration emails. The converter then extracts and decrypts the tunnelled information, after which it sends it to the proxy agent, which sends it to the requested destination. [43] This process works similarly the other way around, towards the client.

Machine communication at Resato

University of Groningen

Integration Project