Subscribe to our Newsletter | To Post On IoT Central, Click here


iot gateway (5)

How to enable IoT Gateway Hardware Security?

In IoT ecosystem, gateway security is of prime importance since it is the key piece of data collection in the connected system. But how to ensure security of IoT gateways? Read this blog to find different ways to secure IoT gateways.

Along with many technological, environmental, and economic benefits, the rapidly moving connected world also represents an array of growing attacks like side-channel attacks, fault attacks, physical tampering, etc. Considering these risks, ensuring security and robustness of IoT becomes inevitable, in which IoT gateways play an important role.

IoT Gateways are undoubtedly the heroes of whole IoT paradigm, as they are the key piece of data collection in the connected system. In IoT ecosystem, security is the key aspect, in which, IoT gateway security is of prime importance since a secured gateway enables robustness of the entire IoT environment. If there are no sufficient security measures, there are chances of potential risks like malicious threats, spoofing, man-in-the-middle (MITM) attacks, data snooping, etc. If you lose a gateway in the middle of the communication chain, it will jeopardize the entire IoT ecosystem as gateway act as a gate or bridge between the edge devices and cloud.

So how do you know whether your IoT gateway is secure or not?

Listed below are some common questions related to the security of IoT gateways. If your concern matches with any of the below questions, then there is the need to consider gateway security for your IoT ecosystem:

  • How can edge device sense and prohibit unsecured gateways, or vice versa?
  • How can peripherals ensure their data are successfully relayed in the face of gateways?
  • What happens if someone snoops the data from the gateway?
  • What if the gateway is located in a remote location and is sending incorrect information to the cloud? In this case, how can gateways help in reverting information?
  • Is it possible for gateways to build and demonstrate reputation-based trust?

Trustworthiness of gateway is the key aspect in the IoT ecosystem. To overcome the security concern, let’s explore some of the key hardware security aspects that can be implemented to secure IoT gateways.

TPM (Trusted Platform Module)

What is TPM?

It is a microprocessor that integrates with system hardware on a gateway to perform crypto operations, such as key generation, key storage and protects small amounts of sensitive information, such as passwords, measurement data for boot software and cryptographic keys to provide hardware-based security.

How does it work?

TPM is often built into a system to provide hardware-based security. It is a combination of hardware and software to protect credentials when they are in unencrypted form.  TPM is based on a trusted execution environment (hardware root of trust) that provides secure storage of credentials and protected execution of cryptographic operations. It is isolated from the main CPU and implemented either as a discrete chip, a security coprocessor or in firmware.

  • Microprocessor scans the firmware and validates the key. If the key is valid, then the processor begins executing the firmware, but if not then, processor halts.
  • The TPM is used to store platform measurements that help ensure that the platform remains trustworthy. It contains a set of registers that comprise of RTM measurements for launch modules of the boot software.
  • The computing platform must have a root of trust for measurement (RTM) that is implicitly trusted to provide an accurate validation of the boot code modules. The TPM provides the root of trust for reporting and a root of trust storage for the RTMs. The TPM stores a set of “known good” measurements of boot components that are securely generated and stored.

Hardware Root of Trust/Chain of Trust: It is the fundamental part of secured computing. The secure boot process is utilized to implement a chain of trust.

  • Bootstrapping is a secure system or device that involves a chain of steps, where each step relies on the accuracy and security of the previous one. At the end of the chain, you assume or verify the correctness of the last step – this step becomes the Root of Trust (RoT). The Root of Trust is provided by hardware services, including cryptographic support, secure key storage, secure signature storage, and secure access to trusted functions. This allows the creation of a trusted module forming the basis, or root, for validating other components within the system.  The chain of trust begins with the bootloader.  From this boot loader, the OS is validated, and from the OS, the applications are validated, creating a chain of trusted elements.

TEE (Trusted Execution Environment)

What is TEE?  

The TEE is an insulated and secure area of the main processor providing security functionality for application integrity and confidentiality. The TEE differentiates between security functionality and operational functionality.

How does it work?

  • It mainly consists of three parts: Trusted OS, internal micro-kernel, and APIs. Used for security check parallel to standard OS.
  • Common security functions include isolated execution of security operations, the integrity of code loaded and data stored and confidentiality of data stored in the TEE. It protects data-at-rest and data-in-use within the TEE.
  • It also provides higher performance and access to a large amount of memory.

Security properties that TEE can achieve

  1. Isolated execution
  2. Secure storage
  3. Device identification
  4. Device authentication
  5. Platform integrity

All the above security properties can be achieved using the measured boot, secured boot, and attestation.

  • Secured Boot: It is a security standard verified by the trusted OEMs that ensures authenticity and integrity of a device’s boot. When the first boot happens, only the validated code from the device OEM is allowed to run to verify and validate the authenticity of software present in the gateway. This prevents attackers from replacing the firmware with versions created to perform malicious operations. It provides the APIs required for code signing, code validation, and secure firmware updates.
  • Measured Boot: Measured boot is generally used for integrity protectionAs anti-malware software has become better at detecting runtime malware, attackers are also becoming better at creating rootkits that can hide from detection. Detecting malware that starts early in the boot cycle is a challenge. At this time, measured boot measures each block, from firmware up through the boot start drivers, stores those measurements on the hardware, and then makes a log that can be tested remotely to verify the boot state of the client.
  • Attestation: In cloud computing scenario, attestation is an essential and interesting parameter, often rooted in having trusted hardware component to build trusted system. It is basically used in the process of validating integrity in terms of software and information for securing embedded systems. Attestation uses cryptography identity techniques that confirm the identity and authentication credentials of remote devices, without revealing the devices and their own identities.

IoT gateways are crucial to addressing the inherent complexity. By using the pre-ensured hardware building blocks like TEE and TPM, you can secure the whole communication chain from the connectivity of legacy devices, data storage on a gateway, secure data transmission as well as the fast deployment of data on the cloud to perform intelligent analytics.  There should be some programmable architecture that ensures confidentiality and integrity against specific attacks. So, layered IoT gateway security is essential.

For more information on our security capabilities, visit: From edge to cloud: A comprehensive look at IoT device security

Read more…

IoT gateway clustering makes sense for large-scale implementations where uptime and scalability are critical. Find out how it works.

IoT gateways may be the unsung heroes of the Internet of Things world. Without them, there would likely be no expectations of tens of billions of IoT devices coming online in the next few years. In many respects, gateways are the glue that holds many IoT implementations together. They enable real-time analysis of IoT data and link multitudinous connected sensors and devices to the cloud. In addition, gateways act as a bridge between various sensor types and connectivity protocols, while helping to link equipment from an organization’s information technology (IT) and operation technology (OT) departments.

But gateways can also be single points of failure in IoT networks. In a poorly designed system, when a gateway goes down, critical functions stop. Preventing that outcome is possible, however, with an IoT gateway architecture based on the idea of clustering.

Why we need gateway clustering

Many IoT projects have anywhere from hundreds to millions of connected devices. Networks supporting such a large scale of endpoints ideally use a cluster of gateways connected to one another via a mesh network. If one node goes down, the redundancy of that network topology ensures reliability and the continuity of cloud communication for commands and storage of data.
Let’s take a look at how this works: IT and OT buses establish the connection between gateways, some of which are linked to the cloud and others that are connected to other gateways. If one gateway goes down as a result of excess load or internal faults, the network transfers the running application configuration and APIs to another gateway in the cluster using the OT bus.

A gateway control center in the cloud manages the transfer of application data between gateways. The control center also can configure the cluster by defining the geographic correlation of gateways, which are units placed near one another and connected remotely to the same set of sensor devices, enabling a backup for the neighboring gateway. During a failure, IoT gateways can transfer their applications and device connections to one another and at the time of a threshold limit. For example, if a gateway

 is connected to a ZigBee device, it cannot transfer applications to another gateway beyond a predefined distance. In this case, a geo-correlated gateway can help build redundancy into the system by shadowing the functionalities of the neighbor gateway. Hence it is important that the IoT gateway architecture and device layout are geographically correlated to achieve uninterrupted connectivity.

Clusters for load balancing

To avoid overloading a single gateway, you can use a cluster manager to define the threshold occupancy of each gateway, and the data are distributed to different gateways in the cluster for faster response and balanced load distribution. When a gateway load goes beyond a set limit, it transfers the excess load to a nearby gateway automatically.

How edge and fog analytics works in a cluster

Clustering enables distributed edge analytics. The distributed edge nodes allow processing of data at the edge before transferring it to the cloud. This reduces latency. The edge-filtered data can be sent to the fog node or cloud directly for post-event processing. Further, the individual cluster creates a fog node, and a combination of fog nodes allow distributed fog computing. It gives the benefit of fast and real-time data analysis in any large geographical area, enabling faster fault response time.

Horizontal scaling in a gateway cluster

Horizontal scaling is the ability of an IoT framework to add more gateways to an existing mesh network. To enable that, gateways need to be connected to each other through a common communication bus. (At eInfochips, we call this a “communication interface bus,” which is a combination of OT buses.) With OT bus connectivity, any new gateway can be added without modification to the existing network of devices.

Vertical scaling in a gateway cluster

Any functional capability increment with memory, device software, OS, hardware, device configuration and APIs constitutes vertical scaling. Microservice application based architecture for gateways allow vertical scaling options. This enables you to add as many devices, resources and microservices to the gateway as your requirements change.

To conclude, gateway clustering should be a consideration for large-scale IoT implementations where uptime and scalability are critical. Implementing gateway clusters, however, requires careful deliberation and planning. However, a well-structured approach to IoT gateway clustering enables enterprises to start small and address specific IoT use cases, while preparing for future large-scale IoT ecosystem deployments.

(Originally Published by Me on IoT Institute)
Read more…

Connected devices or IoT seem to have become the de facto solution for any industry, today. Increase in connected devices lead to increase in the amount of data transferred, stored, computed, and consumed across networks and devices. This propels a need for an efficient data management and data security. IoT Device Lifecycle Management plays a key role and enables industries to manage its connected devices with ease, and at the same time provides additional advantages like data security, remote control, and multi-protocol connectivity etc.

IoT Device Lifecycle Management is aiding industries to transition their systems to “Smart” ecosystems. It plays a much important role in enabling a broader view on entire device infrastructure.

Let’s take a look at how an IoT DLM is helping Utility and Home Automation verticals:

1.   Smart Grids :

(i)  “What is a smart grid??”

Smart grid is the adoption of ‘Smart’ technologies in the expansion of Transmission and Distribution network, enabling a demand-based power supply production. Smart technology enables optimized utilization of energy resources by providing real-time insights on energy consumption, with the help of smart metering and automation at the distribution end.

Smart meter is a device that periodically stores the electrical energy con

sumption data and intimates the energy provider in a timely manner for monitoring and billing. Unlike previous metering methods, smart meter has more advanced sensors, power consumption notifications, and bi-directional communication between the meter and energy provider.

How DLM Is Helping In Smart Energy System :

At present, government regulations are changing towards energy conservation, motivating consumers towards smart metering. Device Lifecycle Management enables smart metering through AMI (Advance Metering Infrastructure) system. AMI is a system which enables two way communication between utility provider and consumer.

DLM Benefits for Consumer

(i) The consumer can manage his energy consumption through the system, which will continually show them energy utilization for every device connected to    the AMI System.

(ii) A home area network (HAN) for communication between devices, enabling a wide range of protocols and standards.

(iii) DLM has a data analysis system providing an in-depth energy consumption analysis for each device connected in the network, accordingly it helps the        consumer to plan their energy utilization in a cost effective way.

(iv) Consumers have control of devices through mobile applica

tions, so they can utilize and manage energy by scheduling up-time for each device.

(v) AMI + HAN + DLM resulting into a Smart Grid System.

DLM Benefits for Utility Provider:

(i) AMI system periodically sends data about load variations and peak time of maximum energy utilization by the consumer to utility providers.

(ii) Through DLM, utility provider can point out customers’ peak energy consumption time, consumers can focus on the devices those are running on that time  period and manage them accordingly.

(iii) Energy distributor can incorporate data analysis and 

get insights into monthly consumption of consumer, load variations, and peak load timings.    Accordingly, utility provider can enable a dynamic pricing for consumers during the peak hours.

(iv) By way of load analysis, the utility provider can also get insights into the times of heavy energy usage and send notifications to the customer about the peak in usage and in turn the customer can manage the energy usage or can check for any malfunctions in the devices at the consumer end. This will help with excessive usage and also identifying faulty devices.

2.    Smart Building :

Smart Building is centralized control on building utilities like heating, air conditioning, lighting, security, alarm system, etc. IoT Device Lifecycle management plays a key role in smart building design and facilitates user comfort, energy efficiency and increase in device lifecycle. Smart building includes building automation through networking, communication protocols, sensors/actuators, IoT gateway, ventilation control, HVAC system, and other electronics devices for monitoring and control.

How IoT Gateway Playing Role in Smart Building??

(i) In building automation, first stage is sensors and actuators data input, all sensors are equipped with wire or wireless protocols (Bluetooth, ZigBee, Z-wave, LAN etc.) for communication with IoT gateway.

(ii) IoT Gateway provides interfacing between Sens

ors and cloud forming a bridge between them. It enables device software updates, device on-boarding, control panel, diagnostic information etc.

(iii) Real time data analysis from devices or sensors and provides necessary output or command message to the control system. Message can be an alarm, HVAC control message or other utilities management commands.

(iv) IoT gateway enables data analysis for each device. The User can utilize energy efficiently by scheduling device up time and down time according to data analysis.

(v) It is enabling building automation or smart building implementation easy and reliable. It enables security through layered security system (TPM & TEE, authorized connection, no third party inclusion), which covers both data and hardware security.

How DLM is an Essential part for Building Automation:

(i) DLM enables remote control on building utilities like lighting, alarm systems, HVAC system etc.  

(ii) HVAC System: Heating, Ventilation, and Air Conditioning (HVAC) is a system which is so common in current technologies of building construction. DLM enables remote control of HVAC system with real time data analysis. For example, if the sensor data are showing a drop in temperature then DLM will control the air conditioning according to the required temperature. DLM controls pneumatic and hydraulic valves (Ventilator, Water Piping) by sending control signals to actuators which results in the complete mechanical control of the cooling air/water flow in the building.

(iii) DLM offers centralized alarm system for fire, gas leakage, humidity, temperature, etc. All alarm systems are remotely controlled and user gets real time notification if there is an alert.

(iv) It enables control of the lighting system of the building by changing their intensity according to the daylight. Input from the photovoltaic sensors and DLM data analysis results into the output control signals for lights.

(v)  DLM provides device authentication and verification whenever there is an updating of the system. It enables a secure environment with a layered security system, hardware, data, and software. 

In summary, IoT Device Lifecycle Management is the key growth driver for many industries, today. As in the cases explained above, it helps stakeholders on both sides of the equation – the consumers and service providers.

Read more…

Bluetooth 5 & IoT - The perfect match

The global wireless connectivity market is expanding exponentially, and Bluetooth is heading back to join the IoT pack. Bluetooth 5, one of Internet of Things (IOT) mainstay technology is also set to expand. It all set to cater the growing beacon devices segment.

The update will allow for richer information broadcast, speed upgrades, and low energy usage. The low energy feature built specifically for IoT devices will support speed up to two megabits per second which means more building and home coverage. Devices can be connected even if positioned outside. Another interesting feature will be the use Bluetooth powered communication in smart cities, where the usage has been restricted till now. The mesh networking support which is touted to be present in the release can make BLE stronger for usage in tracking assets and waste management.

There is a shift from the traditional Bluetooth device and app pairing, as IoT devices move towards the wireless model. Beacons are used to send out rich data collected by smartphones for creating a rich user experience.

Bluetooth 5 supports the advertising extensions feature, which provides the continuation of permission based advertising outside regular channels. The Broadcasted data can be received within the Bluetooth device range. Visitor and asset tracking, indoor navigation can be done more easily with the improved Bluetooth features.

An example includes shops which announce real-time discounts to offer personalized deals and dynamic content to motivate participation. Bluetooth 5 also claims to reduce interference with other wireless technologies for coexisting in the global IoT environment.

Harman IoT services include gateway solutions which capture the data from devices to help business future proof their strategy and create value. As Bluetooth is expected to be featured in over 400 million IoT devices by 2020, the combination will offer a more seamless experience.

And will create new opportunities across IoT verticals giving vendors the flexibility to target multiple applications. Overall Bluetooth connections will get faster and more reliable to suit the traffic demands and integrate in IoT deployments, opening doors to huge opportunities.

 

 

 

Read more…

Upcoming IoT Events

More IoT News

IoT Career Opportunities