April 2015
14
I
NTERNET
-
OF
-T
HINGS
Securing IoT designs –
from edge node to the cloud
By Alexander Damisch,
Wind River
Along with integration,
security is the top challenge
in moving IoT faster into key growth
areas such as critical infrastructure
and the industrial market.
Providing all the platforms for both
installed base systems as well
as new deployments, from the device
level up to the cloud,
security can be taken
care of from a system point of view.
When considering an IoT application, the
developer needs to think about the end-to-
end solution. Increasingly, the gateway is seen
as an important part of this solution, but there
is a lot of infrastructure in between to con-
sider; when thinking about this, the openness
of the overall approach will be crucial. IoT is
about sharing and collaboration, therefore
open standards and integration with the eco
system is vital. is is in order to allow third
party applications and other vendors to inte-
grate with the infrastructure.
Security is a key requirement of any IoT solu-
tion, not only that of the communications
between the edge nodes and the cloud, but
also of the devices themselves. Other fac-
tors include the associated communication
latency, and increasingly, aspects of functional
safety as stipulated by IEC61508, particularly
for use in industrial automation designs. For
industrial IoT designs, developers also need
to consider the typical lifecycle of any piece
of equipment used in such an industrial
environment.
A service life of 20 to 30 years is not uncom-
mon, especially for the larger items in indus-
trial and process control plants. Because it is
di cult to predict what an end-to-end system
may look like in the future, the implementa-
tion of standards that allow ease of upgrad-
ing systems in-situ will be a key requirement.
Use of open IP-based communications proto-
cols such as MQTT, XMTP, and light-weight
M2M are all key. ese protocols have a num-
ber of similarities and are ideal for use with
gateways. Particularly, they have the ability
to work over a network that is not always on.
Unlike a classic IT network, where if a cable
is broken then communication completely
fails, these protocols support a publish/sub-
scribe model. MQTT uses a publish/subscribe
approach where, depending on what informa-
tion you require, you decide what informa-
tion you need. It is event-based and provides
a completely open approach. IP- based pro-
tocols like MQTT are also transparent to an
upcoming standard like time-sensitive net-
working. First, it is becoming part of the IEEE
802.1tsn standard, second, it operates at ISO
layer 2, which transparently adds determin-
istic communication in addition to providing
safe and secure partitioning to existing appli-
cation layer protocols.
Another important factor for many IoT appli-
cations is that the communications latency
needs to be guaranteed. If you look at stan-
dard IP communication, obviously we know
that standard TCP/IP has no latency guaran-
tee. In fact, you can easily have a hundredth
of milliseconds delay for clearing bu ers and
so on. TCP/IP is not made for low latencies.
Some protocols can have a lower latency by
using UDP, but it does not guarantee low
latency, especially if you go over multi-hops
or over a switched network. However, using
UDP means that you cannot control quality of
service. As a consequence you have no ability
to plan and measure your worst-case latency
across the network. at’s again where the
time-sensitive networking standard comes in,
when using the appropriate layer 2 switches
can guarantee latency.
ere are several aspects of security to con-
sider. How your edge node or gateway boots
is one of them. e need to ensure that your
boot image is authorized and secure is cru-
cial. If not, running a modi ed version of the
same package would most likely bypass all
the other security measures the application
uses for data and communication. For exam-
ple, from a secure boot point of view, in Wind
River Intelligent Device Platform XT stack
we are using silicon-speci c features to make
sure that we have a secure storage of the key.
If you do a secure boot process with a signed
and encrypted image, using a challenge and
response mechanism you can have 100% cer-
tainty that the key in use has been veri ed and
is valid. Next is run-time security.
For example, within Wind River Intelligent
Device Platform XT, we make sure that if
somebody has tried to modify the applica-
tion we detect this with certain measures at
the operating system level. We’re using tech-
nology from Intel Security to achieve this and
it is based on allocating processes permission
to run speci c resources. If a process attempts
to access a resource it is not permitted to use,
then it can be removed and be highlighted
for investigation. Security within data com-
Figure 1. Building blocks
of any IoT solution
