June 2015
28
I
NTERNET
-O
F
-T
HINGS
– S
ECURITY
system should be designed for 24/7 operation and many years of ser-
vice. For this reason, it is important to use the right components in the
computer: Ceramic capacitors, instead of electrolytic capacitors as the
latter tend to dry out, and industrial CPUs designed for continuous
operation are preferred choices. Other important factors are long-term
availability and support for at least seven years. Security starts with the
BIOS/uEFI; only a manufacturer of embedded CPU boards or modules
can provide the necessary rmware updates beyond product life. Most
platforms provide basic connectivity, i.e. the ability to communicate in
a variety of ways; at least the required interfaces are available. However,
an IoT-enabled platform should make it as easy as possible for the user
to secure the communication. is requires secure encryption of the
communication channels. Ideally, a combination of hardware and so -
ware is used to achieve this. e so ware of the IoT platform accesses
the security hardware using a TPM (Trusted Platform Module) chip.
A TPM can generate true random numbers, and that is extremely
important for any encryption. So ware-generated random numbers
are created on the basis of an algorithm that is to some degree pre-
dictable and hence less secure. e TPM is therefore also a good place
to store algorithm keys securely. Many modern computers are already
equipped with a TPM, but unfortunately this functionality is rarely
used. is may have something to do with the fact that programming
requires some depth of encryption expertise. If the platform itself uses
TPM, the application developer does not need to go into deep details.
e most popular TPM application is BitLocker disk encryption. TPM
is used to check whether the hardware is unchanged, and therefore
trustworthy, and to store the keys securely.
e next billion of IoT devices also need to be managed safely. Remote
access and maintenance have to be performed via secure data links.
ey are also needed to ensure that devices are clearly identi ed. TPM
can help authenticate devices; when there are only a few IoT devices it is
quite easy to keep the so ware up-to-date and apply all necessary secu-
rity and feature updates. To do the same for millions of devices, special
manageability features are required. Technologies from the telecom-
munications sector can help: TR-069 is a protocol for exchanging data
between the server of a communications provider and an associated
customer device. is protocol is used, for example, for secure remote
con guration of DSL routers. OMA DM is used in mobile phones for
initialization and con guration, upgrades and fault management. is
protocol is also perfect for IoT applications.
Unlike standard PCs, IoT devices have a clearly de ned set of func-
tionalities. is allows white-listing so ware so that only permitted and
desired so ware can actually run; malware cannot possibly be activated.
To implement the diverse demands on IoT devices quickly, easily and
securely, Intel has worked with Wind River and McAfee to develop a
so ware package that is tailored to the speci c requirements of the
IoT. e suitable hardware platform for the Intel Gateway Solution for
IoT is tested by Intel. anks to the validated combination of hardware
and so ware, the developer of an IoT application is free to focus on
device functionality, safe in the knowledge that most security aspects
are already covered.
In order to test this technology as simply as possible, congatec has put
together a starter kit comprising all necessary components to rapidly
develop a prototype. e kit contains a Qseven module based on the
Intel Atom E38xx; with a footprint of 70x70mm the module can be
integrated into almost any IoT application. In addition, the kit includes
everything from cables to display and carrier board to test the Intel
Gateway Solution for IoT directly on a certi ed hardware. is starter
kit, a successful combination of technologies from Intel, Wind River,
McAfee and congatec, makes both current and future IoT challenges
easier to handle, especially as far as increasingly important security
aspects are concerned.
e congatec IoT kit provides a complete set for the rapid prototyp-
ing of embedded IoT applications. In addition to a Qseven Com-
puter-on-Module (COM) based on the latest Intel Atom processor
technology, a compact IoT carrier board and a 7” LVDS single touch
display with LED backlight, the starter kit contains an extensive set of
accessories including AC power supply and 802.11 WLAN antenna
with IoT Wind River Linux image on USB stick. With the provided set
of cables, developing an IoT demo system takes a matter of minutes.
e Qseven module is equipped with the Intel AtomE3827, with 2 cores,
1MB Cache, 1.75 GHz, 8 watt TDP, 2GB onboard DDR3L memory and
4 GB onboard eMMC4 media storage. Compared with the previous
model, the integrated graphics is signi cantly more powerful, support-
ing DirectX 11, OpenGL 3, OpenCL 1.2 and high-performance, exible
hardware decoding to decode multiple high-resolution full HD videos
in parallel. e processor natively supports up to 2,560 x 1,600 pixels
via DisplayPort and 1920 x 1200 pixels via HDMI. It is further possible
to connect up to two independent display interfaces via 2x 24-bit LVDS.
Native USB 3.0 support ensures fast data transmission with low power
consumption. A total of ve USB 2.0 ports are provided, one of which
is designed as USB 3.0 SuperSpeed.
ree PCI Express 2.0 lanes and two SATA ports with up to 6 Gb/s
enable fast and exible system extensions. Use of an Intel I210 Gigabit
Ethernet controller promises best so ware compatibility. A MIPI cam-
era interface, an I2C bus, an LPC bus for easy connection of legacy I/O
interfaces and Intel High De nition Audio complete the feature set.
n
Features of an IoT solution based on the “Intel Gateway Solution for IoT”
Figure 3. Available security and manageability features
