Telecoms, Datacoms, Wireless, IoT


The five pillars of secure IoT design

19 April 2017 Telecoms, Datacoms, Wireless, IoT

For any industrial Internet of Things (IoT) application, ensuring signal integrity is crucial for safety and operational reliability. However, even the most robust system has many attack surfaces that are vulnerable to would-be ­hackers intent on compromising a system. This is unacceptable for high-reliability systems in general, but as more contextual information gets added, including time and position, the level of compromise increases dramatically, so gaps in security must be identified and closed at every opportunity.

In the case of an IoT sensor, a chain of trust must be established from the sensor to the microcontroller and wireless module, and all the way through to the end application. In industrial applications for the IoT, every attack surface must be secured in order to establish a chain of trust. u-blox refers to this as its five pillars of secure IoT design:

• Device firmware and Secure Boot.

• Communications to the server.

• Interface security.

• Enforcing API control.

• Robustness that includes handling spoofing/jamming.

Secure Boot ensures that a device is executing the intended firmware by authenticating at each stage before booting the next process. Also, while over-the-air updates are useful for mass uploads of many widely deployed IoT devices, they create an attack surface that can be vulnerable, so all firmware must first be validated before being installed. A good implementation will include a backup of a previously authenticated image to allow backtracking if there is a problem.

At the communications or transport layer, a device needs to be able to authenticate itself with the server and all exchanged data should be encrypted, with no possibility of a ‘man in the middle’ attack. Secure key management will allow for this, even on a per-session basis.

The defined APIs that provide access to device functionality are also a vulnerability that must be addressed, though they are often overlooked. This is particularly insidious as hackers usually have a lot of time to look for open APIs and explore their relationship to device functionality and features, which sometimes might include access to paid services. Also, developers often use undocumented APIs for their own test and configuration purposes, so these must be protected too, using the same formal authentication and authorisation processes as used for all APIs.

The fifth link in securing IoT devices involves ensuring robustness, such as when facing jamming or spoofing attempts that might undermine the device’s ability to get accurate position data from a GNSS. The design must be able to detect that the reported information is not accurate and report the situation to the user or IoT network operator.

For more information contact Andrew Hutton, RF Design, +27 (0)21 555 8400, [email protected], www.rfdesign.co.za



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

SMT-mountable card connectors
Telecoms, Datacoms, Wireless, IoT
Würth Elektronik introduces four new SMT-mountable Nano SIM and microSD card connectors and expands its range with solutions for the smallest packages.

Read more...
Module for smart city and smart utility devices
iCorp Technologies Telecoms, Datacoms, Wireless, IoT
Quectel Wireless Solutions has launched the Quectel KCM0A5S, a high-performance Wi-SUN module designed for smart applications such as street lighting, precision agriculture, industrial IoT, smart meters and smart cities.

Read more...
Ultra-low-power wireless module
Altron Arrow Telecoms, Datacoms, Wireless, IoT
The STM32WBA5MMG from STMicroelectronics is an ultra-low-power, small form factor, certified 2,4 GHz wireless module that supports Bluetooth LE, Zigbee 3.0, OpenThread, and IEEE 802.15.4 proprietary protocols.

Read more...
Energy harvesting and Matter for smarter homes
RF Design Power Electronics / Power Management
Qorvo’s collaboration with e-peas on the Matter Enabled Light Switch marks another significant step in advancing Matter adoption across the IoT industry.

Read more...
Quectel partners with GEODNET
Quectel Wireless Solutions Telecoms, Datacoms, Wireless, IoT
Quectel Wireless Solutions has partnered with GEODNET to deliver Quectel’s Real-Time Kinematic (RTK) correction services, enabling high-precision positioning for IoT applications.

Read more...
Bringing Bluetooth Channel Sounding to automotive and beyond with KW47
Altron Arrow Telecoms, Datacoms, Wireless, IoT
NXP’s new Channel Sounding-certified KW47 and MCX W72 wireless MCUs are set to help automakers with distance measurement, bringing an additional ranging solution for car access and autonomous systems, and will be utilised across a broader spectrum of applications.

Read more...
Dual-band GNSS antenna
RF Design Telecoms, Datacoms, Wireless, IoT
The Taoglas Accura GVLB258.A, is a passive, dual-band GNSS L1/L5, high-performance antenna for high precision GNSS accuracy and fast positioning.

Read more...
What is Wi-Fi HaLow and why choose it for IoT?
iCorp Technologies Editor's Choice Telecoms, Datacoms, Wireless, IoT
Wi-Fi HaLow introduces a low power connectivity option that, in contrast to other Wi-Fi options, offers greater range of approximately 1 km, which opens up a raft of IoT use cases.

Read more...
Wi-Fi 6 and Bluetooth LE coprocessor module
Altron Arrow Telecoms, Datacoms, Wireless, IoT
The ST67W611M1 from STMicroelectronics boasts an all-in-one design which, together with its capabilities, contribute to making it an attractive choice for IoT edge devices requiring a single-chip solution.

Read more...
Futureproofing IoT connectivity
SIMcontrol Telecoms, Datacoms, Wireless, IoT
A managed private APN assigns every device to an isolated carrier slice, producing a single ingress to the enterprise network, with traffic bypassing shared internet paths and reducing exposure.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved