Telecoms, Datacoms, Wireless, IoT


The five pillars of secure IoT design

19 April 2017 Telecoms, Datacoms, Wireless, IoT

For any industrial Internet of Things (IoT) application, ensuring signal integrity is crucial for safety and operational reliability. However, even the most robust system has many attack surfaces that are vulnerable to would-be ­hackers intent on compromising a system. This is unacceptable for high-reliability systems in general, but as more contextual information gets added, including time and position, the level of compromise increases dramatically, so gaps in security must be identified and closed at every opportunity.

In the case of an IoT sensor, a chain of trust must be established from the sensor to the microcontroller and wireless module, and all the way through to the end application. In industrial applications for the IoT, every attack surface must be secured in order to establish a chain of trust. u-blox refers to this as its five pillars of secure IoT design:

• Device firmware and Secure Boot.

• Communications to the server.

• Interface security.

• Enforcing API control.

• Robustness that includes handling spoofing/jamming.

Secure Boot ensures that a device is executing the intended firmware by authenticating at each stage before booting the next process. Also, while over-the-air updates are useful for mass uploads of many widely deployed IoT devices, they create an attack surface that can be vulnerable, so all firmware must first be validated before being installed. A good implementation will include a backup of a previously authenticated image to allow backtracking if there is a problem.

At the communications or transport layer, a device needs to be able to authenticate itself with the server and all exchanged data should be encrypted, with no possibility of a ‘man in the middle’ attack. Secure key management will allow for this, even on a per-session basis.

The defined APIs that provide access to device functionality are also a vulnerability that must be addressed, though they are often overlooked. This is particularly insidious as hackers usually have a lot of time to look for open APIs and explore their relationship to device functionality and features, which sometimes might include access to paid services. Also, developers often use undocumented APIs for their own test and configuration purposes, so these must be protected too, using the same formal authentication and authorisation processes as used for all APIs.

The fifth link in securing IoT devices involves ensuring robustness, such as when facing jamming or spoofing attempts that might undermine the device’s ability to get accurate position data from a GNSS. The design must be able to detect that the reported information is not accurate and report the situation to the user or IoT network operator.

For more information contact Andrew Hutton, RF Design, +27 (0)21 555 8400, andrew@rfdesign.co.za, www.rfdesign.co.za



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Module combines 5G and NTN support
Quectel Wireless Solutions Telecoms, Datacoms, Wireless, IoT
Quectel Wireless Solutions announced the launch of its BG770A-SN ultra-compact 5G-ready satellite communication module, compliant with 3GPP releases 13, 14 and 17.

Read more...
Scalable and secure IoT device onboarding and management
Telecoms, Datacoms, Wireless, IoT
EasyPass is an enhancement within Cambium’s cnMaestro platform, aimed at providing local businesses with secure, efficient, and scalable device management, making it ideal for high-demand environments such as educational institutions, retail spaces, and corporate campuses.

Read more...
3,75 GHz RF inductor
RF Design Passive Components
The ceramic chip wire wound inductor from Coilcraft features a DC resistance of 1 O, a DC current of 175 mA, and a self-resonant frequency of 3,75 GHz.

Read more...
SIMCom’s A7673X series
Otto Wireless Solutions Telecoms, Datacoms, Wireless, IoT
SIMCom’s A7673X series is a Cat 1 bis module that supports LTE-FDD, with a maximum downlink rate of 10 Mbps and an uplink rate of 5 Mbps.

Read more...
Non-terrestrial network module
Altron Arrow Telecoms, Datacoms, Wireless, IoT
Fibocom unveiled its MA510-GL (NTN), a non-terrestrial networks module which is compliant with 3GPP Release 17 standard.

Read more...
Cellular IoT connectivity via satellite
Altron Arrow Telecoms, Datacoms, Wireless, IoT
The Telit Cinterion cellular LPWA module will enable satellite data communication using the NB-IoT protocol, without any special hardware changes required for the integration of the cellular module in the customer application.

Read more...
Unlocking the future of connectivity
Telecoms, Datacoms, Wireless, IoT
The battle for the 6 GHz spectrum band is heating up in South Africa, mirroring global debates on the allocation of spectrum between Wi-Fi and cellular operators.

Read more...
Quectel wireless module wins accolade
iCorp Technologies Telecoms, Datacoms, Wireless, IoT
The winners of the 2024 IoT Evolution 5G Leadership Award were recently announced, with Quectel walking away with an award for its modules which make 5G features more easily accessible for IoT applications, notably the company’s RG255C-GL.

Read more...
Innovative upgrade process for 2G/3G
Otto Wireless Solutions Telecoms, Datacoms, Wireless, IoT
What is likely to happen during the sunset period for 2G and 3G signals, especially on the back of already near-obsolescence of 2G network equipment, is for the availability of the connectivity mediums to begin to reduce between now and the shutdown date.

Read more...
RFID in aviation: the ultimate solution to baggage mishandling
Osiris Technical Systems Editor's Choice Telecoms, Datacoms, Wireless, IoT
Creating a solution that enables real-time tracking of airline baggage on a global scale seems like an impossible task when considering the number of airlines, airports, and passengers that flow through and between them.

Read more...