Telecoms, Datacoms, Wireless, IoT


The five pillars of secure IoT design

19 April 2017 Telecoms, Datacoms, Wireless, IoT

For any industrial Internet of Things (IoT) application, ensuring signal integrity is crucial for safety and operational reliability. However, even the most robust system has many attack surfaces that are vulnerable to would-be ­hackers intent on compromising a system. This is unacceptable for high-reliability systems in general, but as more contextual information gets added, including time and position, the level of compromise increases dramatically, so gaps in security must be identified and closed at every opportunity.

In the case of an IoT sensor, a chain of trust must be established from the sensor to the microcontroller and wireless module, and all the way through to the end application. In industrial applications for the IoT, every attack surface must be secured in order to establish a chain of trust. u-blox refers to this as its five pillars of secure IoT design:

• Device firmware and Secure Boot.

• Communications to the server.

• Interface security.

• Enforcing API control.

• Robustness that includes handling spoofing/jamming.

Secure Boot ensures that a device is executing the intended firmware by authenticating at each stage before booting the next process. Also, while over-the-air updates are useful for mass uploads of many widely deployed IoT devices, they create an attack surface that can be vulnerable, so all firmware must first be validated before being installed. A good implementation will include a backup of a previously authenticated image to allow backtracking if there is a problem.

At the communications or transport layer, a device needs to be able to authenticate itself with the server and all exchanged data should be encrypted, with no possibility of a ‘man in the middle’ attack. Secure key management will allow for this, even on a per-session basis.

The defined APIs that provide access to device functionality are also a vulnerability that must be addressed, though they are often overlooked. This is particularly insidious as hackers usually have a lot of time to look for open APIs and explore their relationship to device functionality and features, which sometimes might include access to paid services. Also, developers often use undocumented APIs for their own test and configuration purposes, so these must be protected too, using the same formal authentication and authorisation processes as used for all APIs.

The fifth link in securing IoT devices involves ensuring robustness, such as when facing jamming or spoofing attempts that might undermine the device’s ability to get accurate position data from a GNSS. The design must be able to detect that the reported information is not accurate and report the situation to the user or IoT network operator.

For more information contact Andrew Hutton, RF Design, +27 (0)21 555 8400, andrew@rfdesign.co.za, www.rfdesign.co.za



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

V2X transceiver modules
30 September 2020, RF Design , Telecoms, Datacoms, Wireless, IoT
The VERA-P3 Series from u-blox are automotive grade 802.11p V2X (vehicle-to-everything) transceiver modules that operate in the 5,9 GHz frequency band. These automotive-grade modules are based on the ...

Read more...
Voltage tuneable notch filter bank
30 September 2020, RFiber Solutions , Telecoms, Datacoms, Wireless, IoT
Atlanta Micro’s AM3129 is a miniature voltage-tuneable notch filter bank covering the 1,0 to 6,0 GHz frequency range in a 4 mm QFN package. Six notch filters and two bypass paths with SP8T switches on ...

Read more...
Permanent mounting MIMO antenna for Wi-Fi
30 September 2020, RF Design , Telecoms, Datacoms, Wireless, IoT
The Ultima MA530 MIMO antenna from Taoglas is a low-profile, heavy-duty, fully IP67 waterproof external M2M antenna for use in transportation and remote monitoring applications. It provides high efficiency ...

Read more...
SPST RF switch for high-performance aperture tuning
30 September 2020, Hi-Q Electronics , Telecoms, Datacoms, Wireless, IoT
Skyworks has introduced the SKY59272-707LF, a single-pole, single-throw (4xSPST) switch designed for antenna tuning applications that require ultra-low off-capacitance and low on-resistance. This device ...

Read more...
Applications for RF electromechanical relay switches
30 September 2020, RF Design , Telecoms, Datacoms, Wireless, IoT
RF electromechanical switches are a key active device in many signal chains, including time-domain duplex communications and pulsed radar applications. Such switches can be as simple as a 3-port toggle ...

Read more...
Diplexer for GNSS L1 and L2
31 August 2020, RF Design , Telecoms, Datacoms, Wireless, IoT
The Taoglas DXP.01.A is a diplexer for GNSS L1 and L2. This advanced compact SAW diplexer is for use in any navigation system application using the GPS/GALILEO L1, GLONASS L2 and BeiDou B2 bands. The ...

Read more...
Miniature SMT noise sources
31 August 2020, RF Design , Test & Measurement
Pasternack has released a new series of miniature SMT packaged noise sources that are ideal for built-in test equipment, dithering for increased dynamic range of A/D converters and as a source for bit ...

Read more...
Quectel unveils SA800U-WF premium smart module to enable computing and multimedia applications on Android OS devices
31 August 2020, iCorp Technologies , Telecoms, Datacoms, Wireless, IoT
Quectel Wireless solutions has launched its SA800U-WF premium smart module which features a built-in Android 9.0 or 10.0 operating system (OS). The new module features a high performance, low power 64-bit ...

Read more...
Directional coupler
31 August 2020, RF Design , Telecoms, Datacoms, Wireless, IoT
The MC16-0222SM from Marki Microwave is a directional coupler with frequency DC to 22 GHz, coupling 16&nbspdB, directivity 14 to 23&nbspdB, insertion loss 1,2 to 3,5&nbspdB, and operating temperature ...

Read more...
Bluetooth wearable tags for social distancing
31 August 2020, RF Design , Telecoms, Datacoms, Wireless, IoT
Nordic Semiconductor has announced that DigitalAlerts, an Eindhoven, Netherlands-based designer and manufacturer of smart digital warning systems, has selected Nordic’s nRF51822 Bluetooth Low Energy (Bluetooth ...

Read more...