Geolocation

IoT Security–Essentials–Part 01

February 1, 2017 Cloud to Device, Communication Protocols, Connected, Connectivity, Contrained Networks/Devices, Device to Cloud, Geolocation, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Tech-Trends No comments , , , , ,

Security(Cyber Security) is an essential requirement for any IoT platform or devices or end users and the communication infrastructure.  In order to achieve or design best possible security solutions,  to avoid some external entity or hacker gaining access to your IoT device or infrastructure, every architect or system designer should do Threat Modeling exercise.  As the system is designed and architected, we can minimize the exposure to external threats to our IoT architecture.

With this article I am trying to provide you relevant bits and pieces essential for your understanding:

What is Cyber Security?

As per WhatIs.com – “Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.”

To make it more clear and simpler – Cyber Security also known as Computer security, or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection.

What is Threat Modeling?

The objective of threat modeling is to understand how an attacker might be able to compromise a system and then make sure appropriate mitigations are in place. Threat modeling forces the design team to consider mitigations as the system is designed rather than after a system is deployed. This fact is critically important, because retrofitting security defenses to a myriad of devices in the field is infeasible, error prone and will leave customers at risk.

[Content courtesy:  Microsoft]

In order to optimize security best practices, it is recommended that a proposed IoT architecture be divided into several component/zones as part of the threat modeling exercise.

Relevant Important  Zones  for an IoT architecture  :

  • Device,
  • Field Gateway,
  • Cloud gateways, and
  • Services.

Each zone is separated by a Trust Boundary, which is noted as the dotted red line in the diagram below. It represents a transition of data/information from one source to another. During this transition, the data/information could be subject to Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege (STRIDE).

[Content courtesy:  Microsoft]

This diagram like below provides a full 360 view you any proposed solution:

iot-security-architecture-fig1

Summary of important Sections/Zones:

  1. The Device Zone – represents a thing or device where device to device or local user physical access is possible.
  2. The Field Gateway Zone –  Field gateway is a device/appliance (Embedded/Hardware) or some general-purpose software that runs on a Physical Server, and acts as communication enabler and potentially, as a device control system and device data processing hub.
  3. The Cloud Gateway ZoneCloud gateway is a system that enables remote communication from and to devices or field gateways from several different sites across public network space, typically towards a cloud-based control and data analysis system, a federation of such systems.
  4. The Services Zone –  A “service” is  any software component or module that is interfacing with devices through a field- or cloud gateway for data collection and analysis, as well as for command and control. Services are mediators.

Once we identified threat boundaries we should be able to provide fail safe security measures each associated zones, to meet the business needs and global information exchange and data compliance  standards.  It is also important to design the product from the start with security in mind because understanding how an attacker might be able to compromise a system helps make sure appropriate mitigations are in place from the beginning.

In next session, we will go through Microsoft’s IoT Reference architecture and associated security measures been put together across each zones. 

Additional Resources:

IoT Jargons – Identity of Things (IDoT)

January 6, 2017 Communication Protocols, Connected, Connectivity, Emerging Technologies, futuristic, Geolocation, Human Computer Interation, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Programs, Robotics, Tech-Trends No comments

The Identity of Things (IDoT) is an area involves assigning universal unique identifiers (UUID) with associated metadata to devices and objects (things), to identify, connect and communicate effectively with other machines over the internet or within constrained local network.

The metadata included with the UUID characterizes the identity of an endpoint. Identity is an essential part of the Internet of Things (IoT), in which nearly anything conceivable can be tended to and organized for exchange of information on the web. In this specific cases, a thing can be anything – including both physical and sensible articles – that has a specific own identifier and the capacity to exchange information over a network.

Addressability and Reachability makes it possible for things/devices to be targeted and found. To make it addressable for  the Internet of Things, a thing must be globally uniquely identifiable(no other thing with same identity).

To make communication among things effective and secure, following are some of the essential considerations for identities of things:

  • Maintaining a Lifecycle:  IoT Devices should be capable of maintain a lifecyle depending on the use and duration of sustainability of the device. Hence IDoT should be capable of maintaining a history of changes happening to the device over its lifespan.
  • Maintaining Relationships:Identify also should provide a basic necessity to relate the device to other devices in the context as well as
  • Context-awareness: Identity and access management (IAM) for IoT entities should be context aware and grant access only limited to a specific context as required. This would avoid exploitation of devices incase of any cyber attack. 
  • Adequate Authentication: provide means of securely authenticating IoT identities.  This would ensure only authenticated entities can gain access to the IoT device.

All these essential features should help in obtaining a unique naming standards for IoT devices  or projects in your organization.

Internet of Things (IoT)–Introduction

January 5, 2017 Communication Protocols, Connected, Connectivity, Emerging Technologies, Geolocation, Human Computer Interation, Hype vs. reality, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Tech-Trends No comments

The Internet of things (IoT) is the inter-networking of physical devices, vehicles (also referred to as “connected devices” and “smart devices”), buildings, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to collect and exchange data.

  • The IoT allows objects to be sensed or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency, accuracy and economic benefit in addition to reduced human intervention.

IoT

“ Forecasts show an expected IoT universe with between 20 and 30 billion connected devices by 2020 “

Image result for Internet of Things

[Image Source: https://www.i-scoop.eu/internet-of-things-guide/]

IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine (M2M) communications and covers a variety of protocols, domains, and applications.

Some of the important IoT messaging protocols are:

  1. AMQP(Advanced Message Queuing Protocol) – An open standard application layer protocol for message-oriented middleware. The defining features of AMQP are message orientation, queuing, routing (including point-to-point and publish-and-subscribe), reliability and security.
  2. MQTT (Message Queueing Telemetry  Transport)- or MQ Telemetry Transport is a lightweight connectivity protocol geared for IoT applications. It is based on the TCP/IP stack which uses the publish/subscribe method for transportation of data. It is open-ended and supports a high level of scaling, which makes it an ideal platform for development of Internet of Things (IoT) solutions.
  3. HTTP/2 – Enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection.
  4. CoAP(Constrained Application Protocol) – CoAP is a web transfer protocol based on the REST model. It is mainly used for lightweight M2M communication owing to its small header size. It is designed especially for constrained networks and systems withing the Internet of Things paradigm, hence the name, Constrained Application Protocol.
    CoAP mimics HTTP in terms of user visibility, and from that standpoint, reading sensor values is essentially like making an HTTP request.
  5. XMPP(Extensible Messaging and Presence Protocol) – An open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data.

We will go through about them in detail in later posts.

That’s all for now. Keep reading.

Sources:

Introduction to IoT Hub

December 9, 2016 .NET, AMQP, Analytics, Azure, C#.NET, Cloud to Device, Communication Protocols, Connected, Connectivity, Contrained Networks/Devices, Device to Cloud, Device Twin, Emerging Technologies, Geolocation, HTTP 1.1, Identity of Things (IDoT), Internet Appliance, IoT, IoT Hub, IoT Privacy, IoT Security, KnowledgeBase, machine-to-machine (M2M), Machines, Microsoft, MQTT, Stream Analytics, Visual Studio 2015, Visual Studio 2017, Visual Studio Code, VisualStudio, VS2015, VS2017, Windows, Windows 10, Windowz Azure No comments

IoT Hub is a fully managed service from Microsoft Azure  as part of Azure IoT Suite that enables reliable and secure bi-directional communications between millions of IoT devices and your solution back end.

Azure IoT Hub are designed to provide following capabilities:

  • Multiple device-to-cloud and cloud-to-device communication options, including one-way messaging, file transfer, and request-reply methods.
  • Built-in declarative message routing to other Azure services.
  • A queryable store for device metadata and synchronized state information.
  • Secure communications and access control using per-device security keys or X.509 certificates.
  • Extensive monitoring for device connectivity and device identity management events.
  • Provides device libraries for the most popular languages and platforms.

hubarchitecture

Why IoTHub?

IoT Hub and the device libraries help you to meet the challenges of how to reliably and securely connect devices to the solution back end.

Real-world  IoT devices mostly have the following constaints:

  • Embedded systems.with minimal or no user interaction.
  • Remotely available, with less physical access. .
  • Reachable through the solution back end.
  • Limited power and processing capabilities
  • Intermittent, slow, or expensive network connectivity.
  • Use proprietary, custom, or industry-specific application protocols.
  • Created using a large set of popular hardware and software platforms.

IoT Hub provide solutions to meet all the above constraints of a connected device. In addition it also provides scale,  scalability and reliability. It also addresses most of the connectivity challenges through following capabilities.

  1. Device Twin:  With Device twins, you can store, synchronize, and query device metadata and state information, and these are stored in JSON format.  IoT Hub persists a device twin for each device that you connect to IoT Hub. This feature was introduced in Novemeber’16 with General availability of Iot Hub.
  2. Per-device authentication and secure connectivity. You can provision each device with its own security key to enable it to connect to IoT Hub.There by enabling you to manage or block devices as desired.
  3. Route device-to-cloud messages to Azure services based on declarative rules. IoT Hub enables you to define message routes based on routing rules to control where your hub sends device-to-cloud messages.
  4. Monitoring of device connectivity operations. You can receive detailed operation logs about device identity management operations and device connectivity events.
  5. Device libraries for most of the platforms with support for Programming languages like C#, Java, Python and JavaScript.
  6. Support for latest and widely used IoT protocols and provides extensibility: Protocols such as AMQP 1.1 or HTTP 1.1 and MQTT 3.1 are supported. We could also provide additional protocol translation using Azure IoT Gateway SDK at Device/Field/Protocol  Gateway layer.

Azure IoT Hub can bring more value to organizations to bring in their field devices to cloud with real-time data capture and bi-directional communication. It solves the problem of lack of proper communication infrastructure for devices to communicate or operate on real-time basis.  Pay per use, less investment infrastructure that would let you scale as you grow.

Do you feel some similarities between IoT Hub and Event Hubs service already exists as part of Azure Platform?  In my later articles I would be covering some of the major differences.

Useful References: