At Thing Innovations, we believe that security should be an important part of the whole Internet of Things system and not just a nice to have that is added on later. It should be included in the initial product design at the early stages of development and prototyping when the cost of implementing will be at its lowest. When talking about security, there are a number of areas to consider, it’s not all about encrypting your messages. At Thing Innovations we are selecting and evaluating the best options for the devices being connected together. This can include:
- Encryption on wireless messages between sensor nodes and the hub where this is available in the wireless modules.
- Message authentication between devices, hub and cloud.
- Device authentication and authorisation when connecting to hub devices.
- Hub authentication when connecting to cloud services.
- User authentication when accessing hub and cloud services.
- Authenticate firmware images during firmware update process
The technology and practices being evaluated include:
- Enabling built in encryption on wireless modules.
- Hardware based Crypto-Authentication on low power devices.
- SSL/TLS for access to cloud based services.
- Authentication of gateway devices and cloud services.
- Secure key exhcanges.
To start the evaluation, Thing Innovations have developed a multi-purpose breakout PCB that can take, for example, an Atmel ATSHA204A, or more interestingly the Atmel ATECC508A. This breakout PCB can be plugged into an Arduino, Raspberry Pi or solderless breadboard for use with other embedded devices. Over the coming weeks we plan to share updated code and examples showing how to use these chips to secure your IoT products.
There are still issues around implementing security on low end devices, especially leaf or end nodes in your wireless sensor network. These issues we see as being:
- Adding MAC or digital signatures can significantly increase the message payload.
- Pre-sharing of keys requires additional steps during manufacture and deployment.
- Using assymetric keys would require additional overhead of device registration and public key exchange.
Communication between gateway devices and cloud services has less of the restrictions of the leaf nodesbut the device registration and key exchanges are still an important factor that needs to be handled securely.