The ARTIK Cloud team has just returned from IoT DevCon 2016. As usual, our major purpose was to listen to industry trends, learn in order to generate new ideas, and contribute to the community by presenting our approaches to making IoT ecosystem interoperable and secure.
Here are the slides Yujing Wu and I presented:
Interoperability is the quality that makes ARTIK Cloud unique in a world of IoT frameworks that can’t seem to get around silos, let alone try to abolish them completely. We strongly believe that interoperability—connecting diverse data sources—is necessary both for creating services that are relevant to customers and for generating meaningful new insights and experiences.
We designed ARTIK Cloud to enable devices, applications, and services to easily work together across vendors and vertical markets. Developers can achieve this with ARTIK Cloud by:
- Writing a device Manifest that normalizes data, describes device states, and defines Actions, thus making devices available to other developers in the ecosystem;
- Utilizing a wide range of communication protocols (REST, WebSockets, MQTT, CoAP) to connect with devices, as well as Cloud Connectors for interacting with third-party clouds;
- Defining powerful Rules by which devices can interact across silos.
In addition to interoperability, it’s not a surprise that security was once again a hot topic. The IoTDevCon organizers addressed this well by creating a dedicated security track that spanned the whole conference. It was interesting to listen to organizations such as Infineon, Barco Silex, Xilinx and others talk about implementing comprehensive hardware-based security for IoT devices.
New approaches to security
The major takeaway from IoT DevCon was that a “one size fits all” principle is not applicable even for the hardware security layer, which is generally much better defined than the security of an IoT ecosystem. There are common security components such root of trust, secure and verifiable boot, trusted execution environment, and secure element implementing basic cryptographic primitives. All of these have been discussed in the presentations mentioned above.
However, everybody understands that security implementation has a cost and that IoT device capabilities are different. That’s why security needs to be adaptive and adjustable. Infineon had a very detailed and prescriptive approach to this: a security profile for each device type based on its capabilities (CPU, memory, power consumption requirements, etc).
Synopsys and EEMBC took the adaptive security principle even further by creating security benchmark and guidelines based on a device’s functional profile. Examples of functional profiles include, but are not limited to: smart home, medical, wearables, smart city, industrial, automative, energy.
A couple of presentations described innovative approaches to IoT device authentication and cryptography. One company called Knurld emphasized the importance of having alternative ways of authenticating a user on a device, such as its proprietary voice recognition solution where all analytics and machine learning are performed by a back end running in a cloud.
SecureRF works to implement next-generation cryptography for embedded devices, which is significantly faster and efficient than the traditional EC cryptography prevailing in mobile and IoT world today.
Security in ARTIK Cloud
Our own security presentation included one important solution that we’ve recently implemented in ARTIK Cloud. We used a traditional good and proven PKI approach with a challenge response mechanism to solve quite a few important problems in IoT:
- Securely identify and authenticate a device using TLS 1.2 with mutual client/server authentication.
- Prevent device spoofing.
- Securely pair a device with its owner.
- Provide a root of trust for a device that can be used in other scenarios as well.
An apparent benefit of our approach is that it’s not just an architecture or design reference, it’s a solution that actually works and is ready for device vendors who care about end-to-end security for their IoT ecosystems.
We’ve run a reality check by attending IoTDevCon, where we compared our approaches with those implemented by other companies. We’ve realized that we generally align well with the industry, but in some areas—such as interoperability and security—we definitely have a leg up. The open nature of the ARTIK Cloud platform makes it possible to share our innovations with the industry and invite everyone to try our system by securely connecting their devices and seeing how everything works together.
Looking to connect many devices to the cloud and build innovative IoT solutions? Click here to get started for free.