IoT Security Woes?

DZone 's Guide to

IoT Security Woes?

Securing cloud based IoT is hard, there is a combination of local software, cloud, and hardware solutions to deal with. Let's take a look at a possible solution.

· Security Zone ·
Free Resource

Problem solved: AWS IoT + Mongoose OS + crypto chip = IoT Security

We have all witnessed the media outcry about IoT security breaches and all the possible consequences of them. However, what has not been addressed is how to actually avoid or prevent such breaches.

The general public and the media has a really vague understanding of what goes into IoT security and usually uses words like ‘device’ and ‘cloud.’ Start speaking about SSL/TLS, crypto chips, 2 ways MQTT SSL authorization and you will completely lose their attention.

What is the key reason IoT Security is being compromised? It’s as simple as this: vendors are price cautious and time sensitive, wanting to launch their connected products to the markets at the lowest cost possible, all too often overlooking the basic security precautions.

What you need to know, though, are the key points where a connected device can be compromised:

  1. On the device itself (when the device is being tampered with) as SSL certificates are not protected and can be easily accessed.

  2. In the way a device communicates with the cloud when the traffic is not encrypted.

  3. On the cloud side, where the unprotected or less well-protected authorization process with the cloud can be compromised. This can occur with cloud providers who do not enforce security requirements on their side.

End price of the product and good P&L costs are among the key priorities for businesses. However, now security comes into the equation as the key pillar to protect brand identity and perception.

So, how do you have a well-rounded and secure connected product and at the same time achieve this in a cost-effective way?

Many heads were scratched recently going over these dilemmas, looking for the best answer.

Look no further, we have an answer for you - a fully secure solution with a hardware part (MCU + crypto chip) costs below $3.00!

Unbelievable? Almost, but it is definitely real.

As a matter of fact, there are several strong key players who have come together to put out a solution which is fairly inexpensive, but provides the highest level of security available now:

  1. AWS IoT is the only cloud provider insisting on secure 2-way TLS authentication for any device connecting to it.

  2. Microchip (Atmel) and their ECC508A crypto chip, which stores SSL certificates securely on the devices, which is literally impossible to hack. The best point here is it is priced at under $1.00.

  3. Espressif Systems and their ESP8266 chip, which is probably the most popular Wi-Fi-enabled MCU with a price point of below $2.00 as well.

Now you've got the components to make your connected device secure and in a very cost-effective way. So, what do you need to do and how do you get to bundle them?

Here comes Cesanta, a company behind the very popular Mongoose Web Server, with their Mongoose OS which not only bundles all three components outlined above but which has been developed in a way where you can literally plug-and-play the solution into your product and have secure IoT connectivity from the get-go, with actual implementation being so seamless you won't even notice it has happened.

You are probably asking, how is that all possible? Is this another ad pushing something into my head? Fear not, this is not an advertisement, but an overview of an open-source product you can actually try out immediately after you have finished reading this article. Now, who else can do this for you?

So let's have a closer look at the solution:

  1. Mongoose OS is the only industrial-grade firmware available for ESP8266. Proven, stable, tested over time.

  2. It is seamlessly integrated with AWS IoT providing secure 2 way MQTT authentication.

  3. It supports an ECC508A crypto chip and makes the security and certificate storage on the end device bulletproof.

  4. Security is enforced by a mbedTLS library - the most trusted and stable on the market. It has been tuned by Cesanta so it can fit constrained resources available on the ESP8266.

aws iot, iot security, security

Published at DZone with permission of Anatoly Lebedev , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}