With the exponential increase in the IoT and connected devices, it is difficult to ensure scalability, security, and robustness of these devices. Cloud computing platforms like AWS help enterprises accelerate their development to deployment cycles, enhancing robustness and scalability of the entire IoT solution.

People perceive cloud as a platform only for storage and computing. However, there are many other capabilities that cloud offers with cloud computing, such as application deployment, data transfer, database management, etc. Moreover, with the onset of IoT and connected technologies, the role of cloud computing has expanded even more in terms of enabling communication between devices and providing scalability to applications.

How Cloud Computing Helps in IoT Deployment

In today’s time, deploying an IoT solution takes a lot of effort and time, due to the increased number of software applications and hardware integration it requires. Also, when it comes to deploying a new, robust and scalable IoT platform for any industry vertical, it can be very tedious and costly to set up the infrastructure. For example, in a smart factory model, there are many machines and devices to be connected to the cloud. Developing a whole new infrastructure for those Internet of Things applications from the scratch can take up to five to six months’ time in development, deployment, and testing. This prolonged time delay is not appropriate since enterprises need to respond to the market demands quickly, especially when the market competition is too high and when the connected devices and technologies are increasing exponentially. This is where cloud computing plays a crucial role in IoT deployment.

There are several cloud platforms and service providers such as AWS (Amazon Web Services), Azure, and Google Cloud for deploying IoT solutions. Of these, we will focus on the integrating AWS cloud platform in this blog.

Why AWS Cloud Platform

Cloud service platforms like AWS help enterprises accelerate their development cycle from months to a few days and hours, allowing them to build a robust and scalable IoT solution. AWS platform also allows easy and secure on-boarding of billions of devices according to the enterprise’s needs. It is one of the robust platforms for accelerated development, which enables the developers to connect the device to cloud quickly. AWS has recently launched AWS IoT 1-Click that easily triggers the Lambda function for any device to perform a specific action.

AWS is offering various services like cloud computing, machine learning, analytics, storage, IoT platform, security, AR & VR, etc. With AWS, organizations are just paying for the services that they utilize, which provides the benefits of cost reduction and better asset management.

Let us see how an enterprise IoT solution can be leveraged with the AWS IoT platform.

Sensor and Device Connectivity with Edge Analytics

The most important and basic aspect of an IoT solution is to connect all the devices and sensors to the cloud for management and control. Since the development of software and services to connect the devices to the cloud is tedious and time-consuming, AWS IoT Core helps IoT developers with AWS IoT SDK, which allows them to choose SDKs according to their choice of hardware for applications development. These applications help users in managing their IoT devices on air.

• The AWS IoT SDK supports C, JavaScript, Arduino, Python, iOS, and Android with open source libraries and developer guide, which helps developers with their IoT product development. AWS IoT Core consists of the Device Gateway that allows bidirectional communication between devices and the AWS. The device gateway ensures that the devices are communicating through cloud securely and efficiently in real time. This device gateway supports MQTT, Websockets, and HTTP 1.1. It can also support billions of devices at a time without the infrastructure management.

• Device gateway also consists of the AWS Greengrass a software agent that runs the computing on the edge for the connected devices. Greengrass consists of the Lambda Function, which allows users to run the rule engines, which are coded for particular events like temperature rise, light intensity, etc. AWS Greengrass also brings the AWS to the devices so that they can perform the local compute on the data when they are already using the cloud for other processes like management and storage. It can also be programmed for transferring only necessary information to the cloud after the local compute has been executed.
• Greengrass enables the device to cloud data security by encrypting the data. This data can be secured for both local and cloud communications. So, no one can access this data without any authentication. It uses the same security model as AWS IoT Core, which contains the mutual device authentication and authorization and secured cloud connectivity.
• Organizations can also create the digital twins, also known as Device Shadowing, for their IoT devices in the AWS cloud. In device shadowing, the current state of IoT devices gets replicated in the cloud virtually and this virtual image can be accessed at the time of no internet. This helps in the prediction of the desired future state of a device. IoT Core then compares this desired state with the previously accounted state and can send the command to the device for making up this difference.

Cloud Computing and Storage

The Internet of Things generates a huge data at every moment. The storage and management of this data require a lot of infrastructure deployments and maintenance efforts. AWS provides storage and computing services, which help enterprises in reducing the infrastructure development cost. These services also provide real-time analytics and accessibility of the data at any moment. Also, the developers can access the required data from the cloud without any delay.

• When we talk about the data management, AWS Kinesis can be considered as a great example of the real-time data streaming and analytics. It continuously analyzes, captures, and stores the huge heterogeneous data (terabytes per hour) that gets generated from the IoT devices or any other resources.
• After the data has been stored, Amazon EC2 (Elastic Compute Cloud) provides a secure, resizable, compute capacity in the cloud. Its web service interface allows developers to scale their computing requirement with minimal efforts. Users can scale up and down their computing resources according to the requirement and they just have to pay for the resources utilized. Apart from that, AWS also provides data storage services as AWS S3 and Glacier. They both provide 99% durability, comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements. Amazon S3 and Glacier both allow running powerful analytics on the data on the rest.
• For Database management, AWS provides its service called AWS DynamoDB as NoSQL database that can support both key document-based database. Due to the NoSQL database, it enables benefits like ease of development, scalable performance, high availability, and resilience.
• For data and asset security, AWS has features and services like AWS Identity and Access Management, AWS Key Management Services, and AWS Shield along with the AWS Cloud HSM to enhance the security.

eInfochips (an Arrow company) is an Advanced Consulting Partner for AWS services. We help clients in implementing a highly scalable, reliable, and cost-efficient infrastructure with custom solutions for IoT on the AWS platform. Know more about our AWS services.

Cloud computing allows companies to store and manage data over cloud platforms, providing scalability in the delivery of applications and software as a service. Cloud computing also allows data transfer and storage through the internet or with a direct link that enables uninterrupted data transfer between devices, applications, and cloud.

Role of Cloud Computing in IoT:

We know that the Internet of Things (sensors, machines, and devices) generate a huge amount of data per second. Cloud computing helps in the storage and analysis of this data so that enterprise can get the maximum benefit of an IoT infrastructure. IoT solution should connect and allow communication between things, people, and process, and cloud computing plays a very important role in this collaboration to create a high visibility. 

IoT is just not restricted to functions of systems connectivity, data gathering, storage, and analytics alone. It helps in modernizing the operations by connecting the legacy and smart devices, machines to the internet, and reducing the barriers between IT and OT teams with a unified view of the systems and data. With cloud computing, organizations do not have to deploy extensive hardware, configure and manage networks & infrastructure in IoT deployments. Cloud computing also enables enterprises to scale up the infrastructure, depending on their needs, without setting up an additional hardware and infrastructure. This not only helps speed up the development process, but can also cut down on development costs. Enterprises won’t have to spend money to purchase and provision servers and other infrastructure since they only pay for the consumed resources. 

(Case Study: DevOps for AWS, Continuous Testing and Monitoring for an IoT Smart City Solution)

How Cloud Services Benefit an IoT Ecosystem:

There are several cloud services and platforms that play different roles in the IoT ecosystem. Some of the platforms also come with inbuilt capabilities like machine learning, business intelligence tools, and SQL query engines to perform complex analytics. Let us understand how these cloud services and platforms benefit an IoT ecosystem.

Cloud Platform for Device Lifecycle Management:

Enterprises create applications and software through cloud services (SaaS), which can connect devices and enable device registration, on-boarding, remote device updates, and remote device diagnosis in minimal time with a reduction in the operational and support costs. Cloud introduces DevOps within the IoT ecosystem, which helps organizations automate many processes remotely. As more and more devices get connected, the challenges with data security, control, and management become critical. Cloud services enable IoT remote device lifecycle management that plays a key role in enabling a 360-degree data view of the device infrastructure. Certain cloud providers offer multiple IoT device lifecycle tools that can ease the update and setup of firmware and software over the air (FOTA).

Application Enablement Cloud Platform:

Cloud enables application development with portability and interoperability, across the network of different cloud setups. In other words, these are the intercloud benefits that businesses can take advantage of. Intercloud solutions possess SDKs (Software development Kits) on which enterprises can create their application and software without worrying about the backend processes.

Enterprises can run and update applications remotely, for example, Cisco is providing the application enablement platform for application hosting, update, and deployment through the cloud. Enterprises can move their applications between cloud and fog nodes to host the applications and analyze & monitor the data near the critical systems.

Many cloud service providers are focusing on building the cloud environment on the basis of OCF standards so that it can interoperate smoothly with the majority of applications, appliances, and platforms, that will allow D-to-D (device-to-device) M-to-M (machine-to-machine) communication. Open Connectivity Foundation (OCF) standardization makes sure that the devices can securely connect and communicate in any cloud environment, which brings in the interoperability to the connected world.

Digital Twins:

Device shadowing or digital twins is another benefit that an enterprise can avail through cloud services. Developers can create a backup of the running applications and devices in the cloud to make the whole IoT system highly available for faults and failure events. Moreover, they can access these applications and device statistics when the system is offline. Organizations can also easily set up the virtual servers, launch a database, and create applications and software to help run their IoT solution.

Types of Cloud Computing Models for IoT Solutions

There are three types of cloud computing models for different types of connected environment that are being commonly offered by cloud service providers. Let’s have a look:

Apart from these, cloud service providers are now offering IoT as a Service (IoTaaS) that has been reducing the hardware and software development efforts in IoT deployment.

Example of implementing cloud computing set-up in a connected-factory:

There are different sensors installed at various locations of an industrial plant, which are continuously gathering the data from machines and devices. This data is important to be analyzed in real time with proper analytics tools so that the faults and failures can be resolved in minimal time, which is the core purpose of an industrial IoT ecosystem. Cloud computing helps by storing all the data from thousands of sensors (IoT) and applying the needed rule engines and analytics algorithms to provide the expected outcomes of those data points.

Now, the query is which cloud computing model is good for industrial plants? The answer cannot be specific, as every cloud computing model has its own applications according to the computing requirement.

Leading Cloud Services for IoT Deployments

Many enterprises prefer to have their own cloud platform, within the premises, for security and faster data access, but this might not be a cost-effective way as there are many cloud service providers who are providing the cloud services on demands, and enterprises just have to pay for the services which they use.

At present, Amazon Web Services (AWS) and Microsoft Azure are the leading cloud service providers. Let’s see the type of cloud platforms and services AWS and Microsoft Azure provide for IoT implementations

AWS IoT Services

AWS has come up with specific IoT services such as AWS Greengrass, AWS lambda, AWS Kinesis, AWS IoT Core, and a few other cloud computing services, which can help in IoT developments.

AWS IoT Core is a managed cloud platform that allows devices to connect easily and securely with cloud and other devices. It can connect to billions of devices, store their data, and transmit messages to edge devices, securely.

AWS Greengrass is the best example of an edge analytics setup. It enables local compute, messaging, data caching, sync, and ML inference capabilities for connected devices in a secure way. Greengrass ensures quick response of IoT devices during local events, which reduces the cost of transmitting IoT data to the cloud.

AWS Kinesis enables data streaming that can continuously capture the data in terabytes per hour.

AWS Lambda is a compute service that lets you run code without provisioning or managing servers. It executes code only when required and scales automatically from a few requests per day to thousands per second.

AWS DynamoDB is a fast, reliable, and flexible NoSQL database service that allows enterprises to have millisecond latency in data processing, enabling quick response from applications. It can scale up automatically due to its throughput capacity, which makes it perfect for gaming, mobile, ad tech, IoT, and many other applications.

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides automatic inline mitigation and always-on detection that minimize the application downtime and latency. This is why there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield — Standard and Advanced.

Microsoft Azure IoT Services:

Microsoft has come up with many initiatives in the field of IoT, providing industrial automation solutions, predictive maintenance, and remote device monitoring, etc. It is also providing services like Azure service bus, IoT hub, blob storage, stream analytics, and many more.

Azure Stream Analytics provides real-time analytics on the data generated from the IoT devices with the help of the Azure IoT Hub and Azure IoT Suite. Azure stream analytics is a part of the Azure IoT Edge that allows developers to analyze the data in real-time and closer to devices, to unleash the full value of the device generated data.

Azure IoT Hub establishes bidirectional communication between billions of IoT devices and cloud. It analyzes the device-to-cloud data to understand the state of the device and takes actions accordingly. In cloud-to-device messages, it reliably sends commands and notifications to connected devices and tracks message delivery with acknowledgment receipts. It authenticates devices with individual identities and credentials that help in maintaining the integrity of the system.

Azure Service Bus is a great example of cloud messaging as a service (MaaS). It enables on-premises communication between devices and cloud in the offline conditions also. It establishes a reliable and secure connection to the cloud, and ability to see and monitor activities. Apart from this, it protects applications from temporary spikes of traffic and distributes messages to multiple independent back-end-systems.

Azure Security Centre is a unified security management and threat protection service. It monitors security across on-premises and cloud workload, blocks malicious activities, advanced analytics system to detect threats and attacks, and also can fix vulnerabilities before any damages.

AWS and Microsoft Azure are providing a robust IoT solution to enterprises. An IoT Gateway can collaborate with multiple cloud service providers to maximize the advantages of the cloud solutions for IoT systems.

To cope with the increasing population, hyper-urbanization, globalization as well as to ensure economic and environmental stability, cities are now focusing on becoming smart cities. Smart City is a concept of utilizing technologies and connected data sensors to enhance and become powerful in terms of infrastructure and city operations. This includes monitoring and managing of public assets, transportation systems, citizens, power plants, water supplies, information systems, civil bodies, and other community services. As per the new study from Navigant Research, the global market for smart city services is expected to reach $225.5 billion within the next decade.

Connected technologies and IoT solutions play important roles in transforming cities into smart cities. Implementing smart city with IoT and connected technology helps enhance the quality, performance, and interactivity of urban services, optimize resources and reduce costs.

Let’s see the various components of smart city and their impact in the IoT era:

1. Smart Infrastructure

The global market for smart urban infrastructure in smart cities, include advanced connected streets, smart parking, smart lighting, and other transportation innovations. Here’s how they work:

• Smart Lighting: With smart lighting, city authorities can keep real-time tracking of lighting to ensure optimized illumination and deliver demand-based lighting in different zones. Smart lighting also helps in daylight harvesting and save energy by dimming out sectors with no occupancies For e.g. parking lots can be dimmed during work hours and when a car is entering, it will be detected and appropriate sectors can be illuminated, while others can be kept at diffused setting.

• Connected Streets: Connected and smart streets are capable of acquiring data and delivering information and services to and from millions of devices, which includes information about traffic, road blockages, roadworks, etc. This helps in efficient management of resources and people to enhance public transportation and the urban landscape.
• Smart Parking Management: Smart parking management system can be used to find the vacant location for a vehicle at different public places. Smart Parking’s In-Ground Vehicle Detection Sensors are core technologies, playing a key part in the Smart Parking solution that is revolutionizing how drivers in the malls and city centers can find an available parking space. Wireless sensors are embedded into parking spaces, transmitting data on the timing and duration of the space used via local signal processors into a central parking management application. Smart Parking reduces congestion, decreases vehicle emissions, lowers enforcement costs and cuts driver stress. For effective deployment of smart parking technologies, each device needs to have a reliable connectivity with the cloud servers.
• Connected Charging Stations: Smart infrastructure also includes implementing charging stations in parking systems, city fleets, shopping malls and buildings, airports, and bus stations across the city. Electronic vehicle (EV) charging platforms can be integrated with IoT to streamline the operations of EV charging and addresses the impact of the power grid.

2. Smart buildings utilize different systems to ensure safety and security of buildings, maintenance of assets and overall health of the surrounding.

• Safety & Security Systems: These include implementing remote monitoring, biometrics, IP surveillance cameras, and wireless alarms to reduce unauthorized access to buildings and chances of thefts. It also includes utilizing Perimeter Access Control to stop access to restricted areas of the property and detect people in non-authorized areas.
• Smart Garden & Sprinkler System: Smart sprinkler system synced with connected technologies and cloud can be used to water plants with the assurance that plants get the right amount of water. Smart garden devices can also perform tasks such as measuring soil moisture and levels of fertilizer, helping the city authorities to save on water bill (smart sprinkler devices use weather reports and automatically adjust their schedule to stay off when it rains), and keep the grass from overgrowing in the convenient way (robot lawnmowers).
• Smart Heating & Ventilation: Smart heating and ventilation systems monitor various parameters such as temperature, pressure, vibration, humidity of the buildings and properties such as movie theatres, and historical monuments. Wireless sensor network deployment is the key to ensuring appropriate heating and ventilation. These sensors also collect data to optimize the HVAC systems, improving their efficiency and performance in the buildings.

3. Smart Industrial Environment

Industrial environments present unique opportunities for developing applications associated with the Internet of things and connected technologies which can be utilized in the following areas:

• Forest Fire Detection: Helps in monitoring of combustion gases and preemptive fire conditions to define alert zones.
• Air/Noise Pollution: Helps in controlling of CO2 emissions of factories, pollution emitted by cars and toxic gases generated on farms.

• Snow Level Monitoring: Helps in identifying the real-time condition of ski tracks, allowing security corporations for avalanche prevention.
• Landslide and Avalanche Avoidance: Helps in monitoring of soil moisture, earth density, as well as vibrations to identify dangerous patterns in land conditions.
• Earthquake Early Detection: Helps in detecting the chances of tremors by utilizing distributed controls at specific places of tremors.
• Liquid Presence: Helps in detecting the presence of liquid in data centers, building grounds, and warehouses to prevent breakdowns and corrosion.
• Radiation Levels: Helps in distributed measurement of radiation levels in nuclear power stations surroundings to generate leakage alerts.
• Explosive and Hazardous Gases: Helps in detecting gas levels and leakages in chemical factories, industrial environments, and inside mines.

4. Smart City Services

Smart city services include services for public safety and emergencies.  Below are the key areas where IoT and connected technologies can help:

• Smart Kiosk: Smart kiosks play an important role in providing different city services to the public such as Wi-Fi services, 24×7 IP surveillance cameras and analytics, Digital signage for advertisement and public announcements. In some cases, free video calling and free mobile charging station, as well as environmental sensor integration can also be implemented. Smart kiosks also provide information about restaurants, retail stores, and events in the immediate area. It can also provide mapping for visitors and can sync with smartphones to give additional data as needed.
• Monitoring of Risky Areas: Sensors (cameras, street lights) and actuators for real-time monitoring can be implemented in risky areas or areas prone to accidents. Upon detecting any crime, or mishap, these sensors can alert the citizens to avoid such areas temporarily.
• Public Security: IoT sensors can be installed at public organizations and houses to protect citizens and provide real-time information to fire and police departments when it detects a theft.
• Fire/Explosion Management: Smart fire sensors can detect and automatically take actions based on the level of severity, such as detecting false alarms, informing firefighters and ambulance, blocking off nearby streets/buildings on the requirement, helping people to evacuate, and coordinating rescue drones and robots.
• Automatic Health-Care Dispatch: Smart healthcare devices can be implemented at public places to provide 24/7 health care for patients like dispensing medicines and drugs to patients. These devices can also be used to call an ambulance to pick up the patients in cases of emergencies.

5. Smart Energy Management

Here’s how cities can implement smart energy management:

• Smart Grid: Smart grids are digitally monitored, self-healing energy systems that deliver electricity or gas from generation sources. Smart grid solutions can be across industrial, residential as well as in transmission and distribution projects. Various IoT solutions like gateways can be used to achieve energy conservation at both the transmission level and consumer level. For e.g., gateways can provide a broader view of energy distribution patterns to utility companies with high connectivity and real-time analytics. Also, it develops a Demand-Response mechanism for the utility providers to optimize energy distribution based on the consumption patterns.
• Smart Meters: Smart meters can be used in residential and industrial metering sectors for electricity and gas meters where there is a need to identify the real-time information on energy usage. Consumers and utilities with smart meters can monitor their energy consumption. Moreover, energy analytics, reports, and public dashboards can be also accessed over the internet using mobile applications integrated with these smart meters.

Connected devices are becoming essential components for enterprises as they can drive significant connectivity and integration between systems and data. The increasing number of devices getting connected to each other generates a huge amount of data.

However, when it comes to leveraging the full potential of these connected devices and data, it is necessary to have a scalable and robust environment which allows faster processing of data between systems.

The fundamental concern is on how to efficiently manage this data, as any data loss or delay in processing of data from a connected ecosystem can cause critical damage to an enterprise’s workflow.

Role of IoT gateway edge analytics in data processing & management

IoT Gateway is the key to any IoT deployment. It is a bridge between IoT devices and cloud that enables remote control of the devices and machines. The increasing number of devices propels the requirement for IoT gateways to solve the data management issues with Edge Analytics.

Edge analytics with IoT Gateway allows data processing before it is transmitted to the cloud. The gateway collects all the data from the connected devices and executes necessary algorithms or rule engine on it and sends actionable commands to connected devices. The actions allow for response to be taken in real-time and also helps in self-healing mechanism during faults/errors.

In large enterprises, having multiple geographical spread, there are a huge number of connected devices and generated data. This heterogeneous data, distributed at different levels (Devices and machines ) have high latency in cloud transferring due to the uncontrolled data flow. Here, distributed edge analytics is the solution as it allows faster data transfer and processing, resulting in the reduction of latency.

AWS Greengrass is the best example for the edge analytics setup. It allows enterprises to run local compute, messaging, data caching, sync, and ML inference capabilities for connected devices in a secure way. Greengrass ensures quick response of IoT devices at the time of local events, that reduces the cost of transmitting IoT data to the cloud.

How distributed edge analytics works in larger geographical areas

Let’s take an example of smart grids to understand the concept in-detail.

Smart grids are the combinations of smart meters, smart appliances, renewable energy resources, energy efficient resources, and substations. In a particular city area, the number of smart meters is equivalent to the number of households in that area. These AMI (Advanced Metering Infrastructure) continuously collects the energy consumption data and route it to the IoT gateways. The gateway enables edge analytics and then the processed data is rerouted to the cloud by the gateway.

As the number of AMI is high in a particular area, the number of gateways will be proportionately higher.

Merits of distributed edge analytics:

• Reduced data transfer latency
• Fast access to the faulty areas
• Quick functional recovery and self healing capabilities that brings resilience in the system

Distributed edge analytics also enables fast response to the cloud in case of faults and failures with Fog Computing so that the recovery time can be minimal. Let us understand how.

How fog computing works with smart grids for faster data processing

Fog computing is the combination of two key components of data processing, Edge and Cloud both. The idea of combining edge computing with more complex computing (cloud computing) results into more reliable and faster data processing.

As smart grid tech is increasing rapidly, fog computing is the best tool for the data and information processing between consumers, grid operators, and energy providers.

In the edge analytics concept, the gateways form a mesh network. The individual mesh network of a designated area creates Fog Nodes. Each fog node is connected to each other, resulting in a fog network of smart meters and IoT gateways in the larger setups. The combination of these fog nodes then allows distributed fog computing, which gives the benefit of fast and real-time data analysis in any large geographical area. This further enables faster fault response time.

Use case of smart grids in distributed edge analytics

eInfochips developed a solution in which gateways are being connected into a mesh network with peer-to-peer communication. Mesh and cluster of gateways enable high availability and reliabilityof the IoT deployment in smart grids. Clustering enables distributed edge analytics. These distributed edge nodes allow processing of data at the edge before transferring it to the cloud.

According to the market research data, fog computing market is growing with the attractive amount of cost annual growth rate (CAGR), 55.6% between 2017 and 2022 (MarketsandMarkets).

With our edge and fog computing expertise, we help the IoT solution providers to optimise their computing infrastructure by distributing load between the cloud and edge devices in an intelligent way through our ready-to-use dynamic rule engine or custom solutions.

In IoT ecosystem, gateway security is of prime importance since it is the key piece of data collection in the connected system. But how to ensure security of IoT gateways? Read this blog to find different ways to secure IoT gateways.

Along with many technological, environmental, and economic benefits, the rapidly moving connected world also represents an array of growing attacks like side-channel attacks, fault attacks, physical tampering, etc. Considering these risks, ensuring security and robustness of IoT becomes inevitable, in which IoT gateways play an important role.

IoT Gateways are undoubtedly the heroes of whole IoT paradigm, as they are the key piece of data collection in the connected system. In IoT ecosystem, security is the key aspect, in which, IoT gateway security is of prime importance since a secured gateway enables robustness of the entire IoT environment. If there are no sufficient security measures, there are chances of potential risks like malicious threats, spoofing, man-in-the-middle (MITM) attacks, data snooping, etc. If you lose a gateway in the middle of the communication chain, it will jeopardize the entire IoT ecosystem as gateway act as a gate or bridge between the edge devices and cloud.

So how do you know whether your IoT gateway is secure or not?

Listed below are some common questions related to the security of IoT gateways. If your concern matches with any of the below questions, then there is the need to consider gateway security for your IoT ecosystem:

• How can edge device sense and prohibit unsecured gateways, or vice versa?
• How can peripherals ensure their data are successfully relayed in the face of gateways?
• What happens if someone snoops the data from the gateway?
• What if the gateway is located in a remote location and is sending incorrect information to the cloud? In this case, how can gateways help in reverting information?
• Is it possible for gateways to build and demonstrate reputation-based trust?

Trustworthiness of gateway is the key aspect in the IoT ecosystem. To overcome the security concern, let’s explore some of the key hardware security aspects that can be implemented to secure IoT gateways.

TPM (Trusted Platform Module)

What is TPM?

It is a microprocessor that integrates with system hardware on a gateway to perform crypto operations, such as key generation, key storage and protects small amounts of sensitive information, such as passwords, measurement data for boot software and cryptographic keys to provide hardware-based security.

How does it work?

TPM is often built into a system to provide hardware-based security. It is a combination of hardware and software to protect credentials when they are in unencrypted form.  TPM is based on a trusted execution environment (hardware root of trust) that provides secure storage of credentials and protected execution of cryptographic operations. It is isolated from the main CPU and implemented either as a discrete chip, a security coprocessor or in firmware.

• Microprocessor scans the firmware and validates the key. If the key is valid, then the processor begins executing the firmware, but if not then, processor halts.
• The TPM is used to store platform measurements that help ensure that the platform remains trustworthy. It contains a set of registers that comprise of RTM measurements for launch modules of the boot software.
• The computing platform must have a root of trust for measurement (RTM) that is implicitly trusted to provide an accurate validation of the boot code modules. The TPM provides the root of trust for reporting and a root of trust storage for the RTMs. The TPM stores a set of “known good” measurements of boot components that are securely generated and stored.

Hardware Root of Trust/Chain of Trust: It is the fundamental part of secured computing. The secure boot process is utilized to implement a chain of trust.

• Bootstrapping is a secure system or device that involves a chain of steps, where each step relies on the accuracy and security of the previous one. At the end of the chain, you assume or verify the correctness of the last step – this step becomes the Root of Trust (RoT). The Root of Trust is provided by hardware services, including cryptographic support, secure key storage, secure signature storage, and secure access to trusted functions. This allows the creation of a trusted module forming the basis, or root, for validating other components within the system.  The chain of trust begins with the bootloader.  From this boot loader, the OS is validated, and from the OS, the applications are validated, creating a chain of trusted elements.

TEE (Trusted Execution Environment)

What is TEE?  

The TEE is an insulated and secure area of the main processor providing security functionality for application integrity and confidentiality. The TEE differentiates between security functionality and operational functionality.

How does it work?

• It mainly consists of three parts: Trusted OS, internal micro-kernel, and APIs. Used for security check parallel to standard OS.
• Common security functions include isolated execution of security operations, the integrity of code loaded and data stored and confidentiality of data stored in the TEE. It protects data-at-rest and data-in-use within the TEE.
• It also provides higher performance and access to a large amount of memory.

Security properties that TEE can achieve

1. Isolated execution
2. Secure storage
3. Device identification
4. Device authentication
5. Platform integrity

All the above security properties can be achieved using the measured boot, secured boot, and attestation.

• Secured Boot: It is a security standard verified by the trusted OEMs that ensures authenticity and integrity of a device’s boot. When the first boot happens, only the validated code from the device OEM is allowed to run to verify and validate the authenticity of software present in the gateway. This prevents attackers from replacing the firmware with versions created to perform malicious operations. It provides the APIs required for code signing, code validation, and secure firmware updates.
• Measured Boot: Measured boot is generally used for integrity protection. As anti-malware software has become better at detecting runtime malware, attackers are also becoming better at creating rootkits that can hide from detection. Detecting malware that starts early in the boot cycle is a challenge. At this time, measured boot measures each block, from firmware up through the boot start drivers, stores those measurements on the hardware, and then makes a log that can be tested remotely to verify the boot state of the client.
• Attestation: In cloud computing scenario, attestation is an essential and interesting parameter, often rooted in having trusted hardware component to build trusted system. It is basically used in the process of validating integrity in terms of software and information for securing embedded systems. Attestation uses cryptography identity techniques that confirm the identity and authentication credentials of remote devices, without revealing the devices and their own identities.

IoT gateways are crucial to addressing the inherent complexity. By using the pre-ensured hardware building blocks like TEE and TPM, you can secure the whole communication chain from the connectivity of legacy devices, data storage on a gateway, secure data transmission as well as the fast deployment of data on the cloud to perform intelligent analytics.  There should be some programmable architecture that ensures confidentiality and integrity against specific attacks. So, layered IoT gateway security is essential.

For more information on our security capabilities, visit: From edge to cloud: A comprehensive look at IoT device security

IoT gateway clustering makes sense for large-scale implementations where uptime and scalability are critical. Find out how it works.

IoT gateways may be the unsung heroes of the Internet of Things world. Without them, there would likely be no expectations of tens of billions of IoT devices coming online in the next few years. In many respects, gateways are the glue that holds many IoT implementations together. They enable real-time analysis of IoT data and link multitudinous connected sensors and devices to the cloud. In addition, gateways act as a bridge between various sensor types and connectivity protocols, while helping to link equipment from an organization’s information technology (IT) and operation technology (OT) departments.

But gateways can also be single points of failure in IoT networks. In a poorly designed system, when a gateway goes down, critical functions stop. Preventing that outcome is possible, however, with an IoT gateway architecture based on the idea of clustering.

Why we need gateway clustering

Many IoT projects have anywhere from hundreds to millions of connected devices. Networks supporting such a large scale of endpoints ideally use a cluster of gateways connected to one another via a mesh network. If one node goes down, the redundancy of that network topology ensures reliability and the continuity of cloud communication for commands and storage of data.
Let’s take a look at how this works: IT and OT buses establish the connection between gateways, some of which are linked to the cloud and others that are connected to other gateways. If one gateway goes down as a result of excess load or internal faults, the network transfers the running application configuration and APIs to another gateway in the cluster using the OT bus.

A gateway control center in the cloud manages the transfer of application data between gateways. The control center also can configure the cluster by defining the geographic correlation of gateways, which are units placed near one another and connected remotely to the same set of sensor devices, enabling a backup for the neighboring gateway. During a failure, IoT gateways can transfer their applications and device connections to one another and at the time of a threshold limit. For example, if a gateway

 is connected to a ZigBee device, it cannot transfer applications to another gateway beyond a predefined distance. In this case, a geo-correlated gateway can help build redundancy into the system by shadowing the functionalities of the neighbor gateway. Hence it is important that the IoT gateway architecture and device layout are geographically correlated to achieve uninterrupted connectivity.

Clusters for load balancing

To avoid overloading a single gateway, you can use a cluster manager to define the threshold occupancy of each gateway, and the data are distributed to different gateways in the cluster for faster response and balanced load distribution. When a gateway load goes beyond a set limit, it transfers the excess load to a nearby gateway automatically.

How edge and fog analytics works in a cluster

Clustering enables distributed edge analytics. The distributed edge nodes allow processing of data at the edge before transferring it to the cloud. This reduces latency. The edge-filtered data can be sent to the fog node or cloud directly for post-event processing. Further, the individual cluster creates a fog node, and a combination of fog nodes allow distributed fog computing. It gives the benefit of fast and real-time data analysis in any large geographical area, enabling faster fault response time.

Horizontal scaling in a gateway cluster

Horizontal scaling is the ability of an IoT framework to add more gateways to an existing mesh network. To enable that, gateways need to be connected to each other through a common communication bus. (At eInfochips, we call this a “communication interface bus,” which is a combination of OT buses.) With OT bus connectivity, any new gateway can be added without modification to the existing network of devices.

Vertical scaling in a gateway cluster

Any functional capability increment with memory, device software, OS, hardware, device configuration and APIs constitutes vertical scaling. Microservice application based architecture for gateways allow vertical scaling options. This enables you to add as many devices, resources and microservices to the gateway as your requirements change.

To conclude, gateway clustering should be a consideration for large-scale IoT implementations where uptime and scalability are critical. Implementing gateway clusters, however, requires careful deliberation and planning. However, a well-structured approach to IoT gateway clustering enables enterprises to start small and address specific IoT use cases, while preparing for future large-scale IoT ecosystem deployments.

(Originally Published by Me on IoT Institute)

Connected devices or IoT seem to have become the de facto solution for any industry, today. Increase in connected devices lead to increase in the amount of data transferred, stored, computed, and consumed across networks and devices. This propels a need for an efficient data management and data security. IoT Device Lifecycle Management plays a key role and enables industries to manage its connected devices with ease, and at the same time provides additional advantages like data security, remote control, and multi-protocol connectivity etc.

IoT Device Lifecycle Management is aiding industries to transition their systems to “Smart” ecosystems. It plays a much important role in enabling a broader view on entire device infrastructure.

Let’s take a look at how an IoT DLM is helping Utility and Home Automation verticals:

1.   Smart Grids :

(i)  “What is a smart grid??”

Smart grid is the adoption of ‘Smart’ technologies in the expansion of Transmission and Distribution network, enabling a demand-based power supply production. Smart technology enables optimized utilization of energy resources by providing real-time insights on energy consumption, with the help of smart metering and automation at the distribution end.

Smart meter is a device that periodically stores the electrical energy con

sumption data and intimates the energy provider in a timely manner for monitoring and billing. Unlike previous metering methods, smart meter has more advanced sensors, power consumption notifications, and bi-directional communication between the meter and energy provider.

How DLM Is Helping In Smart Energy System :

At present, government regulations are changing towards energy conservation, motivating consumers towards smart metering. Device Lifecycle Management enables smart metering through AMI (Advance Metering Infrastructure) system. AMI is a system which enables two way communication between utility provider and consumer.

DLM Benefits for Consumer: 

(i) The consumer can manage his energy consumption through the system, which will continually show them energy utilization for every device connected to    the AMI System.

(ii) A home area network (HAN) for communication between devices, enabling a wide range of protocols and standards.

(iii) DLM has a data analysis system providing an in-depth energy consumption analysis for each device connected in the network, accordingly it helps the        consumer to plan their energy utilization in a cost effective way.

(iv) Consumers have control of devices through mobile applica

tions, so they can utilize and manage energy by scheduling up-time for each device.

(v) AMI + HAN + DLM resulting into a Smart Grid System.

DLM Benefits for Utility Provider:

(i) AMI system periodically sends data about load variations and peak time of maximum energy utilization by the consumer to utility providers.

(ii) Through DLM, utility provider can point out customers’ peak energy consumption time, consumers can focus on the devices those are running on that time  period and manage them accordingly.

(iii) Energy distributor can incorporate data analysis and 

get insights into monthly consumption of consumer, load variations, and peak load timings.    Accordingly, utility provider can enable a dynamic pricing for consumers during the peak hours.

(iv) By way of load analysis, the utility provider can also get insights into the times of heavy energy usage and send notifications to the customer about the peak in usage and in turn the customer can manage the energy usage or can check for any malfunctions in the devices at the consumer end. This will help with excessive usage and also identifying faulty devices.

2.    Smart Building :

Smart Building is centralized control on building utilities like heating, air conditioning, lighting, security, alarm system, etc. IoT Device Lifecycle management plays a key role in smart building design and facilitates user comfort, energy efficiency and increase in device lifecycle. Smart building includes building automation through networking, communication protocols, sensors/actuators, IoT gateway, ventilation control, HVAC system, and other electronics devices for monitoring and control.

How IoT Gateway Playing Role in Smart Building??

(i) In building automation, first stage is sensors and actuators data input, all sensors are equipped with wire or wireless protocols (Bluetooth, ZigBee, Z-wave, LAN etc.) for communication with IoT gateway.

(ii) IoT Gateway provides interfacing between Sens

ors and cloud forming a bridge between them. It enables device software updates, device on-boarding, control panel, diagnostic information etc.

(iii) Real time data analysis from devices or sensors and provides necessary output or command message to the control system. Message can be an alarm, HVAC control message or other utilities management commands.

(iv) IoT gateway enables data analysis for each device. The User can utilize energy efficiently by scheduling device up time and down time according to data analysis.

(v) It is enabling building automation or smart building implementation easy and reliable. It enables security through layered security system (TPM & TEE, authorized connection, no third party inclusion), which covers both data and hardware security.

How DLM is an Essential part for Building Automation:

(i) DLM enables remote control on building utilities like lighting, alarm systems, HVAC system etc.  

(ii) HVAC System: Heating, Ventilation, and Air Conditioning (HVAC) is a system which is so common in current technologies of building construction. DLM enables remote control of HVAC system with real time data analysis. For example, if the sensor data are showing a drop in temperature then DLM will control the air conditioning according to the required temperature. DLM controls pneumatic and hydraulic valves (Ventilator, Water Piping) by sending control signals to actuators which results in the complete mechanical control of the cooling air/water flow in the building.

(iii) DLM offers centralized alarm system for fire, gas leakage, humidity, temperature, etc. All alarm systems are remotely controlled and user gets real time notification if there is an alert.

(iv) It enables control of the lighting system of the building by changing their intensity according to the daylight. Input from the photovoltaic sensors and DLM data analysis results into the output control signals for lights.

(v)  DLM provides device authentication and verification whenever there is an updating of the system. It enables a secure environment with a layered security system, hardware, data, and software. 

In summary, IoT Device Lifecycle Management is the key growth driver for many industries, today. As in the cases explained above, it helps stakeholders on both sides of the equation – the consumers and service providers.