Editor’s Note: The following is an article written for and published in DZone’s 2021 Application Security Trend Report.
As the Internet of Things (IoT) space continues to expand, “smart” products are becoming more popular. Now you can easily buy and connect devices like vacuum cleaner robots, doorbell cameras, and smart locks. Moreover, you can combine all these devices in a smart home set. However, some product teams don’t take security risks into account. And they postpone the introduction of security features into the product until a security attack or data leak occurs.
This article is separated into the following parts:
Most Popular Attacks on Your IoT Environment
IoT Security Principles and Best Practices
Now that we understand several ubiquitous security problems in IoT, let’s dive into four key security principles and solutions.
Watch Your IoT Devices
You should constantly monitor your IoT devices and infrastructure. Device monitoring can be an issue, especially for enterprise companies or industrial factories. For example, if employees bring USB drives that are compromised with malware, you can mitigate it using the following security measures:
Use JSON Web Token Authentication
Use JSON Web Tokens (JWTs) and the latest signature-based standards — for example, JWT ES256 and JWT RS256. JWTs provide one of the safest ways of authentication based on OAuth and OpenID protocol. Here is how JWTs work for IoT:
Integrated Security Approach
Companies that produce IoT devices should focus on integrating security into device controllers during the production phase because integrating security features in IoT device firmware post-production can be extremely challenging, or nearly impossible in some cases. Securing a completed device may also lead to additional expenses. Often, you need to set up additional security infrastructure, or you must send all devices back to update the firmware — this always means additional time and money. So customers choose devices with security software that is already onboarded.
Use TLS or LWC Everywhere
IoT device producers should consider hardening their devices to use Transport Layer Security (TLS) or Lightweight Cryptography (LWC). IoT devices should check certificates on the server-side and revoke it if it is compromised. Next, I will focus on using these principles in cases where an organization has IoT infrastructure in the cloud or wants to migrate it to the cloud.
This is an excerpt from DZone’s 2021 Application Security Trend Report.
Read the Report
Building Secure IoT Architectures in Azure
In this section, I describe the most prominent Azure resources to build secure IoT architecture, accompanied by an IoT architecture example.
Azure IoT Hub
Azure IoT Hub is a resource service that allows your solution to communicate with the IoT device — it is a service bus with IoT features that sit like middleware between the device and back-end service of your application. Azure IoT Hub has the following features:
Azure IoT Edge is a platform based on edge computing principles. IoT Edge allows IoT devices to run in offline mode, integrates with Azure IoT Hub, and has modules that run in the IoT device. Each module is a Docker container, and it can be custom code or Azure services-based code. For example, code gathers logs and telemetry or manages the connection between devices and the Azure cloud (Azure IoT Hub). IoT Edge contains the runtime that is also installed on a device and orchestrates the modules.
Azure IoT Edge security functionality includes:
Azure Defender for IoT
Azure Defender for IoT is a security option that allows you to identify security vulnerabilities and threats in your IoT devices and IoT back-end infrastructure. One of its significant advantages is that it supports agentless setup, which is suitable for legacy devices that don’t support agent setup. Let’s review an example of how your IoT architecture may look using all these components.
Architecture Example Using Azure IoT Solutions
The architecture solution illustrated in Figure 1 below is an intelligent climate control system for warehouses. Climate control should maintain different temperatures, humidity, and air quality according to the season — this architecture is based on a real customer use case.
The IoT device infrastructure for the warehouse climate control system in this example contains: air temperature, humidity, and air quality sensors; climate control devices; and legacy devices that don’t support agent setup. Hackers can use legacy devices as a backdoor to the whole system. So we send all data from these devices to Azure Defender for IoT to check for potential vulnerabilities. Also, Azure Defender allows you to reinforce the device infrastructure security by involving tools like Splunk. Splunk integration is part of the Azure Defender for IoT service. Other devices operate via the Azure IoT Edge Runtime directly in the device and in the cloud.
Additional processes that occur:
Let’s see how we can build the same secure architecture in Google Cloud.
Building Secure IoT Architectures in Google Cloud
To build IoT architectures, Google Cloud (GC) provides us with IoT Core, which is a fully managed IoT service that offers the following features:
IoT Core also provides robust security features:
Let’s see how the same architecture looks in Google Cloud.
Architecture Example Using GC IoT Core
I will keep the same use case — intelligent climate control systems for the warehouses — for this example.
Originally published at https://dzone.com.
The security workflow in Figure 2 contains an authentication step. The initial authentication process covers the generation of public and private keys. It is the main requirement to register the device in the IoT Core service. Two components are involved in that process: the provisioner and device manager.
With IAM, a user who is assigned the role of provisioner with
cloudiot.provisioner has permission to manage the devices but cannot modify or delete the registry. The device manager is a component of IoT Core that allows you to register devices and verify device identity. The device manager stores the public key, while the device itself stores the private key. The second phase of authentication is JWT generation. The device generates and signs the token and with a private key, then sends the token to the MQTT bridge, which is a component of IoT Core that verifies the JWT and establishes the connection.
The solution also contains monitoring that uses Prometheus log provider and Grafana dashboards. But if the device can use certificates and JWT tokens, the IoT core can accept it.
Building Secure IoT Architectures in AWS
AWS IoT Core is almost the same as the service in Google Cloud that I described above. It includes the following security functionality:
In addition to all security options provided by IoT Core, you can use AWS IoT Device Defender — a service that analyzes device logs and data to find potential security issues. This is similar to the Azure Defender for IoT, covered in the Azure section.
Architecture Example Using AWS IoT Core
Below, you can see an example of AWS Architecture that is similar to the GC Architecture mentioned above. Everything looks the same except the IoT policy. IoT policy filters data by different topics. Since it can be a category or device ID, your back-end services can listen to a specific topic to collect data. AWS IoT defender is optional here and used as an additional security reinforcement.
In this article, I provided cases of secure IoT solutions, general principles of secure IoT architecture, and example workflows of secure IoT architectures based on Azure services, Google Cloud, and AWS.
Senior Software and Cloud Architect, IBM, Nordcloud@boriszn