The security of devices in the internet of things (IoT) and the industrial IoT has become an even greater concern during the last couple of years, making the management of both endpoints and gateways significantly more critical. With the number and variety of device types, architectures, and different data management approaches continuing to increase, device management is now more complex than ever before, as noted in i-scoop’s internet of things guide.
This proliferation of connected technologies and solutions has made it absolutely necessary to secure communication with devices when performing remote device management services (DMS) such as over-the-air (OTA) updates or during basic device visibility on a network. However, securing IoT devices is also becoming increasingly difficult because hackers have made a career of breaking into these end products, whether for malicious intent or simply for the challenge.
Either way, by targeting specific manufacturers and even particular product families or model numbers, hackers can take advantage of vulnerabilities to damage these products or expose individuals’ private data, resulting in damage to both vendor brands and business models. This has become easier for hackers to do as the cost of IoT devices has fallen so low and device production into the field is so much more common, while the cost of sophisticated hacking tools has also dramatically decreased.
While end-product cost targets continue to drop, spare product resources such as memory or compute cycles are becoming scarce, making it tougher for product developers to easily incorporate security into their products. With the ever-moving cost target, developers struggle to keep ahead, making it even more challenging to finish development and release a product into the market.
Designing in security
To keep their projects on track, developers can leverage the investments made by IoT ecosystem vendors and the core building blocks they have created. Building blocks that developers can use include wireless protocol software stacks with simplified APIs, security products that include secure elements with power analysis countermeasures, and device management services to securely install firmware images, security patches, and product features.
Using these, developers and manufacturers can and must design security into a product from its conception. Attempting to shoehorn security in later, whether before or after deployment, will result in excessive compromise which, in turn, will continue to provide hackers with opportunities.
Once a product is deployed, developers will need to protect their fleet and provide updates that were not conceived of during development. A secure mechanism such as a DMS may be complex to develop, but it is core to ensuring continued protection. Developers must ensure that it doesn’t become the hack vector in itself, being that an updatable device possesses a metaphorical “doorway” that hackers could potentially access. Heavy security must therefore be placed on that doorway to keep everyone else out while only authorized users can access specific functionality via the security offered by the DMS.
Silicon Labs has created a complete “silicon-to-cloud” IoT solution, called Zentri DMS, specifically designed from the silicon with security features built directly into the chip. These features in the silicon work in unison with a DMS to simplify the developer experience, offer the security capabilities that are often omitted, and enable developers to focus on their product features.
The Silicon Labs Zentri DMS solution provides both IoT product security and a mechanism to deliver the required updates that deployed products need. But a comprehensive DMS solution not only manages updates; it also captures in-field telemetry—such as frequency of use, battery life decay rates, typical charge times, and mean time between failure (MTBF) rates—allowing for the collection of end-product analytics that can be used to help better define future products. An enterprise that deploys products with this functionality can use these services for the entire life-cycle management of their product, from product onboarding to asset provisioning, monitoring, and lifetime device metrics.
The powerful security capabilities of a DMS also enable manufacturers to extend their traditional hardware-only business models with software sales. They can offer additional functionality to their platforms with minimal additional cost overhead, such that smartphone manufacturers currently offer via their apps and media stores.
Alternative strategies enabled by device management can be achieved whereby companies provide all functionality in a given SKU, but its availability is limited by software locks. For example, Tesla’s Model 3 is based on a single software payload, but features are enabled by license: Customers with standard features enabled may not have access to enhanced driver features. Instead, these features are “software-locked” at the time of purchase and may be unlocked after purchase by paying a license fee. In this case, security is paramount not only for feature security but also for the safety of the vehicle and protection of the Tesla brand.
Cloud operations
Cloud operations can be classified into two primary functions: data and device management.
Data cloud operations are focused on end-product analytics and e-commerce functionality. End-product analytics are valuable to the product manager as they offer valuable marketing feedback for future development. Device management provides the ability to securely manage the device post-development.
Most cloud vendors focus primarily on data cloud functionality. As the ROI is clear, this leaves the developer with the complex task of secure device management. But the learning curve and time required to accumulate the necessary skills and experience often prove surprisingly substantial, creating severe delays in a product’s release.
Developers have the option of designing products that send their data directly to their cloud or using device management clouds to proxy the data. Time-sensitive applications may benefit by sending data across the internet via the shortest possible path, routing it directly from the device to the data cloud. However, if developers wish to shift the operations from one data cloud vendor to another, they may need to wait for the device to “check in” before it can be told to direct data to a different location. This could result in the need to support multiple data cloud accounts until the entire fleet is updated. That might be a problem in battery-powered, long-sleep-time applications or applications that may be seasonal, such as a barbecue temperature sensor.
In contrast, when a device management cloud solution also proxies the data, then only the device cloud needs to be informed of the re-direction. Furthermore, if an end device is required to send its data to multiple data clouds, it needs to send the data only once to the device cloud. The device cloud can then send the data in whatever format is required to those data clouds, allowing the devices to return to their sleep state and preserve battery life if needed.
Conclusion
A comprehensive DMS solution that addresses both types of cloud operations is thus a critical element of any successful IoT product development and deployment. When the solution also offers core building blocks to help device makers design, develop, and manufacture their products with security built in from the start, manufacturers are provided with both IoT product security and a mechanism to deliver the required updates that deployed products need. After deployment, the service can help keep track of the health of the product fleet, proactively fix any issues that occur, monitor the fleet’s security, and deliver device analytics to help better define future products.
The Silicon Labs Zentri DMS “silicon-to-cloud” IoT solution ensures that devices like endpoints and gateways can make secure connections to the cloud, enable secure post-deployment device management, and help protect vendor brands and business models. This lets developers concentrate on what they know best: how to build their own devices.
