Get started Bring yourself up to speed with our introductory content.

Secure connectivity for the internet of things

In a provocative 2015 report, Gartner analysts Karamouzis, Jivan and Notardonato discussed the disruptive nature of smart machines, cognitive technologies and algorithmic business models. By classifying content, finding patterns and extrapolating generalizations from those patterns, these technologies will change the competitive landscape. The eyes and ears of smart machines will be the internet of things, the so-called “digital mesh,” which will be given voice by secure connectivity infrastructure that enables them to talk.

Secure connectivity infrastructure includes a few basic building blocks (Figure 1), the implementation of which can vary considerably:

  • Intelligent IoT device
  • Access device
  • Communications media
  • IoT controller
  • Analytics and business applications
  • Device and network management
Figure 1: IoT secure connectivity infrastructure

Figure 1: IoT secure connectivity infrastructure

IoT secure connectivity infrastructure

An intelligent IoT device is a machine, or a group of machines, that uses a control network protocol, TCP/IP or a proprietary protocol for data communications. In peer-to-peer networks, data communications may be limited to an isolated group of devices, while in other cases — like automotive telematics and demand-side management systems — communications will be directed to a centralized data center serving potentially tens of millions of IoT devices.

There are two forms of access devices: gateways and converged IoT systems. A gateway is used when the IoT device has serial, analog or proprietary inputs/outputs (I/O) that are incompatible with a data communication network. The gateway converts these I/O into a protocol and format compatible with the network.

A converged IoT device is used to reduce process latency, lower the volume of data communication traffic or send a summary of local activity to a data center. It does this by running an analytics application locally to analyze IoT data. Converged IoT devices are characterized by their powerful compute engines, remote management capabilities, and ability to ingest analog or digital sensor data and control bus traffic.

The communications medium used in IoT systems vary considerably, and may include wired Ethernet, Wi-Fi, cellular or specialized control network physical layers. There are dozens of different control network physical layers, and even more controls protocols that use them. Table 1 presents some of the standard-based control network physical layers, and Table 2 shows the more common control network protocols used in different vertical markets.

Table 1: Control network physical layers

Table 1: Control network physical layers

Table 2: Control network protocols

Table 2: Control network protocols

Wide area networks (WANs) may use cellular, satellite, DSL, cable modem, fiber optics, microwave, MPLS or E1/T1 communication media, among others. The upside of cellular is that WANs can be quickly set up and moved as needed in the event of a disaster or during adds, moves and changes. The downside of cellular is the high recurring subscription costs, especially for data-heavy applications.

Using a mobile virtual network operator that has pre-negotiated low subscription rates can lower operating costs for IoT applications, especially for machine monitoring applications with modest data requirements. Pre-processing IoT data on-site using a converged IoT system can significantly reduce the cost of cellular in data-heavy applications.

Figure 2: Ruggedized Wi-Fi access point for IoT applications

Figure 2: Ruggedized Wi-Fi access point for IoT applications

If a VPN tunnel is used, care must be taken to ensure that tunnel security is suitable for the intended application. Internet Protocol Security (IPsec) ESP encrypts and encapsulates data between two entities, and is commonly used for commercial VPNs that traverse public telecommunications infrastructure, including the internet. IPsec supports AES 256+ bit key encryption and provides network-level peer authentication, data origin authentication, data integrity and replay protection. For government IoT applications, Suite B elliptic curve encryption may be required to protect IoT devices associated with foreign releasable information, U.S.-only information, or sensitive compartmented information up to top secret classification.

High-availability applications often require two separate and distinct connections, such as DSL and cellular. If one fails, the alternate connection will automatically be selected by the access device.

The IoT controller terminates data communications and VPNs, typically at a data center or an intermediate aggregation point, and hands off the data to an application for processing. The controller manages network encryption and authentication, and interfaces with firewall, network access control and policy management applications that enforce application-layer security, packet prioritization and access rules.

Ideally, IoT data will remain encrypted from source to destination so there’s no cleartext available to snoop. However, this isn’t always possible. Older IoT devices, or ones that lack modern cyber security capabilities, have to rely on a gateway or converged IoT system to encrypt the IoT data. The cleartext link from the IoT device presents a vulnerability that needs to be addressed using physical measures, e.g., securely embedding the access device inside the IoT device and monitoring the data link for tampering.

Data are the new bacon in the world of business transformation, and it’s the analytics and business applications that add sizzle to the process. These applications consume IoT data and use mathematics, statistics, machine learning and predictive modeling to manage operations, detect security violations and create the foundation for innovative new services based around contextual data like location.

The final element, device and network management, includes software that configures, manages, posture checks and monitors the IoT devices and networking infrastructure. Posture checking is essential to detect and protect against infected devices.

The rise of the smart machine will occur in lock-step with the rise of secure connectivity infrastructure that transports the data they generate. Working in tandem with new algorithmic tools, IoT devices and secure connectivity infrastructure will increase the productivity of human and capital assets, and drive economic growth from the new business opportunities enabled by the internet of things.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.