The 10 challenges of securing IoT communications

---

From the very beginning of developing an IoT product, IoT security must be a forethought.

---

One of the hottest topics at last week’s IoT StreamConf was security. In other words, how are we going to secure communication for billions of connected devices? How can we ensure that attackers can’t take control of our devices, steal information, disrupt services, or take down entire networks of expensive, imperative devices?

With IoT is still in its early stages, security is not fully understood and well-defined when compared to other industries, like the financial and e-commerce sectors. From the very beginning of developing an IoT product, whether it’s small-scale like a wearable device, to massive-scale IoT deployments, like an oil field sensor network or global delivery operation, IoT security must be a forethought.

In this talk, Rohini Pandhi, Product Manager at PubNub, walks through the ten challenges of securing Internet of Things communication. Rohini discusses flexible and secure messaging design patterns for IoT communication, and how they can be implemented and scaled. There are a number of security considerations, but after watching this talk, you should have a good idea of how you can secure your IoT deployment.

(Scroll below video for a table of contents of when individual concepts are talked about in the video).

Video Table of Contents

1. Defining the Internet of Things (10:27)
2. Unprotected devices will be attacked (13:15)
3. Encryption (15:46)
4. Single security model for all communications (17:56)
5. Access control (20:13)
6. Tracking device metadata (21:14)
7. Provisioning in the field (22:38)
8. Firmware updates in the field (24:07)
9. Compliance with regulations (25:15)
10. Reinventing the wheel (26:17)

More Resources on Securing IoT Communication

Below are a couple great pieces on IoT security, and some code tutorials for IoT developers:

• The Next Generation of IoT: PubNub CEO Todd Greene walks through the evolution of the IoT stack, and how it’s continuing to change, with security at the forefront.
• Securing the Internet of Streams: Doron Sherman discusses the need for a new approach to IoT security, built on a loosely-coupled, smarter network.
• World-class embedded security solutions ensures trust for every system design: Data security is directly linked to how exposed the cryptographic key is to being accessed by unintended parties. How to thwart? Keep the “secret key secret” locked in protected hardware devices.
• IT cloud vs. IoT cloud: Kaivan Karimi, Atmel VP and GM of Wireless Solutions, shares the top 10 factors to consider when transitioning from IT cloud to IoT cloud.
• Become a Crypto Expert by securing all the layers of IoT. Securing valuable pieces to solve your security puzzle for any stage or level of the design cycle.
• Ultra-secure Hardware-based Key Storage: CryptoAuthentication installed into the architecture of element devices with hardware-based key storage ensure that a product, consumables it uses, firmware it runs, accessories that support it, and the network nodes it connects to are not cloned, counterfeited, or tampered with.
• Complete Security for PCs and Embedded Systems: The TPM includes integrated, protected nonvolatile storage for cryptographic keys, secrets, and authorization information.
• Making EEPROMs a Safe Place for Sensitive Data: CryptoMemory chips are the world’s largest family of EEPROMs with a 64-bit embedded hardware encryption engine, four sets of nonreadable, 64-bit authentication keys, and four sets of nonreadable, 64-bit session encryption keys.

PubNub unveils new Realtime Analytics Dashboard

PubNub recently announced the availability of its new Realtime Analytics Dashboard, providing customers with easy-to-understand visualizations of their application data streams and user base. New real-time graphs illustrate the value, impact and scalability of PubNub-powered applications.

For Internet of Things (IoT) customers and others enabling device connectivity, the new dashboard tracks data stream traffic and usage in real-time via a live world map. In addition, application owners can see which countries have the highest message volume, and which channels have the most messages and users. According to its recent blog post, the dashboard streams live-updating metrics including:

• A live world map that charts your real-time data based on geolocation
• Top countries by message volume
• Top channels by message volume and number of users
• Top devices by message volume and number of users
• Peak active devices over a 24-hour period

The Realtime Analytics Dashboard helps customers improve their applications’ overall performance and troubleshoot production-level issues. With these real-time analytics, customers have the ability to correlate peaks and troughs in usage with message volume on the PubNub Data Stream Network.

“PubNub developers have always been able to view an up-to-the-millisecond assessment of the performance of their applications based on message volume,” said Todd Greene, Founder and CEO of PubNub. “With our new Realtime Analytics dashboard, our customers have even greater visibility to easily understand the performance and reach of their apps in realtime, and to share key metrics with other stakeholders within their organization.”

The newly-unveiled Realtime Analytics Dashboard is now available in the PubNub developer portal. If you’re looking to read more from the PubNub team on Bits & Pieces, you’ll find plenty of articles on the IoT and real-time apps here.

How to connect an Arduino to a real-time network in two steps

Arduino is a microcontroller and development environment that can be used, just like Raspberry Pi, to read information from its sensors and control other devices.

Programming on the Arduino is extremely simple, which has led to its widespread use in interactive environments. As with the Raspberry Pi, it’s a great (and low cost) starting point for experimenting with the world of embedded wearables and the Internet of Things.

This blog walks you through the steps to connect an Arduino to the PubNub Data Stream Network. This enables you to connect with a high volume of other devices at a global scale and start sending and receiving data between a wide variety of devices, including other Arduino and Raspberry Pi devices.

PubNub acts as your communication layer for signaling and data transfer between embedded devices. Some of the advantages of using the PubNub Data Stream Network over a custom, open source solution is reliability and speed. PubNub takes care of the backend infrastructure that you’d have to set up otherwise to create a signaling network between Arduino and other connected devices. You can find the Arduino PubNub extensions here. For additional resources, check out the PubNub Arduino documentation page.

Basics of Connecting the Arduino to The PubNub Data Stream Network

Really, all it takes is two steps to get your Arduino up and running. Follow these steps to get connected:

STEP 1: Connect the Arduino to a monitor, keyboard, mouse and ethernet cable. You’ll also have to sign up for a PubNub account to get your unique keys. PubNub is entirely free in the sandbox tier, which gives you more than enough bandwidth to test and play with your Arduino.

STEP 2: Open a new window and paste the following code.

#include 
#include 
#include "string.h"
#include "iotconnector.h"
 
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
 
char pubkey[] = "demo";char subkey[] = "demo";char channel[] = "iotchannel";char uuid[] = "Arduino";
 
iotbridge arduino;
 
void initialize(){
    Serial.begin(9600);
    Serial.println("Serial set up");
 
    while (!Ethernet.begin(mac)) {
        Serial.println("Ethernet setup error");
        delay(1000);
    }
    Serial.println("Ethernet set up");
}
 
void do_something(String value){
    Serial.println("in the callback");
    Serial.println(value);
   }
void setup()
{
    initialize();
    arduino.init( pubkey, subkey, uuid);
}
 
void loop()
{
    String returnmessage;
    Ethernet.maintain();

    //Publish
    arduino.send(channel,""Hey There"");
 
    //Subscribe
    returnmessage = arduino.connect(channel);

    //callback function of sorts, to work with the received message
    do_something(returnmessage);
    Serial.println();
}

The above code lets you set the following :

• publish key using “pubkey”
• subscribe key using “subkey”
• UUID using “uuid”
• channel you wish to subscribe and publish to using “channel”

For all of you who are familiar with Arduino, you will notice that this is in fact only a few additional lines of code in loop(). The remaining code sets up the Ethernet connection to the Arduino. The keys lines of code are just three lines:

• arduino.init() that lets you initialize variables
• arduino.send() that lets you send a message over the specified channel
• arduino.connect() that lets you subscribe to a channel to receive messages

We create an instance of the iotbridge called “arduino” and we can use the SEND and CONNECT methods belonging to that class. SEND: This invokes the publish() API to send any message over a desired channel.

bool iotbridge::send(const char *channel, const char *message){
  EthernetClient *client;
  client = PubNub.publish(channel,message);
  return client;
}

CONNECT: This invokes the subscribe() API to listen for messages from other embedded devices connected to the same channel. NOTE: The call back function receive is invoked when subscribe runs. Connect() will block on subscribe, waiting for a message to be sent to the device. You can write your own simple task scheduler and bounce between tasks according to their timing requirements.

String iotbridge::connect(const char *channel){
  PubSubClient *pclient = PubNub.subscribe(channel);

You can customize the channels you publish/subscribe to, the UUID you assume and also the messages you send by just changing the above fields. And that’s it! You can now talk Arduino to any other device or application subscribing/publishing to the same channel.