Secure path to the Internet of Things   Leave a comment

With a seemingly countless number of connected devices, the Internet of Things (IoT) will be a gigantic growth market in the coming years. With the right solution, developers can concentrate on their core competencies and access the required specialist know-how in the shape of affordable, reliable and pre-validated modules.

The Internet of Things is growing steadily and rapidly. These intelligent objects have their own IP address and are constantly connected to each other over the internet,  making them able to communicate freely with each other. Sensitive data and devices must be protected from unauthorised access.

The first requirement for a network of machines and devices of any kind is secure IoT access. This can be provided either directly or via a gateway. In the first case, a gateway will already be implemented in the individual device. A protocol conversion between the internal and external network is often useful and necessary. Security is a complex issue and involves safety’ (broadly referring to safe operation) and ‘security’ (meaning safe from attacks by outsiders).

Intel quickly realised that this is a major obstacle for widespread access to the IoT. In cooperation with its subsidiaries Wind River and McAfee, Intel set out to develop a  secure end-to-end solution available from one source. This seamless and secure solution combines the individual products and special expertise from each company for selected platforms such as the Intel Atom-38xx family. Wind River supplies the Wind River Intelligent Device Platform XT which includes the operating system (Wind River Linux5.0), prevalidated software stacks, hardware drivers and matching libraries and tools. Functions such as administration, communication, connectivity and security as well as runtime environments such as Java, Lua and OSGi are all supported.

Fig 1 congatec’s current offering on the hardware and software sides of the IOT topology, with the Intel
processor selection on the left, and the matching form factors on the right.

iot topology

McAfee’s security software, McAfee Embedded Control, provides features such as dynamic application whitelisting (only registered and verified applications can run) and change control (all modifications of the code and the environment must be explicitly approved before execution). Intel provides the hardware platform itself plus hardware feature enhancements such as TPM (tamper proof module) and matching hardware-related software and stacks. The essential point here is that Intel validates the end solution as a whole; the complete processor board including all firmware.

Standard Modules

For those who neither want to rely on finished, commercially available devices nor go through the complicated and time-consuming process of certifying their own developments with Intel, the use of pre-certified function blocks makes good sense. Many industry sectors already use modular computer systems that are highly scalable for the specific application and based on proven standards such as Qseven or COM Express. The use of modules that are precertified for the Intel solution not only saves time and cost when implementing secure Internet connectivity, they also open up all the advantages of modular computer systems. Important criteria when selecting a module supplier includes support of the relevant standards, quality of the modules and the ability of the module manufacturer to effectively support the system manufacturer in the development of its own systems.

The the conga-QA3 Qseven module from congatec with processors from the Intel Atom E3800 family is particularly  well suited for connecting to the Intel Gateway Solutions for the Internet of Things. It enables the use of Intel Atom processors with up to four cores and clock speeds from 1.33 to 1.91GHz. Depending on the system and its application, the total power consumption ranges between as little as 4.5W to 12W. This enables the development of very economical and extremely powerful embedded PCs, that can be hermetically sealed and operate fan lessly in an extended temperature range. The maximum RAM size is 8GB DDR3L memory, and the integrated Intel HD graphics can support two independent Full HD displays via DisplayPort, HDMI or LVDS. Numerous interfaces and functions (including Gigabit Ethernet and USB3.0), enable fast and cost effective realisation of high-performance embedded systems with low power consumption such as Box PCs or other customised solutions.

Figure 2 - congatec's certified Intel Gateway Solution for the IoT

Fig 2 congatec’s certified Intel Gateway Solution for the Internet of Things

The combination of reliable hardware and a consistent software package, including everything from firmware to operating system and applications, provides a totally secure root of trust for IoT gateway applications. Thanks to outstanding performance, it is possible to carry out additional demanding tasks such as evaluation, consolidation, storage and visualisation of data, as well as sophisticated protocol conversions between the individual connection levels.

QSys is a modular embedded PC from TQSystems based on the Intel Atom E38xx. The combination of the MB-Q7-2 mainboard and thecongatec conga-QA3 module provides a highly compact embedded computer system and an ideal platform for use with the Intel Gateway Solutions for the Internet of Things.

The compact box design, with external dimensions of only 100x100x23mm³ and many interfaces and functions, is an example of how to quickly and cost-effectively implement a high-performance, passively cooled embedded system for gateway applications. Hardware security features such as TPM 1.2/2.0, the Sentinel HL Security Controller and integrated secure EEPROM enable the realisation of embedded systems with an exceptional level of security. The example has shown how quick and easy it is with congatec’s modular system to build concrete solutions for secure IoT gateways. The right know-how and technology can, however, bring further benefits. Thanks to the 70x70mm compact form factor of the Qseven module it is easy to transfer the system layout to a customised system, making the development of complete single board computer systems a simple and inexpensive task. The re-validation effort is relatively low because key components, such as processor, I/O system, network peripherals and firmware, require no or little modification. congatec has, for example, already implemented a complete mini- ITX single board solution.

As an ODM (Original Device Manufacturer) congatec can also develop complete customised systems and validate them for the customer, or use its know-how to help customers validate their own developments. The cost optimisation of this approach is particularly interesting where large production runs are concerned.

Modular systems consisting of pre-integrated hardware and software modules enable manufacturers of IoT-enabled systems to  develop secure solutions quickly and costeffectively, without having to deal in any detail with the complex security issues. On the one hand, security is safeguarded by a global player such as Intel bundling its expertise with that of its subsidiaries Wind River and McAfee in an end-toend, validated solution. On the other hand, they can rely on the manufacturer of the appropriate certified standard module, who is responsible for high manufacturing quality and practical support during the implementation of the complete solution. It is important to select the manufacturer carefully to avoid unwelcome surprises later on.

While current modules are primarily designed to provide gateway functionality for applications in the areas of industrial electronics, mechanical engineering, energy supply and transportation, subsequent modules and validation packages will cover additional functionalities and industry segments. The possibilities offered by the IoT are virtually unlimited and hold a rich potential for further development

Advertisements

Posted November 5, 2015 by Anoop George Joseph in Internet

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: