« Previous 1 2
Build secure IoT applications with open source
Locked Down
Conclusions
This article has provided just an overview of the security challenges for devices; all the good old web server security rules still apply. You need to secure your IoT cloud server just like any other serious cloud application or web service. The major difference concerning IoT devices should now be clear: You need strong cloud communication security, and you must be ready to upgrade the device keys and software quickly.
Also, this is a complex and time-consuming challenge, which is sometimes seen as merely a side topic – probably because your main focus is your application and your core business. All hope is not lost! As I've shown, using standards and open source IoT building blocks, you can provide a solid and secure foundation for your application. That's the core idea of the Eclipse IoT working group: to encourage and simplify IoT development.
Infos
- U-Boot: http://www.denx.de/wiki/U-Boot
- MQTT: http://mqtt.org
- CoAP: https://tools.ietf.org/html/rfc7252
- Mbed TLS: https://tls.mbed.org/
- TinyDTLS: http://tinydtls.sourceforge.net
- Eclipse IoT project: https://projects.eclipse.org/proposals/tinydtls
- Eclipse IoT Paho project: http://eclipse.org/paho
- SHA-1 (deprecated): https://en.wikipedia.org/wiki/SHA-1
- RAM/flash estimate for TinyDTLS: https://tools.ietf.org/html/draft-tschofenig-lwig-tls-minimal-03
- Revocation checking: https://www.imperialviolet.org/2014/04/19/revchecking.html
- OMA Lightweight M2M: https://en.wikipedia.org/wiki/OMA_LWM2M
- Wakaama: http://eclipse.org/wakaama
- Leshan: http://eclipse.org/leshan
- Contiki: http://contiki-os.org
- Riot OS: http://www.riot-os.org
« Previous 1 2
Buy this article as PDF
(incl. VAT)