Securing IoT Data
Menu
The Ioetec IoT Security Platform secures third party IoT sensors so that the data they deliver can be trusted. Our code sits in the sensors and the edge node. The platform authenticates the devices using a closed system trust zone and then exchanges keys so that data can be encrypted. In the edge node the data can be consolidated and stored, still encrypted. This process is then repeated to pass authenticated and encrypted data to the backend repository (gateway, edge, cloud, on premises). Once the data is deposited, then standard interfaces can be used to pass the data to the authorised user.
1) The Sensors can connect to a gateway using a wide variety of communications protocols.
2) The sensor authenticates to the gateway and receives session and data security keys.
3) Using the agreed keys, all data is encrypted by the sensor before it is sent to the gateway.
4) The gateway establishes a secure connection to the MQTT broker, and passes encrypted data from the sensors to the trusted user.
5) Users can use any standard MQTT client, with authentication, to access the encrypted data.
6) The Gateway and the Sensors issue BIRTH data when they join, and DEATH data when they leave. The sensors status can therefore be monitored by the broker.
Secure by Design
| No default passwords | Automatic registration and key exchange. No default passwords required |
| Implement a vulnerability disclosure policy | All users notified of any vulnerabilities by security@ioetec.com |
| Keep software updated | Checks version, hash code and end-of-life against database when device registers. Supports secure device code updates |
| Secure credentials and sensitive data | All sensitive key information held in transient memory. Device automatically re-registers if information deleted |
| Communicate securely | Ioetec uses AES for encryption and TLS for User Authentication |
| Minimise exposed attack surfaces | Ioetec only requires a single port for the MQTT connection. All others closed. Cloud service fully secured |
| Ensure software integrity | Check version and hash code against database |
| Ensure that personal data is protected | Data is encrypted in transit and at rest |
| Make systems resilient to outages | Cloud service include automatic elastic scaling and geolocation resilience |
| Monitor system telemetry data | Automated procedure for monitoring server logs and performance and sending alerts using AWS Cloudwatch |
| Easy to delete personal data | Customer can delete account, sensors and data. Automatic projection of data as only the user has the unlock keys |
| Easy installation and maintenance | Automatic sensor registration with no user interaction required (apart from registering ownership) |
| Validate input data | All input on Ioetec web interfaces is fully validated. Guidelines provided to manufacturers for input to their data input sources |