Securing IoT Data

The Ioetec Security Platform

The Ioetec IoT Security Platform secures third party IoT sensors so that the data they deliver can be trusted. Our code sits in the sensors and the edge node. The platform authenticates the devices using a closed system trust zone and then exchanges keys so that data can be encrypted. In the edge node the data can be consolidated and stored, still encrypted. This process is then repeated to pass authenticated and encrypted data to the backend repository (gateway, edge, cloud, on premises). Once the data is deposited, then standard interfaces can be used to pass the data to the authorised user.

The Ioetec IoT Security Platform; step by step

1) The Sensors can connect to a gateway using a wide variety of communications protocols. 

2) The sensor authenticates to the gateway and receives session and data security keys.

3) Using the agreed keys, all data is encrypted by the sensor before it is sent to the  gateway.  

4) The gateway establishes a secure connection to the MQTT broker, and passes encrypted data from the sensors  to the trusted user.

5) Users can use any standard MQTT client, with authentication, to access the encrypted data.

6) The Gateway and the Sensors issue BIRTH data when they join, and DEATH data when they leave. The sensors status can therefore be monitored by the broker.

Secure by Design

No default passwordsAutomatic registration and key exchange. No default passwords required
Implement a vulnerability disclosure policyAll users notified of any vulnerabilities by
Keep software updatedChecks version, hash code and end-of-life against database when device registers. Supports secure device code updates
Secure credentials and sensitive dataAll sensitive key information held in transient memory. Device automatically re-registers if information deleted
Communicate securelyIoetec uses AES for encryption and TLS for User Authentication
Minimise exposed attack surfacesIoetec only requires a single port for the MQTT connection. All others closed. Cloud service fully secured
Ensure software integrityCheck version and hash code against database
Ensure that personal data is protectedData is encrypted in transit and at rest
Make systems resilient to outagesCloud service include automatic elastic scaling and geolocation resilience
Monitor system telemetry dataAutomated procedure for monitoring server logs and performance and sending alerts using AWS Cloudwatch
Easy to delete personal dataCustomer can delete account, sensors and data. Automatic projection of data as only the user has the unlock keys
Easy installation and maintenanceAutomatic sensor registration with no user interaction required (apart from registering ownership)
Validate input dataAll input on Ioetec web interfaces is fully validated. Guidelines provided to manufacturers for input to their data input sources