Problem solved: AWS IoT + Mongoose OS + crypto chip = IoT Security
We have all witnessed the media outcry about IoT security breaches and all the possible consequences of them. However, what has not been addressed is how to actually avoid or prevent such breaches.
The general public and the media has a really vague understanding on what goes into IoT security and usually uses words like ‘device’ and ‘cloud’. Start speaking about SSL/TLS, crypto chips, 2 ways MQTT SSL authorization and you will completely lose their attention.
What is the key reason IoT Security is being compromised? It’s as simple as 5 cents: vendors are price cautious and time sensitive, wanting to launch their connected products to the markets at the lowest cost possible, all too often overlooking the basic security precautions.
What you need to know though are the key points where a connected device can be compromised:
1) On the device itself (when the device is being tampered with) as SSL certificates are not protected and can be easily accessed.
2) In the way a device communicates with the cloud when the traffic is not encrypted.
3) On the cloud side, where the unprotected or less well-protected authorisation process with the cloud can be compromised. This can occur with cloud providers who do not enforce security requirements on their side.
End price of the product and good P&L costs are among the key priorities for businesses. However, now security comes into the equation as the key pillar to protect brand identity and perception.
So, how do you have a well-rounded and secure connected product and at the same time achieve this in a cost-effective way?
Many heads were scratched recently going over these dilemmas, looking for the best answer.
Go no further, we have an answer for you - a fully secure solution with a hardware part (MCU + crypto chip) costs below $3.00!
Unbelievable? Almost, but it is definitely real.
As a matter of fact, there are several strong key players who come together to put a solution which is fairly inexpensive but provides the highest level of security available now:
1) AWS IoT - is the only cloud provider insisting on secure 2-way TLS authentication for any device connecting to it.
2) Microchip (Atmel) and their ECC508A crypto chip, which stores SSL certificates securely on the devices, which is literally impossible to hack. The best point here is it is priced at under $1.00
3) Espressif Systems and their ESP8266 chip, which is probably the most popular Wi-Fi-enabled MCU with a price point of below $2.00 as well.
Now you've got the components to make your connected device secure and in a very cost-effective way. So, what do you need to do and how do you get to bundle them?
Here comes Cesanta, a company behind the very popular Mongoose Web Server, with their Mongoose OS which not only bundles all three components outlined above but which has been developed in a way where you can literally plug-and-play the solution into your product and have secure IoT connectivity from the get go, with actual implementation being so seamless you won't even notice it has happened.
How is that all possible you are probably asking? Is this another ad pushing something into my head? Fear not, this is not an advertisement, but an overview of an open-source product you can actually try out immediately after you have finished reading this article. Now who else can do this for you?
So let's have a closer look at the solution:
1) Mongoose OS is the only industrial-grade firmware available for ESP8266. Proven, stable, tested over time.
2) It is seamlessly integrated with AWS IoT providing secure 2 ways MQTT authentication.
3) It supports an ECC508A crypto chip and makes the security and certificate storage on the end device bulletproof.
4) Security is enforced by an mbedTLS library - the most trusted and stable on the market. It has been tuned by Cesanta so it can fit constrained resources available on the ESP8266.
Additionally, see how our partners from AWS IoT describe it:
Want to see even more proof? Check this AWS reInvent demo on the solution from our partners: