Forming IoT Secure Systems as simple as Point and Click
TriDiNetworks identified that a major problem of the IoT systems is the complexity associated with the network security and commissioning.
IoT products require the highest level of security possible. It is not just the data the IoT application generates that needs to be protected. Some designs such as wearable applications also store personal information, identities and log-in details for service providers that would certainly be a target for hackers. Likewise, being able to access an IoT application that controls other appliances such as a heating and air conditioning systems would compromise system integrity and potentially have fatal consequences. Also, manufacturers need to protect their IoT devices from being cloned and being sold as counterfeit products in order to protect brand equity and preserve potential revenue streams. Without security the IoT will not be widely adopted.
Confidentiality, Integrity and Authentication are the fundamental security requirements. The algorithms for the implementation of these requirements need to store a unique key in each IoT device.
Hardware key storage is the strongest way to secure keys. On the market there are several crypto components for hardware key storage, random number generation, computing digests, etc. in order to support IoT device security. These components are tiny, low power, cost effective, work with almost all microcontrollers, and most importantly store the keys in ultra-secure hardware to ensure the highest security level possible.
The crypto components require personalization, namely the ability to program or configure them with various parameters such as secret keys. The term personalization was chosen to reflect that once a part is configured and locked it cannot be changed and will forever have the programmed “personality”.
For production in very large quantities, personalization can be performed directly by the component manufacturer or by transferring the secret keys to the hardware board’s assembly factory and program the components in a separate process.
The problem is these common personalization processes are complicated, time consuming and expensive, and furthermore require transferring the keys to third parties which cannot always be trusted.
In addition, in order to join and form a wireless network each IoT device needs to receive a set of parameters for the security communication protocol. For example, in a Wi-Fi network each IoT device requires the network number, channel number, passphrase (code needed for wireless access to the network), etc.
In large and expensive devices the parameters can be loaded through connectors or touch panels. In small and low cost IoT devices such as wireless switches this is too expensive and prohibitive, since electricians and users do not expect, and are not trained to perform such actions. Another way to load parameters in wireless devices is through the wireless channel, but this action can be performed by RF professionals and not by regular electricians and users. Moreover, this “over-the-air” commissioning method relies on long-range connectivity, such as Wi-Fi. These long-distances formats are vulnerable to eavesdropping and are common targets for attack rendering the entire network vulnerable.
In order to solve these problems, TriDiNetworks has developed a complete end to end IoT Secure System that enables connecting devices to the internet and controlling them from the cloud through Point and Click patented technology, in which the network is formed automatically and the devices are registered to the network very easily using a smartphone.
TriDiNetworks system uses a main communication channel to transfer control and management data (Wi-Fi for example).In addition to the main channel, in each IoT device we incorporate a secondary NFC (Near Field Communication) contactless channel used for loading from close proximity the parameters for the crypto component and the communication protocol. Since NFC only sends data over very short distances (typically 2-3 inches), NFC commissioning is therefore inherently secure, and data is kept close and confidential.
The parameters on the secondary channel are transferred individually to each device from a dedicated Commissioning Tool based on off-the-shelf NFC-enabled tablets or smartphones by just holding the Commissioning Tool (with TriDiNetworks’ application) near the device. The device doesn’t have to be running or even plugged in to support NFC commissioning, which can save energy, time, and make the process user friendly.
In order to generate the parameters and load them from the Commissioning Tool to each IoT network device, TriDiNetworks developed a new design methodology. The design is performed through an intuitive software tool called Network Designer. The Network Designer allows everyday people to allocate parameters (such as communication protocol, network and crypto parameters) to each IoT device. The parameters are then stored in a data base and transmitted to the Commissioning Tools in the installation site.
The TriDiNetworks’ IoT Secure system consolidates the design and commissioning in one simple-to-use unified system, is agnostic to the wireless communication channel technology and drastically reduces commissioning time and costs.
No longer have everyday people to wait for trained technicians to commission their IoT wireless networks, to replace faulty components or to add components in their wireless networks. They can do all that by themselves using their smartphones.