Secure OTA updates and a unified software platform are the keys.
IoT and Edge devices span multiple market segments, from smart appliances to smart cities, from sensors to gateways, and from industrial IoT/Industry 4.0 applications to fully autonomous vehicles. Deployments can range from handfuls of products to multiple fleets of millions of devices.
IoT device management has many different components that need to come together during the life cycle of an IoT or Edge product or service. These include:
- IoT device security
to protect from cyber attacks, IoT devices and data transfers must be fully secured. Key components include secure boot to ensure that the device is running the correct software, use of strong cryptographic algorithms for key generation, revocation and rotation, secure storage for sensitive data or credentials, secure data communications and secure updates to ensure that the device can only be updated by a known and authorized source
- Device manufacturing provisioning
to install a unique and tamper-proof root of trust into each device that is required for the public key infrastructure used for end to end security
- Secure on and off boarding
enabling devices to be secured and authenticated to an OEM or service provider when first powered up, without having to individually set up each device on a manufacturing line. This is critical for large deployments where zero touch onboarding saves time and eliminates the threat vector of third party interference
- Device configuration
may be required post installation to enable new services or add/restrict features
- Applications and services management
during the product life-cycle may be needed to add, remove or change the applications or services that are running on the device
- Software updates
are critical to maintain the security of an IoT or Edge device in the field. These may be to fix bugs or provide security patches for newly discovered critical vulnerabilities (CVEs), or to introduce new functionality or features. Large fleet management also benefits from enabling subsets of the devices to be used as test devices or canaries to ensure updates work as expected in the field. Then, the fleet is likely to need to be updated over a period of time, rather than potentially flood a network by updating millions of devices all at once
- Remote access
may be necessary for product testing, analysis, or servicing. Any remote access mechanism should be secure by design to ensure additional threat vectors are not introduced
- Change of ownership
may require remote factory-reset operations depending on the use case, to ensure removal of personal information in accordance with local privacy legislation
- End of life or decommissioning
can be needed at end of life or when a device is no longer to be included in a fleet configuration
Typically every one of these components depends on secure remote access to individual devices and/or entire fleets, and for large installations this has to be an automated process. Device management systems enable lifetime management of large fleets of devices - the industrial equivalent of Apple or Google managing updates and features on your mobile phone.
Secure over the air (OTA)-updates are a must have for IoT and Edge devices, both for device and fleet management, and to protect against possible future cyber threats. At the device level this depends on the use of software that builds in security from secure boot to the cloud.
Many embedded, IoT and Edge products using Linux software contain components from multiple vendors. It is important that all the software on a device can be updated through its lifetime. In a device management system this can be complex if different components require different update mechanisms with different security requirements. In contrast the FoundriesFactory takes a holistic platform approach to security across the entire device software stack, and uses The Update Framework (TUF) for securing all software updates. TUF is an open industry standard, originally funded by the US Department of Homeland Security, and specifically designed to ensure the security of software updates to remote devices and fleets.
Key features of the solution include:
- Root of Trust installation
- Secure boot of Linux operating system on any capable hardware
- Device onboarding
- OP-TEE secure operating system for trusted applications on Arm devices
- Optional use of Hardware Security Elements for key management, secure storage and cryptographic operations
- Incremental software updates for kernel, user space and docker containers using ostree and aktualizr-lite, compliant with TUF specifications
- Remote testing to enable tests to be run on any remote device(s)
- Remote access using WireGuard secure VPN
- CLI and REST API access to device management and fleet management facilities enabling integration with customer dashboards and back-ends
- Configurable platform enables the use of other device and data management platforms and services to meet specific customer requirements
Device management involves many moving parts across the entire software stack from device to cloud. Using a single vendor and a unified platform reduces time to market and increases overall security of your solution.