IoT Insight event highlighted building automation, software gateways and silicon hardware security from Intel, Rudin Management, Wind River, and McAfee.
By “IoT Embedded Systems” Staff
Intel has been working hard to create a platform and ecosystem that makes it easier for engineers to create Internet-of-Things (IoT) applications. For example, the latest iteration of the Edison platform is helping to move IoT to mainstream deployments with a repeatable foundation of customized building blocks for a great many solutions.
Mobile, Home and Industrial IoT
At their recent Dec. 9, 2014, “IoT Insights” event in San Francisco, Doug Davis, Intel VP and GM, Internet of Things Group (see Figure 1), talked about the three basic types of IoT categories – mobile, home, and industrial. These categories were further delineated into six application areas – retail, wearables, buildings, industrial, energy, cities, and transportation.
As an example of building automation using IoT, Doug cited Rudin Management, a New York City real estate company that developed its own building management system software called DiBoss. , The company has demonstrated that it can intelligently manage fans and other energy systems in its buildings. John Gilbert, COO, said that in one year at one major office building, the company saved nearly $1 million. That dollar amount translates to a savings of 50 cents for every square foot of building space.
Key to the management and savings is an intelligent gateway that collects sensor data at the network edge. Further, the gateway acts as a filter to analyze and normalize the data to be share through the company’s network of application via the cloud. Intel has developed a family of gateway solutions that enables connectivity between both new and legacy sensors/devices by putting together technologies for networking, embedded control, enterprise-grade security, and manageability (see Figure 2).
The gateway kits include fully integrated and validated hardware and software from Intel, McAfee, and Wind River, which should reduce time-to-market and development costs. The kit is based on either a Quark SoC X1000 or Atom E3826 processor. There are four versions of the kit – the DK50, DK100, DK200 and DK300. The kits are complete with fully-configured compute, operating system, wireless communications, security software, development tools, chassis, power supply, antennas, and documentation.
Lorie Wigle, VP of IoT Security Solutions at Intel, noted that IoT devices often have a very long operation cycle (see Figure 3). They are not re-booted very often, if ever, and are often part of a system of systems. The challenge for designers is that these devices are not updated as often as they should be. That’s why it is important to track the device ID – for perhaps hundreds of devices – and maintain an operation status for all. Intel’s mantra for this type of security is, “harden the devices, secure the communications, and monitor while taking advantage of analytical tools.”
Intel Security announced Enhanced Security for IoT Gateways in support of the reference model (see Figure 4). This pre-validated solution from McAfee includes advanced security management for gateway devices. Lorie described key security software for the gateway and IoT in general.
Securing the Gateway
The Wind River Edge Management System provides cloud connectivity to facilitate device configuration, file transfers, data capture, and rules-based data analysis and response. This pre-integrated technology stack enables customers to build industry-specific IoT solutions and integrate disparate enterprise IT systems, using API management. The middleware runs from the embedded device up to the cloud thus reducing time to market and total cost of ownership.
Integrated with the Intel IoT Gateway platform, McAfee ePolicy-Orchestrator (ePO) maintains system integrity by allowing only authorized code to run (application whitelisting) and only authorized changes to be made (change control). It simultaneously protects embedded system integrity and automates the enforcement of software change control policies. It allows an administrator to remotely configure and update the system. When you have 5,000 nodes you don’t want to have to send a person out to upgrade each of those. The solution reduces the cost and complexity of security and compliance administration.
The McAfee Security Information and Event Management (SIEM) provide the analytics tools to identify critical threats and respond quickly. And, built for big data security, McAfee Global Threat Intelligence for Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent Security Information and Event Management (SIEM). These can be deployed on premises or on the cloud.
The McAfee Next Generation Firewall (NGFW) is the key element for watching over the Gateway communications. It has an intrusion prevention system (IPS), built-in VPN, and deep packet inspection. Then McAfee adds anti-evasion technologies that decode and normalize network traffic — before inspection and across all protocol layers — to expose and block the most advanced attack methods.
Silicon Security First
Intel Fellow, Steve Grobmen spoke about having a foundation for security in silicon. The connected world requires proof-of-identity and hardware based key generation. The Trusted Connection Service from Intel is a part of the proof-of-identity approach. For example, Intel has developed an Enhanced Privacy ID (EPID) for remote, anonymous authentication of a hardware device. It is a two layer system – ID of what type of device and ID of a specific device. Using EPID, a hardware device can prove to a remotely located verifier that it is a valid device, certified by the hardware manufacturer, all without revealing its identity and without the verifier being able to link multiple authentication attempts made by the device. For example, an EPIC can determine whether a car is a valid device and thus able to receive secure information. However, the EPIC system will not reveal who owns the device to prevent the car owner from unknowingly being tracked as they drive.