AWS has added Internet of Things (IoT) services to its gamut of global services. The IoT industry is taking all by storm, evolving and infiltrating our daily undertakings quite quickly. AWS may have the heads up with regards to the IoT, as with other cloud services, AWS has quickly adapted to support this new and evolving technology. Recently AWS have launched the AWS IoT, while most cloud providers are still becoming accustomed to the workings of the IoT, AWS are now ready to deliver.
The IoT is the introduction of products (devices or sensors) that can connect to the Internet and thereby communicate with us, others or other devices, enabling the broadcast of information from the world’s devices, processing and transferring data as previously may have been unfounded. Delivering smarter products for consumers and facilitating businesses to provide improved data-driven offerings. It is anticipated that by 2020 at least 50 billion devices will be connected to the internet, for some time already the devices connected to the internet surpasses connected people. AWS is evolving to embrace this. The new AWS IoT is an integrated service that enables the connection of devices to other devices and services.
IoT brings a host of benefits but also security challenges, especially as IoT merges our digital and physical environments. These challenges must be addressed to ensure security and safety; as large amounts of data are processed via IoT and vast numbers of devices are involved at any given time. AWS IoT platform aims to address these challenges.
We expect IoT to impact security significantly as well as data volumes. The IoT not only brings with it the amalgamated security issue, combining security contiguous with information security, physical security and operational security. Additionally, the sheer numbers of devices involved with the IoT and their varied attributes must be properly managed and secured.
Large volumes of data will be processed and stored. Data centre traffic will increase substantially and the cloud will be representing majority of this traffic.
AWS IoT will need to ensure all these attributes are appropriately addressed for a successful service.
Terminology to get your head around
The AWS IoT components explained
- Things- can be devices, applications and objects that function to measure or control something within the environment in which they exist
- Thing/device shadow- the virtual representations of things in the cloud to track the state of the device
- Rules Engine- transforms messages that the user defines and routes them to the AWS service
- Message Broker- allows for communication between things and cloud applications
- Device SDKs- software development kits to create devices that work with AWS IoT platform
- Things Registry- assigns a unique identity to each thing and tracks attributes and capabilities of each thing
The AWS IoT Platform
Many organisations already use AWS services to support the back-end of their IoT applications but now AWS IoT allows many more (service providers, manufactures and developers) to take advantage of the AWS IoT, to easily connect products to the cloud at scale, analyse data and act on it and design and develop new applications that can interact with the physical world.
It allows for secure, two-way communication between connected devices/products and the AWS cloud, including sensors, actuators, smart products and embedded devices etc. It supports device-to-device communications, device management and applications that connect to devices. AWS also provides software development kits (SDKS) enabling users to create devices that work with the AWS IoT platform and this is available to support an array of hardware options.
AWS IoT, a purpose built platform, enables the following capabilities through its especially designed interfaces so that users can easily create and interact with products.
- AWS Command Line Interface (AWS CLI)
Runs commands for AWS on IoT on platforms, Windows, Mac and Linux.
- AWS SDKs
Enables users to build IoT applications using language-specific APIs
- AWS IoT API
Enables user to build IoT applications using HTTP or HTTPS requests
- AWS IoT Thing SDK for C
Enables user to build IoT applications for resource-constrained things
Security and Identity challenges addressed
AWS have made security a foremost priority while developing the solution introducing a means to authenticate devices connecting to the IoT cloud. Authentication and authorisation is taken seriously with AWS IoT and is by no means an after thought. AWS IoT is also integrated with Amazons IAM, providing another layer of security.
- AWS IoT Follows the shared responsibility model
- Each connected device requires a credential to access the service
- All traffic traversing AWS IoT must be encrypted over TLS
- Devices have the obligation of keeping their credentials secure
- AWS cloud security protocols protect data as it traverses AWS IoT and other devices and AWS services
- The user must manage the credentials on devices and the AWS IoT policies
- The user must assign unique identities to each device and manage the permissions
- AWS IoT (message broker) authenticates and authorises all user account actions, authenticates the device, processes device data securely and honours the access permissions set up by user
- AWS IoT (rules engine) forwards device data to other devices and AWS services, securely, honouring rules defined by user
- AWS IoT supports three identity principles depending on the application protocol used by the user (X.509 certificates, IAM users/groups/roles and Amazon Cognito identities), each with its own merits
- Authorisation with AWS IoT follows the least privilege principle
- An identity can only execute AWS IoT operation on obtaining the appropriate permission
How AWS IoT works (in a nutshell)
AWS is very thorough when it comes to documenting their services and solutions and the documentation is very clearly written and carefully laid out for all to easily peruse and understand, nevertheless in a nut shell this is how the AWs IoT solution works.
- Things/devices link to AWS IoT services through a gateway, securely, by utilising authorisation, authentication and encryption to ensure security is maintained
- Each device that connects is registered by the system and each device is given a unique identity (preventing any improper exchange of data between devices)
- Users can create, deploy and manage policies and certificates for their devices through the gateway
- A rules engine can operate on the device data, allowing users to build applications for data collection, processing and analysis. Actions can also be instructed. Data is easily managed through the rules engine too.
- A ‘Device/thing shadow’ is a AWS IoT capability that allows a stand-in for an offline device to keep and maintain the last known state before the device went offline (helpful in times of network/connectivity interruptions). It is used to store and retrieve current state information for a thing which can be a device or application etc. This helps to efficiently resume when the device goes back online and the shadow and device are both updated when the connection recommences. Each thing/device shadow is uniquely identified by its name.
These are a few of the fundamental workings of the AWS IoT service and briefly shows how AWS is beginning to address the security challenges brought about by the IoT through their AWS IoT solution.
The Internet of Things is a fast growing global industry and is infiltrating our everyday lives, we are seeing use of the IoT in our homes, our vehicles, and throughout many industries. We will be left with little choice but to embrace this evolution in technology but we should also be very aware of the security challenges that are associated with it.
The AWS IoT platform will prove very useful to many starting out or growing with this new technology and the challenges it presents. Furthermore, developers can try out the AWS IoT solution for free for a year as part of the Free Tier program…so why not give it a try.