Application Security Testing: An Integral Part of DevOps
In recent years, the unprecedented magnitude of development in IoT has led to the offering of IoT platforms and IoT tools by literally hundreds of companies. With so many to choose from, deciding on a IoT platform vendor has never been so challenging. In this article, I'll explain the areas of an IoT platform you need to review when deciding which one to choose. We used these criteria when building our list of top tools.
The Components of an IoT Platform
Developing and managing inter-connected devices is rapidly becoming so complex that some enterprises would rather turn to one vendor to help determine the business case for an IoT deployment, design and code the system, roll it out, and operate it as a service. The suite of components that enable the deployment of applications that monitor, manage, and control connected devices, remote data collection, and independent and secure connectivity between devices and device/sensor management are all potential components of an IoT platform.
Choosing an IoT Development Platform
Some of the main factors to consider when reviewing an IoT platform include:
- IoT Hardware Support
- IoT OS Support
- Key Sensor Support
- IoT Data Considerations
- IoT Security Considerations
- Development and Deployment Considerations
- Cost and Licensing of IoT Platforms and Solutions
IoT Hardware Support
The first item that you'll want to consider is the hardware support for the IoT platform you choose. Some platforms will support a single device or device type, whereas others can target multiple hardware solutions. When looking for hardware support, you must strike a balance among cost, function, and reliability. There are IoT devices that are as simple as Bluetooth beacons you find in retail outlets to devices that remotely monitor oil and gas equipment.
Generally, IoT devices are comprised of at least five main components:
- Power source and power management
- Processor and memory storage
- Wireless communication
IoT Power Source and Power Management
All electronic devices need a power supply of some sort to function. This can include batteries, a line, or even energy harvesters such as solar panels. The type of power source you choose will depend on your customers' potential usage habits and the purpose of your IoT device. For instance, will your IoT device be stationary and have access to the line or will it need to be portable and thus access to onboard energy storage?
Power management is another important consideration for your device. You may want to save power by transmitting data only at certain intervals while the rest of the time the device is in "sleep" or low power mode. You may also need to implement fault protection if your IoT devices will be operating under variable environmental conditions.
IoT Sensors and Actuators
Most IoT devices either gather information from the physical world through sensors and/or manipulate the physical world through actuators. Sensors can be as simple as temperature gauges to as complicated as MEMS airflow sensors. Your sensors will need to communicate with your microcontroller unit (MCU). This will necessitate amplifiers or analog to digital converters.
IoT Processor and Memory Storage
The Processor is the heart of your IoT device. It's where the device processes data and runs software. Memory is also necessary for storing local data such as session information, user settings, and so forth.
You may want to look into System on Chips (SoC). These integrate many functionalities such as power management, memory, wireless transceiver, and processor.
IoT Wireless Communication
Should you require it, there are a lot of options for wireless communication. There are modules that integrate your RF communication; these include RF shield, amplifier, oscillators, and antennas. On your board, you have to determine what type of wireless transceiver you will use. Transceivers are responsible for sending and receiving data wirelessly.
The next step is determining what range your IoT device will need to communicate over as well as data rates. For instance, will the users be controlling devices through their cell phones or will the devices act as nodes that are part of a larger integrated network? Different types of use cases will require different communication protocols, power, cost, and board space. Some examples of popular protocols include Wi-Fi, Bluetooth, and ZigBee.
A lot of IoT devices are controlled via smart phone or Web app. In other cases, it becomes necessary to integrate a user interface on the device. The latter may also need to have a screen to display and control the settings. You might need to consider physical knobs and/or buttons versus a touch screen.
The better you understand the product requirements, the less chance you have of over- or under-designing your device.
Prototyping IoT Applications on PCBs and SBCs
Devices that comprise the IoT both monitor and instrument real-world objects, including industrial equipment, home appliances, buildings, cars, warehouse inventory items, and, in the case of wearable devices, even people.
When you develop new IoT solutions, hardware and software components are designed, prototyped, and refined through an iterative process of feedback and evaluation. Hobbyist hardware platforms such as Arduino and Raspberry Pi can help jump start this process because they are readily available and require less investment than designing and fabricating custom printed circuit boards (PCBs) at each iteration of the design. As part of this process, you'll need to consider the hardware requirements for your own IoT application, and evaluate and refine the prototype IoT devices that you build against these requirements, adopting off-the-shelf components or custom components as appropriate.
In the context of IoT, "device" is an overloaded term that describes hardware that has been designed or adapted for a particular purpose. It is used to refer to individual hardware components including sensors and actuators, as well as to off-the-shelf boards like Raspberry Pi, and also to custom prototype and production units that are built from a combination of different devices.
A microcontroller is a System on a Chip (SoC) that provides data processing and storage capabilities. Microcontrollers contain a processor core (or cores), memory (RAM), and erasable programmable read-only memory (EPROM) for storing the custom programs that run on the microcontroller. Microcontroller development boards are Printed Circuit Boards (PCBs) with additional circuitry to support the microcontroller to make it more convenient to prototype with and program the chip.
Single board computers (SBCs) are a step up from microcontrollers, because they allow you to attach peripheral devices like keyboards, mice, and screens, as well as offering more memory and processing power. Three types of SBCs include the Raspberry Pi 3 Model B, BeagleBone Black, and DragonBoard 410c.
The distinction between microcontrollers and single-board-computers is somewhat arbitrary. Some devices, like the Onion Omega 2, fall somewhere in between, with almost as much on-board memory and processing capability as a low-end SBC. There are also a number of hybrid devices, like the UDOO Quad that integrate an ARM-based Linux system with an Arduino-compatible micro-controller.
IoT OS Support
Based on the hardware you target, your IoT solution will need an operating system or base code to execute. The operating system support on your hardware will impact the platform you can use as well as the programming options that will be available. For example, if you are using a solution that supports Windows 10 IoT, you will have a number of coding options whereas if you are targeting a SoC solution, you might be using a specialized operating system will need a specific programming language such as C.
Figure 1: IoT Developer Survey 2016 Survey results for Operating Systems used for IoT Devices
Matching OS capabilities to the identified application requirements is the first step in selecting an OS. The following are criteria to consider for choosing an OS for IoT that will help you accomplish that:
- Ability to support real-time processing: According to surveys, real-time capability is the top reason for selecting a commercial operating system. "Real time" suggests a reasonably fast operative speed as well as a predictable or deterministic operation. Hence, it is important to consider the degree of predictably built into in your IoT device software's response to events and the impact of response timing.
- Available Resources:Knowing the available resources should be the second criterion. You should be aware of memory, memory management units, and processing power that you will have to use.
When it comes to memory, size is the obvious major point to consider regarding an OS/RTOS. If the OS does not fit in the internal memory of the processing unit (MCU or MPU), external memory is required. That will increase costs.
You also should be aware of Memory Management Units (MMU). Many of the smaller MCUs used in sensor nodes do not support MMUs to manage caching, memory allocation, and protection. In such instances, the OS should be able to provide memory management to minimize having to code extra functionality.
CPU processing ability will also play a significant role in the operating system. The processor should have enough power to easily support the OS plus all run-time applications.
- Security requirements: Security is a top consideration—especially in the hardware, OS, and network layers. Standard security features within the OS include an integrated secure socket layer (SSL), drivers for on-chip security and encryption engines, secure boot functions, and support for wireless authentication protocols.
- Device Power: Even though you may not immediately associate the power source to the OS, OSes that support power management features are able to manage applications to further improve power consumption and heat dissipation. For example, power efficiency is a concern for battery operated systems because batteries need to last for many years.
- Device Hardware: Hardware selection also can greatly affect power usage. Because IoT devices may integrate across multiple domains and networks, there tends to be a wide array of hardware platforms to manage, including 8-bit Atmel® AVR®, ARM® Cortex®-M, and TI MSP430TM. Ideally, the OS should be able to support the various platforms. An OS with a good hardware abstraction layer will enable easy adoption of new hardware platforms and will require lower effort during code migration.
- Communication and networking requirements: Standardized communication protocols facilitate interoperability in IoT systems. TCP/IP protocols are well established and easy to implement, but are quite verbose, leading to inefficiency for low-end devices in both data overhead and power consumption. Reduced overhead protocols, such as CoAP and 6LoWPAN, are much more efficient, but you can't assume that the OS will automatically support them.
- Enterprise system interoperability: The heterogeneity of devices and communication technologies presents numerous challenges to the developer in terms of data interoperability—especially when expanding solutions to an enterprise scale. Therefore, it is necessary to consider processes and systems designed to facilitate the integration of IoT devices with enterprise systems; in other words, integration frameworks. These include Apache Nifi, StreamSets, Eclipse Kura, Node-RED, and Flogo.
Choosing the right OS for your device usage will help mitigate the need for costly changes down the road.
Key Sensor Support
Being aware of the sensors you need to support for your IoT solution also can impact your choice of platform, although most platforms will allow controlling of LEDs and basic sensors. As you build more complex solutions, you'll need to confirm the availability of sensors as well as the support within the platform you choose. This includes being aware of digital versus analog support and/or analog to digital converters.
Sensor and actuator modules likely will go through a hardware interface. IoT platforms interface with devices using a layered approach similar to those used in general-purpose computing. For example, on a typical operating system, such as Linux or Windows, the hardware input is interpreted by a driver, which in turn relies on OS services. IoT hardware platforms use a number of common interfaces. Sensor and actuator modules can support one or more of these interfaces:
IoT Data Considerations
Gathering data from devices is an important part of any IoT solution. Moreover, visualizing that data helps to gain insights into the health of the devices and how they are interacting with their environment. Finally, how do you make sure that you're looking at your data? That requires the reliable authentication of your device. All of these issues are critical to be aware of when selecting a platform. You'll need to insure the support is available for gathering and accessing the data you need.
Here are seven considerations:
- Data storage management
- Cloud data storage
- Data security
- Big data
- Server technology
- Edge computing
IoT Security Considerations
An area that can be overlooked is security; however, it is considered one of the most important issues for developers to address in their IoT solutions. Common security issues with IoT solutions include:
- Inadequate data authentication
- Vulnerability to side-channel attacks
- Hardware issues
When selecting a platform, you'll want to determine if your platform provides built-in features for security or if you need to code or build them yourself.
Development and Deployment Considerations
Once you've determined your idea, you'll need to build and then deploy your solution. As mentioned before, the platform can dictate certain programming languages' usage. Additionally, the platform can also impact how easy (or hard) it is to deploy a solution once you've prototyped and built it.
General things you'll want to review when looking at IoT platforms regarding deployment include:
- Rapid application development frameworks
- True cloud deployment options
- In-house services team
- Platform and device management
There is a BIG gap going from prototype to production. Unlike using software, you need to source components and manufacturing from suppliers. Additionally, you have to meet FCC regulatory standards and get your product approved.
Cost and Licensing of IoT Platforms and Solutions
The final area to evaluate when selecting an IoT Platform is the licensing. Not only do you need to consider the licensing on the IoT platform and tools you select, but you also need to be aware of the licensing for your distributed solutions. If you have to license the operating system or any portion of the code, you quickly could increase the cost of your solution.
Providers of IoT platforms market themselves very differently and offer a variety of licensing and pricing models. These include:
- Upfront license: If you're building an end device and your value is in selling hardware, you may want to buy an IoT platform with an upfront license fee. That will allow you to wrap that cost into your hardware.
- Subscription model: Subscription-based platforms come with a lower upfront cost. If you decide on such a platform, you may want to wrap the IoT service charge into your customer's subscription costs.
- Feature-based licensing
- Consumption-based pricing
- Data usage
- Number of users and/or nodes
- Open source licensing: Not all open source is equal. "Non-permissive" licenses—particularly GPL—can be onerous and may require you to release your modified source code to anyone who gets a copy of the binaries. If your business makes money from services or consulting rather than from software, this may be okay, but could be a deal breaker if your code is proprietary. In this case, non-permissive type open source licenses may be unsuitable and MIT style "permissive licenses" preferable.
Evaluating all seven areas mentioned can be daunting. By taking the time to do a review of the platforms before you begin developing, you will be better able to deliver solutions that meet your requirements. To make things easier, we will be posting information on the top five IoT platforms that are worth taking a look at. Furthermore, we've created deeper reviews of each to pull together the details of the above criteria for each platform. For platforms we've not included in our list, you should be able to review the presented topics for comparison! We will be posting deeper information on other IoT platforms as well!