Application Security Testing: An Integral Part of DevOps
A number of IoT Platforms made the Codeguru list of Top IoT platforms, including Windows 10 IoT Core. In evaluating Windows 10 IoT Core, the structure recommended in "Top IoT Platforms for Developers." This will make it easier for you to compare various IoT platforms.
Windows 10 IoT Core is an IoT-optimized version of Windows 10 that uses Visual Studio and the Arduino Wiring API. Arduino is an open source device platform, with an active community who are creating compatible development boards and tooling. Device capabilities vary across the official Arduino models, and also between the dozens of third-party compatible boards.
It runs on a few different boards, including Raspberry Pi 2.
IoT Hardware Support
Windows 10 IoT Core works with several leading System on Chips (SoCs) that are utilized in hundreds of devices. Microsoft recommends the following boards:
- Raspberry Pi 3
- Raspberry Pi 2 - v1.1 boards and earlier
- MinnowBoard MAX
- DragonBoard 410c
Prototyping IoT Applications on PCBs and SBCs
Connected hardware devices are at the heart of IoT. These devices monitor and instrument real-world objects, including industrial equipment, home appliances, buildings, cars, warehouse inventory items, and people (in the case of wearable devices).
When you develop new IoT solutions, hardware and software components are designed, prototyped, and refined through an iterative process of feedback and evaluation. Hobbyist hardware platforms like Arduino and Raspberry Pi can help jump start this process because they are readily available and require less investment than designing and fabricating custom printed circuit boards (PCBs) at each iteration of the design. As part of this process, you'll need to consider the hardware requirements for your own IoT application, and evaluate and refine the prototype IoT devices that you build against these requirements, adopting off-the-shelf components or custom components as appropriate.
In the context of IoT, "device" is an overloaded term that describes hardware that has been designed or adapted for a particular purpose. It is used to refer to individual hardware components including sensors and actuators, as well as to off-the-shelf boards like Raspberry Pi, and also to custom prototype and production units that are built from a mélange of different devices.
A microcontroller is a System on a Chip (SoC) that provides data processing and storage capabilities. Microcontrollers contain a processor core (or cores), memory (RAM), and erasable programmable read-only memory (EPROM) for storing the custom programs that run on the microcontroller. Microcontroller development boards are Printed Circuit Boards (PCBs) with additional circuitry to support the microcontroller to make it more convenient to prototype with and program the chip.
Single board computers (SBCs) are a step up from microcontrollers, because they allow you to attach peripheral devices like keyboards, mice, and screens, as well as offering more memory and processing power. Three types of SBCs include the Raspberry Pi 3 Model B, BeagleBone Black, and DragonBoard 410c.
The distinction between microcontrollers and single board computers is somewhat arbitrary. Some devices, like the Onion Omega 2, fall somewhere in between, with almost as much on-board memory and processing capability as a low-end SBC. There are also a number of hybrid devices, like the UDOO Quad, that integrate an ARM-based Linux system with an Arduino-compatible micro-controller.
IoT OS Support
Windows 10 IoT only.
Key Sensor Support
- DHT11 basic temperature-humidity sensor
- DHT22 temperature-humidity sensor
- SparkFun Triple Axis Accelerometer Breakout - ADXL345
- Adafruit BMP280 Temperature and Barometric Sensor
- Adafruit TCS34725 Color Sensor
- Rohm BH1750FVI ambient light sensor
- Bosch BMP180 temperature and barometric sensor
- Dorji DSTH01 relative humidity sensor
- Honeywell HMC5883L digital 3-axis compass/magnetometer
IoT Data Considerations
Gathering data from devices is an important part of any IoT solution. Moreover, visualizing that data helps to gain insights into the health of the devices and how they are interacting with their environment. Finally, how do you make sure that you're looking at your data? That requires the reliable authentication of your device.
The Active Directory Authentication Library introduces a new authentication flow tailored for IoT devices. Instead of bringing up a browser window to authenticate a user, the app asks the user to use another device to navigate to a special page and enter a specific code. The Web page then will lead the user through a normal authentication procedure, including consent prompts and multi factor authentication if necessary. Upon successful authentication, the app will receive the required access tokens through a back channel and use it to access the desired Cloud service.
The Power BI dashboard helps to visualize data coming from our device(s). It uses the Azure Active Directory, so you have to register your application from the Azure Portal or from the dedicated Power BI application registration page.
IoT Security Considerations
With the release of Creators Update, Windows 10 IoT Core added UEFI Secure Boot, BitLocker Device Encryption, and Device Guard to its security offerings. These allow device builders to create fully locked down Windows IoT devices that are more resilient to various types of attacks. Together, these features ensures that a platform will launch in a defined way, while locking out unknown executables and protecting user data through the use of device encryption.
UEFI Secure Boot is the first policy enforcement point, located in UEFI. It restricts the system to allow execution only of binaries signed by a specified authority. This feature prevents unknown code from being executed on the platform.
Windows 10 IoT Core also implements a lightweight version of BitLocker Device Encryption, protecting IoT devices against offline attacks.
Most IoT devices are built as fixed-function devices, which implies that device builders know exactly which firmware, operating system, drivers and applications should be running on a given device. In turn, this information can be used to fully lock down an IoT device by allowing execution only of known and trusted code. Device Guard on Windows 10 IoT Core can help protect IoT devices by ensuring that unknown or untrusted executable code cannot be run on locked-down devices.
Development and Deployment Considerations
There are a couple of advantages to the new Windows Operating System:
- Great interfaces are really possible, using Visual Studio.
- Because so many people already run Windows on many devices, developing IoT code on a native platform has its advantages.
- Visual Studio is a great environment to develop code in. It's visually appealing, powerful, and it's the best option for C#.
Having said that, there are a few drawbacks to the new system. Hopefully, Microsoft can address them soon:
- It's painful to install the image and get started.
- Some of the installation directions are still a little unclear. Putting Windows 10 on a card is not too confusing, but getting some code up on Windows 10 is a lot more complex than running, say, a Python program.
- Wi-Fi doesn't work...at least not yet.
- You need Windows 10. There is no easy way for developers on Windows 7 to get in on the action. That means even Windows users who have held out might need to bite the bullet and upgrade.
Cost and Licensing of IoT Platforms and Solutions
Although there is no license fee for IOT Core, there are other engineering costs that should be factored in, as well as an understanding of the feature set needed for a particular device.
Comparison of the Top IoT Platforms
This section reviews the same IoT Platforms as above, but in a more succinct way, and includes additional details about the company, languages, and so forth.
- Microsoft adds the .Net and UWP-based SDK.
- PowerShell remoting, which gets you a remote PowerShell terminal from which you can run familiar Windows commands.
- Royalty free to makers and device builders
- Visual Studio
- The Windows Device Portal (WDP) lets you configure and manage your device remotely over a network.
- Windows 10 IoT Core Dashboard is the best way to download, set up and connect your Windows 10 IoT Core devices, all from your PC.
OS: Windows 10
Languages: All of the standard Universal Windows Platform (UWP) languages are fully supported on IoT Core.
Traditional UWP languages ship with support in Visual Studio by default. All of the In-Box languages support both UI and Background Applications
- Visual Basic
IoT Focused Languages:
The IoT targeted languages require the download of the "Windows IoT Core Project Templates" from the Visual Studio Tools->Extensions and Updates manager. The IoT Focused languages support only Background Applications. You also can build Windows Runtime Components using C#, C++, or Visual Basic and then reference those libraries from any other language (except Python).
- Arduino Wiring
C# and Visual Basic (VB):
C# and VB are both supported as UWP apps and have access to the portion of the .NET Framework available to UWP applications. They support UI apps built with Xaml as well as Background Apps. You also can build Windows Runtime Components that can be used from other supported languages.
- Memory (Headless)- 256 MB RAM (128 MB free to OS)/2 GB Storage.
- Memory (Headed)- 512 MB RAM (256 MB free to OS)/2 GB Storage.
- Processor- 400 MHz or faster (x86 requires PAE, NX and SSE2 support
Target audience: Education and hobbyists seems to be the main target markets for Windows 10 IoT Core on the Pi. There are also features aimed at business users.
Most recent update/stable release: Build Number 16267. August 2017
License: Available free for download
Windows 10 IoT Core is one of several IoT Platforms to make our list. You can find the others in the IoT area of Codeguru!