u-blox has announced the commercial launch of its IoT Security-as-a-Service offering. Available on both the u-blox SARA-R4 and SARA-R5 series of LTE-M cellular IoT modules, this innovative solution makes it extremely simple to protect data from malicious third parties, both on the device and during transmission from the device to the cloud. Its out-of-the box, simple, secure, and cost effective onboarding process to leading cloud IoT platforms speeds up development, shortening time-to-market.
The IoT Security-as-a-Service offering, which is managed via the u-blox Thingstream service delivery platform, is specifically optimized for low power wide area (LPWA) deployments that use resource-constrained IoT devices. By substantially reducing data overhead and keeping the number of handshakes to a minimum, the service improves power consumption and extends the battery life, a critical metric for most IoT devices.
Central to the effectiveness of the solution is a unique symmetric key management system (KMS). Through it, an infinite number of crypto keys can be generated on the fly for each device, rather than having to rely on the storage and management of pre-shared keys (which can add to overall operational complexity and the power budget). Keys are tied to the hardware and can be triggered from either the module or from the server/cloud, completely eliminating the need to create, deliver, and renew certificates, and bringing significant savings in terms of system cost, operational complexity, and power consumption.
The solution also leverages u-blox’s Foundation security offering, which comprises fundamental elements that make SARA-R4 and SARA-R5 modules secure by design. These include a unique and immutable device identity that is tied to its root of trust (RoT), which forms the basis for a trusted set of advanced security functionality, including a secure boot mechanism that ensures that the module can only run trusted software. In addition, u-blox’s proprietary uFOTA feature enables authentication of over-the-air firmware updates.
Among the relevant use cases that u-blox IoT Security-as-a-Service can support are:
- Asset tracking – Data authenticity is essential in such scenarios, as well as secure local storage of collected data and easy secure cloud onboarding. Because tracking devices are usually battery powered, they require extremely energy-efficient secure data transmission.
- Connected health / eHealth – In this use case, patient confidentiality is paramount, with only authorized medical staff permitted to access sensitive data. This necessitates a high degree of protection against malware and data tampering.
- Industrial monitoring – These solutions need to guarantee the integrity of real-time operational data to increase productivity, avoid downtime, and assure the safety of the workforce.
- Building and home automation – Data confidentiality and authenticity need to be maintained, while allowing for data to be shared with trusted stakeholders without compromising customer privacy.
- Telematics – In this scenario, the main security risks include denial-of-service (DoS) attacks, device cloning, jamming, etc.
- Smart metering – Here, the authenticity of data logged by remote metering units needs to be confirmed to protect billing, and, once trusted communication is established, data transmission needs to be restricted to authorized servers.
“We implemented a true end-to-end concept that protects data from the device to the end user without making it visible to intermediate nodes or platforms, or to service providers. The modules’ symmetric KMS offers engineers a streamlined and scalable alternative to conventional public key infrastructure or pre-shared key arrangements,” says Giovanni Solito, Senior Product Manager, Product Center Services at u-blox. “And with straightforward onboarding to all the popular cloud IoT platforms, efforts are not taken up by security concerns and operational complexities, but can be focused on speeding up time to market and growing business.”