Embedded security is key for connecting devices securely at scale to cloud and IoT services
Clouds, edge servers and edge devices, such as on-premises gateways, are connected to a multitude of IoT devices in environments such as smart infrastructures, smart cities, smart factories and smart homes.
Moving customer IP or other confidential information from IoT devices to the cloud or edge can increase the risks of attack to that data. It is therefore of utmost importance to properly protect cloud and edge server platforms along with connected IoT devices. This creates an uninterrupted chain of trust across cloud architectures. Compute-intense applications capable of autonomous decision-taking make the need for security even more pressing.
With millions of devices connected to the IoT, both manufacturers and consumers need to be sure that the identity of each and every device is genuine and secured. Device manufacturers are thus challenged to protect both the identity and integrity of all elements in a cloud-connected system, whether those elements are cloud servers, compute-intensive edge servers, consumer devices or IoT end nodes such as sensors. This protection is the very basis for secured cloud connectivity and essential to enable secured zero-touch provisioning and secured lifecycle management of IoT devices.
The best protection possible will be achieved by combining software security mechanisms with robust hardware-based security capabilities based on globally accepted industrial and IT security standards:
Our OPTIGA™ portfolio of security solutions provides the strongest form of identity and integrity protection, secured key provisioning and lifecycle management of cloud-connected edge and end-point devices. Through their rich encryption functionality, our OPTIGA™ TPM security controllers offer robust protection for critical data and processes residing on cloud servers, edge servers, and high-performance edge devices. OPTIGA™ Trust X and OPTIGA™ Trust M are ideally suited to securely connecting end nodes to trustworthy edge devices and to cloud networks.
Our security solutions are being validated by leading global cloud service providers, e.g. Amazon Web Services (AWS) and Microsoft Azure etc., to confirm ease of integration and optimum interoperability in their platform architectures.
Cloud connectivity based on our solutions is faster and more secure than a software-only approach. We deliver hardware-based security solutions designed specifically to harden the identity and protect the integrity of cloud- and edge-connected devices.
The OPTIGA™ security solutions serve the entire cloud ecosystem:
- cloud service and platform providers
- manufacturers of ICT server equipment and high-performance edge devices such as gateways
- makers of connected industrial and consumer IoT devices and IoT end nodes such as sensors.
Integration and deployment made easy
All of our OPTIGA™ products are characterized by ease of integration and compliance with rigorous cloud security standards. Standout features include a lightweight host code for easier deployment, ready-to-use toolkits, and open-source software stacks.
Reflecting our commitment to ease of deployment, we complement our best-in-class hardware with a software development environment that simplifies the integration and secured delivery of IoT applications for customers. Much of this work is open source and available on public repositories such as github.
Connect securely to Microsoft Azure:
- Explore our Tools & Software section below
- Read more on the Microsoft Azure whitepaper "Selecting the right secure hardware for your IoT deployment"
Connect securely to Amazon Web Services (AWS)
This Industry 4.0 scenario shows the connection of a smart, secured and energy-efficient IoT end node (smart pump) to the AWS cloud. It illustrates how Infineon products have been integrated to deliver on the key drivers and success factors for smart factories:
- Energy efficiency
- Smart & highly connected factories (supporting industrial buses, interfaces, etc.)
- Robust security and protection of the device ID
- Integration with on-premises cloud & cloud concepts (Amazon FreeRTOS, AWS IoT Greengrass)
The diagram shows a smart aircon and a smart lighting use case. The lighting and aircon systems are controlled by an AI sensor hub, which communicates with the Amazon Web Services (AWS) platform over a secured connection.
One key function of the AI sensor hub is to detect the presence of home occupants and determine what zone they are in. It uses Infineon’s XENSIV™ 24 GHz radar sensor to do this.
This information is then sent to the AWS cloud securely thanks to OPTIGA™ Trust X, which is a tamper-resistant hardware trust anchor that securely stores the private keys and certificates.
AWS processes the information and sends commands back to the smart home, for example turning the aircon on/off or adjusting the fan speed and swing mode depending on the location of the occupants.
In addition to securing the data exchanged between the smart home hub and AWS, OPTIGA™ Trust X can be used as a trust anchor to verify the identity of these smart devices by means of mutual authentication.