Abstract
Amazon Web Services (AWS) delivers a scalable cloud computing platform designed for high availability and dependability, providing the tools that enable us to run a wide range of applications. AWS security model helps in protecting the confidentiality, integrity, and availability of systems and data. Security model of AWS successfully maintains the trust and confidence of the user. The approach for authenticating edge devices in Amazon Web Services provides resilient infrastructure that is designed for high security, without the capital outlay and operational overhead of a traditional data center. The current manuscript reviews the security mechanism used for authentication of edge devices in AWS Internet of Things (IoT).
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
IOT is delivering a compelling technology innovation. Connecting variety of devices with each other and allowing them to participate in data sharing results in new products and services. IOT devices store this collected data in the cloud where various AI applications are used to perform analytics. AWS helps in storing a vast amount of data collected by the IOT devices continuously in real-time. But the optimum potential of these smart devices using AI-enabled applications to perform analysis on this data and gain considerable insights such that data provide significant information, but this can solely be attained by using effective security mechanisms. AWS uses a manifold layers to provide deterrent security methods like access control to data and encrypting the data. Amazon web services provide efficient security services to keep the collected data secure.
2 Authentication
Authentication is one of the crucial security parts of the IOT devices. AWS IoT services provide tools for creating secure key authentication. Various credentials like private keys and digital certificates are involved in authenticating edge devices with the AWS platform. Users should not be allowed to set up credentials of services to authenticate their devices with AWS. Also, the credentials should not be revealed to manufacturer of the devices and any entity part of the development process like personnel and delivery pipeline. These devices would become vulnerable if the credentials are disclosed [1].
It would lead to data leak and modification without authorization. This data could include personal information that is collected from offices, homes. Improper authentication would lead to counterfeiting and impersonation [1].
The major issue involved is how the device will securely validate the authenticity of the AWS endpoint it connects to.
The certificate chain also needs to be created securely and the supplying of private key to the edge device. The device’s private key is main or crucial part of the security paradigm. As it will be used to conduct verification during connecting to AWS IoT. In spite of being highly secure, AWS still cannot maintain integrity unless the device is not protected appropriately. Also it is important to ensure that all the keys, i.e. public, private, and processes are kept separate from device operations [1].
AWS uses microchip technology’s safe component ATECC608a to provide device-level security and effective authentication mechanism. The component provides various hardware-level security methods and techniques like storing all the keys and certificates in a safe environment and removing vulnerabilities. This component is used to generate a private key that acts as a root for certificate used for securing networked devices. Basically private key is a unique identifier. While authenticating with the AWS IoT platform, the edge devices use it for communicating data to the platform [4, 6].
The microchip technology’s component that is embedded in the device is built in a way that encapsulates the private key such that it becomes impossible to manipulate the private key [4].
The certificates, private key, and the public key infrastructure (PKI) are available through various means. It depends on the user’s choice and business requirement as to which options should be considerably better as per the requirement. Either the complete infrastructure of the component-producing firm can be incorporated or AWS native security infrastructure for authentication can be used.
Also, third party and custom CA’s can be used as per the context in which it is to be used. And even the authentication model can be fully customized to cope with specific security risk [4].
AWS IoT security model includes authentication mechanisms to authenticate devices with the AWS IoT platform and authorizing them to perform required actions.
Consider using edge device for booking cab online rather than using a cab-booking app on smartphone and providing various details in order to confirm a ride. An edge device like Amazon IoT button can be used to rapidly book rides on just a click of a button. These buttons are programmable and can be configured in the cloud. They can be used for various purposes like alerting or calling someone, ordering services online, order a cab, open gates remotely and check-in & check-out in hotels, etc [5].
When the button is clicked the information about who clicked it and at what location is necessary to book a ride, as it is done in smartphone applications using mobile numbers, usernames to uniquely identify a customer. Similarly, AWS IoT button needs a unique identifier to confirm authenticity. Devices using MQTT network protocol will use X.509 certificate [5].
AWS IoT uses public key cryptography or asymmetric cryptography for creating unique identity and signing documents. The digital signature to a message is used to verify whether the original message has been received and no modifications or tampering took place. It will also be used to demonstrate possession of the private key. The X.509 certificate exhibits possession of a public key. Each edge device will have a unique identity, which will be done using separate X.509 certificate for each device. Three major options available for generating a certificate devices are, first a certificate generated by the AWS IoT can be used, which includes a public and private key and certificate signed by the AWS IoT Certificate Authority. Second option available for generating certificate is to use one’s own Certificate signing authority, in this scenario, the AWS will not be aware about the private key. Last option is to use certificate of Certificate authority, which you find reliable and trustworthy. Root certificate, which is used by the AWS IOT, is also needed to set up a secure and authentic connection with the AWS IoT platform. All the keys and certificates generated earlier need to be stored on the cab booking button or edge device to be used during authentication procedure.
3 Device Security
The major issue involved is how the device will securely validate the authenticity of the AWS endpoint it connects to.
The certificate chain also needs to be created securely and the supplying of private key to the edge device. The device’s private key is main or crucial part of the security paradigm. As it will be used to conduct verification during connecting to AWS IoT. In spite of being highly secure, AWS still cannot maintain integrity unless the device is not protected appropriately. Also, it is important to ensure that all the keys, i.e. public, private, and processes are kept separate from device operations [1].
4 Microchip’s Trust Platform
AWS uses microchip technology’s safe component ATECC608a to provide device-level security and effective authentication mechanism. The component provides various hardware-level security methods and techniques like storing all the keys and certificates in a safe environment and removing vulnerabilities. This component is used to generate a private key that acts as a root for certificate used for securing networked devices. Basically private key is a unique identifier. While authenticating with the AWS IoT platform, the edge devices use it for communicating data to the platform [4, 6].
The microchip technology’s component that is embedded in the device is built in a way that encapsulates the private key such that it becomes impossible to manipulate the private key [4].
The certificates, private key, and the public key infrastructure (PKI) are available through various means. It depends on the user’s choice and business requirement as to which options should be considerably better as per the requirement. Either the complete infrastructure of the component producing firm can be incorporated, or AWS native security infrastructure for authentication can be used.
Also third party and custom CA’s can be used as per the context in which it is to be used. And even the authentication model can be fully customized to cope with specific security risk [4].
5 AWS IoT Security Model
AWS IoT security model includes authentication mechanisms to authenticate devices with the AWS IoT platform and authorizing them to perform required actions.
Consider using edge device for booking cab online rather than using a cab-booking app on smartphone and providing various details in order to confirm a ride. An edge device like Amazon IoT button can be used to rapidly book rides on just a click of a button. These buttons are programmable and can be configured in the cloud. They can be used for various purposes like alerting or calling someone, ordering services online, order a cab, open gates remotely and check-in & check-out in hotels, etc. [5].
When the button is clicked the information about who clicked it and at what location is necessary to book a ride, as it is done in smartphone applications using mobile numbers, usernames to uniquely identify a customer. Similarly AWS IoT button needs a unique identifier to confirm authenticity. Devices using MQTT network protocol will use X.509 certificate [5].
AWS IoT uses public key cryptography or asymmetric cryptography for creating unique identity and signing documents. The digital signature to a message is used to verify whether the original message has been received and no modifications or tampering took place. It will also be used to demonstrate possession of the private key. The X.509 certificate exhibits possession of a public key. Each edge device will have a unique identity, which will be done using separate X.509 certificate for each device. There are three major options available for generating a certificate devices. First one is a certificate generated by the AWS IoT which includes a public and private key and certificate signed by the AWS IoT Certificate Authority. Second option available for generating certificate is to use one’s own Certificate signing authority, in this scenario, the AWS will not be aware about the private key. Last option is to use certificate of Certificate authority, which you find reliable and trustworthy. Root certificate, which is used by the AWS IOT, is also needed to set up a secure and authentic connection with the AWS IoT platform. All the keys and certificates generated earlier need to be stored on the cab booking button or edge device to be used during authentication procedure.
6 Authentication to AWS IoT
When all the keys and certificates are installed on the edge device, i.e. AWS IoT button then it is ready to create a secure connection to AWS IoT platform and communicate with it. The Transport Layer Security protocol (TLS) that is used is to create secure connections while using banking services and other payment gateways are used here to set up a connection between AWS IoT platform and the AWS IoT button and the digital certificate stored at the edge device is used to prove its unique identity and demonstrate its authenticity [5].
The AWS IoT button starts by sending a HELLO message to the component of AWS IoT responsible for verifying the identity of edge device [3] (Fig. 1).
Sending HELLO to AWS IoT platform [3]
The TLS handshake is used to specify the format of the messages and the order in which the messages will be transmitted. Both the parties will comply on a shared secret that will be used for encryption of the transmitted messages. Hello message contains information about, which algorithms from the cipher suite the client, i.e. AWS IoT device will be able to use. The server then uses the message received to decide which cryptographic technique will be used to set up a transmission channel and returns the server certificate along with the cryptographic info [3, 8] (Fig. 2).
Server certificate received [3]
The server certificate will be used to authenticate the AWS IoT platform by comparing the public key of the AWS IoT root certificate stored on the edge device with the digital signature of the certificate received from server [3] (Fig. 3).
Server certificate and root certificate verification [3]
After verifying that the AWS IoT platform the edge device needs to verify its identity with the AWS IoT and further needs to agree on a shared secret. The edge device sends a device certificate to the AWS IoT server for authentication [1, 3] (Fig. 4).
Device certificate sent to AWS IoT server [3]
The button then computes a hash upon all the messages transmitted currently to the AWS IoT platform. Then the device using its private key computes a digital signature for this hash [3] (Fig. 5).
Computing hash over messages [3]
The computed digital signature by the AWS IoT button is transmitted to the AWS IoT platform [3] (Fig. 6).
Digital signature sent to AWS IoT server [3]
The AWS IoT platform now has all the required parameters to check and authenticate the edge device, AWS IoT button in this case. It now has the digital signature and public key of the edge device, which it received in the device certificate, the messages have also been logged at the server side and a hash for the same is also, calculated which should be same as the hash computed on the edge device. The authenticity of the digital certificate is verified against the device’s public key [3] (Fig. 7).
Digital signature verified against device’s public key [3]
After all the successful authentication procedures, the AWS IoT platform is now certain of the edge device it is communicating with, cab booking device of a particular passenger in this case. The unique id of the edge device tells the AWS IoT as to which passenger is trying to set a connection. The shared secret to be used is dependent on the cipher suites algorithm that the AWS IoT and the edge device uses, i.e. key exchange algorithm decided during Transport Layer Security (TLS) handshake. The AWS IoT button uses the server’s public key to encrypt the message, which was obtained from the server’s certificate. The server uses its private key to decrypt the message received from the AWS IoT button. After this procedure, both the parties are now able to set up a shared secret and further communication will be secured using this agreed upon shared secret [8].
7 Permission to Book
After all the authentication has been performed, i.e. the AWS IoT platform has been verified and AWS IoT button has authenticated it’s unique identity using X.509 certificate to the server and secure messages are being transferred, shared secret has been set up. The button is ready for booking a cab. The MQTT message, which the button or edge device sends, looks like “iotdashbutton/G01XXXXXXXXX”. The second half is the serial number corresponding to the edge device. The security of the AWS IoT button should be in a manner such that minimal authorization is provided to the passengers. Otherwise, there can be a scenario where an atrocious customer can modify or alter the program and impersonate to manipulate the system and book a cab inappropriately. A policy needs to be associated with the device certificate, which will authorize that specific identity. The serial number was contained in the certificate, which was transmitted while authenticating the device [3].
8 AWS IoT Security
AWS IoT includes MQTT that uses less network bandwidth, a less heavy communication protocol and can easily work with irregular connections, uses less code resulting in efficient performance. Also supports web sockets and HTTPS protocols. The mechanism discussed above ensures that no data transmission between AWS IoT button and AWS IoT platform happens without authentication [1]. The encryption and authentication techniques ensure that no unauthorized or fake access attempt can be performed. Also, various levels of permissions are available to be used in our devices as it may vary depending upon the environment where it is used and the purpose for which it is being used. And various policies are put into place such that social engineering attacks can be ceased. In addition, the authentication techniques can be modified or updated from the AWS IoT platform. Device shadows are used to extract the current state of the devices to ensure the security even when the device is not connected. Intel hardware security ensures that in contrast to software security hardware security is also well maintained and uses secure boot and trusted execution.
After the successful authentication and authorization the channel is secured with mutual authentication and encryption. The message from edge device is transferred to the device gateway that is responsible for communicating with devices via MQTT, HTTP and web sockets, and AWS IoT platform [1].
AWS provides a range of IoT services designed to help customers enhance the security of their devices, networks, and data. These services empower users to implement comprehensive security measures, spanning from safeguarding devices to securing data both during transit and at rest. Additionally, AWS offers a suite of security features that facilitate the implementation of necessary security protocols to meet specific security requirements.
9 Security Components
Components that together help security and authenticating edge devices include Amazon FreeRTOS, AWS IoT Greengrass, AWS IoT Core, AWS IoT device management, AWS IoT Device Defender [2].
AWS IoT core gives secure transmission channels using the most effective Transport Layer Security.
AWS IoT Device Defender administration constantly reviews IoT arrangements to guarantee that setups aren’t going amiss from security best practices to keep up and uphold IoT designs—for example, guaranteeing gadget character, confirming and approving gadgets, and scrambling gadget information. The administration Securing IoT with AWS 8 can send an alarm if there are any holes in a client's IoT setup that may make a security hazard, for example, character authentications being shared over different gadgets or a gadget with a denied personality declaration attempting to associate with AWS IoT Core [2].
Amazon FreeRTOS is responsible for encrypting data and management of keys. It uses its libraries to perform these tasks, which leads to secure connections and promotes data security. Secure connection is established using the Transport Layer Security (TLS), which is included in the Amazon FreeRTOS. This OS also has the capability to ensure code at the edge device is not altered and also includes features to include to update the devices remotely and providing security fixes [2].
AWS IoT GreenGrass is responsible for authenticating the edge device and encrypting data to be transmitted based on the decided shared secret. It does not allow data sharing prior to the procedure of identity validation. Mutual device authentication and authorization is performed through this component.
The AWS IoT device requires a device certificate, policy to connect to the Greengrass service. It also gives equipment foundation of trust private key storing for the AWS IoT devices. For IoT Greengrass in AWS, all AWS IoT edge devices should enable full disk encryption like, AES 256-bit keys based on NIST FIPS 142 verified algorithms and pursue main management leading methods [2].
10 Security Challenges
Security dangers and vulnerabilities can possibly bargain the safety and protection of client information in an IoT app. Combined with the developing number of gadgets, and the information produced, the capability of mischief brings up issues that how can we cope-up with security dangers presented by IOT gadgets and gadget correspondence to the cloud and from it itself.
Regular client concerns with respect to dangers focus on the safety and encryption performed on information while it is traveling to and from the cloud, or it is traveling from the edge administrations to the gadget and from it, alongside fixing of gadgets, gadget furthermore, client verification, and access control. Making sure about IoT gadgets is fundamental, not exclusively to keep up information uprightness, in any case, to likewise ensure against assaults that can affect the unwavering quality of gadgets. As gadgets can send enormous sums of delicate information through the networks and clients at the other end are enabled to straightforwardly manage a gadget [3].
To stay aware of the passage of gadgets into the commercial center just as the dangers coming on the web, it is ideal to execute administrations that address every piece of IOT environment and cover in its ability to make sure about and ensure, review and also remediate, or oversee armada organizations of IOT gadgets [6].
11 AWS IoT Greengrass
AWS IoT’s Greengrass program allows clients to run neighborhood process, informing, information reserving, match up, and ML derivation capacities for associated gadgets. It validates and encodes gadget information for nearby and cloud interchanges, and information is not traded among gadgets and the cloud in the absence of demonstrated character. The administration utilizes security and accesses the board like the clients know about in AWS IoT’s Core, with common gadget confirmation and approval, and secure network with the cloud [7].
AWS IOT approaches, and AWS Identity’s and also Access Management approaches guarantee that AWS IoT’s Greengrass use is very safe. AWS IoT gadgets need an AWS IOT object, a gadget declaration, and an AWS IoT arrangement to interface with the AWS IoT’s Greengrass administration. This permits AWS IoT’s Greengrass center gadgets to safely interface with the AWS IoT cloud administration. It additionally permits the AWS IoT’s Greengrass cloud administration to send design data, AWS Lambda works, and oversaw memberships to AWS IoT’s Greengrass center gadgets. What's more, AWS IoT’s Greengrass gives equipment foundation of trust private key stockpiling for edge gadgets [8].
12 AWS IoT Device Defender
This fully managed service from AWS helps customers assess the security measures established for their fleet of IoT devices. The service conducts ongoing evaluations of IoT configurations to ensure that settings align with the highest security standards for maintaining and enforcing IoT architectures. This includes tasks such as verifying device identities, authenticating and validating devices, and encrypting device data.
The administration is able to send an alarm if there are any holes in a client's IoT design that may make a safety hazard, for example, character endorsements being shared over numerous gadgets or a gadget with a renounced personality authentication attempting to interface with AWS IoT Core[4].
With the administration’s checking and inspecting abilities, clients can set cautions that make a move to rectify any deflection that is found in gadgets. Like instance, spikes in rush hour gridlock may demonstrate that a gadget is taking an interest in a conveyed disavowal of administration (DDoS) assault. AWS IoT’s Greengrass and Amazon’s RTOS additionally naturally incorporate with AWS Device Defender to give safety measurements of the gadgets for assessment. AWS Device Defender can send alarms to Amazon CloudWatch, AWS IOT’s, and Amazon’s Notification Administration, which makes distributing aware of Amazon CloudWatch measurements. In the event that a client chooses to address a caution, AWS IoT’s Devices Management may be utilized to undertake alleviating activities, for example, making safety fixes [5].
AWS IoT’s Device Defender reviews IOT setups related to client gadgets against a lot of characterized IoT effective safety measures so clients will watch where the safety holes are and control reviews on persistent and on the other hand specially appointed premise. There are likewise security rehearses inside AWS IoT’s Device Defender that may be chosen and run as a major aspect about the review. The administration likewise coordinates by different AWS administrations—, for example, Amazon Cloud Watch and Amazon’s SNS—for sending security cautions to AWS’s IoT whenever a review comes up short or when conduct peculiarities are identified so clients can explore and decide the main driver. For instance, AWS IoT’s Device Defender can caution clients when gadget characters are getting to delicate APIs. AWS IoT’s Device Defender also can likewise suggest activities that limit the effect of safety issues, for example, renouncing authorizations, rebooting a gadget, resetting manufacturing plant default, or pushing bugs in security fixes to any client’s associated gadgets [9].
Clients may likewise be worried about terrible on-screen characters; human or fundamental mistakes and approved clients with vindictive goals can present designs along negative safety impacts. AWS IoT’s Core gives the safety building hinders for clients to safely associate gadgets to cloud and also different gadgets. The structure squares permit upholding security controls, for example, validation, approval, review logging, and start to finish encryption. At that point, AWS IoT’s Device Defender comes in and serves to consistently review safety setups for consistence with eminent security practices and also clients' own authoritative security-related strategies.
13 AWS IoT Device Management
AWS IoT’s Device Management helps clients install, arrange, screen, and distant oversee IoT gadgets at scale. AWS IoT‘s Device Management coordinates with AWS IoT’s Core to effortlessly associate gadgets with the cloud and different gadgets such that clients can distantly deal with their armadas about gadgets. AWS IoT’s Gadget Management helps clients locally available modern gadgets by utilizing AWS IoT thing inside the AWS’s Management Support or like API to transfer formats that are populated with data such as gadget maker and sequential no. X509 character endorsements, or security arrangements. After this, clients would then be able to arrange the whole armada of gadgets with this data with a couple of snaps in AWS’s IoT inside the AWS’s Management Console [10].
Through this functionality, customers can organize their device fleet into a hierarchical structure based on factors such as function, security needs, or similar categories. They have the flexibility to group a single device within a room, multiple devices on the same floor, or all devices functioning within a building. These groupings can then be leveraged to control access policies, monitor operational metrics, or execute actions across the entire cluster. Furthermore, an innovative feature referred to as “Dynamic Things” automatically adds devices that adhere to user-defined criteria and removes devices that don’t meet these requirements. This process ensures a secure and streamlined approach while maintaining operational integrity. The Dynamic Things feature also simplifies the process of locating device reports based on any combination of device attributes and allows users to perform bulk updates effortlessly.
The clients can likewise push programming and firmware for gadgets in field as to fix security weaknesses and improve gadget usefulness; implement mass updates, also control organization speed; set disappointment edges; and characterize persistent occupations to refresh gadget programming naturally with the goal that they are continually running the most recent variant of programming. Clients can remotely send activities, like gadget restarts or plant retunes, as to fix programming problems in the gadget or reestablish the gadget to its unique settings. Clients can likewise carefully sign documents that are sent to their gadgets, assisting with guaranteeing the gadgets are not bargained.
The capacity to push programming refreshes isn’t constrained to the cloud administrations. Indeed, OTA updates occupation in Amazon’s FreeRTOS permit clients to utilize AWS IoT’s Device Management to plan programming refreshes. Also, clients can likewise make an AWS IoT’s Greengrass center update work for at least one AWS IoT’s Greengrass center gadgets utilizing AWS IoT’s Device Management so as to convey security refreshes, error fixes, and new AWS IoT’s Greengrass highlights to associated gadgets.
14 Enhance IOT Using Provable Security
Latest security administrations and advances are also being worked on AWS to assist ventures with making sure about their IoT and edge gadgets. Specifically, AWS has as of late propelled checks inside AWS IoT’s Device Defender, fueled by an Artificial intelligence innovation identified as mechanized thinking, which use numerical evidences to check programming is composed effectively and decide whether there is unintentional access to the gadgets. The AWS IoT’s Device Defender is a model of way clients can straightforwardly utilize computerized thinking to make sure about their own gadgets. Inside, AWS has utilized robotized thinking to check the memory respectability of program running on Amazon’s FreeRTOS and to secure against malwares. Interest in robotized thinking to give versatile confirmation of safe programming, alluded to as proved security, permits clients to work touchy outstanding tasks at hand on AWS [6].
15 Security in Future Systems
All-encompassing security capacities covering the entire lifecycle of an IoT framework, and its segments are required for future IoT frameworks. Improvement of new danger examination and hazard the executives also as self-mending capacities to distinguish and vanquish potential assaults are required. Gathering, coordinating, and handling heterogeneous information from various sensors, gadgets, and frameworks will need new united personality and access the executive’s arrangements. Future IoT frameworks ought to be ready to rapidly and suitably react to dangers and assaults, fuse and gain from new danger data, and create and sanction string relief plans. The ability to agreeably analyze issues and execute security plans for different subsystems in the framework, which might be claimed by various elements, is additionally required [7].
Future IoT frameworks ought to likewise have the option to guarantee controllable information possession across big business limits. To protect the security of clients as well as endeavors while handling an enormous measure of information, new information investigation calculations and new cryptographic strategies, for example, homomorphic or accessible encryption, are required. Sharing risk knowledge data by various frameworks empowers helpful safety efforts that are equipped for acknowledging increasingly firm information on the present and future assaults.
16 AWS IoT Platform
Devices are required to possess credentials in order to access the message broker, and all data transmission must be safeguarded through Transport Layer Security (TLS). The platform offers support for identity principals, such as X.509 certificates commonly employed by AWS IoT devices, as well as Identity Access Management (IAM) users, groups, and roles. Federated identities, used by web and desktop applications, are also encompassed, along with Amazon Cognito identities, frequently used by mobile applications, which enable the integration of other identity providers.
Tls
X.509 Certificate
Aws Iam
Federated Identities
Amazon Cognito
This service within the AWS IoT platform facilitates the organization, monitoring, and control of IoT devices. It involves the core architecture and integration of AWS IoT. This service enables devices to enroll in large numbers and categorize them into groups, linking them with access policies. AWS IoT offers a repository for managing items, stored as JSON data. Interaction with this repository is achievable through either the AWS IoT console or the AWS Command Line Interface.
The stage utilizes leads so as to communicate with different AWS administrations. Rules are formed by a trigger created in a SQL like punctuation and at least one activity enacted.
Correspondence to and from AWS IoT’s Core is permitted by a distribute/buy-in message representative help. The message intermediary underpins MQTT to distribute and buy-in, and HTTPS just to distribute, both through IPv6 and IPv4. The usage of the message agent depends on MQTT v.3.1, yet, it doesn't bolster QoS2, and it doesn't permit the association of at least two customers with the equivalent customer ID all the while. All themes that start with $ are held themes, used for gadget shadow activities. The intermediary underpins associations with the HTTP convention by the utilization of RESTful API.
So as to make and cooperate with gadgets AWS IOT gives a Command Line Interface (CLI), AWS IoT’s API to fabricate application utilizing HTTPS or HTTP solicitations and Device SDKs. AWS offers administrations for the assortment and the preparing of information records: Amazon’s Kinesis Data Stream to constant procedure of gushing information, AWS Lambda to execute server less code, Amazon Notification Service to transmit or get warnings, and Amazon’s Simple Queue Administration to store information in a line.
17 Microsoft AZURE For IoT
Microsoft IoT administrations help endeavors to pick up bits of knowledge from associated gadgets and transform these bits of knowledge vigorously. The organization has items and programming improvement packs set up to address the issue of each person, engineer, and endeavor.
It is an assistance that empowers just-intime provisioning of gadgets to an IoT center point, without requiring human mediation. Gadgets contact the provisioning administration endpoint passing their distinguishing data.
There are three essential zones to be considered in regards to security: gadget, association, and cloud security. The Azure Hub Identity Registry gives secure capacity of gadget characters and every security key; all associations must be started by the gadget to the Center point, not the other way around, and use TLS validation with X.509 endorsement; Azure Active Directory is utilized for client validation and approval for cloud get to.
Azure Hub identity registry
Tls
X.509 certificates
Azure Active directory
18 Google Cloud IoT Core
Google is among the top IoT stage suppliers around the globe, making it simpler for engineers to assemble associated gadgets. The internet searcher mammoth gives Cloud IoT Core as its leader IoT answer for making secure and imaginative arrangements.
The IoT Core offers per-gadget open or private key validation utilizing JSON web tokens and bolsters for Elliptic Curve or RSA calculations to check marks. Concerning correspondence security, the TLS 1.2 convention, utilizing root authentication specialists, is required for MQTT associations. Google Cloud Identity and Access Management (IAM) permits to control, validate, and approve the Cloud IoT Core API get to.
Jwt
Tls
X.509 certificates
Google Cloud IAM
It incorporates enrollment, verification, and approval forms. With the gadget chief, it is conceivable to make and design libraries and gadgets inside them. The gadget vault is arranged with at least one Cloud sub/pub themes to which telemetry occasions are distributed for all gadgets in that vault. A gadget is characterized with metadata, it sends telemetry messages and gets setups, client-characterized mass of information sent from the Cloud.
The stage bolsters MQTT and HTTP for overseeing gadgets and interchanges. By the utilization of MQTT, gadgets send distribute solicitations to a particular subject, while utilizing HTTP, gadgets don’t keep up an association with the stage.
19 IBM Watson IoT Platform
It is an overseen administration facilitated on the cloud, empowering secure association, the executives, and preparing of IoT information. Alongside the intensity of IoT, the IBM Watson IoT Platform uses innovations like man-made brainpower (AI) and blockchain to permit endeavors to catch information from gadgets, hardware, and machines. They can additionally utilize this information to pick up experiences and settle on better business choices.
Based on IBM Cloud, the Watson IoT Platform is a versatile IoT administration that can adjust in the blink of an eye when a business needs to develop. It utilizes AI for information investigation with the goal that the information from IoT gadgets can be handled right away, and undertakings can increase important experiences from it. It utilizes blockchain to empower sharing of secure data over the environment. The usage of blockchain innovation builds trust and straightforwardness by approving provenance and occasions in an unchanging record.
20 Conclusion
While AWS IoT implements robust security measures for authenticating edge devices, there remains a potential vulnerability where these devices and communication pathways could be compromised or exploited. This underscores the ongoing need for refining existing techniques. One way to enhance security is by incorporating security measures during the design phase, following established security best practices. This involves the utilization of widely accepted and reputable security frameworks and algorithms for authentication. The selection of specific security mechanisms should be tailored to the unique customer IoT environment, as this approach assists in pinpointing areas of highest risk and prioritizing security as a paramount consideration.
References
Li J, Kuang X, Lin S, Ma X, Tang Y (2020) Privacy preservation for machine learning training and classification based on homomorphic encryption schemes. Inf Sci 526:166–179
Kurniawan A (2018) Learning AWS IoT
https://d1.awsstatic.com/whitepapers/Security/Securing_IoT_with_AWS.pdf
https://aws.amazon.com/blogs/iot/understanding-the-aws-iot-security-model/
Li J, Yu Q, Zhang Y (2019) ‘Hierarchical attribute-based encryption with continuous leakage-resilience.’ Inf Sci 484:113–134
Du L, Li K, Liu Q, Wu Z, Zhang S (2020) Dynamic multi-client searchable symmetric encryption with support for Boolean queries. Inf Sci 506:234–257
Deng H, Qin Z, Wu Q, Guan Z, Zhou Y (2020) Flexible attributebased proxy re-encryption for efficient data sharing. Inf Sci 511:94–113
Takabi H, Hesamifard E, Ghasemi M (2016) Privacy preserving multiparty machine learning with homomorphic encryption. In: Proc NIPS. Barcelona, Spain, pp 1–5
Yin H, Qin Z, Zhang J, Ou L, Li F, Li K (2019) Secure conjunctive multi-keyword ranked search over encrypted cloud data for multiple data owners. Future Gener Comput. Syst 100:689–700
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Srivastava, M., Arsh (2024). Amazon Web Service IOT and Authentication of Edge Devices. In: Roy, B.K., Chaturvedi, A., Tsaban, B., Hasan, S.U. (eds) Cryptology and Network Security with Machine Learning. ICCNSML 2022. Algorithms for Intelligent Systems. Springer, Singapore. https://doi.org/10.1007/978-981-99-2229-1_11
Download citation
DOI: https://doi.org/10.1007/978-981-99-2229-1_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-2228-4
Online ISBN: 978-981-99-2229-1
eBook Packages: EngineeringEngineering (R0)