Iot Fundamentals
Iot Fundamentals
The Azure Internet of Things (IoT) is a collection of Microsoft-managed cloud services that connect, monitor, and
control billions of IoT assets. In simpler terms, an IoT solution is made up of one or more IoT devices that
communicate with one or more back-end services hosted in the cloud.
IoT devices
An IoT device is typically made up of a circuit board with sensors attached that use WiFi to connect to the internet.
For example:
A pressure sensor on a remote oil pump.
Temperature and humidity sensors in an air-conditioning unit.
An accelerometer in an elevator.
Presence sensors in a room.
There's a wide variety of devices available from different manufacturers to build your solution. For a list of devices
certified to work with Azure IoT Hub, see the Azure Certified for IoT device catalog. For prototyping, you can use
devices such as an MXChip IoT DevKit or a Raspberry Pi. The Devkit has built-in sensors for temperature, pressure,
humidity, and a gyroscope, accelerometer, and magnetometer. The Raspberry Pi lets you attach many different
types of sensor.
Microsoft provides open-source Device SDKs that you can use to build the apps that run on your devices. These
SDKs simplify and accelerate the development of your IoT solutions.
Communication
Typically, IoT devices send telemetry from the sensors to back-end services in the cloud. However, other types of
communication are possible such as a back-end service sending commands to your devices. The following are
some examples of device-to-cloud and cloud-to-device communication:
A mobile refrigeration truck sends temperature every 5 minutes to an IoT Hub.
The back-end service sends a command to a device to change the frequency at which it sends telemetry to
help diagnose a problem.
A device sends alerts based on the values read from its sensors. For example, a device monitoring a batch
reactor in a chemical plant, sends an alert when the temperature exceeds a certain value.
Your devices send information to display on a dashboard for viewing by human operators. For example, a
control room in a refinery may show the temperature, pressure, and flow volumes in each pipe, enabling
operators to monitor the facility.
The IoT Device SDKs and IoT Hub support common communication protocols such as HTTP, MQTT, and AMQP.
IoT devices have different characteristics when compared to other clients such as browsers and mobile apps. The
device SDKs help you address the challenges of connecting devices securely and reliably to your back-end service.
Specifically, IoT devices:
Are often embedded systems with no human operator (unlike a phone).
Can be deployed in remote locations, where physical access is expensive.
May only be reachable through the solution back end.
May have limited power and processing resources.
May have intermittent, slow, or expensive network connectivity.
May need to use proprietary, custom, or industry-specific application protocols.
Back-end services
In an IoT solution, the back-end service provides functionality such as:
Receiving telemetry at scale from your devices, and determining how to process and store that data.
Analyzing the telemetry to provide insights, either in real time or after the fact.
Sending commands from the cloud to a specific device.
Provisioning devices and controlling which devices can connect to your infrastructure.
Controlling the state of your devices and monitoring their activities.
Managing the firmware installed on your devices.
For example, in a remote monitoring solution for an oil pumping station, the cloud back end uses telemetry from
the pumps to identify anomalous behavior. When the back-end service identifies an anomaly, it can automatically
send a command back to the device to take a corrective action. This process generates an automated feedback loop
between the device and the cloud that greatly increases the solution efficiency.
Next steps
For some actual business cases and the architecture used, see the Microsoft Azure IoT Technical Case Studies.
For some sample projects that you can try out with an IoT DevKit, see the IoT DevKit Project Catalog.
For a more comprehensive explanation of the different services and how they're used, see Azure IoT services and
technologies.
For an in-depth discussion of IoT architecture, see the Microsoft Azure IoT Reference Architecture.
Choose the right IoT solution
2/5/2020 • 2 minutes to read • Edit Online
To build an IoT solution for your business, you typically choose to use either the platform services or the managed
app platform approach.
Platform services provide the building blocks for customized and flexible IoT applications. You have more options
to choose and code when you connect devices, and ingest, store, and analyze your data. Azure IoT platform services
include the products Azure IoT Hub and Azure Digital Twins.
A managed app platform lets you get started building apps more quickly than platform services by reducing the
number of decisions needed to achieve results. The managed app platform takes care of most elements of your
solution, so you can focus on adding industry knowledge, and scaling and connecting devices. Azure IoT Central is a
managed app platform.
To choose between these two approaches, you should consider:
How you want to manage your solution.
What level of customization and control you want over your solution.
What pricing structure you want.
Management
Where do you want to spend your system management time and resources?
Choose the platform services approach to have full control over the underlying services in your solution. For
example, you want to:
Manage scaling and securing services to meet your needs.
Make use of in-house or partner expertise to onboard devices and provision services.
Choose the managed app platform approach to take advantage of a platform that handles scale, security,
and management of your IoT applications and devices.
Control
What elements of your solution do you want to customize?
Choose the platform services approach for total customization and control over the solution architecture.
Choose the managed app platform approach to customize branding, dashboards, user roles, devices, and
telemetry. However, you don't want to handle the underlying IoT system management overhead.
Pricing
What pricing structure best fits your needs?
Choose the platform services approach to fine-tune services and control my overall costs.
Choose the managed app platform approach for a simple, predictable pricing structure.
Summary
The platform services approach is appropriate for a business with cloud solution and device expertise that wants to:
Fine-tune the services in the solution.
Have a high degree of control over the services in the solution.
Fully customize the solution.
The managed app platform approach is appropriate for a business that:
Doesn't want to dedicate extensive resources to system design, development, and management.
Does want a predictable pricing structure.
Does want some customization capabilities.
Next steps
For a more comprehensive explanation of the different services and platforms, and how they're used, see Azure IoT
services and technologies.
To learn more about the key attributes of successful IoT solutions, see the 8 attributes of successful IoT solutions
white paper.
For an in-depth discussion of IoT architecture, see the Microsoft Azure IoT Reference Architecture.
Azure technologies and services for creating IoT
solutions
2/5/2020 • 5 minutes to read • Edit Online
Azure IoT technologies and services provide you with options to create a wide variety of IoT solutions that enable
digital transformation for your organization. For example, you can:
Use Azure IoT Central, a managed IoT application platform, to build and deploy a secure, enterprise-grade IoT
solution. IoT Central features a collection of industry-specific application templates, such as retail and
healthcare, to accelerate your solution development process.
Extend the open-source code base for an Azure IoT solution accelerator to implement a common IoT scenario
such as remote monitoring or predictive maintenance.
Use Azure IoT platform services such as Azure IoT Hub and the Azure IoT device SDKs to build a custom IoT
solution from scratch.
Custom solutions
To build an IoT solution from scratch, or extend a solution created using IoT Central or a solution accelerator, use
one or more of the following Azure IoT technologies and services:
Devices
Develop your IoT devices using one of the Azure IoT Starter Kits or choose a device to use from the Azure Certified
for IoT device catalog. Implement your embedded code using the open-source device SDKs. The device SDKs
support multiple operating systems, such as Linux, Windows, and real-time operating systems. There are SDKs for
multiple programming languages, such as C, Node.js, Java, .NET, and Python.
You can further simplify how you create the embedded code for your devices by using the IoT Plug and Play
Preview service. IoT Plug and Play enables solution developers to integrate devices with their solutions without
writing any embedded code. At the core of IoT Plug and Play, is a device capability model schema that describes
device capabilities. Use the device capability model to generate your embedded device code and configure a cloud-
based solution such as an IoT Central application.
Azure IoT Edge lets you offload parts of your IoT workload from your Azure cloud services to your devices. IoT
Edge can reduce latency in your solution, reduce the amount of data your devices exchange with the cloud, and
enable off-line scenarios. You can manage IoT Edge devices from IoT Central and some solution accelerators.
Azure Sphere is a secured, high-level application platform with built-in communication and security features for
internet-connected devices. It includes a secured microcontroller unit, a custom Linux-based operating system, and
a cloud-based security service that provides continuous, renewable security.
Cloud connectivity
The Azure IoT Hub service enables reliable and secure bidirectional communications between millions of IoT
devices and a cloud-based solution. Azure IoT Hub Device Provisioning Service is a helper service for IoT Hub. The
service provides zero-touch, just-in-time provisioning of devices to the right IoT hub without requiring human
intervention. These capabilities enable customers to provision millions of devices in a secure and scalable manner.
IoT Hub is a core component of the solution accelerators and you can use it to meet IoT implementation challenges
such as:
High-volume device connectivity and management.
High-volume telemetry ingestion.
Command and control of devices.
Device security enforcement.
Bridging the gap between the physical and digital worlds
Azure Digital Twins is an IoT service that enables you to model a physical environment. It uses a spatial intelligence
graph to model the relationships between people, spaces, and devices. By corelating data across the digital and
physical worlds you can create contextually aware solutions.
Iot Central uses digital twins to synchronize devices and data in the real world with the digital models that enable
users to monitor and manage those connected devices.
Data and analytics
IoT devices typically generate large amounts of time series data, such as temperature readings from sensors. Azure
Time Series Insights can connect to an IoT hub, read the telemetry stream from your devices, store that data, and
enable you to query and visualize it.
Azure Maps is a collection of geospatial services that use fresh mapping data to provide accurate geographic
context to web and mobile applications. You can use a REST API, a web-based JavaScript control, or an Android
SDK to build your applications.
Next steps
For a hands-on experience, try one of the quickstarts:
Create an Azure IoT Central application
Send telemetry from a device to an IoT hub
Try a cloud-based remote monitoring solution
Azure IoT support and help options
9/22/2020 • 2 minutes to read • Edit Online
Here are suggestions for where you can get help when developing your Azure IoT solutions.
Next steps
What is Azure IoT?
Security recommendations for Azure Internet of
Things (IoT) deployment
4/21/2020 • 3 minutes to read • Edit Online
This article contains security recommendations for IoT. Implementing these recommendations will help you fulfill
your security obligations as described in our shared responsibility model. For more information on what Microsoft
does to fulfill service provider responsibilities, read Shared responsibilities for cloud computing.
Some of the recommendations included in this article can be automatically monitored by Azure Security Center.
Azure Security Center is the first line of defense in protecting your resources in Azure. It periodically analyzes the
security state of your Azure resources to identify potential security vulnerabilities. It then provides you with
recommendations on how to address them.
For more information on Azure Security Center recommendations, see Security recommendations in Azure
Security Center.
For information on Azure Security Center see the What is Azure Security Center?
General
REC O M M EN DAT IO N C O M M EN T S SUP P O RT ED B Y A SC
Keep authentication keys safe Keep the device IDs and their -
authentication keys physically safe after
deployment. This will avoid a malicious
device masquerade as a registered
device.
Define access control for the hub Understand and define the type of -
access each component will have in
your IoT Hub solution, based on the
functionality. The allowed permissions
are Registry Read, RegistryReadWrite,
ServiceConnect, and DeviceConnect.
Default shared access policies in your
IoT hub can also help define the
permissions for each component based
on its role.
Define access control for backend Data ingested by your IoT Hub solution -
services can be consumed by other Azure
services such as Cosmos DB, Stream
Analytics, App Service, Logic Apps, and
Blob storage. Make sure to understand
and allow appropriate access
permissions as documented for these
services.
Data protection
REC O M M EN DAT IO N C O M M EN T S SUP P O RT ED B Y A SC
Networking
REC O M M EN DAT IO N C O M M EN T S SUP P O RT ED B Y A SC
REC O M M EN DAT IO N C O M M EN T S SUP P O RT ED B Y A SC
Monitoring
REC O M M EN DAT IO N C O M M EN T S SUP P O RT ED B Y A SC
Monitor your IoT solution from the Monitor the overall health of your IoT -
cloud Hub solution using the metrics in Azure
Monitor.
Next steps
For advanced scenarios involving Azure IoT, you may need to consider additional security requirements. See IoT
security architecture for more guidance.
Security for Internet of Things (IoT) from the ground
up
10/22/2019 • 11 minutes to read • Edit Online
The Internet of Things (IoT) poses unique security, privacy, and compliance challenges to businesses worldwide.
Unlike traditional cyber technology where these issues revolve around software and how it is implemented, IoT
concerns what happens when the cyber and the physical worlds converge. Protecting IoT solutions requires
ensuring secure provisioning of devices, secure connectivity between these devices and the cloud, and secure data
protection in the cloud during processing and storage. Working against such functionality, however, are resource-
constrained devices, geographic distribution of deployments, and a large number of devices within a solution.
This article explores how the IoT solution accelerators provide a secure and private Internet of Things cloud
solution. The solution accelerators deliver a complete end-to-end solution, with security built into every stage from
the ground up. At Microsoft, developing secure software is part of the software engineering practice, rooted in
Microsoft's decades long experience of developing secure software. To ensure this, Security Development Lifecycle
(SDL) is the foundational development methodology, coupled with a host of infrastructure-level security services
such as Operational Security Assurance (OSA) and the Microsoft Digital Crimes Unit, Microsoft Security Response
Center, and Microsoft Malware Protection Center.
The solution accelerators offer unique features that make provisioning, connecting to, and storing data from IoT
devices easy and transparent and, most of all, secure. This article examines the Azure IoT solution accelerators
security features and deployment strategies to ensure security, privacy, and compliance challenges are addressed.
Introduction
The Internet of Things (IoT) is the wave of the future, offering businesses immediate and real-world opportunities
to reduce costs, increase revenue, and transform their business. Many businesses, however, are hesitant to deploy
IoT in their organizations due to concerns about security, privacy, and compliance. A major point of concern comes
from the uniqueness of the IoT infrastructure, which merges the cyber and physical worlds together, compounding
individual risks inherent in these two worlds. Security of IoT pertains to ensuring the integrity of code running on
devices, providing device and user authentication, defining clear ownership of devices (as well as data generated by
those devices), and being resilient to cyber and physical attacks.
Then, there’s the issue of privacy. Companies want transparency concerning data collection, as in what’s being
collected and why, who can see it, who controls access, and so on. Finally, there are general safety issues of the
equipment along with the people operating them, and issues of maintaining industry standards of compliance.
Given the security, privacy, transparency, and compliance concerns, choosing the right IoT solution provider
remains a challenge. Stitching together individual pieces of IoT software and services provided by a variety of
vendors introduces gaps in security, privacy, transparency, and compliance, which may be hard to detect, let alone
fix. The choice of the right IoT software and service provider is based on finding providers that have extensive
experience running services, which span across verticals and geographies, but are also able to scale in a secure and
transparent fashion. Similarly, it helps for the selected provider to have decades of experience with developing
secure software running on billions of machines worldwide, and have the ability to appreciate the threat landscape
posed by this new world of the Internet of Things.
Conclusion
The Internet of Things starts with your things—the things that matter most to businesses. IoT can deliver amazing
value to a business by reducing costs, increasing revenue, and transforming business. Success of this
transformation largely depends on choosing the right IoT software and service provider. That means finding a
provider that not only catalyzes this transformation by understanding business needs and requirements, but also
provides services and software built with security, privacy, transparency, and compliance as major design
considerations. Microsoft has extensive experience with developing and deploying secure software and services
and continues to be a leader in this new age of Internet of Things.
The solution accelerators build in security measures by design, enabling secure monitoring of assets to improve
efficiencies, drive operational performance to enable innovation, and employ advanced data analytics to transform
businesses. With its layered approach towards security, multiple security features, and design patterns, the solution
accelerators help deploy an infrastructure that can be trusted to transform any business.
Additional information
Each solution accelerator creates instances of Azure services, such as:
Azure IoT Hub : Your gateway that connects the cloud to devices. You can scale to millions of connections
per hub and process massive volumes of data with per-device authentication support helping you secure
your solution.
Azure Cosmos DB : A scalable, fully-indexed database service for semi-structured data that manages
metadata for the devices you provision, such as attributes, configuration, and security properties. Azure
Cosmos DB offers high-performance and high-throughput processing, schema-agnostic indexing of data,
and a rich SQL query interface.
Azure Stream Analytics : Real-time stream processing in the cloud that enables you to rapidly develop and
deploy a low-cost analytics solution to uncover real-time insights from devices, sensors, infrastructure, and
applications. The data from this fully-managed service can scale to any volume while still achieving high
throughput, low latency, and resiliency.
Azure App Ser vices : A cloud platform to build powerful web and mobile apps that connect to data
anywhere; in the cloud or on-premises. Build engaging mobile apps for iOS, Android, and Windows.
Integrate with your Software as a Service (SaaS) and enterprise applications with out-of-the-box connectivity
to dozens of cloud-based services and enterprise applications. Code in your favorite language and IDE
—.NET, Node.js, PHP, Python, or Java—to build web apps and APIs faster than ever.
Logic Apps : The Logic Apps feature of Azure App Service helps integrate your IoT solution to your existing
line-of-business systems and automate workflow processes. Logic Apps enables developers to design
workflows that start from a trigger and then execute a series of steps—rules and actions that use powerful
connectors to integrate with your business processes. Logic Apps offers out-of-the-box connectivity to a vast
ecosystem of SaaS, cloud-based, and on-premises applications.
Azure Blob storage : Reliable, economical cloud storage for the data that your devices send to the cloud.
Next steps
Read about IoT Hub security in Control access to IoT Hub in the IoT Hub developer guide.
Security best practices for Internet of Things (IoT)
11/12/2019 • 6 minutes to read • Edit Online
Securing an Internet of Things (IoT) infrastructure requires a rigorous security-in-depth strategy. This strategy
requires you to secure data in the cloud, protect data integrity while in transit over the public internet, and securely
provision devices. Each layer builds greater security assurance in the overall infrastructure.
See also
To learn more about securing a solution created by an IoT solution accelerator, see Secure your IoT deployment.
Read about IoT Hub security in Control access to IoT Hub in the IoT Hub developer guide.
Internet of Things (IoT) security architecture
11/12/2019 • 24 minutes to read • Edit Online
When designing a system, it is important to understand the potential threats to that system, and add appropriate
defenses accordingly, as the system is designed and architected. It is important to design the product from the
start with security in mind because understanding how an attacker might be able to compromise a system helps
make sure appropriate mitigations are in place from the beginning.
Security in IoT
Connected special-purpose devices have a significant number of potential interaction surface areas and interaction
patterns, all of which must be considered to provide a framework for securing digital access to those devices. The
term “digital access” is used here to distinguish from any operations that are carried out through direct device
interaction where access security is provided through physical access control. For example, putting the device into
a room with a lock on the door. While physical access cannot be denied using software and hardware, measures
can be taken to prevent physical access from leading to system interference.
As you explore the interaction patterns, look at “device control” and “device data” with the same level of attention.
“Device control” can be classified as any information that is provided to a device by any party with the goal of
changing or influencing its behavior towards its state or the state of its environment. “Device data” can be
classified as any information that a device emits to any other party about its state and the observed state of its
environment.
In order to optimize security best practices, it is recommended that a typical IoT architecture is divided into several
component/zones as part of the threat modeling exercise. These zones are described fully throughout this section
and include:
Device,
Field Gateway,
Cloud gateways, and
Services.
Zones are broad way to segment a solution; each zone often has its own data and authentication and authorization
requirements. Zones can also be used to isolation damage and restrict the impact of low trust zones on higher
trust zones.
Each zone is separated by a Trust Boundary, which is noted as the dotted red line in the following diagram. It
represents a transition of data/information from one source to another. During this transition, the data/information
could be subject to Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of
Privilege (STRIDE).
The components depicted within each boundary are also subjected to STRIDE, enabling a full 360 threat modeling
view of the solution. The following sections elaborate on each of the components and specific security concerns
and solutions that should be put into place.
The following sections discuss standard components typically found in these zones.
The device zone
The device environment is the immediate physical space around the device where physical access and/or “local
network” peer-to-peer digital access to the device is feasible. A “local network” is assumed to be a network that is
distinct and insulated from – but potentially bridged to – the public Internet, and includes any short-range wireless
radio technology that permits peer-to-peer communication of devices. It does not include any network
virtualization technology creating the illusion of such a local network and it does also not include public operator
networks that require any two devices to communicate across public network space if they were to enter a peer-to-
peer communication relationship.
The field gateway zone
Field gateway is a device/appliance or some general-purpose server computer software that acts as
communication enabler and, potentially, as a device control system and device data processing hub. The field
gateway zone includes the field gateway itself and all devices that are attached to it. As the name implies, field
gateways act outside dedicated data processing facilities, are usually location bound, are potentially subject to
physical intrusion, and has limited operational redundancy. All to say that a field gateway is commonly a thing one
can touch and sabotage while knowing what its function is.
A field gateway is different from a mere traffic router in that it has had an active role in managing access and
information flow, meaning it is an application addressed entity and network connection or session terminal. An
NAT device or firewall, in contrast, does not qualify as field gateways since they are not explicit connection or
session terminals, but rather a route (or block) connections or sessions made through them. The field gateway has
two distinct surface areas. One faces the devices that are attached to it and represents the inside of the zone, and
the other faces all external parties and is the edge of the zone.
The cloud gateway zone
A cloud gateway is a system that enables remote communication from and to devices or field gateways from
several different sites across public network space, typically towards a cloud-based control and data analysis
system, a federation of such systems. In some cases, a cloud gateway may immediately facilitate access to special-
purpose devices from terminals such as tablets or phones. In the context discussed here, “cloud” is meant to refer
to a dedicated data processing system that is not bound to the same site as the attached devices or field gateways.
Also in a Cloud Zone, operational measures prevent targeted physical access and are not necessarily exposed to a
“public cloud” infrastructure.
A cloud gateway may potentially be mapped into a network virtualization overlay to insulate the cloud gateway
and all of its attached devices or field gateways from any other network traffic. The cloud gateway itself is not a
device control system or a processing or storage facility for device data; those facilities interface with the cloud
gateway. The cloud gateway zone includes the cloud gateway itself along with all field gateways and devices
directly or indirectly attached to it. The edge of the zone is a distinct surface area where all external parties
communicate through.
The services zone
A “service” is defined for this context as any software component or module that is interfacing with devices
through a field- or cloud gateway for data collection and analysis, as well as for command and control. Services are
mediators. They act under their identity towards gateways and other subsystems, store and analyze data,
autonomously issue commands to devices based on data insights or schedules and expose information and
control capabilities to authorized end users.
Information-devices versus special-purpose devices
PCs, phones, and tablets are primarily interactive information devices. Phones and tablets are explicitly optimized
around maximizing battery lifetime. They preferably turn off partially when not immediately interacting with a
person, or when not providing services like playing music or guiding their owner to a particular location. From a
systems perspective, these information technology devices are mainly acting as proxies towards people. They are
“people actuators” suggesting actions and “people sensors” collecting input.
Special-purpose devices, from simple temperature sensors to complex factory production lines with thousands of
components inside them, are different. These devices are much more scoped in purpose and even if they provide
some user interface, they are largely scoped to interfacing with or be integrated into assets in the physical world.
They measure and report environmental circumstances, turn valves, control servos, sound alarms, switch lights,
and do many other tasks. They help to do work for which an information device is either too generic, too
expensive, too large, or too brittle. The concrete purpose immediately dictates their technical design as well the
available monetary budget for their production and scheduled lifetime operation. The combination of these two
key factors constrains the available operational energy budget, physical footprint, and thus available storage,
compute, and security capabilities.
If something “goes wrong” with automated or remote controllable devices, for example, physical defects or control
logic defects to willful unauthorized intrusion and manipulation. The production lots may be destroyed, buildings
may be looted or burned down, and people may be injured or even die. This is a whole different class of damage
than someone maxing out a stolen credit card's limit. The security bar for devices that make things move, and also
for sensor data that eventually results in commands that cause things to move, must be higher than in any e-
commerce or banking scenario.
Device control and device data interactions
Connected special-purpose devices have a significant number of potential interaction surface areas and interaction
patterns, all of which must be considered to provide a framework for securing digital access to those devices. The
term “digital access” is used here to distinguish from any operations that are carried out through direct device
interaction where access security is provided through physical access control. For example, putting the device into
a room with a lock on the door. While physical access cannot be denied using software and hardware, measures
can be taken to prevent physical access from leading to system interference.
As you explore the interaction patterns, look at “device control” and “device data” with the same level of attention
while threat modeling. “Device control” can be classified as any information that is provided to a device by any
party with the goal of changing or influencing its behavior towards its state or the state of its environment. “Device
data” can be classified as any information that a device emits to any other party about its state and the observed
state of its environment.
The following diagram provides a simplified view of Microsoft’s IoT Architecture using a Data Flow Diagram model
that is used by the Microsoft Threat Modeling Tool:
It is important to note that the architecture separates the device and gateway capabilities. This approach enables
the user to leverage gateway devices that are more secure: they are capable of communicating with the cloud
gateway using secure protocols, which typically requires greater processing overhead that a native device - such as
a thermostat - could provide on its own. In the Azure services zone, assume that the Cloud Gateway is represented
by the Azure IoT Hub service.
Device and data sources/data transport
This section explores the architecture outlined previously through the lens of threat modeling and gives an
overview of how to address some of the inherent concerns. This example focuses on the core elements of a threat
model:
Processes (both under your control and external items)
Communication (also called data flows)
Storage (also called data stores)
Processes
In each of the categories outlined in the Azure IoT architecture, this example tries to mitigate a number of different
threats across the different stages data/information exists in: process, communication, and storage. Following is an
overview of the most common ones for the “process” category, followed by an overview of how these threats
could be best mitigated:
Spoofing (S) : An attacker may extract cryptographic key material from a device, either at the software or
hardware level, and subsequently access the system with a different physical or virtual device under the identity of
the device the key material has been taken from. A good illustration is remote controls that can turn any TV and
that are popular prankster tools.
Denial of Ser vice (D) : A device can be rendered incapable of functioning or communicating by interfering with
radio frequencies or cutting wires. For example, a surveillance camera that had its power or network connection
intentionally knocked out cannot report data, at all.
Tampering (T) : An attacker may partially or wholly replace the software running on the device, potentially
allowing the replaced software to leverage the genuine identity of the device if the key material or the
cryptographic facilities holding key materials were available to the illicit program. For example, an attacker may
leverage extracted key material to intercept and suppress data from the device on the communication path and
replace it with false data that is authenticated with the stolen key material.
Information Disclosure (I) : If the device is running manipulated software, such manipulated software could
potentially leak data to unauthorized parties. For example, an attacker may leverage extracted key material to inject
itself into the communication path between the device and a controller or field gateway or cloud gateway to
siphon off information.
Elevation of Privilege (E) : A device that does specific function can be forced to do something else. For example,
a valve that is programmed to open half way can be tricked to open all the way.
Field Gateway S Authenticating the If someone can spoof TLS RSA/PSK, IPSec,
Field gateway to Field Gateway, then it RFC 4279. All the
Cloud Gateway (such can present itself as same key storage and
as cert based, PSK, or any device. attestation concerns
Claim based.) of devices in general –
best case is use TPM.
6LowPAN extension
for IPSec to support
Wireless Sensor
Networks (WSN).
C O M P O N EN T T H REAT M IT IGAT IO N RISK IM P L EM EN TAT IO N
E Access control
mechanism for Field
Gateway
External Entity Device TID Strong pairing of the Eavesdropping the Securely pairing the
external entity to the connection to the external entity to the
device device. Interfering the device NFC/Bluetooth
communication with LE. Controlling the
the device operational panel of
the device (Physical)
Device storage TRID Storage encryption, Reading data from the Encryption, message
signing the logs storage (PII data), authentication code
tampering with (MAC), or digital
telemetry data. signature. Where
Tampering with possible, strong
queued or cached access control
command control through resource
data. Tampering with access control lists
configuration or (ACLs) or permissions.
firmware update
packages while
cached or queued
locally can lead to OS
and/or system
components being
compromised
Field Gateway storage TRID Storage encryption, Reading data from the BitLocker
(queuing the data) signing the logs storage (PII data),
tampering with
telemetry data,
tampering with
queued or cached
command control
data. Tampering with
configuration or
firmware update
packages (destined
for devices or field
gateway) while cached
or queued locally can
lead to OS and/or
system components
being compromised
Additional resources
For more information, see the following articles:
SDL Threat Modeling Tool
Microsoft Azure IoT reference architecture
See also
To learn more about securing a solution created by an IoT solution accelerator, see Secure your IoT deployment.
Read about IoT Hub security in Control access to IoT Hub in the IoT Hub developer guide.
Secure your Internet of Things (IoT) deployment
11/7/2019 • 7 minutes to read • Edit Online
This article provides the next level of detail for securing the Azure IoT-based Internet of Things (IoT) infrastructure.
It links to implementation level details for configuring and deploying each component. It also provides
comparisons and choices between various competing methods.
Securing the Azure IoT deployment can be divided into the following three security areas:
Device Security : Securing the IoT device while it is deployed in the wild.
Connection Security : Ensuring all data transmitted between the IoT device and IoT Hub is confidential and
tamper-proof.
Cloud Security : Providing a means to secure data while it moves through, and is stored in the cloud.
Conclusion
This article provides overview of implementation level details for designing and deploying an IoT infrastructure
using Azure IoT. Configuring each component to be secure is key in securing the overall IoT infrastructure. The
design choices available in Azure IoT provide some level of flexibility and choice; however, each choice may have
security implications. It is recommended that each of these choices be evaluated through a risk/cost assessment.
See also
Read about IoT Hub security in Control access to IoT Hub in the IoT Hub developer guide.