Securing the Internet of Things

Securing the Internet of Things

Nowadays we are introducing Internet of Things devices in our homes, cars, factories, homebrew equipment, and many other facilities. While some of them are not really critical environments, having unsecure IoT devices surrounding our lives can condition our physical security and privacy. It is easy today to take an Arduino or a similar device, like a cheap ESP8266, connect it to the Internet and start feeding your cat remotely. Just need a quick search to see multiple alternatives:

Aside from cool cat feeders, it is possible to find multiple maker projects for controlling garage doors, blind windows, smart locks, tracking cars, control temperature and humidity levels, and so on. However, the security aspect of these devices needs to take some extra attention, starting from the connection between the device and the Cloud infrastructure. Most microcontrollers today are not powerful enough to handle secure connections, like SSL or TLS, so all the communication between the device and the server is open to attacks, like sniffing values, tacking device credentials, faking values, granting unauthorized access to physical facilities, unlocking doors, and many other possibilities. This way, securing the communications for all the Internet-connected devices should be a priority, especially if they can jeopardize our security or privacy.

The security of the Internet of Things does not only rely on secure communications, but it is a great start. The maker community must be aware of the security concerns of untrusted communications, and must have the appropriate resources to handle it. This way it is common to see different alternatives to offer secure communications in the microcontrollers, like porting SSL/TLS libraries to cheap devices like ESP8266, or device vendors that already integrates a crypto chip that process all this stuff by hardware, like the recent Arduino MKR1000.

Arduino MKR1000

In we are concerned about this security aspect, so our cloud supports secure connections for any device with this capability. In the recent Arduino library update, starting from version 2.4.1, we have introduced support for the Arduino MKR1000, including secure TLS connections by default. Just start with the following sample sketch for the MKR1000, and you will have encrypted connections by default.

#include <WiFi101.h>
#include <ThingerWifi101.h>

#define USERNAME "your_user_name"
#define DEVICE_ID "your_device_id"
#define DEVICE_CREDENTIAL "your_device_credential"

#define SSID "your_wifi_ssid"
#define SSID_PASSWORD "your_wifi_ssid_password"
#define LED_PIN 6


void setup() {
  // configure wifi network
  thing.add_wifi(SSID, SSID_PASSWORD);

  pinMode(LED_PIN, OUTPUT);

  // pin control example (i.e. turning on/off a light, a relay, etc)
  thing["led"] << digitalPin(LED_PIN); // resource output example (i.e. reading a sensor value, a variable, etc) thing["millis"] >> outputValue(millis());

void loop() {

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *