“Security is not something that you can add as a final step in your product development phase. Instead, it must be part of the product manufacturing, design, and development from the day one.” - Thingsee development principle
At the moment we can’t yet reveal all the glorious details how we have done this, but here are some very high-level sneak peaks.
Build using AWS serverless
We have done this already some years, so we are pretty well experienced in how to build secure services using the stuff that the AWS provides. We have achieved AWS IoT Competency so everything we have done has been reviewed by AWS.
This ensures that we are following all the best practices from AWS, and that all the ticks that we need to check for large scale commercial setups are met.
Secured IoT WAN connections
Thingsee connects to cloud using managed and secured cellular connections. All the connections are done using enterprise SIM management and connectivity. That’s for the gateways that have cellular connectivity option. For the gateways that are connected over LAN, we secure the communication using standard AWS IoT certificates. We expect that the LAN network is otherwise managed and secured by some local IT or other guys/gals who knows networking.
Secured IoT mesh connections
We use Wirepas mesh connectivity, and utilize their security mechanism. That’s secure. You can ask them directly. What we do is burn, lock, hide, encrypt, and certify our Wirepas-mesh connectivity parameters during our manufacturing processes so that there is no way to get unauthorized access to the mesh network. The only way to get sensors connected is to have them manufactured using our tools, our factories, and a pile of different keys and parameters that manufacturing services knows - and dedicated only to your set of devices.
Secured IoT gateway
ThingseeGATEWAYs are closed. The only external access is through AWS IoT Core (and you can’t get to that unless you have the right certificates). There are no external services running, no SSH service, no nothing to try to connect to. ThingseeGATEWAYs are simple MCU powered devices running NuttX open source RTOS with only those services that are critical for the device operations. Feel free to try, even the USB is only for charging.
Handling and managing manufacturing services (incl. security) is one part of our daily work. It is so critical for our products, so that we have developed our own toolset just to make it right. You can read our blog post about Haltian Engineering Almighty Tool.