IoT Network Architecture: Design for Performance & Security

The Internet of Things (IoT) has significantly expanded the scope for monitoring and control of various aspects of the environment, infrastructures, buildings, and smart industry. The “things” – typically sensors and actuators – leverage mature principles for measuring temperature, pressure, proximity, motion, for capturing sound and images. The magic happens by combining with “internet”, which brings powerful aspects like IPv6 addressability, diverse communication protocols, and cloud computing, to bring massive scale, pervasive connectivity, and big-data storage and analytics into the equation. The sheer ubiquity of Internet technologies also enhances affordability.

Building an IoT application enables organisations to understand and manage their operations and assets to an extent and depth hitherto impractical or financially viable. As a driver of digital transformation, it brings opportunities to improve efficiency, quality, and productivity, reduce costs, create new services, and enhance value for customers and stakeholders.

IoT Network Architecture

On the other hand, the Internet also makes the connected assets visible remotely and therefore vulnerable to hackers interested in attacking them for various reasons: fun, fraud, commercial objectives, terrorism, spying, cyber warfare. Hunters are constantly seeking targets and it’s said that any asset newly connected to the Internet will be subjected to an attack within minutes of going live.

Simple three-layer IoT architecture

Figure 1: Simple three-layer IoT architecture.

Define to design

To simultaneously be functionally fit for purpose, and protected against casual, amateur, organised and even military cyberattacks, IoT applications need a coherent structure. While the implementation is typically tailored to the application, defining a standardised concept of the network architecture – delineated by functional layers - helps achieve the required functionality, availability, scalability, interoperability, and security.

A simple hierarchy can be imagined (Figure 1) comprising a perception layer, that contains the sensors, a network or connectivity layer that connects the sensors to the IoT platform, and an application layer – mostly associated with the cloud - that contains software for interacting with the devices and handling the data, including storing, reporting, and analytics. The connectivity layer handles communication between devices in the perception layer, through gateways, concentrators, and routers, to servers in the application layer. Communication uses wired and wireless standards such as Ethernet, cellular networks, LPWAN, WiFi, Bluetooth®, NFC, Matter, and others.

This three-layer concept offers a generic, undetailed view of an IoT platform. However, such a simple model provides little help to assess the functional aspects, the management and processing of the data, or to understand in depth the security vulnerabilities that affect the data on its journey from the sensor (perception layer) to the application layer. Hackers can attack any part of the IoT platform, exploiting weaknesses such as the typically low processing capabilities of sensors and deficiencies in communication protocols and authentication and authorisation mechanisms, as well as susceptibility to viruses and cross-site scripting to run malicious code.

More complex models cover the additional aspects developers must consider if they are to build an IoT platform that can deliver the required functionality and performance, and which is secure. A five-layer model (Figure 2) refines the three-layer concept, adding a business layer that contains tools for making information available to users, to assist decision making, and a processing layer to clarify essential data-management tasks. These are concerned with storing, aggregating, and providing access to the data for software in the application layer.

As the demands placed on IoT deployments have evolved towards feeding big-data analytics applications and, in some cases such as smart factories and smart driving, predicated on real-time response to detected events, the necessity of an edge-processing layer to handle data filtering, formatting, and decision-making locally has also emerged. Logically, the edge layer fits between the connectivity and processing layers.

IoTWF architecture

In 2014, at a meeting of the IoT World Forum, a consortium of technology companies including Cisco published a reference model comprising seven layers (Figure 3). At the time, the aim of this model was to educate those involved in the deployment of IoT and accelerate adoption.

Five-layer architecture adds detail to IoT network implementation

Figure 2: Five-layer architecture adds detail to IoT network implementation.

In practical terms, it provides a common terminology and describes how information flows and is processed. It provides a basis against which organisations seeking to deploy IoT systems can address issues that are important, including scalability, interoperability, agility, and legacy compatibility.

We understand that the IoT can be overwhelming, so if you need support with your next IoT project or IoT security in particular, why not get in touch with our experts? Our IoT, Wireless and Connectivity teams are on hand to help you with your next IoT challenge.

Learn More

Security

Secure Provisioning

Services providing keys and certificate injection into Secure Elements or MCU for full end-to-end Security.

Learn More

7-layer IoT reference model

Figure 3: 7-layer reference model

The elements of the simple three-layer architecture described earlier can be perceived in this framework: the physical devices and controllers in the perception layer, the communication resources in the connectivity layer, and the analytics and control software of the application layer, with the additional edge computing layer, data accumulation and abstraction layers, and the process and collaborative tools of the business layer.

Compared with the simpler architectures, the edge layer included in the more sophisticated models has been central to enabling IoT deployments to meet the needs for increased functionality and performance, faster response, reduced power consumption, and greater data privacy. By filtering and processing information early, in a location close to its point of capture, low latency and real-time determinism is possible. Only a subset of the data captured is sent to cloud services, which also saves network bandwidth and storage as irrelevant data is discarded before being sent to the cloud.

The IoTWF 7-layer visualisation of IoT architecture facilitates a tiered approach to security that is enforced at the transition points between levels.

Devices and controllers in the perception layer can be physically accessible, as well as addressable via a network connection, making them vulnerable to threats such as tampering, theft, or unauthorised manipulation by loading malicious code, stealing security keys, or other secret information such as passwords.

Other vulnerabilities include a lack of data authentication, which becomes apparent at the data-accumulation layer where data collected from sensors or devices can be susceptible to spoofing or tampering. Moreover, data transmission between devices or gateways can be intercepted or accessed by unauthorised parties if not properly encrypted.

From the standpoint of the abstraction layer, inadequate access controls may allow unauthorised parties to gain access to sensitive data or perform unauthorised operations. Also at the abstraction layer, inadequate validation of incoming data may lead to the ingestion of malicious or malformed data, potentially compromising the integrity and security of the system.

In the application layer, vulnerabilities in APIs or other application interfaces may allow attackers to exploit weaknesses in the system, leading to unauthorised access, data leakage, or service disruptions. Also, insecure coding practices such as insufficient input validation or buffer overflows can introduce vulnerabilities that attackers can exploit to compromise the system.

Weak or ineffective authentication and authorisation mechanisms can allow unauthorised access to applications or data, leading to potential security breaches.

A lack of robust monitoring and logging mechanisms can make it difficult to detect and respond to security incidents or identify potential vulnerabilities. This can become apparent at the process layer. In addition, insufficient security awareness and training among personnel involved in the operation and maintenance of IoT systems can increase the risk of human error or oversight, leading to security vulnerabilities.

Implementing robust security measures, such as strong authentication, encryption, access controls, secure coding practices, and ongoing monitoring, is crucial to mitigate these vulnerabilities and ensure the security and integrity of IoT systems.

Conclusion

An IoT deployment may be simple in concept, although the implementation can be complex; potentially involving large numbers of nodes that can be dispersed over a geographically large area. A framework that describes the architecture in adequate detail can guide development by helping teams to make sure all the functional aspects are met and all security issues are handled properly.

Security

Secure Elements

Hardware Root of Trust used for crypto operations and key storage.

Learn More

Security

Secure Library

Software Root of Trust integrated into any MCU/MPU used for crypto operations and key storage.

Learn More

Security

Secure MCU

MCU with built in security features and key storage.

Learn More

Service

See IoTConnect

The IoT can be overwhelming. You need to leverage new technologies like AI, deep learning and data mining to make the most of your investment. Let us help you.

Learn More