Tech Talk Activity Review | Turning "passive" into "active", how to build safe and compliant smart products

foreword

In the era of the Internet of Things, the application of smart products is becoming more and more extensive, but it is not easy to build a smart product that meets compliance requirements. The construction of smart products usually involves a long industrial chain, including smart devices, cloud devices, and user operations. Most developers engaged in IoT smart device construction have more experience in the development of embedded devices. How to easily and safely build smart products on the cloud platform is inexperienced, and is often plagued by some device-side problems. Recently, Amazon Cloud Technology Tech Talk specially invited solution architect Zheng Hui as a guest to share the theme of "Building Safe and Compliant Smart Products with Amazon IoT Core" .

Challenges behind smart products

When building smart products, developers often face many challenges, including security compliance challenges, large-scale device connectivity issues, and more. Zheng Hui summarized the challenges that developers face when building smart products into the following three points.

First, due to the diversification of terminal devices, the development and application of the Internet of Things has serious fragmentation problems. There are various types of sensors, and the connection protocol corresponding to each sensor also includes various communication modules. In addition, the same device will also correspond to different scenarios, such as smart home scenarios, security scenarios, new energy scenarios, etc. The terminals corresponding to these scenarios are quite different in terms of operating systems and development languages. As a result, serious terminal fragmentation problems can result.

Secondly, protocol diversification is also one of the main problems that plague developers. For IoT, the most important thing is device-to-device communication. The communication protocols used in the IoT technology framework system include: AMQP, JMS, REST, HTTP/HTTPS, COAP, DDS, MQTT, etc. According to the Eclipse Foundation survey, MQTT, HTTP, WebSocket are the most commonly used messaging protocols in IoT solutions. But on the whole, the current IoT protocols are developing in a diversified way. Different protocols are applicable to different industries and scenarios. In the same scenario, there may be multiple protocols to choose from.

Third, there is the issue of data privacy regulations. Countries around the world have corresponding data privacy regulations. As the device closest to the user, IoT devices will collect a large amount of user data, which will involve a lot of personal privacy. Whether it is the Americas, Europe, Asia Pacific, or even individual countries, they have their own privacy protection laws. Among them, the most famous is the European Union's General Data Protection Regulation (GDPR). At present, how to meet different security compliance requirements when building smart products is still a major challenge for enterprises and developers.

Solutions to Smart Product Safety Compliance Issues

Terminal fragmentation, protocol diversification, and compliance with data privacy regulations are like three mountains, lying between developers and the construction of smart products. How to overcome challenges and build smart products that are safe and compliant? Amazon IoT Core provides just such a managed service, allowing connected devices to easily and securely interact with cloud-based applications and other devices. Amazon IoT Core enables the following basic functions.

• Securely connect devices to the Amazon cloud and other devices at scale;
• routing, processing data from connected devices;
• enable the application to interact with the device even when offline;
• Perfect integration with other Amazon cloud technology services for reasoning on top of data? (analytics, databases, AI, etc.);
• It supports the most commonly used protocols such as WebSocket, HTTP, and MQTT in IoT solutions.

Specifically, how does Amazon IoT Core address security compliance ? In addition to basic functions, these important features are the key to solving security problems.

First, manage device authorization and provide large-scale unique authentication services. The Amazon IoT Core platform supports four authentication methods: SigV4, X.509, Cognito and custom authentication. Users can use their own Root CA and client certificate, or let Amazon IoT Core generate the certificate. The advantages of providing four authentication methods are: First, automatic device configuration can be realized through instant registration, and automatic device configuration can also be realized through Fleet Provisioning to ensure the security of its cloud connection. Second, the authentication service itself needs to be bound to the IoT policy. Therefore, the cloud access can achieve flexible and more fine-grained access control through the Amazon IoT Core policy.

Second, leveraging device gateways for fully managed connectivity optimization for IoT scenarios. The so-called fully managed means that no matter how many devices are connected to Amazon IoT Core, low-latency and high-data-volume communication can be completed, ensuring that the connection is not troubled by computing resources. Amazon IoT Core supports multiple protocols, including MQTT, WebSocket, HTTP, and more. In addition, it communicates securely through TLS 1.2, and data transmission and interaction can only be completed after the cloud and the device recognize each other, which can effectively ensure data security. Not only that, but Amazon IoT Core can configure endpoints and custom domain names, and can be optimized for performance-constrained devices.

Authentication services and device gateways are key features for securing smart products. So, how do devices access the cloud? For access control links , Amazon Cloud Technology provides two different solutions.

Solution 1: In Amazon IoT Core, the certificate is bound to the device, and the certificate is attached with a policy. The policy specifies the scope of connecting to the cloud, and one certificate corresponds to one device. In the policy, the content of the policy is finely defined to minimize device connection permissions and meet security requirements.

Solution 2: The mobile app does not directly connect to Amazon IoT Core, and does a layer of transit through the gateway, which is convenient for permission control at the gateway. From the best practice experience of Amazon IoT Core, it is not recommended to directly connect the mobile APP to Amazon IoT Core. On the one hand, it is inconvenient to develop. The connection authentication of Amazon IoT Core needs to introduce services such as Amplify/Cognito/STS, and there are no other functional requirements. On the other hand, the authentication method of putting certificates in the APP or connecting to Amazon IoT Core, especially the Android system, is very easy to be decompiled and cracked. Therefore, Amazon Cloud Technology's solution recommends adding a layer of intermediate gateway between Amazon IoT Core and APP to facilitate the control of device-side security.

Through the above two solutions, refined permission control can be achieved. Taking solution 1 as an example, if this strategy is adopted, the only operations that can be performed are connection, corresponding publishing, receiving messages, and subscribing to the corresponding MQTT topic. Since the platform has limited the topic resources of MQTT, the MQTT topics that can be operated are also quite limited. Through such a strategy, the minimum device connection authority can be achieved to meet security requirements. If there is an iteration of the device product, the user can also change the policy to ensure that the device does not have too much authority, or eliminate the device so that it cannot be connected. corresponding control.

Security compliance is often linked, but in fact security and compliance are two separate issues. The above strategies ensure the security of smart products. How does Amazon Cloud Technology help users to build compliance ? Zheng Hui summarized the way to achieve overall compliance into three directions :

• Compliant underlying resources
• Permissions, Monitoring and Encryption
• Get support by business

Amazon Cloud Technology builds a compliance system based on compliance with global standards. Taking the GDPR as an example, the GDPR has corresponding requirements for personal data, such as anything stored or processed by the customer (or any end user), including: software, data, text, audio, video, etc. However, these contents will contain "personal data", such as a doorbell, the location of the doorbell will be associated with the user's basic identity information; wearable devices will record the user's common blood pressure, heartbeat and other data, these are important data, need to be carried out Legal compliance protection. The GDPR has six principles for the processing of personal data:

• Transparency, fairness, legality: Collect data legally, and disclose what type of data is collected;
• Restricted purpose of use: no additional processing of data contrary to the original purpose is allowed;
• Data minimization: collect only appropriate, relevant and required data;
• Accuracy of data content: ensure accuracy and use only the latest data when needed;
• Storage restrictions: the data is stored for no longer than the time corresponding to the required purpose;
• Management responsibility system: Data should have corresponding mechanisms to prevent illegal, unauthorized processing, data leakage, damage and other losses.

In response to the six principles, Amazon Cloud Technology adopts corresponding measures to help customers achieve GDPR compliance. In addition to ensuring compliance, Amazon Cloud Technology is committed to providing users with services and resources to help them comply with GDPR requirements that may apply.

First, access control. Amazon Cloud Technology provides access control through IAM authentication. Granular access control to objects in Amazon S3, Amazon SQS, and Amazon SNS. With API request authentication, developers can obtain API calls or permission calls in the form of Amazon IAM temporary identity access tokens.

Second, monitoring records. Monitoring records are divided into two levels. One is the modification of the current configuration, which can be used to perform asset management and configuration through Amazon Config. The second is the operation on the cloud, and users can conduct audit and security analysis through Amazon CloudTrail.

Third, encryption. Amazon cloud technology has many encryption methods, such as using KMS (EBS/S3/Glacier/RDS) to encrypt data at rest, using KMS for key management, etc. If you want to connect to the VPC environment of Amazon Cloud Technology, you can also enter Amazon through a VPN gateway. If you are not very satisfied with the way of encryption key management, you need to get a top-level key management module and use a dedicated HSM module in the cloud through Amazon CloudHSM to meet some financial-level key management requirements.

Fourth, safety certification. Amazon Cloud Technology has passed many security compliance certifications and complies with various strict international standards, including: ISO 27001 for technical methods, ISO 27017 for cloud security, etc. It can meet many security compliance requirements when building services overseas.

For how to save and monitor the logs and corresponding data on the cloud, Amazon Cloud Technology also provides two solutions.

Solution one, centralized log management. A centralized logging solution enables organizations to collect, analyze, and display logs on Amazon across multiple accounts and Amazon regions. The solution uses Amazon Elasticsearch Service (Amazon ES), a managed service that simplifies the deployment, operation, and scaling of Elasticsearch clusters in the Amazon cloud, and Kibana, an analytics and visualization platform that integrates with Amazon ES. Combined with other Amazon managed services, this solution provides customers with a customizable multi-account environment to begin documenting and analyzing their Amazon environments and applications.

The second solution is to access and archive private data on the cloud. The developer will only retain PII (personal data) for the purpose and as long as necessary to fulfill the order (no more than 30 days after the order is shipped) or to calculate/pay taxes. Data will be archived after 30 days. Developers can use the Amazon S3 service for intelligent, hierarchical management of their data. Data will be automatically archived in Glacier's repository after 30 days. All these data can be encrypted through the encryption service of Amazon Cloud Technology to ensure the security and compliance of data stored on the cloud.

In addition to a series of compliance construction for the bottom layer, at the business level, Amazon Cloud Technology also provides corresponding support . Amazon Cloud Technologies continues to work with regulators in the United States and around the world. Its purpose is, on the one hand, to share Amazon Cloud Technology's compliance methods and compliance tools, empower regulators to help auditors assess the Amazon Cloud Technology cloud environment, help shape the regulatory landscape to reflect changes in technology, and promote industry and regulatory agencies. On the other hand, it evaluates and interprets policies, and conducts impact assessments by different countries to help companies deal with how to operate; in addition, Amazon Cloud Technology also provides a professional service team for security compliance to provide customers with security assurance services .

To sum up, why is Amazon IoT Core a compliant product? First, all compliance of Amazon Cloud Technology follows the business life cycle, and there are corresponding service tools in different cycles to help customers solve security compliance problems; second, Amazon Cloud Technology will work with partners to Marketplace provides compliance assurance for enterprise users.

How to build smart products that meet business needs

Amazon IoT Core meets customer needs through different solutions in the two dimensions of security and compliance. If the overseas business is not involved, the impact of security compliance will be relatively small. Once the overseas business is involved, the security compliance issue cannot be ignored. How to build a security-compliant smart product based on Amazon IoT Core ? In the process of building smart products , it is mainly based on the following functions of the Amazon IoT Core service.

First, the registry. The registry allows you to define and register devices for use by other Amazon Cloud services and to simplify searching. Standardization of attributes and policies across devices can be achieved by defining the types of things (e.g. Honda and Toyota belong to the car type); also simpler management (running jobs, setting policies, etc.) can be achieved by defining groups (e.g. car sensors) ).

Second, the rules engine. Large amounts of IoT data can be acquired at low cost, preprocessed, and made available to more than 10 services for analysis, reporting, and visualization. Amazon IoT Core provides a variety of built-in functions for processing data, including mathematical formulas, string operations, dates, and more. Amazon IoT Core can also filter messages and execute data from devices through device shadowing and Aamzon Machine Learning or through Amazon Lambda. External sources get context.

Third, the device shadow. Most users who use Amazon IoT Core to build smart devices use smart device shadows to manage device state on the cloud. Device shadows are a set of special MQTT topics in Amazon IoT Core on the cloud, and all of these topics are stored in one layer on the cloud. Through the device shadow user can know and control the state of the device at any time, report the last known state of the device, or change the state of the device. Because the device shadow has its own naming rules, each device can have its own shadow, so that the control of the device status can be easily realized, and developers no longer need to do complex business logic settings for MQTT messages.

Using the device shadow to control the device status, the device can send the corresponding message, and Amazon IoT Core can trigger the corresponding rule engine after receiving the message, and the rule engine can send the message to the user's mobile phone through the message push service. There are three advantages of device shadow: first, it can realize device management without complex development, and the logical setting of Retain identification, etc.; second, the message version has been defined, and there is no need to maintain the real-time of the message; third, each device can be set Your own shadow for easy access control.

In addition to device state control, device shadows are also widely used in scenarios where devices are unexpectedly offline. Due to the network environment of smart devices, unstable working environment, power consumption, unexpected situations and other reasons, the situation that the device goes offline unexpectedly often occurs.

In the traditional MQTT protocol, in order to deal with this kind of situation, there is the LWT (Last Will and Testament) mechanism. When the device is connected to the MQTT broker, it will set a specific message and publish it to the broker, and this message will be stored in the broker accordingly. When the device is disconnected due to an unexpected situation, the broker will publish the message to the subscribers who subscribe to the corresponding topic. After the subscriber receives the message, they know that the device is offline unexpectedly.

Amazon IoT Core takes a device lifecycle management approach. Setting up LWT messages requires us to do additional development on the embedded device to set the online/offline mechanism of the device; on Amazon IoT Core, connect/disconnect events will be provided. When the client establishes a connection or disconnects, Amazon IoT Core will publish the message to the corresponding MQTT topic, and the client ID can be directly set to the SN code when connecting to MQTT. Which device is disconnected.

For device lifecycle management on Amazon IoT Core, Amazon Cloud provides two management methods. Both options need to be implemented through the Amazon IoT Core rules engine .

Management method one:

• When the device is registered on the cloud, it is registered with its own SN code, and when connecting to MQTT, the SN code is used as the clientId;
• The rule engine sets the filtering for $Amazon/events/presence/connected(disconnected)/#;
• Maintain a table in DynamoDB with the device SN code as the primary key, and use the rule engine to monitor connection/disconnection events to update to DynamoDB;

Management method two:

• When the device is registered on the cloud, it is registered with its own SN code, and when connecting to MQTT, the SN code is used as the clientId;
• The rule engine sets the filtering for $Amazon/events/presence/connected(disconnected)/#;
• Use the rule engine to listen for connect/disconnect events to republish to the shadow device and update the shadow device state field;

The entire Amazon IoT business scenario is far more than those mentioned above. In each business scenario, Amazon Cloud Technology provides corresponding solutions. At the end of the sharing, Zheng Hui said that everyone is welcome to contact Amazon Cloud Technology to discuss how to Build and build smart devices on the cloud.

Q/A Q&A

1 Is there a good case for Amazon's technology implementation of the screen projection solution between devices of the Internet of Things? Where are user data and partner data stored on the server?

A: Amazon Cloud Technology does not directly provide screen projection solutions. Partners' solutions need to be judged according to the content of each partner's solution. Most of them can provide privatized deployment methods and deploy the solutions in the customer's Amazon Cloud Technology account.

2 What problem does the device shadow mainly solve? Why do you need Device Shadow?

A: Device Shadow is an out-of-the-box operation provided by Amazon IoT Core that can store device state data without additional resources or custom code. To control the device through the device shadow, the device status has good visibility, and there is no need to store and manage the device status data. Using the device shadow, you can easily view the report status of the device side and the operation change status of the app side. If the device does not process incremental messages, it reduces the complexity of the system architecture and helps to avoid introducing errors.

3 Does the communication path of the app to receive the mqtt message also go through the gateway? with websocket?

A: The app receives messages mainly depending on whether the app is online. If the app is online, it can be used to directly update by creating a websocket connection in the business logic. If the App is offline (killed by the system, the user voluntarily exits, inactive pages, etc.), it is generally implemented by mobile phone push. Android overseas uses Google to push more, and iOS system generally uses Apple's official push channel.

4 Does the official website have software platform usage information?

A: You can visit Amazon Cloud Technology IoT official website link: http://sv-event.cn/v9/36 and Amazon IoT Core official website: https://www.amazonaws.cn/iot-core/http://sv -event.cn/v9/36 Check to learn more

5 Real-time stream processing or batch processing for message processing?

A: The message sending and receiving of Amazon IoT Core is implemented based on the MQTT protocol, which is real-time. The concepts of stream processing and batch processing are more common in big data processing scenarios. The messages of Amazon IoT are more of a communication method, and the concept of stream/batch is basically not used. After Amazon IoT Core receives a message from the device, it can send the message to a message queue such as Kafka or Amazon Kinesis through Amazon IoT Core Rule, and the subsequent message processing is based on stream/batch processing.

6 If the device is inside the factory, is it required that the device can provide an external network address and iot to connect?

A: The device needs to be able to access the public network before it can connect to the Amazon IoT core. You can also consider using the Direct Connect service to open up the network between Amazon cloud technology and the factory, and use the public virtual interface based on Direct Connect to connect to the Amazon IoT Core end point, but If it is a factory, you can consider using the Amazon cloud technology Greengrass service to implement local business logic. Amazon Greengrass reference documentation: https://docs.aws.amazon.com/en_us/greengrass/v2/developerguide/what-is-iot-greengrass.html

7 Are Amazon IoT solutions all app-based now? Don't have a web-based IoT solution directly based on cloud services?

A: The Internet of Things is an industry with a long chain from end (device end) to end (cloud, IoT platform end) to end (user end). App is just an operation carrier of the user end, which can be an app or a web page. It can also be other IoT devices, such as smart speakers.