Gateways are a key device in IoT systems, typically connecting IoT devices in the field with the internet. The data rate required between the RF module on the IoT device and the gateway drives a number of design decisions.
For a higher data rate, adding some add edge intelligence and some processing at the tracking device level may be required. That could be a processor module or an RF module with an integrated processor. Rather than downloading raw data, adding edge intelligence can reduce wireless network traffic by only uploading data when a particular event changes.
Similarly, from the gateway to the cloud, when using a 3G, 4G or satellite link with high data cost, restricting the amount of data might be warranted. Again, a typical strategy is to program the Gateway to filter data down to only what the system users actually need. That could be achieved with a Python script that can be downloaded to the gateway to tell it which sensors are connected.
Clearly, an RF module in the gateway that supports the same RF modules used to connect to the sensors is required. An RF module could be a meshed radio topology such as Zigbee. Or is might be a 920 MHz module integrated into the gateway. Data is sent from the gateway into the cloud via fixed Ethernet, LTE or Satellite. Security may be implemented at that level depending on the sensitivity or privacy requirements. An intelligent gateway that implements some level of security would then be required.
Deployments of large networks will require gateway management which provides network management capability from the cloud. Today management data is usually segregated from the application data. That is, a separate system which just manages the gateways and the RF sensors connected to them. Functions that the management interface would provide includes indication of whether the gateways are up or down, remote reset capability, remote firmware update capability, and remote software or configuration changes capability, which might be required due to new sensors being connected to the gateway.
In addition to the gateway management, management of the end devices is required. The status of all the IoT devices connected to each gateway, which sensors are configured, and the sensors’ status needs to be monitored. Additionally over the air updates of the RF modules themselves are required when a new radio firmware is released, or for any application update in the case that the end device has such intelligence.
Another consideration is how to automatically establish a secure connection when field devices wake up after being asleep. A gateway needs to be designed to auto-discover devices in its vicinity and auto-authenticate them as a trusted device.
The sensor gateway security has to be considered. Encryption of those links is an option, or application layer security could be implemented in the gateway. Another part of security is clearly the gateway to the cloud. How can the data going back up to the cloud and the controls coming back be secured? When controlling a farm application or some form of SCADA system security is a significant concern. The gateway itself is typically Linux based, not dissimilar to consumer WiFi routers that can potentially be hacked. As engineers consideration for the implications should a gateway be compromised are important. Malicious applications could be added or sensitive data could be sent to another server or invalid outputs could be sent back into the system.
One solution to prevent a gateway being compromised in that way, which is not the only solution, is to implement a lock in the application layers. Intel have produced an IoT gateway development kit and others are made by a variety of vendors which implement similar lock down capability. Essentially the gateway is locked down such that is still has all the functionality requirements in the gateway but it uses Wind River Linux, which is now part of Intel and McAfee Embedded Controls. That allows white listing applications such that only a defined list of applications can be installed and will be able to run on the gateway. Since Manageability Security Connectivity and a Run Time Environment is implemented on the gateway it can be locked down using that software stack.
Multiple vendors have developed their own gateways using that stack, which is available to gateway vendors. Other gateways have their other security systems but it is something engineers and designers need to be familiar with IoT applications.
Sources: Material on this page has primarily been sourced from the following:
- Presentation by Phillip Lark, Engineering Manager, Braetec titled Front End Integration: Connecting sensors to the cloud
Edited by Tim Kannegieter