An IoT gateway is device that sits between a network of sensors and the IoT cloud platform. Its primary functions are to aggregate data from sensors to send to the IoT cloud, provide local processing and possibly management of the sensor network. To accomplish these tasks the gateway needs to authenticate with the IoT cloud on one side and the sensor network on the other. If the credentials required to accomplish this are not properly isolated it could compromise the entire system.
One emerging architecture for the next generation of IoT gateways includes the use of Docker containers and microservices pushed to the gateway from the cloud. This allows developers to develop and maintain a single code base that can be easily updated. This approach demands a greater degree of security include strong payload authentication and secure update and communication processes. EmSPARKTM delivers a security framework that enables secure methods for:
- Provisioning containers to edge gateways
- Runtime attestation of containers on the gateway
- Monitoring the integrity of the underlying Linux kernel with graceful remediation
- PKI based keys and certificate for accomplishing trusted connectivity and authentication
- Trusted immutable device ID tied to the hardware root of trust
- Encrypted bootchain and secure enclave implementation