{"id":394,"date":"2017-06-23T17:02:27","date_gmt":"2017-06-24T00:02:27","guid":{"rendered":"http:\/\/www.kenwalger.com\/blog\/?p=394"},"modified":"2017-06-23T17:07:46","modified_gmt":"2017-06-24T00:07:46","slug":"iot-security-ssltls","status":"publish","type":"post","link":"https:\/\/www.kenwalger.com\/blog\/iot\/iot-security-ssltls\/","title":{"rendered":"IoT Security with SSL\/TLS in MicroPython"},"content":{"rendered":"

I’m on vacation in San Francisco<\/a>\"\" this week with my family and looking out over the bay at Alcatraz Island<\/a>. For those who aren’t familiar with this island, it housed a maximum high-security prison 1.25 miles off the San Francisco coast for 54 years. While thinking about the high security that Alcatraz offered in the past, it makes me think about the digital security of today.<\/p>\n

\"Alcatraz<\/a><\/p>\n

Specifically, as it relates to the Internet of Things(IoT) and considerations that must be taken with connected devices. If you have been reading my previous IoT related blog posts<\/a>, you’ll recall that I’ve been using a NodeMCU ESP8266<\/a>\"\" device with MicroPython<\/a> for much of my work.<\/p>\n

I enjoy my family and want to enjoy my vacation. Therefore I opted to not bring my IoT devices with me. In this post then, I’d like to cover some of the aspects of security that IoT connected devices face. So sit back and put your breadboards away as we take a look at some concepts.<\/p>\n

Networking Overview<\/h3>\n

When we talk about networking we are discussing ways in which devices communicate with each other. The devices can certainly be IoT devices. But it goes beyond the physical device as the\u00a0how<\/em> is often as important as the device itself. In today’s world, for example, the popular\u00a0how<\/em> is via Ethernet or WiFi and TCP\/IP. Let’s have a brief look at some networking models and see how security is implemented in them.<\/p>\n

Network Protocol models<\/h5>\n

At one point I was very involved with networking. In the process of studying for various networking certifications from Cisco<\/a> and Microsoft<\/a>, there is a lot of discussion on the Open Systems Interconnection,\u00a0or\u00a0OSI, model of networks. There is also a more streamlined TCP\/IP model that is popular as well.<\/p>\n

OSI Networking Model<\/h6>\n

These models divide networking into various layers, starting at an Application and working down to the physical cables for a network to function. Conceptually, the OSI Model can be represented like this:<\/p>\n

\"OSI<\/a>
OSI Network Model<\/figcaption><\/figure>\n
TCP\/IP Networking Model<\/h6>\n

There are several “layers” there, so to simplify things, let’s take a look at the TCP\/IP representation of the network model.<\/p>\n

\"TCP\/IP<\/a>
TCP\/IP Network Model<\/figcaption><\/figure>\n

There are many different ways in which to secure a network. Some are more flexible than others. If you want a\u00a0very<\/strong> secure network, you don’t connect it to the outside world and build it a hardened physical location with limited access. Secure, yes. Extremely user-friendly, no. Therefore, methods have been developed to provide security at higher layers of the network model which allows for privacy and data integrity between two communicating applications.<\/p>\n

TLS\/SSL Protocol Model<\/h6>\n

The software industry has used cryptographic protocols to provide network communication security for a long time. For IoT devices, it is common to utilize TLS\u00a0When we start talking about network security protocols such as Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), where do those fit in though to our Networking Models?<\/p>\n

\"TLS<\/a>
Networking Model with TLS Protocol<\/figcaption><\/figure>\n

We see that there is quite a bit going on there with TLS and that it is occurring at high levels of the network model. This is, typically, great as it allows us, as developers, to have useful access to the protocol. Further, since it is a commonly used protocol, our access to it is, generally speaking, pretty straight forward.<\/p>\n

TLS<\/h3>\n

Websites use TLS, and previously SSL, to provide secure communication between browsers and web servers. IoT devices can take advantage of TLS as well. Some of the benefits of using TLS include:<\/p>\n