IoT Secure Gateway (KasperskyOS edition) by Kaspersky and Advantech

www.kaspersky.comos.kaspersky.comwww.advantech.com

2

The internet of things (IoT) is a single network in which it is potentially possible to exchange data between any nodes. A distinctive feature of the IoT is its ability to interact with the real, physical world. That’s why successful attacks on any IoT element can lead to catastrophic consequences.

Challenge

The diversity of IoT devices and ecosystems makes it impossible to create and implement a single universal tool to secure the entire internet of things. Security is a process. Ensuring its efficacy and continuity requires effort from the manufacturers of devices and software as well as users and security developers. For the IoT world to become truly secure, it’s not only individual devices that need to be made secure but all ecosystems and their interactions. As a first step in protecting the IoT ecosystem, we suggest using a gateway based on trusted technology.

The solution

An IoT gateway is one of the central and most important devices on the IoT network and simultaneously the most vulnerable to security threats. A connection to external networks, ample computational resources and, frequently, firmware based on an outdated version of an operating system make the gateway a prime target for attacks and malware interventions. Therefore, it is the gateway, first and foremost, that requires reliable protection.

Cloud Services(Azure, AWS, Watson, etc.)

Enterprisenetwork

Vulnerabledevices

FW (opt)

Engineeringworkstations

Ethernet

(TCP/IP)

Ethernet

Malware, device attacks, data theft

Malware

Unauthorized devices

Lack of visibility

Bac

kdoo

rs

DD

oS a

ttac

ks

Gat

eway

att

acks

(ModBus, TCP, OPC UA, etc.)

RS232/485(ModBusRTU)

INTERNET

C

Smart sensors& actuators

3

Kaspersky IoT Secure Gateway is a solution designed to build secure IoT systems. At the core of its software lies KasperskyOS, Kaspersky’s proprietary technology. This is a microkernel operating system with extra security tools that renders most types of cyberattacks on the device fundamentally impossible.

Cloud Services(Azure, AWS,Watson, etc.)

Enterprisenetwork

Vulnerabilityassesment

FW (opt)

Engineeringworkstations

Ethernet

(TCP/IP)

Ethernet

IoT network protection

Asset detectionand management

IoT visibility

Anomaly detection

(ModBus, TCP,OPC UA, etc.)

INTERNET

C

Smart sensors& actuators

Anomaly detection

Secure OSApp isolation

SandboxingAnomaly detection & prevention

Kaspersky IoT Secure Gateway is based on the hardware platform Advantech UTX-3117 and the secure-by-design operating system KasperskyOS.

KasperskyOS. Based on a reliable microkernel that only permits a specific way of communicating. This compact microkernel can be used on various platforms. The application architecture is based on the component model, making solution development easier and more convenient. KasperskyOS was conceived and built with security in mind. It remains secure throughout its entire lifecycle.

Secure Boot verifies the integrity and authenticity of firmware by using cryptographic methods on IoT devices before loading an image. Firmware that has been altered without authorization or damaged will not be downloaded. Can be used with hardware key storage.

Hardware platform Connectivity Visibility Security Usability

• Advantech UTX-3117

• Ethernet• MQTT broker• OpenSSL/TLS

• IoT device detection• Device classification• Reports & alerts

• KasperskyOS• Secure Boot

• Web GUI• Mobile application• Push-notifications

4

Device detection and classification detects and classifies IoT devices based on their network activities. All devices connected to the network can be seen in the user interface. A new device will be detected within 60 seconds of connecting to the network and a notification will be sent to the administrator.

MQTT broker based on Mosquitto allows data collection and control of connected IoT devices (sensors and actuators, smart relay switches, etc.).

MQTT over TLS enables secure connection and secure data transfer between the gateway and a cloud platform.

UTX-3117 Hardware Specification

Processor System Intel Apollo Lake E3900 & N series Processor, 2MB L2 Cache

Memory Dual channel DDR3L 1867MHz, up to 8GB

Graphics Intel Apollo Lake E3900 Series SoC Intel Apollo Lake N series SoC Interface HDMI: 1, max resolution up to 3840 x 2160 @ 30HzDP1.2: 1, max resolution up to 4096 x 2160 @ 60Hz

Ethernet Support Dual 10/100/1000Mbps LAN LAN1: Intel I210ATLAN2: Realtek RTL8111G

I/O Interface 1 x RS-232 with 5v/12v1 x RS-422/485 full duplex with Phoenix connector 2 x USB3.0 port 1 x SATA interface, support SSD TPM Infineon SLB9665 chip onboard.Support TPM2.0

Storage 1 x SATA II SSD bay mSATA 1, co-lay with H/S miniPCIE slot

Expansion 1 x Half-Size Mini PCIe support Sub1G module (i.e.: Zigbee ) or mSATA 1 x Full-Size Mini PCIe support 3G/LTE module with SIM holder 1 x M.2 E key support Wi-Fi module

5

Result

The proposed solution can be used as a central element for a variety of verticals.

1. «Smart warehouse» based on Kaspersky IoT Secure Gateway

The warehouse has climate control systems with the option of cloud-based control, which allows continuous support and climate control from any location. The use of RFID sensors and tags makes it possible to keep automated inventory records that are controlled both locally from network users’ workplaces and centrally. Remotely accessed video surveillance systems, volume and door opener sensors are responsible for physical security, while Kaspersky IoT Secure Gateway technologies provide information security by blocking attacks on local workstations, detecting network intruders and protecting the network perimeter and cloud communications.

MQTTUpdates

INTERNET

KasperskySecurity

Network (KSN)

Cloudservices

Secure �rmware updateDevice protection hardeningAttack and anomaly detection

Videosurveillance

Secure �rmware update

Kaspersky IoT Secure GWLaptops / PCs

Endpoint solution

Smart sensorsand actuators

Updates Vulnerability management

6

2. «Smart city» based on Kaspersky IoT Secure Gateway

Resource consumption control systems, electricity and water supply management systems are installed in the apartment building. Indoor meters are connected via the wireless protocol LoRaWAN. Remotely accessed video surveillance systems, volume and door opener sensors are responsible for physical security, while Kaspersky IoT Secure Gateway technologies provide information security by blocking attacks on internal network nodes, detecting intruders and protecting the network perimeter and cloud communications.

PLC

MQTTUpdates

INTERNET

KasperskySecurity

Network (KSN)

Cloudservices

Secure �rmware updateDevice protection hardeningAttack and anomaly detection

Videosurveillance

Secure �rmware update

LoRa BaseStation

UpdatesVulnerability management

UpdatesVulnerability management

7

3. «Smart farming» based on Kaspersky IoT Secure Gateway

Systems for monitoring soil parameters are installed in the field, with an option for cloud-based management that allows control and сontinuous support of soil conditions from any location. Remotely accessed video surveillance systems are responsible for physical security, while Kaspersky IoT Secure Gateway technologies provide information security by blocking attacks on internal network nodes, detecting intruders and protecting the network perimeter and cloud communications.

MQTTUpdates

INTERNET

KasperskySecurity

Network (KSN)

Cloudservices

Secure �rmware updateDevice protection hardeningAttack and anomaly detection

Videosurveillance

Secure �rmware update

LoRa BaseStation

UpdatesVulnerability management

Kaspersky IoT Secure GW

Smart sensorsand actuators

UpdatesVulnerability management

Read more at os.kaspersky.com

www.kaspersky.com

© 2019 AO Kaspersky Lab. All rights reserved. Registered trademarks and service marks are the property

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them.

About Advantech

Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms. To embrace the trends of IoT, big data, and artificial intelligence, Advantech promotes IoT hardware and software solutions with the Edge Intelligence WISE-PaaS core to assist business partners and clients in connecting their industrial chains. Advantech is also working with business partners to co-create business ecosystems that accelerate the goal of industrial intelligence.