Ensuring Secure Wi-Fi Roaming in Challenging Industrial IoT Environments
By Chirjeev Singh
According to a recent Statistica report, the number of Wi-Fi® connected devices being used globally is projected to grow to 22.2 billion in 2021. This expansive growth in Wi-Fi adoption not only includes consumer Wi-Fi usage, but it also includes Wi-Fi usage in the Industrial Internet of Things (IIoT). In fact, global management consulting firm Bain & Company predicts that IIoT will grow into a $200B market by 2021, according to its 2019 Beyond Proofs of Concept: Scaling the Industrial IoT report.
The Bain report cites that the main adoption barriers to Wi-Fi in IIoT are implementation risks, including technical expertise and integration, including system and data transition and data portability risks. Among the barriers to IIoT Wi-Fi adoption is ensuring secure Wi-Fi roaming in challenging industrial IoT environments, including the growing number of devices that rapidly move among access points, such as robots, forklifts, hospital equipment and test instruments.
Security Challenges to Successful IIoT Wi-Fi Deployment
In order to successfully and securely deploy wireless devices in IIoT applications, there are multiple domains that must be considered including:
- Secure Boot: This includes securing the device itself, which requires implementing the right capabilities to prevent unauthorized firmware from being deployed.
- Access Control: End-to-end encryption is necessary to secure the data transmission from the device to the access point.
- Certification Storage: Wireless connections need to be secured, which requires Enterprise Security standards (802.1x).
Solution: Lantronix Fully Certified, Secure Wi-Fi Modules and Security Suite
Powered by the Cypress embedded security software suite (CYW43907/CYW20707), the Lantronix xPico270 is an embedded IoT gateway solution with 802.11ac Dual-Band Wi-Fi System-on-Chip and embedded application processor (see sidebar).
Among this solution’s security benefits are:
- Secure Boot:
- Ensures that only trusted firmware runs on the device
- Establishes a root of trust for secure identification of servers and the device itself
- Access Control:
- Allows for multiple users, each with a role that gives different access rights
- Admin level, which is the only level that can configure users
- Allows users to have different privilege levels and passwords, limiting their access to applicable data while protecting sensitive configuration changes
- Certification Storage:
- TLS certificates required to encrypt data sent to servers and to identify devices with client certificates for certain enterprise security standards
- Storage for certificates, which are securely stored in xPico 200 flash
- Ability to store multiple certificates for secure communications with multiple servers
- Updates for certificates that can be updated via standard configuration methods (e.g., via ConsoleFlow™ or over the air)
ConsoleFlow®, xPico 200 series, (xPico 240,250 & 270) and SGX 5150®
The Lantronix Approach:
- Identify customer need
- Consider the Full Stack Perspective: Control, Comprehend, Compute, Connect, Collect
- Deliver turnkey solutions:
- Remote Environment Management: Data Center, Remote Office/Branch Office, Unmanned Site, Automated development
- External IoT Gateways and Servers: Industrial Automation (IAIot), Logistics (LIoT), Healthcare (HIoT)
- Embedded IoT: Smart and secure connectivity, edge computing
Lantronix xPico 270 Embedded IoT Gateway
Delivering seamless and secure Ethernet, 802.11ac Wi-Fi and Bluetooth connectivity, the Lantronix xPico 270 line of embedded IoT gateways enables OEMs to build and deploy smart connected products with lower risk and accelerated time to market.
Ideal for a variety of applications, including industrial automation, medical devices, responsive retail and resource management, xPico 270 embedded IoT gateways deliver:
- Integrated Wi-Fi/Bluetooth/Ethernet in a Compact Design
- 11ac-compliant Wi-Fi
- Dual mode Bluetooth Classic & BLE 4.2
- Bluetooth/WLAN coexistence
- Security & Authentication
- Infinishield™ Security software with Secure Boot, Secure Firmware-Over-the-Air (FOTA) Updates
- AES/CCMP and TKIP encryption, WPA/WPA2 Personal
- Global Certifications & Rugged Industrial Design
- FCC, IC, RED, Japan, AU/NZS, China, Taiwan, India, Mexico)
- Industrial-grade design for operation in extreme environments (-40 C to +85 C)
- Cloud-based Remote Management of Connected Devices
- ConsoleFlow, which offers a single pane of glass for centralized management to monitor, manage and troubleshoot your IoT assets
- Fully operational awareness of any size deployment
- Over-the-network remote management and maintenance
Lantronix InfiniShield™ Comprehensive Device Security Framework
Exclusively from Lantronix and included in xPico 270 embedded IoT gateways, InfiniShield features a comprehensive suite of built-in device security applications, including:
- Secure boot
- Secure firmware upgrades
- Secure network attach
- Secure communications
- Secure storage
- Fine-grained service controls
- Controlled access
- Ongoing support and updates
Case Study: Building Connected Smart Robots for Logistics and Warehousing
A leading provider of intelligent robot solutions known as Automated Guided Vehicles (AGVs) needed an industrial grade and reliable enterprise Wi-Fi solution for building an advanced robotics offering with AI technologies to address the growing connected logistics and warehousing market.
As a highly mobile solution, the robots must be able to transition quickly between Wi-Fi access points and maintain always-on reliable communications in a wide-range of environmental conditions.
- Fast roaming capability
- Dual-band Wi-Fi
- Enterprise grade Wi-Fi connectivity and data security
- Industrial grade design
With dual-band Wi-Fi, antenna diversity and industrial-grade wireless connectivity management, the xPico 200 series gateway delivered the robust performance the OEM needed to ensure that their logistics robot would be able to operate reliably in a noisy industrial warehouse environment. The gateway’s compact industrial-grade footprint allowed it to be easily designed into the logistics robot’s PCB and ensured reliable performance in extreme environmental conditions.
- Faster time-to-market
- Best-in-class enterprise grade dual-band Wi-Fi ensures reliable and robust field performance
- Built-in network communications engine reduced application development time
- Compact footprint makes integration into the product design easy
- Industrial grade specifications enable the device to operate in a wide range of environmental conditions
# # #