Pelion Device Management (October 2019)
Secure management of IoT devices at scale is a challenge in IoT deployments. In the latest release of Pelion Device Management, we provide new features to enable constrained IoT devices to operate in complex network scenarios. The features offer additional hardware and security support.
Key features of this release:
- Delta update reduces the amount of data transmitted during software updates.
- Secure Device Access brings enterprise security to devices in the field.
- Device Management Client support for constrained networks and new hardware.
- Seamless integration with the latest Mbed OS version 5.14, helping customers and partners to achieve faster time-to-market and reduce development costs.
Compressed software update images with delta update
The ability to update a device’s software remotely is fundamental for managing IoT devices throughout their lifecycle. Traditional software updates require the device to download a complete image containing the OS (or its components) and the application, which consumes lots of device battery power. When deploying at scale, a traditional update requires sending large update files to many devices, consuming lots of bandwidth.
Delta update solves these challenges by removing redundant information from the image file and making update files much smaller. A delta update image only contains the differences between the old and new image.
Extensive testing shows delta update is over 80 % more efficient when compressing images in typical scenarios. The update process consumes significantly less network bandwidth. Smaller update files also save energy in battery-constrained devices.
Delta update is now available to all commercial customers.
Managing permissions to access and control your deployed IoT devices with Secure Device Access
IoT devices often require technicians to connect to the device to change configuration, diagnose problems, update software, and more. Traditionally, a password is the most common solution for protecting devices from unauthorized access. However, it is virtually impossible to achieve high-level operational security using passwords. Weak password is a well-known security issue and has been a reason for numerous high-profile security breaches and hacks where the same default password was used for multiple devices.
Secure Device Access makes it simple for enterprises, system integrators and device OEMs to provide secure offline access to devices using an emerging IETF standard called OAuth-ACE.
Secure Device Access is now available to all commercial customers.
Constrained networks and new hardware support - Device Management Client 4.0.0
Device Management Client brings improvements and new security features for constrained networks and target boards:
- Support for an additional operating system with the launch of UNISOC SXOS SDK v8p2.1 for UIS8908A NB-IoT board. It enables a cost-effective NB-IoT platform for product development.
- Improved user experience when deploying on congested, long latency networks (such as Wi-SUN), by providing configurable random delay when registering.
- Reduced bandwidth consumption for sleepy devices using TLS resume. This reduces the bandwidth consumption from a typical TLS data handshake of 8.6 kilobytes to a TLS resume of 853 bytes.
Seamless integration with our IoT OS - Mbed OS 5.14
Our free open-source IoT operating system, Mbed OS, is also now Platform Security Architecture (PSA) certified and helps developers to build IoT devices without the cost and effort typically associated with developing a secure foundation.
Many of our customers are looking to deploy IoT devices at scale. Through our three years of collaboration, we have managed to refine and improve how features are used and how much memory they require. This is just one example of how last month’s Mbed OS 5.14 focused on optimizing features added over the past three years to address specific customer needs.
Additional improvements to PSA have also come to fruition, with the addition of the first Secure Element. The Atmel AT608a-A secure element provides device manufacturers with a simple way of adding a hardware enclave where device identity, cryptographic keys, certificates and other credentials can be stored in a hardware-isolated form that protects them from malicious attacks.
Mbed OS now provides support for all three platform configurations defined by PSA:
- V8-M with TrustZone (such as NXP LPC55S69 or Nuvoton M2351).
- Dual core v7-M (such as Cypress PSoC6).
- Single core v7-M platform with a secure element, such as Atmel SE.
Read the full Mbed OS 5.14 release blog.