Our new cloud service for IoT device error reporting, Percepio DevAlert, has been designed with security in mind since day one. Since it needs to be integrated in the customer’s application, security is naturally a key concern.
DevAlert has four parts that all need to communicate in a secure manner: the device agent, an integration in the customer’s AWS cloud, the DevAlert service in Percepio’s AWS cloud, and the Percepio Tracealyzer desktop application, which needs to talk to both the customer AWS cloud and the DevAlert service. The whole communication flow is shown in the figure below.
The only communication performed from the device agent is to send alerts to the customer AWS cloud account (#1 in the figure). DevAlert uses the already existing secure communication channel. Our reference implementation for AWS customers relies on AWS IoT Core using the MQTT protocol. This leverages TLS for encryption and X.509 certificates for authentication.
Note! We recommend using devices from official AWS IoT hardware partners, as these devices typically implements secure support for AWS IoT Core using all available security features in the hardware, e.g. secure key storage.
Each alert is an MQTT message that will trigger an AWS IoT Rule for storing the alert in an S3 bucket, which in turn activates an AWS Lambda script that calls the DevAlert service in the Percepio account.
The communication channel between the customer AWS cloud and the Percepio AWS cloud (#5 in the figure) is secured using HTTPS calls to the AWS API Gateway, which provides authentication and authorization of all incoming requests. This way we can be sure that only the right customer is submitting alerts.
Finally, when the Tracealyzer desktop application needs to retrieve the list of alerts (#11 in the figure) and the associated traces (#14), authentication and authorization is used between Tracealyzer and the AWS cloud to make sure only authorized users get access to the data. We built this solution using the official AWS SDK library and we are keeping it up to date.
Since our trace recorder library allows device developers to log any kind of information from the IoT device, including custom strings, the resulting trace data may contain sensitive information. Because of this, trace data is always stored in the customer cloud.
Only a header with metadata is sent to the Percepio cloud for classification and statistics. This metadata is not very meaningful on its own, as it only contains the firmware version, an alert code and optionally some numeric key/value pairs for custom fields. The alert codes and the keys for custom fields are specific for each customer and just numbers without explanation in the transmitted data. Therefore, it is generally not possible to understand the data without also having access to additional information, like the device source code.
Following AWS best practices
For all aspects of DevAlert, we at Percepio has been following AWS best practices, especially when it comes to handling potentially sensitive information. We have a close collaboration with AWS and have reached the highest partnership level, Advanced Technology Partner. We have performed an AWS Technical Baseline Review and at least five people at AWS have detailed knowledge of our architecture.
A detailed description has also been published in the AWS APN blog, which included a technical review before the publication. This blog was shared by AWS via their main LinkedIn account to 3,4 million followers. No security concerns have emerged.