In this exclusive article for IoT Insider, Chris Jones, Director of Applications at Crypto Quantique shares how to achieve secure Cloud connectivity
The Internet of Things (IoT) revolution has transformed the landscape of embedded systems, pushing microcontrollers into the realm of Cloud-connected applications. This shift enables remote monitoring, real-time data analytics, and seamless user control. However, the journey to secure Cloud connectivity for resource-constrained devices is fraught with challenges.
The super loop conundrum
Traditionally, low-end microcontroller units (MCUs) rely on a super loop architecture for their firmware. This single central infinite loop coordinates actions without the need for a Real-Time Operating System (RTOS). While effective for simple tasks, this design falters when faced with the complexities of cloud connectivity, particularly due to Transport Layer Security (TLS) requirements.
TLS, essential for secure Cloud communication, presents several hurdles for resource-constrained MCUs. The computationally intensive operations can block the CPU, potentially disrupting critical functions. Moreover, TLS demands precise timing for session management and non-blocking network communication, which can be challenging to achieve within a super loop structure. The memory-intensive nature of TLS further compounds these issues, especially given the limited memory capacity of low-cost MCUs.
The RTOS alternative
To address these limitations, developers often turn to RTOS architectures. However, this transition brings its own set of challenges. Efficient task scheduling, optimised interrupt handling, and memory management become critical considerations. Implementing synchronization primitives and power management in constrained environments adds another layer of complexity.
![](https://www.iotinsider.com/wp-content/uploads/2024/12/Crypto-Quantique-figure-1-1024x652.jpg)
Figure1: Moving to an MCU running an RTOS and using ‘standard’ wireless modules add greatly to cost, time, and effort in achieving secure connectivity over the lifetime of a device.
The shift to RTOS is not trivial, especially for teams accustomed to super loop designs. It requires expertise in embedded systems, cryptography, and real-time systems. While tools and libraries are available to ease this transition, custom optimisations are often necessary to achieve a secure, efficient solution on constrained platforms.
Beyond firmware: The bigger picture
Cloud connectivity for embedded devices extends beyond firmware challenges. Security and regulatory compliance have become paramount, with the new Cyber Resilience Act (CRA) adding to the regulatory landscape. Balancing robust security with cost-effectiveness is crucial, particularly in consumer electronics, healthcare, and agricultural applications.
Data management presents another ongoing challenge. Cloud-connected devices can generate substantial amounts of data, impacting storage, processing, and transmission costs. Scaling IoT networks to manage thousands of devices across diverse locations further complicates matters, requiring resilient systems that can handle network fluctuations and connectivity disruptions.
A new approach: Wireless modules with integrated security
Rather than overburdening resource-constrained MCUs or resorting to expensive, powerful alternatives, a new approach has emerged. Wireless modules like the Cordelia-I from Würth Elektronik, working in tandem with Cloud-based device security platforms like QuarkLink from Crypto Quantique, simply and streamline secure Cloud connectivity.
This setup connects to the embedded device via a simple UART connection, housing TCP/IP and HTTPs stacks, secure memory storage for cryptographic keys and certificates, and the necessary APIs. By offloading complex tasks to these specialised modules, developers can continue using familiar low-cost MCUs while achieving robust Cloud connectivity.
The Cordelia-I module simplifies the process with a minimised AT Command set. After provisioning through QuarkLink, just two commands are needed to initiate communication with an MQTT broker. This approach significantly reduces development effort and ensures security compliance.
![](https://www.iotinsider.com/wp-content/uploads/2024/12/Crypto-Quantique-figure-2-1024x481.jpg)
Figure 2: Just two commands are sent over the UART between the MCU and wireless module to initiate secure communications
QuarkLink also manages device identities, cryptographic keys and certificates throughout the device’s lifetime. Its user-friendly GUI eliminates the need for expertise in cryptography, automating secure key generation and certificate management.
Conclusion
As IoT adoption continues to surge, the demand for reliable, secure, and cost-effective Cloud connectivity for constrained devices will only intensify. The combination of low-end MCUs with specialised Wi-Fi modules and Cloud-based security platforms offers a practical and scalable solution to the myriad challenges in IoT device development. This approach not only addresses security, cost, and power efficiency concerns but also empowers businesses to deploy innovative connected devices efficiently and economically.
By embracing this new paradigm, developers can focus on core functionality while ensuring their devices meet the stringent requirements of modern IoT ecosystems. As we move forward, such solutions will play a crucial role in shaping the future of connected devices across various industries.
A white paper that describes the above architecture in more detail is available here.
![](https://www.iotinsider.com/wp-content/uploads/2024/12/Chris-Jones-headshot.jpg)
Chris Jones is Crypto Quantique’s Director of Applications. Following a 28-year career in project management and field applications engineering, Chris spent two years as a senior application engineer at Secure ThingZ in Cambridge, UK, working in IoT security. He joined Crypto Quantique in May 2020. Chris holds a BSc in electrical and electronic engineering from the University of Coventry, UK.
Author: Chris Jones, Director of Applications, Crypto Quantique
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.