从头开始讲解物联网 (IoT) 的安全性Security for Internet of Things (IoT) from the ground up

物联网 (IoT) 使全球企业面临独特的安全、隐私权与合规性挑战。The Internet of Things (IoT) poses unique security, privacy, and compliance challenges to businesses worldwide. 不同于传统网络技术(这些问题是以软件及其实现方式为中心),IoT 在意的是当网络与物理世界融合时将发生什么情况。Unlike traditional cyber technology where these issues revolve around software and how it is implemented, IoT concerns what happens when the cyber and the physical worlds converge. 保护 IoT 解决方案要求确保安全预配设备,保护这些设备与云之间的连接,以及在处理和存储期间保护云中数据的安全。Protecting IoT solutions requires ensuring secure provisioning of devices, secure connectivity between these devices and the cloud, and secure data protection in the cloud during processing and storage. 但是,针对此类功能运行的是资源受限的设备、根据地理位置分布的部署,以及解决方案中的大量设备。Working against such functionality, however, are resource-constrained devices, geographic distribution of deployments, and a large number of devices within a solution.

本文探讨了 IoT 解决方案加速器如何提供安全且私密的物联网云解决方案。This article explores how the IoT solution accelerators provide a secure and private Internet of Things cloud solution. 这些解决方案加速器提供了完整的端对端解决方案,从底层开始为每个阶段构建安全保障。The solution accelerators deliver a complete end-to-end solution, with security built into every stage from the ground up. 在 Microsoft,开发安全的软件是软件工程实务的一部分,这立足于 Microsoft 数十年来长时间开发安全软件的经验。At Microsoft, developing secure software is part of the software engineering practice, rooted in Microsoft's decades long experience of developing secure software. 为了确保这一点,安全开发周期 (SDL) 是基础的开发方法,再加上基础结构级别安全服务的主机,例如运行安全保证 (OSA),以及 Microsoft 反数字犯罪部门、Microsoft 安全响应中心和 Microsoft 恶意软件防护中心。To ensure this, Security Development Lifecycle (SDL) is the foundational development methodology, coupled with a host of infrastructure-level security services such as Operational Security Assurance (OSA) and the Microsoft Digital Crimes Unit, Microsoft Security Response Center, and Microsoft Malware Protection Center.

这些解决方案加速器具有独特的功能,使得从 IoT 设备预配、连接和存储数据变得轻松、透明,还有最重要的是安全。The solution accelerators offer unique features that make provisioning, connecting to, and storing data from IoT devices easy and transparent and, most of all, secure. 本文对 Azure IoT 解决方案加速器的安全功能和部署策略进行检查,以确保能够应对安全性、私密性与合规性方面的挑战。This article examines the Azure IoT solution accelerators security features and deployment strategies to ensure security, privacy, and compliance challenges are addressed.

简介Introduction

物联网 (IoT) 是将来的主流,可为企业提供实时且真实世界的商机,以降低成本、提高营收,并使其业务转型。The Internet of Things (IoT) is the wave of the future, offering businesses immediate and real-world opportunities to reduce costs, increase revenue, and transform their business. 但是,许多企业因为顾虑到安全、隐私与合规性,对组织中部署 IoT 而有所迟疑。Many businesses, however, are hesitant to deploy IoT in their organizations due to concerns about security, privacy, and compliance. 主要的忧虑来自 IoT 基础结构的独特性,它将网络与物理世界合并在一起,将这两个世界中固有的各个风险混合。A major point of concern comes from the uniqueness of the IoT infrastructure, which merges the cyber and physical worlds together, compounding individual risks inherent in these two worlds. IoT 的安全是关于确保在设备上运行的代码完整性、为设备和用户提供身份验证、定义设备(以及此类设备所生成的数据)的明确所有权,以及针对网络与物理攻击进行复原。Security of IoT pertains to ensuring the integrity of code running on devices, providing device and user authentication, defining clear ownership of devices (as well as data generated by those devices), and being resilient to cyber and physical attacks.

其次,还有隐私问题。Then, there’s the issue of privacy. 公司希望数据收集过程透明化,例如,要收集哪些数据及原因、可查看数据的人员、可控制访问的人员等。Companies want transparency concerning data collection, as in what’s being collected and why, who can see it, who controls access, and so on. 最后,还有关于设备及操作人员的一般安全问题,以及保持行业标准合规性的问题。Finally, there are general safety issues of the equipment along with the people operating them, and issues of maintaining industry standards of compliance.

假如存在安全、隐私权、透明性与合规性忧虑,选择正确的 IoT 解决方案提供商仍是一项挑战。Given the security, privacy, transparency, and compliance concerns, choosing the right IoT solution provider remains a challenge. 将由各种不同厂商所提供的 IoT 软件和服务的各个部分联接在一起,会在很难检测到的安全、隐私权、透明性与合规性中生成隔阂,让我们单独进行修正。Stitching together individual pieces of IoT software and services provided by a variety of vendors introduces gaps in security, privacy, transparency, and compliance, which may be hard to detect, let alone fix. 选择正确的 IoT 软件和服务提供商的根据是,查找具有跨越多个纵向市场和地理位置运行的丰富经验,但也能以安全且透明的方式进行缩放的提供商。The choice of the right IoT software and service provider is based on finding providers that have extensive experience running services, which span across verticals and geographies, but are also able to scale in a secure and transparent fashion. 同样地,它对于有数十年在全球无数台计算机上运行安全软件的体验的卓越提供商非常实用,并且能够鉴别由此物联网的新世界所导致的威胁面。Similarly, it helps for the selected provider to have decades of experience with developing secure software running on billions of machines worldwide, and have the ability to appreciate the threat landscape posed by this new world of the Internet of Things.

安全基础结构基础知识Secure infrastructure from the ground up

Microsoft 云 基础结构支持 127 个国家/地区十亿个以上的客户。The Microsoft Cloud infrastructure supports more than one billion customers in 127 countries. 使用 Microsoft 数十年之久构建企业软件的体验,并在世界各地运行一些大型在线服务,相较于多数客户可自行实现,Microsoft 云提供更高级别的增强安全、隐私权、合规性及威胁缓解实践。Drawing on Microsoft's decades-long experience building enterprise software and running some of the largest online services in the world, the Microsoft Cloud provides higher levels of enhanced security, privacy, compliance, and threat mitigation practices than most customers could achieve on their own.

安全开发生命周期 (SDL) 提供必要的全企业开发过程,将安全要求嵌入整个软件生命周期中。The Security Development Lifecycle (SDL) provides a mandatory company-wide development process that embeds security requirements into the entire software lifecycle. 为了帮助确保运行活动遵循一致的安全优先级,SDL 使用 Microsoft 运行安全保证 (OSA) 流程中规定的严苛安全指导方针。To help ensure that operational activities follow the same level of security practices, SDL uses rigorous security guidelines laid out in Microsoft's Operational Security Assurance (OSA) process. Microsoft 还与第三方审核机构合作以持续验证其符合法规遵循义务,并通过创建卓越的中心(包括 Microsoft 反数字犯罪部门、Microsoft 安全响应中心和 Microsoft 恶意软件防护中心),致力于产生广泛的安全成果。Microsoft also works with third-party audit firms for ongoing verification that it meets its compliance obligations, and Microsoft engages in broad security efforts through the creation of centers of excellence, including the Microsoft Digital Crimes Unit, Microsoft Security Response Center, and Microsoft Malware Protection Center.

Azure - 适用于企业的安全 IoT 基础结构Azure - secure IoT infrastructure for your business

Azure 提供完整的云解决方案,其中结合了持续成长的集成式云服务(分析、机器学习服务、存储、安全、网络功能和 Web)集合,通过行业领先的承诺来为数据提供保护与隐私。Azure offers a complete cloud solution, one that combines a constantly growing collection of integrated cloud services—analytics, machine learning, storage, security, networking, and web—with an industry-leading commitment to the protection and privacy of your data. Microsoft 的假设性违规策略将通过由软件安全专家组成的专属“红色团队”,来模拟攻击、测试要检测的 Azure 能力、防范新兴威胁,以及从违规中恢复。Microsoft's assume breach strategy uses a dedicated red team of software security experts who simulate attacks, testing the ability of Azure to detect, protect against emerging threats, and recover from breaches. Microsoft 的全球事件响应团队夜以继日地工作,以减缓攻击与恶意活动造成的影响。Microsoft's global incident response team works around the clock to mitigate the effects of attacks and malicious activity. 该团队遵循事件管理、通信和恢复所创建的过程,并与内部和外部伙伴合作来使用可探索且可预测的接口。The team follows established procedures for incident management, communication, and recovery, and uses discoverable and predictable interfaces with internal and external partners.

Microsoft 的系统提供持续的入侵检测和防护、服务攻击预防、定期渗透测试和法医式工具帮助识别与缓解威胁。Microsoft's systems provide continuous intrusion detection and prevention, service attack prevention, regular penetration testing, and forensic tools that help identify and mitigate threats. 多重身份验证可为访问网络的最终用户提供额外的安全层。Multi-factor authentication provides an extra layer of security for end users to access the network. 此外,对于应用程序和主机提供程序,Microsoft 提供访问控制、监视、反恶意软件、漏洞扫描、修补和配置管理。And for the application and the host provider, Microsoft offers access control, monitoring, anti-malware, vulnerability scanning, patches, and configuration management.

这些解决方案加速器使用内置于 Azure 平台中的安全和隐私功能,以及针对所有 Microsoft 软件的安全开发和操作提供的 SDL 和 OSA 过程。The solution accelerators take advantage of the security and privacy built into the Azure platform along with the SDL and OSA processes for secure development and operation of all Microsoft software. 这些过程提供基础结构保护、网络保护,以及标识与管理功能,作为任何解决方案安全的基础。These procedures provide infrastructure protection, network protection, and identity and management features fundamental to the security of any solution.

IoT 解决方案加速器内的 Azure IoT 中心提供完全托管的服务,使用每一设备的安全凭据和访问控制,在 IoT 设备与 Azure 服务(例如 Azure 流分析)之间启用可靠且安全的双向通信。The Azure IoT Hub within the IoT solution accelerators offers a fully-managed service that enables reliable and secure bi-directional communication between IoT devices and Azure services such as Azure Stream Analytics by using per-device security credentials and access control.

为了以最佳方式传达内置于 Azure IoT 解决方案加速器的安全和隐私功能,本文将套件细分为三个主要安全领域。To best communicate security and privacy features built into the Azure IoT solution accelerators, this article breaks down the suite into the three primary security areas.

Azure IoT 解决方案加速器

安全的设备预配和身份验证Secure device provisioning and authentication

当设备在一线现场时,这些解决方案加速器将通过下述方式保护它们:为每个设备提供唯一的标识密钥,在设备运行时,IoT 基础结构可以使用该标识密钥与设备进行通信。The solution accelerators secure devices while they are out in the field by providing a unique identity key for each device, which can be used by the IoT infrastructure to communicate with the device while it is in operation. 设置过程快速且轻松。The process is quick and easy to set up. 使用用户选择的设备 ID 生成的密钥形成令牌的基础,可以在设备和 Azure IoT 中心之间的所有通信中使用。The generated key with a user-selected device ID forms the basis of a token used in all communication between the device and the Azure IoT Hub.

设备 ID 可以在制造期间与设备关联(即闪存在硬件信任模块中),也可以使用现有的固定标识作为代理(例如 CPU 序列号)。Device IDs can be associated with a device during manufacturing (that is, flashed in a hardware trust module) or can use an existing fixed identity as a proxy (for example CPU serial numbers). 由于更改设备中的此识别信息并不简单,因此请务必引入逻辑设备 ID,以防万一基础设备硬件更改,逻辑设备可保持不变。Since changing this identifying information in the device is not simple, it is important to introduce logical device IDs in case the underlying device hardware changes but the logical device remains the same. 在某些情况下,设备标识的关联将发生在设备部署期间(例如,已经过验证的现场工程师实际上会在与解决方案后端通信的同时配置新设备)。In some cases, the association of a device identity can happen at device deployment time (for example, an authenticated field engineer physically configures a new device while communicating with the solution backend). Azure IoT 中心标识注册表针对解决方案为设备标识和安全密钥提供安全存储。The Azure IoT Hub identity registry provides secure storage of device identities and security keys for a solution. 可将单个或一组设备标识添加到允许列表或方块列表,以便完全控制设备访问。Individual or groups of device identities can be added to an allow list, or a block list, enabling complete control over device access.

云中的 Azure IoT 中心访问控制策略,能够启用和禁用任何设备标识,必要时可提供方法来取消关联 IoT 部署中的设备。Azure IoT Hub access control policies in the cloud enable activation and disabling any device identity, providing a way to disassociate a device from an IoT deployment when required. 设备的这种关联和取消关联基于每个设备标识。This association and disassociation of devices is based on each device identity.

其他设备安全功能包括:Additional device security features include:

  • 设备不会接受未经请求的网络连接。Devices do not accept unsolicited network connections. 它们以仅限出站的方式建立所有连接和路由。They establish all connections and routes in an outbound-only fashion. 若要让设备从后端接收命令,设备必须启动连接,以检查是否有任何挂起的命令要处理。For a device to receive a command from the backend, the device must initiate a connection to check for any pending commands to process. 在设备和 IoT 中心之间安全建立连接之后,在云和设备之间来回传递消息可以透明方式发送。Once a connection between the device and IoT Hub is securely established, messaging from the cloud to the device and device to the cloud can be sent transparently.
  • 设备只能同与它们对等的已知服务(例如 Azure IoT 中心)进行连接或建立路由。Devices only connect to or establish routes to well-known services with which they are peered, such as an Azure IoT Hub.
  • 系统级授权和身份验证使用每个设备的标识,使访问凭据和权限可以近乎实时吊销。System-level authorization and authentication use per-device identities, making access credentials and permissions near-instantly revocable.

安全的连接Secure connectivity

消息传递的持久性是所有 IoT 解决方案的重要功能。Durability of messaging is an important feature of any IoT solution. 永久传递命令和/或从设备接收数据的要求,可通过以下事实强调说明:IoT 设备是通过 Internet 或不可靠的其他类似网络来连接。The need to durably deliver commands and/or receive data from devices is underlined by the fact that IoT devices are connected over the Internet, or other similar networks that can be unreliable. Azure IoT 中心通过通知系统来提供云与设备之间消息传递的持久性,以响应消息。Azure IoT Hub offers durability of messaging between cloud and devices through a system of acknowledgments in response to messages. 消息传递的额外持久性可通过在 IoT 中心缓存消息来实现,针对遥测最多七天,针对命令最多两天。Additional durability for messaging is achieved by caching messages in the IoT Hub for up to seven days for telemetry and two days for commands.

为确保可在资源受限的环境中节省资源和操作,效率非常重要。Efficiency is important to ensure conservation of resources and operation in a resource-constrained environment. IoT 中心支持 HTTPS(安全 HTTP,流行 http 协议的行业标准安全版本),能够进行有效的通信。HTTPS (HTTP Secure), the industry-standard secure version of the popular http protocol, is supported by Azure IoT Hub, enabling efficient communication. Azure IoT 中心支持的高级消息队列协议 (AMQP) 和消息队列遥测传输 (MQTT),不只是根据资源使用的效率而设计,同时也可进行可靠的消息传递。Advanced Message Queuing Protocol (AMQP) and Message Queuing Telemetry Transport (MQTT), supported by Azure IoT Hub, are designed not only for efficiency in terms of resource use but also reliable message delivery.

伸缩性需要能够与各式各样设备安全互操作的能力。Scalability requires the ability to securely interoperate with a wide range of devices. Azure IoT 中心能够安全连接到已启用 IP 和未启用 IP 的设备。Azure IoT hub enables secure connection to both IP-enabled and non-IP-enabled devices. 已启用 IP 的设备能够直接连接,并通过安全连接与 IoT 中心通信。IP-enabled devices are able to directly connect and communicate with the IoT Hub over a secure connection. 未启用 IP 的设备是资源受限的,只能通过短距离协议(例如 Zwave、ZigBee 和蓝牙)来连接。Non-IP-enabled devices are resource-constrained and connect only over short distance communication protocols, such as Zwave, ZigBee, and Bluetooth. 现场网关可用于聚合这些设备并执行协议转换,以便与云进行安全的双向通信。A field gateway is used to aggregate these devices and performs protocol translation to enable secure bi-directional communication with the cloud.

其他连接安全功能包括:Additional connection security features include:

  • 设备和 Azure IoT 中心之间,或网关和 Azure IoT 中心之间的通信路径,将配合使用 X.509 协议身份验证的 Azure IoT 中心使用行业标准的传输层安全 (TLS) 来保护。The communication path between devices and Azure IoT Hub, or between gateways and Azure IoT Hub, is secured using industry-standard Transport Layer Security (TLS) with Azure IoT Hub authenticated using X.509 protocol.
  • 为了保护设备以防止来路不明的入站连接,Azure IoT 中心不会打开任何设备的连接。In order to protect devices from unsolicited inbound connections, Azure IoT Hub does not open any connection to the device. 设备将发起所有连接。The device initiates all connections.
  • Azure IoT 中心永久存储设备的消息,并等待连接设备。Azure IoT Hub durably stores messages for devices and waits for the device to connect. 这些命令存储两天,使设备能够基于电源或连接因素偶而进行连接来接收这些命令。These commands are stored for two days, enabling devices connecting sporadically, due to power or connectivity concerns, to receive these commands. Azure IoT 中心维护每个设备的设备队列。Azure IoT Hub maintains a per-device queue for each device.

安全处理和云中存储Secure processing and storage in the cloud

从加密通信到在云中处理数据,这些解决方案加速器可以帮助确保数据安全。From encrypted communications to processing data in the cloud, the solution accelerators help keep data secure. 这会提供弹性来实现额外加密并管理安全密钥。It provides flexibility to implement additional encryption and management of security keys.

使用 Azure Active Directory (AAD) 进行用户身份验证和授权,Azure IoT 解决方案加速器可以针对在云中的数据提供以策略为基础的授权模型,启用可审核和审查的轻松访问管理。Using Azure Active Directory (AAD) for user authentication and authorization, Azure IoT solution accelerators can provide a policy-based authorization model for data in the cloud, enabling easy access management that can be audited and reviewed. 此模型还能够以接近实时的方式吊销对云中数据以及连接到 Azure IoT 解决方案加速器的设备的访问权限。This model also enables near-instant revocation of access to data in the cloud, and of devices connected to the Azure IoT solution accelerators.

将数据移到云中之后,可以在任何用户定义工作流中处理和存储数据。Once data is in the cloud, it can be processed and stored in any user-defined workflow. 访问数据的每个部分根据所用的存储服务通过 Azure Active Directory 来控制。Access to each part of the data is controlled with Azure Active Directory, depending on the storage service used.

IoT 基础结构使用的所有密钥存储在云的安全存储中,并具有滚动更新能力,以防密钥需要重新预配。All keys used by the IoT infrastructure are stored in the cloud in secure storage, with the ability to roll over in case keys need to be reprovisioned. 数据可以存储在 Azure Cosmos DBSQL 数据库中,启用对所需安全级别的定义。Data can be stored in Azure Cosmos DB or in SQL databases, enabling definition of the level of security desired. 此外,Azure 提供一种方式用于监视和审核对数据的所有访问权限,以提醒有任何入侵或未经授权的访问。Additionally, Azure provides a way to monitor and audit all access to your data to alert you of any intrusion or unauthorized access.

结论Conclusion

物联网是从事物开始 — 对业务最重要的事物。The Internet of Things starts with your things—the things that matter most to businesses. IoT 可以通过降低成本、提高营收和使业务转型,为企业提供令人赞叹的价值。IoT can deliver amazing value to a business by reducing costs, increasing revenue, and transforming business. 这种转型的成败主要取决于是否选择了正确的 IoT 软件和服务提供商。Success of this transformation largely depends on choosing the right IoT software and service provider. 这意味着要找到适当的提供商,其不仅可通过了解企业需要与要求来催化这种转型,也会提供使用安全、隐私、透明性与合规性构建的服务和软件作为主要设计考虑因素。That means finding a provider that not only catalyzes this transformation by understanding business needs and requirements, but also provides services and software built with security, privacy, transparency, and compliance as major design considerations. Microsoft 具有开发和部署安全软件与服务的丰富经验,并持续在这个新的物联网时代中保持领先地位。Microsoft has extensive experience with developing and deploying secure software and services and continues to be a leader in this new age of Internet of Things.

根据设计,这些解决方案加速器内置了安全措施,实现安全的资产监视来改善效率、提升运营性能来助力创新,并采用高级的数据分析来使业务转型。The solution accelerators build in security measures by design, enabling secure monitoring of assets to improve efficiencies, drive operational performance to enable innovation, and employ advanced data analytics to transform businesses. 借助分层的安全机制、多项安全功能和设计模式,Azure IoT 解决方案加速器有助于部署可信任的基础结构来对任何业务进行转型。With its layered approach towards security, multiple security features, and design patterns, the solution accelerators help deploy an infrastructure that can be trusted to transform any business.

其他信息Additional information

每个解决方案加速器都创建 Azure 服务实例,例如:Each solution accelerator creates instances of Azure services, such as:

  • Azure IoT 中心:将云连接到设备的网关。Azure IoT Hub: Your gateway that connects the cloud to devices. 可以缩放为每个中心有百万个连接,并使用每设备身份验证支持来处理大量数据,以帮助保护解决方案。You can scale to millions of connections per hub and process massive volumes of data with per-device authentication support helping you secure your solution.
  • Azure Cosmos DB:适用于半结构化数据的可缩放且已完全编制索引的数据库服务,可管理预配的设备的元数据,例如,属性、配置和安全属性。Azure Cosmos DB: A scalable, fully-indexed database service for semi-structured data that manages metadata for the devices you provision, such as attributes, configuration, and security properties. Azure Cosmos DB 提供高性能和高吞吐量处理、与架构无关的数据索引,以及丰富的 SQL 查询接口。Azure Cosmos DB offers high-performance and high-throughput processing, schema-agnostic indexing of data, and a rich SQL query interface.
  • Azure 流分析:通过云中处理的实时流可以快速开发和部署低成本分析解决方案,以便从设备、传感器、基础结构和应用程序实时获取深入了解。Azure Stream Analytics: Real-time stream processing in the cloud that enables you to rapidly develop and deploy a low-cost analytics solution to uncover real-time insights from devices, sensors, infrastructure, and applications. 来自这种完全托管服务的数据可缩放为任何数量,同时保持高吞吐量、低延迟和复原能力。The data from this fully-managed service can scale to any volume while still achieving high throughput, low latency, and resiliency.
  • Azure 应用程序服务:一个云平台,用以构建能够连接到任何地方(在云中或本地)的数据的强大 Web 和移动应用。Azure App Services: A cloud platform to build powerful web and mobile apps that connect to data anywhere; in the cloud or on-premises. 构建具有吸引力的 iOS、Android 和 Windows 移动应用。Build engaging mobile apps for iOS, Android, and Windows. 与软件即服务 (SaaS) 和企业应用程序相集成,这些应用程序一经使用便可直接连接到数十种基于云的服务和企业应用程序。Integrate with your Software as a Service (SaaS) and enterprise applications with out-of-the-box connectivity to dozens of cloud-based services and enterprise applications. 使用最喜欢的语言在 IDE 中进行编码 – .NET、NodeJS、PHP、Python 或 Java – 以比以往更快地速度构建 Web 应用和 API。Code in your favorite language and IDE—.NET, NodeJS, PHP, Python, or Java—to build web apps and APIs faster than ever.
  • 逻辑应用:Azure 应用服务的逻辑应用功能可帮助用户将 IoT 解决方案集成到现有业务线系统并自动执行工作流程。Logic Apps: The Logic Apps feature of Azure App Service helps integrate your IoT solution to your existing line-of-business systems and automate workflow processes. Logic Apps 可让开发人员设计从触发过程开始,并运行一系列步骤的工作流 — 使用功能强大的连接器来与业务过程集成的规则和操作。Logic Apps enables developers to design workflows that start from a trigger and then execute a series of steps—rules and actions that use powerful connectors to integrate with your business processes. Logic Apps 提供与 SaaS、基于云和本地应用程序的广泛生态系统的实时连接。Logic Apps offers out-of-the-box connectivity to a vast ecosystem of SaaS, cloud-based, and on-premises applications.
  • Blob 存储:可靠且符合经济效益的云存储,适用于设备要发送到云的数据。Blob storage: Reliable, economical cloud storage for the data that your devices send to the cloud.

另请参阅See also

若要详细了解如何保护 IoT 解决方案,请参阅:To learn more about securing your IoT solution, see:

若要进一步探索 IoT 中心的功能,请参阅:To further explore the capabilities of IoT Hub, see: