Any internet-facing solution must be designed with “security-first” in mind; otherwise, it would be vulnerable to cyber-attacks. This especially applies to IoT products since they are usually introduced in batches to the market and delivered to end users who often don’t have a basic understanding of IoT security. When it comes to security, ESP32 provides a good level of hardware support for developers with its cryptography subsystem. ESP-IDF also integrates industry-standard encryption libraries and provides a good abstraction when a custom security solution is needed.

In this chapter, we will discuss the essentials of the ESP32 platform when developing production-grade IoT devices and see examples of secure communication protocols to understand how to utilize them in our projects. The RainMaker platform by Espressif Systems will support us in the examples of the chapter to understand the bare minimum before...

The hardware requirements of the chapter are:

• ESP32-C3 DevkitM-1
• A Light-Dependent Resistor (LDR) or photosensor
• A pull-up resistor (10K)
• Jumper wires

On the software side, we will use the RainMaker library. The book repository contains it as a sub-module, but you can find it here as well: https://github.com/espressif/esp-rainmaker.

The mobile applications from Espressif Systems are listed below. They are available for both Android and iOS mobile devices:

• ESP SoftAP Provisioning: The application for joining a WiFi network.
• ESP RainMaker: The companion application that comes with the RainMaker platform to add devices and manage them in the platform.

Other software tools and libraries that we need in the examples are:

• openssl: An industry-standard tool to generate certificates and run web servers. You can find the binaries here: https://wiki.openssl.org/index.php/Binaries.
• Flask...

Espressif Systems has shown constant progress in security features with every new family of ESP32. To be honest, the initial versions of ESP32 had some hardware design flaws that could enable an attacker to access the system. Espressif not only corrected these flaws but also added many other important security features in the new designs. The Espressif team definitely knows the needs of IoT product developers and reflects them on their product roadmaps. ESP-IDF has also been regularly updated to support all the ESP32 chips, enabling IoT developers to provide their customers with devices and products that fulfill modern security requirements. Let’s look at an overview of those features.

Secure Boot v1

Secure Boot creates a chain of trust, from boot to the application firmware, by authenticating the running software at each step. The whole process may sound a bit confusing, but in simple terms, it works as follows:

• Authenticate the bootloader...

After deploying an IoT device, it doesn’t mean the development is finished forever. On the contrary, this is the most important stage in the life cycle of an IoT product and still requires active development. We might want to add new features as a response to the users’ needs or it might be a necessity to improve the product security after discovering a potential risk. In either case, we need to have a means to update the firmware remotely without physically touching the deployed IoT products. Over-the-air (OTA) update techniques provide this capability.

The basic OTA update mechanism in ESP-IDF works as follows:

1. We configure the flash to have two different partitions, ota_0 and ota_1, to accommodate the running firmware and a new firmware.
2. When we upload a new firmware, ESP-IDF chooses the free partition to save the incoming bytes. ESP-IDF marks it as the candidate active partition as soon as all the bytes are transferred.
...

In the first example of the OTA update, we will start a file server in the local network and download new firmware from this server to upgrade the device. The file server is a simple Python Flask application that runs on our development machine. The device firmware will poll the firmware information from the server periodically and if it shows the firmware version on the server is different from the version that runs on the device, then it will download the new firmware from the server for an upgrade.

One of the important points in OTA updates is that we want a secure communication channel between the server and devices to prevent any unwanted ears from listening to the network traffic and intercepting the new firmware while transferring to the devices. Thus, we will configure the server with TLS encryption in this example. The Flask application will use a TLS certificate to encrypt the HTTP traffic between the parties. On the ESP32 application...

RainMaker is a cloud platform by Espressif Systems that you can connect to your devices and manage remotely. The underlying cloud infrastructure is provided by Amazon Web Services (AWS) and RainMaker runs on top of AWS. RainMaker integrates many important features that we can expect from an IoT platform, such as user management, device management, scheduling for automation, monitoring and data analysis, and diagnostics. Espressif provides an instance of the RainMaker platform free for learning and testing purposes, but it is also available on the AWS Marketplace if you want to build your product around this platform (https://aws.amazon.com/marketplace/pp/prodview-sre2djwuggnyw). You can find more information about RainMaker on its website here: https://rainmaker.espressif.com/.

Although we will extensively discuss how to develop ESP32 applications in a cloud environment in the upcoming chapter, working on a RainMaker application provides us...

A paramount concept in cyber security is how to secure data in transit and at rest. Data at rest means any information that is stored on a non-volatile memory, such as a flash or hard drive. Data can be structured data, for example, a SQL database, or any type of file. Data in transit means bytes that are being transferred over a medium, such as a wireless network. These definitions perfectly apply to IoT. Data is at every step of an IoT product, starting from collecting environmental data via sensors and transferring them to a backend or cloud service for further processing and storage. It doesn’t stop there; we would need to share it with other endpoints, such as mobile applications. The nature of data affects the product design decisions at every single step. Below is a list of items along with questions that we can ask during the design phase to help reveal the nature of the data:

• The type, frequency, and volume of data collected...

An IoT product to be launched on the market requires different security approaches combined in the same solution. A solution usually has different components, including connected devices, a backend service, and client applications to interact with the product. When we talk about IoT security, it covers the entire solution with all of these components. In this chapter, we discussed what the ESP32 platform, hardware, and software together provide us to ensure the utmost cybersecurity for our products. We talked about the Secure Boot and flash encryption features to secure the firmware on ESP32 devices. The newer ESP32 families, such as ESP32-C3, come with a digital signature peripheral to secure the application’s private keys with a smart technique. OTA update is one of the most valuable features of any IoT product.

We have seen two different examples of OTA updates. We learned that we need to monitor our devices in the field where possible. ESP RainMaker is a well...

Let’s practice what we have learned in this chapter by answering the following questions:

1. When we want to protect the device firmware from any external access, which is the right technique to do that?
   1. Flash encryption
   2. Secure Boot
   3. The digital signature peripheral
   4. ESP Privilege Separation
2. Which of the following is false about the OTA update for ESP32?
   1. Two partitions are needed.
   2. There are many techniques for OTA updates, such as over HTTP, over MQTT, or running a TCP server on the device itself.
   3. A secure channel must be used.
   4. Application rollback is possible.
3. Which of the following is not true for the RainMaker platform?
   1. It runs on top of AWS.
   2. It is available on the AWS Marketplace for private installation and customization.
   3. It supports OTA updates.
   4. It doesn’t require mutual authentication...

• Practical Internet of Things Security – 2nd Edition, Brian Russell, Drew Van Duren, Packt Publishing (https://www.packtpub.com/product/practical-internet-of-things-security-second-edition/9781788625821): This book covers all security considerations for IoT products. Chapter 6, Cryptographic Fundamentals for IoT Security Engineering, explains the fundamentals of cryptography, such as random number generation, symmetric and asymmetric encryption, digital signatures, hashes, and cipher suites.
• Developing IoT Projects with ESP32, 1st Edition, Vedat Ozan Oner, Packt Publishing (https://www.packtpub.com/product/developing-iot-projects-with-esp32/9781838641160): Chapter 6, Security First!, explains how to integrate ESP32 with another secure element by giving an example for Optiga TrustX Security Shield2Go.
• IoT Security Foundation Guidelines (https://www.iotsecurityfoundation.org/best-practice-guidelines/): The foundation publishes many guidelines...