The Secure IoT Gateway is a special use case of LEGaTO, aimed at simplifying the complexity of securing the connection of devices to a network, coming with a Network Cockpit Application for configuring and monitoring the system. In order to test the system in a real-world environment, the Secure IoT Gateway was installed into the KogniHome research flat in Bielefeld. KogniHome is a project that develops and showcases new smart home technologies that allow technology-assisted living for all age generations and people with disabilities.
Figure 1. Installation of the Secure IoT Gateway at the KogniHome research flat
The aforementioned flat is equipped with the latest smart home devices, allowing a glimpse into the future of technology-assisted living standards. IoT Devices like the KogniMirror, KogniChef, KogniWork and KogniHab are equipped with an IoT Bridge 50, therefore secured and controlled in their network communication. The IoT Bridge 50 is part of the new hardware revision and allows for higher VPN encryption speeds and better overall stabillity and performance. Traffic between devices is now encrypted and unused ports were closed by the rule configuration provided by the Network Cockpit.
Besides IoT Bridges, the Local Gateway was also installed to provide VPN endpoints for the devices. To allow communication via MQTT (Protocol for IoT messaging) and RSB (Robotics Service Bus – for scalable integration of robotic systems), user-specific configuration was added to the Local Gateway on-site. Other common services like ICMP, DHCP, DNS and HTTP/HTTPS can be configured with some simple clicks within Rule Configuration settings.
The development of a new key-feature was necessary to get working connections inside the existing KogniHome network structure, because changing IP addresses of already installed IoT devices was not possible. Rather than using a conventional OpenVPN routing setup, we settled on a bridging configuration, making integration into the existing network structure possible. This VPN network mode operates on layer 2 and does not create new subnets for the devices connected behind an IoT Bridge. The new feature was implemented into the Network Cockpit and allows customers to set their preferred network mode.
To allow a secure way of remote access, an IoT Bridge was configured to directly communicate with the Cluster Gateway, thus allowing encrypted network access over the internet. This is described as the “Private Home” branch in the following network schematic (Figure 2).
Figure 2. KogniHome network with Secure IoT Gateway integration