Can we go from unboxing new Helium hardware to sending hardware-encrypted data to an Azure IoT Hub in under five minutes?

Securing your devices and sensors should be top of mind when considering any IoT wireless and cloud platform. Sound, proven hardware-based encryption and authentication practices specifically are what should set an IoT service apart. X-509 certificates (and their sister mechanism JSON Web Tokens) are the standard when it comes to device-level authentication for big-ticket cloud providers. Both Azure IoT and AWS IoT both use X-509 certificates as their gold standard when authenticating devices. And Google Cloud IoT does the same with JSON Web Tokens.

Device-level X-509s are Very Hard

But building full X-509 cert-based encryption and authentication into a low-power embedded device and securely managing the lifecycle of these certificates can be cumbersome for even the most capable developers. For starters, here’s how Azure IoT recommends you implement security at the device level. To really drive home how hard this is to do on your own with a wireless device like the Atom on a LPWAN like Helium, your end device needs a full TLS stack, a client certificate, and a MQTT client. And you need to keep the MQTT connection alive between the device and the cloud. The radio usage alone will crush your battery and this assumes your sensor is driven by a sufficient MCU. The processing and networking requirements are enough that the official Azure IoT Arduino Library doesn’t support the Arduino UNO. And users are having issues with it (to say the least).

So, to abstract this type of complexity, we built Helium Channels. Channels are prebuilt connections to cloud services like Azure IoT, AWS IoT, and Google Cloud IoT. (You can see a full list of Helium Channels available here.) They handle all the heavy lifting: from hardware secured certificate generation and management to integration with cloud device management APIs and everything in between.