Device configuration best practices

Secure, efficient connection with a network depends on how the device is developed. You must consider the following during device inception and design:

• Data security and integrity
• Using IoT protocols for standard communication
• Configuring the device to initiate communication as IoT best practice

Ensuring data security and integrity

You must develop devices with data security and integrity in mind, ensuring that they are configured to handle SSH and SSL/TLS correctly, if required. This ensures that all IoT data is end-to-end encrypted at the application layer before it traverses across the mobile network.

We highly recommend that you engage a third party penetration test company to perform full end-to-end penetration testing on your products and Eseye's network.

Customers handling credit card information must ensure the device (such as a payment terminal) is PCI compliant. This means ensuring that banking details are encrypted at the point that a credit or debit card is tapped onto the device to pay for an item.

Depending on your security requirements, we can provide different solutions for how data egresses the Eseye network across the customer’s firewall and network.

For information about providing security across your IoT deployment, see AnyNet security options.

Understanding IoT protocols, such as MQTTS, CoAP and HTTPs

IoT protocols provide a set of rules for transmitting data between devices and the customer network, so that each device sends and receives information in a structured, uniform way. Protocols ensure that devices communicate in a compatible and reliable manner.

Most modern IoT protocols are designed so that devices initiate communications, which means these protocols work well across a range of network topologies, including the AnyNet solution.

We recommend customers use any of the following industry standard IoT protocols for their deployment:

• MQTTS
• CoAP
• HTTPS

Some benefits of using IoT protocols:

• These provide standardised, industry-accepted solutions
• Proven to be robust across a range of network topologies
• Contain built-in security protocols
• Have the advantage of reusing community development and testing

Configuring devices to initiate communication

In all circumstances, it is IoT best practice for a device to initiate all communication with the customer network. This:

• Reduces security risks, ensuring that devices are not accessible outside of the customer network.

• Optimises connectivity by ensuring that the device can access multiple networks for routing data.

  Devices with a single public IP address are restricted to one network. For more information, see How IP addresses are allocated to a SIM.

• Increases scalability and decreases the costs incurred with assigning public IP addresses to devices. For more information, see Assigning static public IP addresses to devices.

For example, a payment terminal must initiate communication – the point of sale may occur at any time, and the banking information is pushed to the bank’s network. The terminal may also poll the customer network to see if software updates are available.

In a case where different customers need to rent the same device for a set period of time, perhaps to send a message to the device (for example, with highway maintenance signage), then depending on what IoT protocol is used, the device will initiate communication with the cloud to see what new messages are available.

Configuring devices for connection efficiency

IoT devices can cause congestion on a network when communication requests are rejected and devices repeatedly try to connect. This is particularly a problem when thousands of devices try to connect simultaneously to a centralised network.

Eseye adheres to GSMA guidelines for device connection efficiency, as described here:

TS.34 IoT Device Connection Efficiency Guidelines (external website, see Chapter 7.1)

It is IoT best practice to use delay timers to increase backoff time between communication attempts, as well as use a random element to avoid simultaneous requests, especially as the number of devices using any particular network is ever increasing.

Eseye will charge extra if your devices connect inefficiently to a network. For more information, see Understanding charges for inefficient network connection.

Configuring your devices to handle national emergency alerts

Increasingly, governments have nationwide test alert systems that may send alerts over cellular networks, and may use different RAT types to distribute an alert.

IoT devices that are connected to such a network at the time of an alert will automatically receive the alert.

You must develop your devices to take appropriate action in response to emergency alerts, such as restarting, or activating a specific function.

We recommend you configure your devices to receive emergency alerts from authorized sources only. It is important to restrict the sources of alerts to trusted authorities, to prevent the device from receiving false or malicious alerts.

Eseye can offer test services, including operation verification, during and following a national emergency alert. Speak to your Account Manager for more information.

Configuring a device to accept maintenance

IoT devices often contain embedded sensors, software, and other electronics that allow them to connect and communicate with other devices and networks through the internet.

Like any other electronic device, IoT devices require maintenance to ensure their optimal performance, security, and longevity. Without proper maintenance, these devices may encounter various issues such as malfunctions, performance degradation, security breaches, and even complete failure.

Here are some reasons why you need to configure your IoT devices to accept maintenance:

• Firmware updates: IoT devices often rely on firmware to operate, and firmware updates are necessary to fix bugs, improve performance, and enhance security. Regular firmware updates can help ensure that IoT devices continue to function optimally and securely.
• Security patches: IoT devices are often connected to the internet, making them vulnerable to cyber attacks. Regular security patches and updates can help protect IoT devices from potential security threats and prevent data breaches.
• Network optimization: If IoT devices are not reliably connecting on available networks, Eseye can download an IMSI to connect to a more suitable network. The campaign to download the IMSI may take a while, which may prove challenging for battery operated devices that only connect to a network for short time periods. Devices that are only awake for a few seconds once a week, for example, may take over a month to receive the full campaign.
• System integration: IoT devices often work in tandem with other devices and systems. Regular maintenance may ensure that these devices continue to communicate effectively and that data is transmitted accurately.

We recommend you design your IoT devices to check for maintenance requests at regular intervals, and stay awake long enough to receive the maintenance, as follows:

• Devices that need to conserve power must authenticate on the network and stay awake for at least 20 seconds, even if the main application communication has finished.
• During this time, the device firmware should poll the module to see if an active context is open for Remote SIM provisioning.
•