Sensor Characteristics

The sensor is a transducer that converts a physical property into an electrical signal. The physical property can be Weight, Temperature, Pressure, Percentage Composition, Force, Electric or Magnetic or Electromagnetic, Position and Orientation, etc.

The sensors are classified as active sensors and passive sensors based on their working principle. The active sensors use an external or self-generated signal to measure. For example, RADAR emits a series of intense radio waves for a short time and waits for the radio waves or signal to return and calculate the distance of the distant object using the signal flight time. The passive sensors work by changing their electrical properties like resistance or capacitance based on the physical property. For example, an LDR changes its resistance based on the intensity of light.

Sensors must have the following significant properties to define the quality of a sensor:


Every sensor has a range in which they work with an acceptable error. If the input is not in range, then the output is unpredictable.


The signal level varies for the same input over a long period; this is called as drift. The drift will cause an error in the measured value. The drift may result from aging of the sensor or temperature variance.


Sensitivity is defined as the change in output per unit change in input of the property being measured. The sensitivity of the sensor may be constant or linear for the entire range of sensor or vary exponentially if the sensor is a non-linear sensor


Selectivity is the ability of the sensor to measure a target property in the presence of other properties. For example, if an oxygen sensor does not react to other gasses like CO2 then it has good selectivity.


The resolution of a sensor is the minimum change in the target property that can produce a detectable change in output. For example, consider a temperature sensor with a resolution of 1C; this temperature sensor cannot produce a different output for 0.1C change in input.

Response and Recovery Time

The response time is the time taken by the sensor for its output to reach 95% of its final value when it is exposed to a target material. The Recovery Time is defined conversely.


If the sensitivity of the sensor is constant for the range, then it is called as linearity of the sensor. The linear sensors are easier to use while the non-linear sensors require complex mathematical equations to measure the physical property.


The hysteresis is the characteristic of a sensor by which the sensor produces a different set of outputs if the data is recorded in different directions (increasing input or decreasing input). The hysteresis can be observed in the following figure:



If a meaningful measurement is to be made, it is necessary to tune the output of the sensor with accurately known input.

Full-Scale Output

The full-scale output is the difference between the output for maximum input and the output for minimum input. Based on this, the ADC’s reference voltages have to be selected properly.


The precision of a sensor is its ability to produce same output when repeatedly measured for the same input. The precision is determined using statistical analysis standard deviation.


The accuracy of a sensor defines how close the output is to the real value. The accuracy defines the maximum error the sensor may produce.



Wireless Protocols for Internet of Things

If you are planning to do an IoT project, you need to take decisions on sensors or actuators to use, hardware for edge device( node), and hardware for Gateway (Gateway connects your node to the internet). For communication, decisions should be made on wireless protocol (Node to Gateway), Network Protocol, Communication Channels (gateway to the cloud), and IoT cloud platform to be used.

In this article, I will be briefly discussing wireless communication protocols that are widely used in IoT scenario. For each protocol, a brief description of the protocol followed by Pros & Cons, technical features, application areas, and website link for further exploration are given.


Wi-Fi – Wi-Fi Alliance


Wi-Fi is a technology developed for electronic devices to connect to a wireless Local Area Network (WLAN). Wi-Fi uses the 2.4 gigahertz (12 cm) UHF and five gigahertz (6 cm) SHF ISM radio bands. The Wi-Fi Alliance defines Wi-Fi based on the IEEE 802.11 standards. It has various encryption technologies WEP, WPA, WPA2, etc., and is password protected. However, it can be used as open Wi-Fi without any password, which allows any device within its range to access the resources of the WLAN network.

Wi-Fi technology has been used widely; this allows utilizing the current infrastructure for the new Internet of thing technology.

Standard: Wi-Fi Alliance

Frequency: 2.4 GHz, 5.8GHz

Range: 10-100 m

Data Rates: 11-105 Mbps

Application Focus:

  1. Residential & Commercial IoT router
  2. Smart traffic management
  3. Office automation

Reference URL, Wi-Fi -


Bluetooth – Bluetooth SIG


Bluetooth is a wireless technology IEEE 802.15.1 standard-based protocol for data exchanging. Initially, Bluetooth was developed for wire replacement of computer and mobile peripherals. Bluetooth uses short-wavelength UHF radio waves in the ISM band from 2.4 to 2.485 GHz, especially for personal area networks (PANs). The Bluetooth specification is managed by the Bluetooth Special Interest Group (SIG). Bluetooth is not suitable for IoT scenario as it consumes more power.

Standard: IEEE 802.15.1

Frequency: 2.4 GHz

Range: 10-30 m

Data Rates: 723 Kbps

Application Focus:

  1. Cable replacement
  2. Personal useriInterface
  3. Simple remote control
  4. Browse over Bluetooth

Reference URL, Bluetooth -


Bluetooth Low Energy (BLE) – Bluetooth SIG


Bluetooth low energy (Bluetooth LE, BLE, and Bluetooth Smart) is a wireless personal area network technology similar range to Bluetooth. BLE is designed to work with low power consumption and is inexpensive. Like Bluetooth, BLE also has specification managed by the Bluetooth SIG.

BLE is designed by the Bluetooth SIG for low-powered devices that use less data. BLE goes to sleep when not in use and wakes up when data transfer happens. This makes it ideal for IoT device, which runs on battery and consumes low power.

The BLE modules available in the market implements a mechanism called “Dual Mode” that will make the device work with Classic Bluetooth as well as a BLE device.

Standard: Bluetooth SIG

Frequency: 2.4 GHz

Range: 200ft

Data Rates: 25Mbps

Application Focus:

  1. Mobile phones
  2. Smart homes
  3. Wearable’s
  4. Automotive
  5. Healthcare
  6. Bluetooth payment
  7. Network availability
  8. Heart rate monitor
  9. Sports & fitness, etc.

Reference URL, Bluetooth Low Energy (BLE) -


ZigBee – Zigbee Alliance


ZigBee is an IEEE 802.15.4 standard-based protocol for personal area network with short range, low power, and low data rate wireless data transfer.

ZigBee is simpler and less expensive than other wireless personal area networks; ZigBee has some advantages over other wireless protocol such as low-power operation, high security, robustness and high scalability for wireless control and sensor networks IoT applications. ZigBee devices can transmit data over long distances by a mesh network passing data through intermediate neighbor devices to reach more distant. Zigbee IoT Applications include wireless ZigBee Smart Energy, Home Automation, and light switches.

Standard: IEEE 802.15.4

Frequency: 868/915 MHz – 2.4 GHz

Range: 10-300m

Data Rates: 250 Kbps

Application Focus:

  1. Monitoring & Control
  2. Commercial & Industrial
  3. Home and Building Automation
  4. Medical Data Collectio
  5. Wireless Sensor Networks

Reference URL ZigBee -


Z-wave – Z-Wave Alliance


Z-Wave is a wireless technology that lets smart devices talk to one another. The Z-Wave protocol is primarily designed for home automation. Z-wave is optimized for reliable and low-latency communication of small data packets with data rates up to 100kbit(s) and operates in the sub-1GHz band. Z-wave is simple compared to other protocol that makes it easy and faster for development.

Z-wave has full mesh networking capabilities without the need of a coordinator node and is very scalable, enabling control of up to 232 devices.

Standard: Z-wave

Frequency: 900 MHz

Range: 100 m

Data Rates: 10-100 Kbps

Application Focus: 

  1. Control and automation
  2. Home Automation
  3. Simple Remote Control
  4. Gaming
  5. Medical Applications

Reference URL Z-wave -


6LowPAN – IETF, Google


6LoWPAN stands for IPv6 over Low power Wireless Personal Area Networks. 6LowPAN is a network protocol that defines header compression and encapsulation mechanisms allowing IPv6 packets to be sent and received over IEEE 802.15.4 based networks. The 6LoWPAN is specifically developed for low-power devices with limited processing capabilities, which can be able to participate in the Internet of Things. 6LoWPAN is the name of a concluded working group in the Internet area of the IETF.

Standard: IEEE 802.15.4

Frequency: 2.4 GHz

Range: 200 m

Data Rates: 200 Kbps

Application Focus: 

  1. 6LowPan Smart Meters
  2. Smart Lighting
  3. Thermostats
  4. Smart Grid
  5. Wireless Sensor Networks
  6. Industrial Automation
  7. Advanced Traffic Management System

Reference URL 6LowPAN -




Radio-frequency identification (RFID) uses electromagnetic fields. RFID is not new since it has been used almost in every industry to identify and track tags attached to objects automatically. The tags stores information electronically. There are two types of RFID tags, Active and Passive. Passive tags collect energy from RFID reader’s radio waves whereas Active tags have its power source such as a battery and can operate at hundreds of meters distance from the RFID reader. RFID technology can be used in the IoT to identify objects and link them to the Internet.

Standard: ISO RFID standards, EPCglobal standards

Frequency: 120 KHz – 150 KHz, 13.56 MHz, and 433 MHZ

Range: 10 CM to 100M

Data Rates: 10-100 Kbps

Application Focus:

  1. Access management
  2. Tracking of goods
  3. Tracking of persons and animals
  4. Toll collection and contactless payment
  5. Machine readable travel documents
  6. Smart dust (for massively distributed sensor networks)
  7. Electronic Lock with RFID Card System
  8. Tracking sports memorabilia to verify authenticity
  9. Airport baggage tracking logistics
  10. Timing sporting events

Reference URL RFID -




Near Field Communication (NFC) technology is used for communication between two NFC-enabled electronic devices like Smartphone. NFC communication uses electromagnetic induction between two NFC loop antennas located between near field, which effectively forms an air-core transformer. NFC operates unlicensed radio frequency ISM band of 13.56 MHz on ISO/IEC 18000-3 air interface. NFC working involves two participants, an initiator, and a target; the active initiator generates an RF field that can power a target that is passive (“NFC tag”). NFC comes in very small factors such as tags, stickers, and key fobs. NFC peer-to-peer communication is possible when provided by both devices are powered. NFC technology allows IoT device’s contactless data transfer.

Standard: ISO/IEC 18000-3

Frequency: 13.56MHz

Range: 4 cm

Data Rates: 100–424kbps

Application Focus: 

  1. NFC contactless payment
  2. Wearable baby monitors
  3. Smart marketing posters
  4. E-Commerce
  5. Bootstrapping other Connections
  6. Identity And Access Tokens
  7. Gaming

Reference URL NFC -


Thread – Thread Group


The thread is built on IEEE 802.15.4 based 6LoWPAN wireless protocol with mesh communication. The thread is a low-power, secure and scalable IP-based wireless mesh networking protocol. Thread networking provides self-healing mesh networking with over 250 nodes and support for sleepy nodes, allowing years of operation from a single battery.

The thread was launched by thread group in 2014. Thread group Alliance today working with the companies Nest Labs, Samsung, ARM Holdings, Qualcomm, NXP Semiconductors/Freescale, Silicon Labs, Big Ass Solutions and OSRAM. The thread is IP-addressable and can have direct access to cloud and AES encryption. The thread is specifically designed for home automation setup.

Standard: IEEE802.15.4 and 6LowPAN

Frequency: 2.4 GHz

Range: N/A

Data Rates: N/A

Application Focus: 

  1. Connected home
  2. Home Automation
  3. Consumer utility

Reference URL Thread -


LoRaWAN – LoRa Alliance


LoRaWAN is a Low Power Wide Area Network (LPWAN). LoRaWAN is a media access control (MAC) layer protocol designed for public networks in large-scale with a single operator. It is built using Semtech’s LoRa modulation as the underlying PHY. LoRaWAN used for secure mobile bi-directional communication in wireless battery operated devices. LoRaWAN is ideal where low power and long range is needed with millions and millions of devices connected.

Standard: LoRaWAN

Frequency: Various (eg 902MHz -928MHz)

Range: 2-5km (urban environment), 15km (suburban environment)

Data Rates: 0.3-50 kbps

Application Focus: 

  1. Ideal for smart cities
  2. Environmental data monitoring

Reference URL LoRaWAN -


Sigfox – SIGFOX


Another wireless wide range technology is Sigfox which comes with a range between Wi-Fi and cellular. Sigfox uses free ISM band to transmit data over the very narrow spectrum. Sigfox is designed to handle low data-transfer speeds of 10 to 1,000 bps using an Ultra Narrow Band (UNB) technology. Sigfox overcomes the problem of Wi-Fi and cellular in many applications that has short Wi-Fi range, where cellular cost is high and consumes more power.

SIGFOX is a French company that builds wireless networks, which is founded in 2009 by Ludovic Le Moan and Christophe Fourtet. Typically, it is an internet of thing device that needs to transmit continuously in small amount data. Best use cases for Sigfox are electricity meters, smart watches, and washing machines.

Standard: Sigfox

Frequency: 900MHz

Range: 30-50km (rural environments), 3-10km (urban environments)

Data Rates: 10-1000bps

Application Focus:

  1. Smart meters
  2. Patient monitors
  3. Security devices
  4. Street lighting
  5. Retail including point of sale, shelf updating, etc
  6. Environmental sensors

Reference URL Sigfox -


Selection of a Wireless protocol for an IoT Project needs a clear understanding of the use case as it needs to satisfy the requirement.

Working with MQ2 Gas Sensor


The MQ-2 Gas Sensor module detects gas leakage in home and industry. The MQ series of gas sensors use a small heater inside with an electrochemical sensor. They are sensitive to a range of gasses and are used indoors at room temperature. The output is an analog signal and can be read with an analog input of the Arduino.


  1. Wide detecting scope
  2. High sensitivity and fast response
  3. Long life and stable
  4. Simple drive circuit


Due to its fast response time and high sensitivity, measurements can be taken as soon as possible. The sensor sensitivity can be adjusted by using the potentiometer.


They are useful in gas leakage detection of LPG, propane, methane, i-butane, alcohol, Hydrogen, and smoke.

Working Principle

The MQ2 has an electrochemical sensor, which changes its resistance for different concentrations of varied gasses. The sensor is connected in series with a variable resistor to form a voltage divider circuit (Fig 1), and the variable resistor is used to change sensitivity. When one of the above gaseous elements comes in contact with the sensor after heating, the sensor’s resistance change. The change in the resistance changes the voltage across the sensor, and this voltage can be read by a microcontroller. The voltage value can be used to find the resistance of the sensor by knowing the reference voltage and the other resistor’s resistance. The sensor has different sensitivity for different types of gasses. The sensitivity characteristic curve (Fig 2) is shown below for the different type of gasses.





1. Ro is the resistance of the sensor in clean air

2. Rs is the resistance of sensor when exposed to gasses

Procedure to Calculate the Concentration of a Particular Type of Gas

To find the concentration of gas, two values has to be measured using a microcontroller with ADC such as Arduino,

1. Ro – The resistance of the sensor when measured in clean air,

2. Rs – The resistance of the sensor when it is exposed to any of the mentioned gasses

To find Ro, connect the sensor to one of the Analog pins of Arduino, note 100 values, and select the median value. This will reduce if any dynamic errors present in the values. The sensor is connected in the series with a variable resistor (Potentiometer on the sensor board). So, to find the resistance of the sensor (Ro or Rs), the resistance of the variable resistor (R1) is required. In most of the MQ2 sensor modules, any one end of the potentiometer and the middle pin of potentiometer will be connected between Sig or Vout Pin and Ground. Find the resistance of R1 using a multimeter and note it down.

The voltage across the sensor Vs (Vs is Vo in Clean Air) is calculated by using the following formula:

Vs=VRef – ADC_Value * (VRefH-VRefL)/(2R)


VRefH is the higher Reference voltage of the ADC, in Arduino, it is usually 5V or 3.3V

VRefL is the lower reference voltage of the ADC, in Arduino, it is usually 0V

R is the resolution of the ADC, in most of the Arduino boards, it is 10 Bits

Once the voltage across the sensor and value of R1 is known, the resistance of the sensor can be calculated by using the formula

Ro=R1 Vo/ (VRef-Vo)

Where Vo is the voltage across the sensor in clean Air

Similarly, the Resistance of the sensor when exposed to gas can be calculated by repeating the above steps and using the formula

Rs=R1 Vs / (VRef-Vs)

Where Vs is the voltage across the sensor in the Air contaminated with LPG molecules

Note: The value of R1 is only for finding the value of Rs and Ro. For finding the concentration of gas, R1 is not required as the concentration is dependent on the Rs/Ro ratio. R1 is not required for finding just the ratio.

Finding the Concentration of a Gas

The concentration of a gas can be calculated by measuring the sensor’s Ro and Rs values and using the following formula

Concentration = Xo (Y/ Yo) Φ

Where Φ is the slope, which can be found using the Sensitivity Characteristic curve and the following formula

Φ = Log (Y2/Y1) / Log(X2/X1)

Where (X2, Y2) and (X1, Y1) are any two points on a section (lines between indicated points on the curve) of the curve. Since the curve has different slopes at different concentrations the (X2, Y2) and (X1, Y1) values should be taken from the corresponding sections

The Xo and Yo values are Initial Concentration and Rs/Ro ratio on a section of the curve (lines between marked points), these values are the starting points of each section (each line between marked points has different slopes)

Y is the Rs/Ro Ratio for the current concentration of the gas

The Arduino code can be found in the below link

To find Ro (Resistance of Sensor in clean air), just run the code in clean air for few minutes (for Accurate values, run it for 24 hours) and note down the resistance in the serial monitor.


A Look at the AWS IoT Ecosystem

The Internet of Things (IoT) enables smart objects to link with various information services that are based on the internet. The IoT cloud platform provides a framework to host applications that link smart objects to internet based services. The IoT cloud platform also provides a way to control smart objects with other smart objects.

AWS IoT is a cloud platform that not only provides an easy way to connect to IoT-enabled devices to the cloud but also can store, analyze and visualize data by making sense out of it.


AWS IoT provides a platform where the sensor grids, aircraft engines, connected cars, factory floors, and the similar things can be connected easily and securely to the cloud and other devices. The cloud connection to IoT devices is fast and lightweight (MQTT or REST), which makes AWS IoT a great fit for devices that have limited processing power, battery life or memory.

AWS IoT Architecture

Let’s take a look at the AWS IoT components:


Things are devices of all types, shapes, and sizes including applications, connected devices, and physical objects. Things measure and control something of interest in their local environment.

Ex: Consider you have a LinkIt One Board to which you have to connect a temperature sensor. The LinkIt One device keeps uploading sensor data to AWS IoT. In AWS IoT, “LinkIt One board + Temperature sensor” represents a virtual device called a “Thing.” Things have names, attributes, and shadows.

1. Thing Name: Unique name given by the user to identify a thing.

2. Thing attributes: The attributes represents the unique features of the thing as the thing serial number etc.

3. Thing Shadows: The shadow represents the current state of the IoT device. The AWS Thing shadow can also be updated by other end devices; this will help us control the IoT-enabled

Example: Consider that there is an IoT-enabled Air conditioner which is constantly sending its current state to the AWS IoT Thing shadow, and assume that the currently reported state of the device is “OFF.”. Now, a user can update the AWS IoT Thing shadow from his mobile phone or laptop and change the desired state (request to change the state) to “ON.” The shadow will compare the “reported state” (reading from the sensor) of the device with the desired state of the device, and if there is a difference between the reported and the desired state, it will send an appropriate response to the device.

Rules Engine

The Rules Engine collects the data sent to the IoT cloud and performs actions based on factors that are present in the collected data and routes them to AWS endpoints like Amazon DynamoDB, AWS Lambda, Amazon Simple Storage Service (S3), Amazon Simple Notification Service (SNS), and Amazon Kinesis. The actions are expressed using an SQL-like syntax. Routing is driven by context and contents of individual messages. For example, routine readings from a temperature sensor could be tracked in a DynamoDB table where as an aberrant reading that exceeds a value stored in the thing shadow can trigger a Lambda function.

Message Broker

The Message Broker implements the MQTT protocol. The Message Broker can scale to contain billions of responsive long-lived connections between things and your cloud applications. Things use a topic-based publish/subscribe model to communicate with the broker. They can publish their state and can subscribe to incoming messages. The publish/subscribe model allows a single device to share its status efficiently with any number of other devices.

Authentication and Authorization

AWS IoT supports mutual authentication and encryption at all levels of connection to end data exchange between AWS IoT and devices without proven identity. It supports AWS method of authentication (called as ‘SigV4’) and X.509 certified based authentication. HTTP connection can use either of these methods while MQTT connection uses certification based authentication, and the WebSocket connection uses Sig v4 connectivity. With AWS IoT, you can use AWS IoT generated certificates or the certificates that are signed by your preferred Certificate Authority (CA).

You can create and deploy certificates and policies for your devices from AWS IoT console or use an API. These device certificates can be activated and associated with the relevant policies that are configured using AWS IAM. Doing this will allows you to revoke access to an individual device instantly if you choose to do so.

Thing Registry

The Thing Registry does the assigning task and allocates a unique identity for each thing. It also helps in the tracking of descriptive metadata like attributes and capabilities for each thing.


With AWS IoT, we can build an IoT end-to-end application, which will collect data from sensors, store collected data, analyze and visualized. The insights we get from the analytics and visualization will help businesses gain efficiencies, improve operations, harness intelligence from an extensive range of equipment, and increase customer satisfaction.

Exploring IoT Through a Use Case

The Internet of Things (IoT) is much more than attaching sensors to things and controlling them through the internet. The concept of IoT holds long-term application capabilities as our day-to-day lives are influenced by smart technologies and people are investing brains to make them a reality, which can only be accomplished by IoT.

Here is an example that explains IoT use case for a logistic company.

IoT Use Case

A logistic company is transporting fish long distances in refrigerated containers. They transport the fish with the utmost care because the fish may spoil if not handled properly during the transit. Also, the company makes an agreement with the merchant that if the fish spoils during transit, then the company needs to compensate the merchant. Therefore, the following parameters are imperative to avoid greater losses.

Temperature: The fish needs to be frozen to maintain its highest quality.

Humidity: Important to avoid thawing of frozen fish.

GPS Location: To track the container.

Door Sensor: To alert the company if the truck door is opened.

Human Presence Sensor: To check any human presence in the container.

The company solved the problem efficiently using IoT technology. They embedded different sensors to the container, which collected and sent data to the cloud for analysis. The sensors help track whether the temperature and humidity are under specified conditions, the container is travelling the specified route, the door is not opened during transit, or there is a human presence in the container. If a merchant makes any claims about the quality of the fish, the company will analyze the data collected and find out the exact reason behind the spoiled fish. Also, the company will be updated with the tracking data at a given period (five minutes, two mintues, etc.) so that they can take immediate action if required.

Let’s consider that the company has not adopted and IoT system. The company might suffer huge losses if a merchant makes any false claims by saying that the fish is spoiled during the transit. Also, the company will not know if there were any changes in the container conditions or location. Therefore, the IoT system will promptly help to address all of the discussed problems before causing any major damage. The IoT process flow for this use case is as follows:

Data Collection: Collects data from sensors placed in the container and sends this data to the cloud.

Rule Engine: When cloud receives data it will check for any alerts to be raised. For example, if the container door is opened it sends alert to the company.

Data Storage and Cleansing: Using Big Data tools, the data will be stored.

Data Analysis: If a merchant raises any claims, the data can be analyzed to verify the claim.

Visualization: Generation of reports from the data.


An IoT-enabled end-to-end application will collect data from sensors, store it, analyze it, and visualise it. The insights we get from the data collected will help to improve the entire system and process, thereby improving the systems operations, transparency, profitability, efficiency, and customer satisfaction.

Security Technologies behind SSL

Since the early age, computers have been used to transmit confidential and sensitive messages. But, sometimes people intercept and use these messages for their gain. Therefore, to safeguard the important messages such as credit/debit card information, different methods of encryption have been implemented.

Cryptography or Cryptology is the study and practice of techniques for secure communication in the presence of third parties called adversaries. In general, cryptography is about constructing and analyzing protocols that prevent adversaries or the public from reading private messages.

Symmetric Encryption:


Symmetric cryptography is a cryptographic system which uses a single key to encrypt and decrypt data. Both the sender and receiver use the same key to communicate.


However, symmetric keys also have a disadvantage. As both the sender and receiver use one key to encrypt or decrypt, sharing the key to each other is difficult. If they have to share the key through the internet, chances are there that a hacker can intercept the key.

Public/Asymmetric-key cryptography: Public-key cryptography, or asymmetric cryptography, is a cryptographic system that involves pairs of keys; public keys can be shared widely pairing with private keys that are known only to the owner. In other words, in a public-key encryption system, anyone can encrypt a message using the public key of the receiver. But, the message can be decrypted only with the receiver’s private key.

Example: John wants to send a secret message to Jane, So he will encrypt these message with a public key (generated by Jane using a key generation program whose input is a large random number and whose output is one public and one private key. The private key secret and is kept by Jane and the public key is spread widely to the public) and sends this message to the Jane even if the message is captured, it cannot be decoded without the private key.


Disadvantages of public-key encryption

  1. The public-key encryption methods are several orders of magnitude slower than the best known symmetric-key schemes.
  2. Key sizes are usually larger than those required for symmetric key encryption. The size of public-key signatures is larger than that of tags providing data origin authentication from symmetric-key techniques.
  3. No public-key scheme is proven secured. The most effective public-key encryption schemes have their security based on the set of number – theoretic problems.
  4. Public-key cryptography does not have a history of symmetric-key encryption.

Which is Stronger?

Both the symmetric and asymmetric encryptions are stronger. When we consider in terms of computational burden and ease of distribution, symmetric encryption requires less computational burden whereas asymmetric encryption involves with ease of distribution.

Digital Certificate:

Digital certificate is the electronic format of physical or paper certificates such as passport, membership card, driving license, etc. It proves your identity or the right to access services or information on the internet. Digital certificates are issued by a trusted authority empowered by law, known as Certifying Authority (CA).

Public Key Infrastructures:

A PKI-based authentication uses hybrid cryptosystem and benefits from using both types of encryption.

Steps Involved in SSL Authentication Protocol


1. A client broker requests a secure page (SSL Hello)

2. The web server sends its public key with its certificate

3. The browser checks whether that certificate was issued by a trusted party (CA), valid or not, and relation to the site contacted


4. The browser creates a symmetric session key and encrypts it with the server’s asymmetric public key. Then sends it to the server.

5. By using the asymmetric private key, the server decrypts the encrypted session and gets the symmetric session key.



6. Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key. This allows for a secure channel because only the server and browser know the symmetric session key, which can only be used for that session. If the browser has to connect to the same server the next day, a new session key would be created.

Applications of SSL:

SSL-secured transactions with e-commerce Web site: It is a typical use case of SSL transaction between a browser and a Web server where the protocol is used to authenticate if the server and then pass the customer’s credit/debit card details to the server.

Authenticated client access to an SSL-secured Web site: Both the client and server need certificates from a trusted certification authority (CA) that they both trust.

Remote access: SSL technology is used to provide authentication and data protection for users who want to log into their system (computer) remotely.

E-mail: The security protocol is used to transmit private communications via the Internet.


Communication using SSL-based encryption and authentication is highly secure with little to no chance that the communication can be decrypted by a hacker thus making software’s/websites highly secure and trustworthy.


How to Build a Complete IoT Solution with AWS – An Use Case Approach

In future, there will be millions of connected devices, from smart vehicles to smart wearables, generating an ever-increasing amount of data. The IoT cloud platform provides facilitation to collect data, store process and get actionable insights.

AWS IoT along with other services provided by AWS a complete IoT Solution can be build. In this article we will be discussing an IoT uses case and see how to implement the solution.

IoT Use Case

A logistic company is providing transportation services and need to ship items (e.g. fish, meat, etc.) in refrigerated containers. The merchant receiving this service found that sometimes the goods he received gets spoiled. He took insurance from an insurance company for the goods during transit. Over a period of time, the insurance company felt that the merchant is raising false claims, and want to implement a system to avoid this false claims.

The insurance company decided to implement an IoT solution to avoid the false claim. Therefore, considering the following parameters is imperative during transit.

Temperature: The goods needs to be frozen to maintain quality

Humidity: To avoid thawing of frozen goods

GPS Location: To track the route of the container

Door Sensor: To alert the company when the truck door is opened

Human Presence Sensor: To check any human presence in the container

Note: All the sensors are connected to the node (Hardware platform; in this case, LinkIt One/ Edison /Raspberry Pi), and measurement is passed on to the cloud using GPRS connectivity.

By measuring the mentioned parameters, the insurance company can identify if any anomaly has happened during transit. If anomalies are found, they will reject the claim.

For Example, 

  1. Change in Temperature and Humidity may affect the quality of goods – Can be identified using temperature and humidity sensor
  2. Deviation from the predefined route can affect the delivery time – Can be identified using GPS sensor
  3. Opening the door of truck will affect the Temperature, and Humidity maintained inside the truck – this can be identified using door sensor
  4. Stealing of goods can be identified by human presence sensor placed inside the truck

User Case Architecture

IoT Architecture

AWS Components in the Architecture

Node: The Hardware along with sensors connected to a Device (IoT Device) is termed as a node.

Thing: In AWS IoT terminology a ‘Thing’ represents a connected device( a.k.a Node).

Device Gateway: The AWS IoT Device Gateway enables secure and efficient communication between devices and AWS IoT. This can exchange messages using a publish/subscribe model, which allows one-to-one and one-to-many communications. The Data collected by the node is securely published to AWS IoT Device gateway using MQTT protocol.

AWS components

Device Shadow: The device shadow shows the current state of the device or the last known state of the device (if the node is offline). The data published to AWS IoT will reflect in the AWS IoT Device Shadow. The Thing shadow is a JSON document that is used to store the current state of the ‘Thing’

AWS IoT Rules: AWS IoT Rules gives IoT-enabled devices the ability to interact with AWS services. Rules are analyzed, and actions are performed based on the MQTT topic stream. Rules support tasks like these:

  1. Write data received from a device to an Amazon Dynamo DB database
  2. Process messages from a large number of devices using Amazon Kinesis
  3. Send a push notification using Amazon SNS to all users
  4. Save a file to Amazon S3
  5. Send the data from an MQTT message to Amazon Machine Learning to make predictions based on an Amazon ML model.

Amazon IAM: Amazon IAM: AWS Identity and Access Management helps users with secured control access to AWS resources. However, permission has to be granted by the account holder to AWS IoT to access these AWS resources. Users can use IAM to control who can use their AWS resources. The users can also control which AWS resource can have permission to accesses/manipulate other AWS resources.

Amazon Kinesis Streams: Amazon Kinesis Streams can continuously capture and store terabytes of data per hour and hundreds and thousands of sources. Amazon Kinesis can perform low-level processing on streams of data. Data records are accessible for a default of 24 hours from the time they are added to a stream. This time frame is called the retention period and is configurable in hourly increments from 24 to 168 hours (1 to 7 days).

EC2 Instance: An EC2 instance is a virtual server in Amazon’s EC2 (Elastic Compute Cloud)

Kinesis Client Library: The Amazon Kinesis Client Library (KCL) helps applications consume and process data from an Amazon Kinesis stream. The KCL takes care of several complex tasks that are associated with distributed computing, such as load-balancing across multiple instances, addressing to instance failures, and checkpointing processed records. The KCL acts as an intermediary between record processing logic and Streams.

Simple Storage Service (S3): Amazon S3 provides developers and IT teams with secure, durable, highly-scalable cloud storage. Amazon S3 is easy to use object storage with a simple web service interface to store and retrieve any amount of data from anywhere on the web. Amazon S3 is carefully engineered to meet the requirements for scalability, reliability, speed, low-cost, and simplicity. Each object in S3 can be managed with an object life cycle by using lifecycle configuration. Lifecycle configuration enables you to simplify the lifecycle management of your objects such as automatically sending less frequently accessed objects to low-cost storage alternatives like Amazon Glacier and scheduled deletions of the objects.

Amazon Glacier: Amazon Glacier is a low-cost storage service that provides secure, flexible and durable storage for data backup and archival. Customers can reliably store their data for only about $0.007 per gigabyte per month with Amazon Glacier. It enables any business to easily and cost-effectively retain data for months, years, or decades.

Amazon Dynamo DB: Amazon DynamoDB is a fast and flexible NoSQL database service for applications that need consistent single-digit millisecond latency at any scale. Dynamo DB allows a user to create database tables that can store and retrieve any amount of data, and serve any level of request traffic. Dynamo DB automatically spreads the data and traffic for the tables over a sufficient number of servers to handle throughput and storage requirements, while maintaining consistent and fast performance.

Amazon QuickSight: Amazon QuickSight is a very fast, cloud-powered business intelligence (BI) service that makes it easy for all employees to build visualizations, perform ad-hoc analysis, and quickly get business insights from their data. Amazon QuickSight uses a new, Super-fast, Parallel, In-memory Calculation Engine (“SPICE”) to perform advanced calculations and render visualizations rapidly. Amazon QuickSight easily connects to other AWS data services like Amazon Redshift, Amazon RDS, Amazon Dynamo DB, Amazon S3, and Amazon Kinesis. It can upload CSV, TSV, and spreadsheet files or connect to third-party data sources such as Salesforce.

Amazon Cognito: A smart mobile device can securely connect AWS IoT using AWS Cognito, which provides a secure way to access AWS services from Android and iOS mobile applications. Amazon Cognito also allows mobile applications to authenticate users through social identity providers such as Facebook, Twitter, and Amazon with SAML identity solutions.

AWS Short Notification Service (SNS): SNS is a fully managed push notification service that allows you send individual messages to large numbers of recipients. Amazon SNS makes it simple and cost-effective to send push notifications to mobile device users, email recipients or even send messages to other distributed services.

Solution for the Use Case

The above architecture diagram is the proposed solution for the logistics company, which is using services provided by AWS. The sensors are attached to Hardware board LinkIt One (node) that collects data from the sensors. In IoT scenario, a node represents a ‘Thing’ in our case the ‘Thing’ is the ‘Truck.’

In AWS IoT terminology a ‘Shadow’ is a virtual representation of ‘Thing’. The entire sensor data passed on from truck (via Node) to the AWS IoT is available in the ‘Shadow’.

To update available data at node to ‘Shadow’ and access data available in ‘Shadow’ AWS has given ‘Device SDK’.

In the above use case, the state of the logistic truck (node) (i.e., the temperature, humidity, location of the truck, human presence in the truck and truck door status) is published to the AWS Device gateway using MQTT protocol. The status of the truck published to the device gateway will reflect in the AWS IoT Device Shadow. Any mobile device authenticated by Amazon Cognito can retrieve the latest state stored in the device shadow. The current status of the truck such as current location or the temperature of the container can be monitored remotely from any mobile device.

In the above use case, the AWS IoT Rules Engine serves two purposes,

  1. The rules engine will continuously monitor the current device status, (i.e. current state published to the device gateway from the node). If the temperature or humidity increases, then their threshold values, or if someone opens the refrigerated container’s door in middle of transport, or if the driver of the truck varies from his specified route, the AWS IoT rules engine will trigger emergency alert by sending a push notification, email or SMS to the mobile phone of an admin of the logistics company using Amazon SNS (Short Notification Service).
  2. The rules engine will send the data that is published to the Device Gateway to Amazon Kinesis Streams for further processing and analysis of the data.

The logistic company can have hundreds of trucks. Monitoring and keeping track of all the trucks simultaneously can be tedious. So all the data from hundreds of trucks is sent to Amazon Kinesis Streams where simple processing is done and send to Dynamo DB and S3 from which data will be extracted by Amazon Quick Sight for Business Intelligence and Visual analytics.

Using this solution, the insurance company can keep track of each and every truck for which it gives service if trucks are deviating from the agreed upon conditions as per the insurance, the insurance claimed will not be honored. Now the Insurance Company have the data to show its client when a claim is raised. Thus avoiding the false claim.


Authentication of Edge-Device in AWS IoT

Security is the major concern for any IoT system even if it is just some inconsequential data. Because the future of the technology is IoT and an IoT system can be built to control something as insignificant as a thermostat to something as significant as autopiloting a car. AWS has not taken IoT security as an afterthought but as a security-first while designing their AWS IoT platform. AWS IoT uses MQTT to receive messages from the edge devices. Since MQTT doesn’t have a strong security (it has a minimal password based security), they use ‘Mutual authentication TLS’ i.e. the device authenticates the AWS IoT server, and the AWS IoT server authenticates the device.


Certificates used for mutual authentication:

  1. Server Certificate(AWS IoT server)
  2. Device Certificate(IoT Device)
  3. Root CA Certificate(VeriSign)

Keys used with mutual authentication:

  1. Public Key (AWS IoT server)
  2. Private Key (AWS IoT server)
  3. Public Key (IoT Device)
  4. Private Key (IoT Device)

Server Certificate: It is a digital certificate issued to AWS IoT by VeriSign CA, used to authenticate AWS IoT server.

Device Certificate: Can be either generated by AWS IoT or signed by a trusted CA certificate. This certificate will be copied into the IoT Device and will be used for device authentication.

Root CA Certificate: A root certificate is a self-signed certificate, created by the CA authority. All certificates below the root certificate inherit the trustworthiness of the root certificate. In mutual authentication TLS, the device as well as the AWS IoT server, possess X.509 certificates and a private key.

Working of Mutual TLS:

  1.  The Edge Device will send a ClientHello message to AWS IoT server.
  2.  The server will responds back with a ServerHello message to the Edge device.
  3.  AWS IoT Server sends Certificate message, which contains the server’s certificate.
  4.  Server requests client’s certificate in CertificateRequest message so that the connection can be mutually  authenticated.
  5.  Server concludes its part of the negotiation with ServerHelloDone message.
  6.  The Edge Device will verify that the server certificate is signed by a trusted certification authority. The Edge device  will a list of Root.  certificates of trusted certification authorities In our case Verisign root certificate.
  7.  After verification of the server certificate, the Edge Device will respond with Certificate message, which contains  the Edge Device  certificate.
  8.  The Edge Device will send session key information (encrypted with AWS IoT server’s public key) in  ClientKeyExchange message.
  9.  Edge Device sends a CertificateVerify message to let the AWS server know it owns the sent certificate.
  10.  Edge Device sends ChangeCipherSpec message to activate the negotiated options for all future messages it will  send.
  11.  Edge Device sends a Finished message to let the server check the newly activated options.
  12.  Server sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
  13.  Server sends a Finished message to let the Edge Device check the newly activated options.

The procedure of authentication of edge device by AWS IoT:

The Edge Device certificate, public and private keys are generated, when a ‘Thing’ is created in AWS IoT. This device certificate and the both the keys are copied into the device memory along with a VeriSign root certificate.

When the device wants to connect and send a message to AWS IoT, it will fallow of Mutual TLS process to authenticate both the Edge Device and the AWS IoT server.

Once Mutual TLS authentication is done the data points(Status of a device or temperature of a room) exchanged between the edge device and the AWS IoT server will be encrypted using session key created by the edge device during Mutual TLS process, thereby securing all communications between the Edge device and the AWS IoT server.


TLS, a standardized version of SSL

SSL was developed by Netscape Communications Corporation in 1994 for secure Internet communication. Later, in 1999, Internet Engineering Task Force (IETF) defined TLS as a standard protocol, which will allow secure transactions over the World Wide Web.

TLS is widely recognized as the protocol that provides HTTPS for Internet transactions between Web browsers and Web servers. TLS can also be used for other application level protocols, such as File Transfer Protocol (FTP) and Simple Mail Transfer Protocol (SMTP).

Improvements of TLS over SSL:

  1. The Hashing for Message Authentication Code (HMAC) algorithm replaced the SSL’s Message Authentication Code (MAC) algorithm.
  2. In TLS, it is not necessary to include certificates all the way back to the root CA.
  3. TLS is standardized by Request for Comments (RFC).
  4. New alert messages are added.
  5. Fortezza algorithms are not included in the TLS RFC because they are not open for public review.
Vmoksha’s First IoT Boot Camp

We are all excited to share that our first IoT Training conducted on 7th and 8th May 2016 was a great success.

Vmoksha’s IoT Training brought together professionals from diverse domains who are keen to have in-depth Internet of Things (IoT) knowledge. Our 2 day IoT training includes 8 sessions covering the basic architecture of IoT stack to the analytics and visualization. To provide a holistic perspective to every participant, the experts of Vmoksha have organized theory as well as hands-on sessions with a high-level of interaction.

We explain in detail about a wide range of topics, such as:

  • IoT architecture
  • Sensors and actuators
  • Connectivity technologies & communication protocols
  • Cloud, its components, and IoT
  • Design principles

We have also given a brief demo on Vmoksha’s ongoing and completed IoT projects. The hands-on sessions include use cases ranging from Smart Homes to Smart Cities using MediaTek LinkIt One Platform and AWS IoT Platform


Highlights of Hands-on IoT Training Sessions

  • Connecting different sensors to the IoT development board (LinkIt One)
  • Sending sensor data to the cloud
  • Deploying application using LinkIt One Platform on AWS IoT Platform

We were encouraged by the very positive feedback from our participants, and we are all set to organize the same once every fortnight.

To register for our upcoming IoT Boot camp, please check

During IoT Hands-on Session

IoT Training Bangalore