6 min read
On this page

IoT Architecture

IoT Reference Architectures

Three-Tier Architecture

┌──────────────────────────────────────────────────────────┐
│  Cloud Tier                                              │
│  - Data storage, analytics, ML/AI                        │
│  - Device management, dashboards                         │
│  - API gateway, business logic                           │
└──────────────────────┬───────────────────────────────────┘
                       │  MQTT / HTTPS / WebSocket
┌──────────────────────┴───────────────────────────────────┐
│  Gateway / Edge Tier                                     │
│  - Protocol translation, data aggregation                │
│  - Local decision-making, buffering                      │
│  - Security boundary                                     │
└──────────────────────┬───────────────────────────────────┘
                       │  BLE / Zigbee / LoRa / Wired
┌──────────────────────┴───────────────────────────────────┐
│  Device Tier                                             │
│  - Sensors, actuators, MCUs                              │
│  - Constrained networks                                  │
│  - Battery-powered, low-cost                             │
└──────────────────────────────────────────────────────────┘

Five-Layer IoT Model

| Layer | Function | Technologies | |---|---|---| | Perception | Sensing, data acquisition | Sensors, RFID, cameras | | Network | Data transmission | BLE, LoRa, Wi-Fi, cellular | | Middleware | Service management, processing | MQTT broker, stream processing | | Application | Business logic, user interface | Dashboards, mobile apps, APIs | | Business | System management, analytics | BI tools, ML pipelines |

Edge Computing

Processing data near the source rather than sending everything to the cloud.

Why Edge Computing?

| Challenge | Cloud-Only | Edge + Cloud | |---|---|---| | Latency | 50-200 ms round trip | <10 ms local | | Bandwidth | All data uploaded | Only insights uploaded | | Reliability | Offline = dead | Functions offline | | Privacy | Raw data leaves premises | Data processed locally | | Cost | High bandwidth costs | Reduced cloud usage |

Edge Processing Patterns

Sensor --> MCU (filter, threshold) --> Gateway (aggregate, ML inference)
                                           |
                                      Cloud (storage, training, dashboards)

On-device edge: simple threshold checks, moving averages, anomaly flags on the MCU itself.

Gateway edge: runs ML inference models (TensorFlow Lite, ONNX), aggregates data from multiple sensors, makes local control decisions.

Fog Computing

An extension of edge computing that distributes processing across multiple layers between devices and cloud. Fog nodes are more capable than edge devices but closer to data sources than cloud.

Cloud        [ Heavy analytics, model training, long-term storage ]
  |
Fog nodes    [ Regional processing, caching, orchestration ]
  |
Edge         [ Local filtering, real-time response ]
  |
Devices      [ Sensing, actuation ]

Fog computing is particularly relevant for smart city, industrial, and transportation applications where hierarchical processing reduces latency and bandwidth.

IoT Platforms

AWS IoT

Device --> MQTT/HTTPS --> AWS IoT Core --> Rules Engine --> Lambda / S3 / DynamoDB
                             |
                        Device Shadow (digital twin)
                             |
                        Device Defender (security monitoring)

Key services:

  • IoT Core: managed MQTT broker with TLS mutual authentication
  • Device Shadow: JSON state document synced between device and cloud
  • IoT Greengrass: edge runtime for local compute, ML, and messaging
  • IoT SiteWise: industrial data collection and monitoring
  • FreeRTOS integration: official FreeRTOS support with connectivity libraries

Azure IoT

Device --> MQTT/AMQP/HTTPS --> IoT Hub --> Stream Analytics / Event Hubs
                                  |
                             Device Twins
                                  |
                             IoT Edge (containerized modules on gateways)

Key services:

  • IoT Hub: device management, message routing, file upload
  • IoT Central: low-code IoT application platform
  • IoT Edge: Docker containers on gateway devices
  • Digital Twins: spatial intelligence and graph-based modeling
  • Sphere: secure MCU platform (hardware + OS + cloud security)

Platform Comparison

| Feature | AWS IoT | Azure IoT | |---|---|---| | Protocol | MQTT, HTTPS, WebSocket | MQTT, AMQP, HTTPS | | Device twin | Device Shadow (JSON) | Device Twin (JSON) | | Edge runtime | Greengrass | IoT Edge (Docker) | | Max message | 128 KB | 256 KB | | Pricing model | Per million messages | Per edition + messages |

Device Provisioning

Securely onboarding devices at scale requires automated provisioning.

Provisioning Methods

| Method | Scale | Security | Complexity | |---|---|---|---| | Manual (per-device credentials) | Small | High | High labor | | Pre-shared key (fleet-wide) | Medium | Lower | Low | | X.509 certificates (per-device) | Large | Highest | Medium | | Token-based (just-in-time) | Large | High | Medium |

Zero-Touch Provisioning Flow

1. Device manufactured with unique identity (secure element, certificate)
2. Device powers on, connects to provisioning service
3. Service verifies device identity (certificate chain)
4. Service issues device-specific credentials and configuration
5. Device connects to production IoT endpoint
6. No human intervention required

OTA (Over-the-Air) Updates

Firmware updates in the field are critical for security patches and feature additions.

OTA Update Architecture

┌─────────┐     ┌──────────────┐     ┌──────────┐
│ Build    │────>│ Update Server│────>│ Device   │
│ Pipeline │     │ (firmware    │     │ (download,│
│          │     │  repository) │     │  verify,  │
│ CI/CD    │     │              │     │  install) │
└─────────┘     └──────────────┘     └──────────┘

Update Strategies

| Strategy | Downtime | Safety | Flash Required | |---|---|---|---| | A/B partitions | Near zero (reboot) | Rollback possible | 2x firmware size | | In-place update | During update | No rollback | 1x + staging area | | Delta/diff update | During apply | Size efficient | Patch + rollback slot |

A/B Partition Layout

Flash Memory:
┌──────────────┬──────────────┬──────────┐
│ Bootloader   │ Slot A       │ Slot B   │
│ (always runs)│ (active FW)  │ (new FW) │
│              │              │          │
│ Decides which│ Currently    │ Downloaded│
│ slot to boot │ running      │ update   │
└──────────────┴──────────────┴──────────┘

Update flow:
1. Download new firmware to inactive slot (B)
2. Verify signature and integrity
3. Mark slot B as pending
4. Reboot into slot B
5. If boot succeeds, mark B as confirmed
6. If boot fails (watchdog timeout), revert to slot A

Firmware Signing

// Conceptual firmware verification (using ed25519)
PROCEDURE VERIFY_FIRMWARE(firmware, signature, public_key) → boolean
    key ← ED25519_KEY_FROM_BYTES(public_key)
    sig ← SIGNATURE_FROM_BYTES(signature)
    RETURN ED25519_VERIFY(key, firmware, sig) IS success

Digital Twins

A digital twin is a virtual representation of a physical device that stays synchronized with it.

Digital Twin Structure

{
  "deviceId": "pump-station-042",
  "reported": {
    "temperature": 72.5,
    "pressure": 14.7,
    "rpm": 1450,
    "status": "running",
    "firmware": "2.1.3",
    "lastSeen": "2026-03-24T10:30:00Z"
  },
  "desired": {
    "rpm": 1500,
    "firmware": "2.2.0"
  },
  "metadata": {
    "model": "XP-2000",
    "installDate": "2024-06-15",
    "location": { "lat": 37.7749, "lon": -122.4194 }
  }
}

Use cases:

  • Monitoring: dashboards showing fleet status without polling devices
  • Control: set desired state, device syncs when online
  • Simulation: test changes on the twin before deploying to hardware
  • Predictive maintenance: ML models on twin data predict failures

IoT Security

Threat Model

| Threat | Vector | Mitigation | |---|---|---| | Firmware extraction | Physical access, JTAG | Disable debug ports, encrypt flash | | Man-in-the-middle | Network interception | TLS/DTLS, certificate pinning | | Replay attacks | Captured valid messages | Nonces, timestamps, sequence numbers | | Firmware tampering | Malicious update | Signed firmware, secure boot chain | | Credential theft | Flash dump, side-channel | Secure element (ATECC608, STSAFE) | | Denial of service | Network flooding | Rate limiting, authentication |

Secure Boot Chain

ROM Bootloader (immutable, in silicon)
  |  verifies signature of -->
First-Stage Bootloader (U-Boot SPL)
  |  verifies signature of -->
Second-Stage Bootloader (U-Boot)
  |  verifies signature of -->
Kernel + Device Tree
  |  verifies -->
Root Filesystem (dm-verity)
  |  verifies -->
Application (signed binaries)

Each stage verifies the next before executing it. The root of trust is anchored in immutable ROM code and a hardware-stored public key.

Secure Elements

Hardware cryptographic modules that store keys and perform crypto operations in tamper-resistant silicon:

  • ATECC608B: ECC-P256 key storage, ECDH, ECDSA, AES-128, SHA-256
  • STSAFE-A110: certificate storage, TLS pre-master secret generation
  • TPM 2.0: platform integrity measurement, sealed storage

Keys never leave the secure element -- cryptographic operations happen inside the chip.

Power Management

Power Budget Calculation

Battery capacity: 2400 mAh (AA lithium)
Target lifetime: 5 years = 43,800 hours

Average current budget: 2400 / 43800 = 54.8 uA

Power budget breakdown:
  Sleep mode (99.9% of time):    3 uA
  Wake + sense (0.08%):        500 uA average during wake
  Transmit (0.02%):           20 mA average during TX

  Effective average = 0.999 * 3 + 0.0008 * 500 + 0.0002 * 20000
                    = 2.997 + 0.4 + 4.0
                    = 7.4 uA   (within budget)

Power Optimization Techniques

| Technique | Savings | |---|---| | Deep sleep between measurements | 100-1000x reduction | | Reduce sensor sampling rate | Linear reduction | | Batch transmissions | Amortize radio startup cost | | Lower TX power | Exponential range/power tradeoff | | Clock gating unused peripherals | Eliminate idle current | | Voltage scaling | Quadratic power reduction |

Energy Harvesting

Supplementing or replacing batteries with ambient energy:

| Source | Power Density | Technology | Application | |---|---|---|---| | Solar (indoor) | 10-100 uW/cm^2 | Photovoltaic cells | Sensors, displays | | Solar (outdoor) | 10-100 mW/cm^2 | Photovoltaic cells | Weather stations | | Vibration | 1-100 uW/cm^3 | Piezoelectric, electromagnetic | Industrial monitoring | | Thermal gradient | 20-60 uW/cm^2/K | Thermoelectric (Peltier) | Pipe monitoring, body heat | | RF (ambient) | 0.1-1 uW/cm^2 | Rectenna | RFID, near-field power |

Energy harvesting systems typically use a power management IC (PMIC) with maximum power point tracking (MPPT) to charge a supercapacitor or small LiPo battery.

Key Takeaways

  • IoT architectures span from simple three-tier (device-gateway-cloud) to complex fog computing hierarchies.
  • Edge computing reduces latency, bandwidth, and cloud dependency by processing data near the source.
  • OTA updates with A/B partitions and firmware signing are essential for field-deployed devices.
  • Security must be designed in from the start: secure boot, signed firmware, secure elements, TLS everywhere.
  • Power budgets determine battery life; deep sleep, batched transmissions, and energy harvesting extend it.
  • Digital twins bridge the physical-digital gap, enabling monitoring, control, and simulation at scale.