กลับไปหน้ารวมไฟล์
securely-connecting-an-arduino-nb-1500-to-azure-iot-hub-2664c0-en.md

Project Overview

The "Securely Connecting an Arduino NB 1500 to Azure IoT Hub" project is a professional-grade implementation of Narrowband IoT (NB-IoT) technology. It demonstrates how to establish a low-power, wide-area network (LPWAN) connection between a remote edge device and a enterprise cloud platform. By combining the Arduino MKR NB 1500—which supports LTE Cat M1/NB-IoT—with Microsoft Azure, this project enables high-security machine-to-machine (M2M) communication. The core engineering focus is on industrial-standard authentication using hardware-based cryptographic keys and X.509 certificates.

Note: This tutorial could be outdated, please go here for a more current version.

Introduction

Azure IoT Hub allows you to "securely connect, monitor, and manage billions of device to develop Internet of Things (IoT) applications."

Devices can connect to Azure IoT Hub using the following protocols: HTTPS, AMPQ and MQTT - Azure also provides SDKs for many programming languages to abstract these protocols. In addition, you can connect to IoT Hub via an MQTT client. This page has more information on IoT Hub’s MQTT support.

This tutorial will walk you through how to connect an Arduino MKR NB 1500 board securely to Azure IoT Hub using an MQTT client. MQTT (Message Queuing Telemetry Transport) is a M2M (machine-to-machine) connectivity protocol which provides a messaging subscription and publish transport.

Devices can use SAS tokens or X.509 certificates for authentication with Azure IoT Hub, more information can be found here. In this tutorial, we'll use an X.509 certificate to authenticate the board.

Every Arduino MKR board with on-board connectivity, including the MKR NB 1500, is equipped with a Microchip ATECC508A or ATECC608A crypto element. This crypto element can be used to securely generate and store a 256-bit ECC (Elliptic Curve Cryptography) key.

Technical Security Architecture

The security of this system is multi-layered, moving away from simple passwords toward hardware-rooted trust.

  • ATECC608A Crypto Element: The MKR NB 1500 features a dedicated cryptographic co-processor. This chip generates a unique private key that never leaves the silicon. Even if the main microcontroller (SAMD21) is compromised, the attacker cannot extract the identity of the device. This project uses Elliptic Curve Cryptography (ECC) to sign authentication tokens, providing higher security with shorter key lengths (256-bit) compared to RSA.
  • X.509 Certificate Authentication: Instead of using shared access signatures (SAS) which can leak, this project uses self-signed X.509 certificates. The certificate's thumbprint (SHA1 hash) is registered in Azure IoT Hub, creating a unique 1-to-1 trust relationship between the physical board and the cloud endpoint.
  • BearSSL / TLS 1.2: Communication over the cellular network is encrypted using the ArduinoBearSSL library. This ensures a secure Transport Layer Security (TLS) tunnel for MQTT packets, protecting data from "man-in-the-middle" attacks during transmission over the public LTE network.

Engineering & Hardware Setup

  • LTE Cat M1/NB1 Support: The onboard u-blox SARA-R410M modem is specifically designed for battery-operated IoT devices. It provides "deep indoor" coverage (ideal for water meters or basement sensors) while operating with extremely low peak currents.
  • Power Management: The NB 1500 includes an onboard charger for 3.7V LiPo batteries. In an engineering context, this allows for seamless transition from USB power to battery backup, ensuring that the device can survive power outages and transmit "last gasp" notifications to the cloud hub.
  • SIM Compatibility: A Micro SIM with an active NB-IoT or Cat M1 plan is required. Proper cellular APN (Access Point Name) configuration in arduino_secrets.h is crucial for the MKRNB library to establish a data connection.

Implementation Workflow

  1. Identity Generation: Using the ECCX08SelfSignedCert sketch, the user interacts with the crypto-element to lock the hardware configuration and generate the certificate thumbprint.
  2. Azure Hub Configuration: The hub is provisioned in the Azure Portal, and a new device identity is created using the thumbprint as the primary authentication factor.
  3. MQTT Publish/Subscribe: The Arduino firmware utilizes the ArduinoMqttClient to publish telemetry data and subscribe to "C2D" (cloud-to-device) commands. The protocol's lightweight headers are perfect for the low-bandwidth nature of NB-IoT, reducing both data costs and battery drain.

ข้อมูล Frontmatter ดั้งเดิม 

title: "Securely Connecting an Arduino NB 1500 to Azure IoT Hub"
description: "In this tutorial, you'll learn how to connect your Arduino MKR NB 1500 board securely to Microsoft Azure IoT Hub."
author: "Arduino_Genuino"
category: "Internet of Things, BT & Wireless"
tags:
  - "iot"
  - "arduino"
  - "azure"
views: 40946
likes: 9
price: 1499
difficulty: "Intermediate"
components:
  - "1x 3.7V Lipo Battery"
  - "1x Micro SIM card"
  - "1x Arduino MKR NB 1500"
  - "1x Micro-USB to USB Cable (Generic)"
tools: []
apps:
  - "1x Microsoft Azure"
  - "1x Arduino IDE"
downloadableFiles:
  - "https://github.com/arduino/ArduinoCloudProviderExamples"
documentationLinks: []
passwordHash: "4afff3e900c83b0a65b0533bf2b5f3fe839dc92e076af8335ccc9ef3c5fb39fb"
encryptedPayload: "U2FsdGVkX19GdI4IWXEASbelz1xPkE6qxXzua0gvJ97XMppRUEH1JKdL5nvSql8N0ntvsrQ95KuW28/6pH8jnOWKtvbOj4Xw0bvXiImagZq2zzrFWRyKusSLcz0mLpkg"
seoDescription: "Learn how to securely connect Arduino MKR NB 1500 to Azure IoT Hub with this step-by-step guide."
videoLinks: []
heroImage: "https://cdn.jsdelivr.net/gh/bigboxthailand/arduino-assets@main/images/projects/securely-connecting-an-arduino-nb-1500-to-azure-iot-hub-2664c0_cover.jpg"
lang: "en"