Enabling Secure IoT Connectivity with WiFi Modules
February 27, 2025
Blog
In the rapidly evolving landscape of the Internet of Things (IoT), WiFi modules have emerged as crucial components, providing essential wireless connectivity for a wide array of embedded applications. These compact electronic devices combine several key elements to enable wireless communication using WiFi protocols, forming the backbone of many IoT products.
Anatomy of a WiFi Module
At its core, a WiFi module typically consists of a radio module, an antenna, a microcontroller, and a host interface. The radio module, a specialized semiconductor device, is designed to transmit and receive radio frequencies, usually operating in the 2.4 GHz or 5 GHz bands for WiFi communication. The antenna facilitates the transmission and reception of wireless signals, while the microcontroller runs firmware that manages data transmission and protocol operations. The host interface, often utilizing SPI, I²C, or UART protocols, allows the module to connect to an external device or application processor.
These modules have become indispensable in IoT applications where internet connectivity is a requirement. Their compact nature and integrated functionality make them ideal for embedding in a wide range of devices, from smart home appliances to industrial sensors.
The ESP32: A Powerhouse in a Small Package
One popular example of a wireless module that exemplifies the capabilities of modern wireless SoCs is the ESP32. This module includes a dual-core 32-bit Xtensa LX7 microprocessor that can operate at speeds up to 240 MHz. With 384 kB of ROM and 512 KB of SRAM, the ESP32 provides ample resources for complex IoT applications.
The ESP32 achieves CoreMark scores of 613.86 for single-core operation and 1181.60 for dual-core operation at 240 MHz. These metrics underscore the module's capability to handle demanding tasks while maintaining energy efficiency, a crucial factor in IoT device design, particularly for battery-powered applications.
Navigating the Protocol Maze
To establish and maintain network connections, WiFi modules must implement a range of protocols organized in a layered architecture. At the foundation are the Physical and Data Link layers, governed by IEEE 802.11 standards that define WiFi specifications. Building upon this, the Network layer incorporates protocols like IP and ICMP, while the Transport layer implements TCP and UDP.
Higher up the stack, the Session layer utilizes protocols such as RPC, SFTP, and SDP. At the top, the Application Layer, which typically includes the Presentation Layer, leverages protocols like HTTP(S), SFTP and SMTP to enable high-level functionality.
As WiFi modules have evolved, they've become capable of handling increasingly complex protocol stacks internally. This progression has significantly reduced the burden on host application processors, simplifying the development process for IoT devices.
AT Commands: The Language of WiFi Modules
Communication between WiFi modules and host application processors often relies on AT commands, transmitted over a low-bandwidth serial interface like UART. Originally developed for modems, these commands have been adapted and expanded for WiFi module control. Common AT commands for WiFi modules include setting the WiFi mode (AT+CWMODE), connecting to an access point (AT+CWJAP), listing available access points (AT+CWLAP), and configuring DHCP settings (AT+CWDHCP).
The evolution of WiFi modules has led to an expansion of the AT command set, covering a wide range of functionalities including advanced security features and complex network configurations. This expanded capability allows for more sophisticated control and management of WiFi connectivity in IoT devices.
The Shifting Landscape of Wireless System Partitioning
The architecture of IoT devices typically includes both a WiFi module and an application processor, with the latter running the device's main firmware and software. As IoT devices have evolved, the distribution of tasks between these components has undergone significant changes, particularly in terms of protocol stack implementation.
In early IoT devices with basic WiFi modules, the system partitioning was relatively simple. The WiFi module handled the Physical and Data Link layers along with a basic TCP/IP stack, while the application processor managed the application logic and higher-level protocols. This configuration was suitable for basic, unencrypted communications but lacked robust security features.
As security concerns grew more pressing, IoT devices incorporated HTTPS capabilities. In this setup, the application processor took on additional responsibilities, including HTTPS implementation, TLS stack management, cryptographic key handling, and certificate storage. This arrangement was necessary to protect sensitive cryptographic information, as the link between the WiFi module and application processor was typically unencrypted. It meant that more capable applications processors were needed, adding cost and energy consumption to IoT devices.
More recent WiFi modules have incorporated advanced security features, including the ability to handle TLS stacks, manage cryptographic keys, and maintain an encrypted link to the application processor. This evolution has allowed for more secure key management within the WiFi module itself, enhancing overall system security.
Cloud Security Platform Integration
For IoT devices requiring advanced device management capabilities, integration with cloud-based security platforms like Crypto Quantique’s QuarkLink (QL) have introduced additional components to the system architecture. In this configuration, the wireless module, in this case Cordelia-I WiFi modules from Würth Elektronik, incorporates QuarkLink API support and a secure element for key storage, while the application processor manages the QuarkLink root certificate and URL.
This setup significantly simplifies development of the end application by offloading complex security and management tasks to the WiFi module. It represents a trend towards more capable and secure WiFi modules that can handle sophisticated device management and security protocols independently.
Secure connectivity to the cloud is achieved with just a few lines of code and from the QuarkLink user interface, IoT devices can be managed securely throughout their operating life. The platform capabilities include secure boot, a private certificate authority and PKI, secure boot, device authentication, and secure over-the-air firmware updates (FOTA).
Conclusion
As WiFi modules evolve, they are incorporating more advanced features, including enhanced security protocols, integrated device management capabilities, and improved power efficiency. This trend is simplifying IoT device development by offloading complex networking and security tasks from the application processor, allowing developers to focus more on application-specific functionality.
The future of WiFi modules in IoT looks promising, with ongoing advancements in areas such as power consumption optimization, security enhancements, and improved interoperability. As the IoT landscape continues to grow and diversify, WiFi modules will play an increasingly crucial role in enabling secure, efficient, and reliable wireless connectivity for the next generation of smart devices and systems.
Crypto Quantique will be at embedded world from March 11-13, Hall 5.171
Chris Jones is Crypto Quantique’s IoT security specialist. Following a 28-year career in project management and field applications engineering, Chris spent two years as a senior application engineer at Secure ThingZ in Cambridge, UK, working in IoT security. He joined Crypto Quantique in May 2020. Chris holds a BSc in electrical and electronic engineering from the University of Coventry, UK.
