Welotec and Tributech eliminate data sabotage in industrial IoT

The secure end-to-end solution from Welotec and Tributech meets the highest requirements for data security. The Tributech Platform is an innovative security technology for IoT data management. The Welotec Edge Gateways include a highly secure operating system, TPM module and an integrated firewall, adding another security component to the solution.

Partnership between Tributech and Welotec

The partnership between Tributech and Welotec is based on the approach of creating a complete solution for the reliable and secure exchange of data. The focus is on a security solution with a corresponding trust layer and the implementation of current innovative technologies such as Blockchain. The goal is the joint implementation of use cases in critical infrastructures to realize individual customer projects. In the partnership, we rely on the expert knowledge of both partners and complement this know-how to develop sustainable solutions for different target groups.

Tributech Solutions GmbH

Tributech prevents Data Sabotage and Data Poisoning by providing a technology platform to collect, transmit and share data in a selective & tamper-proof way with unprecedented levels of data integrity whilst maintaining data sovereignty.
The technology works as a data processor/layer that can be incorporated into edge & embedded IoT devices, heterogeneous infrastructures, data platforms, and data services. The patented technology is licensed to enterprises, OEMs, and channel partners worldwide.

The Risk of Data Sabotage and Poisoning

The growing number of IoT devices and data-driven decision-making is increasingly enticing attackers to not only steal or encrypt data but also actively tamper with it. Analysts at ABI Research estimate that 25 percent of cyberattacks will target IoT devices in the next couple of years. This means that companies need to be aware of the trend of deliberate misinformation and the potential impact if IoT data is targeted. The following applies: Encryption is not enough! The growing extent to which businesses, infrastructures, data platforms, companies, etc. are interconnected means that data “moves” across system boundaries during its lifecycle and is used for different use cases. Encrypting data end-to-end helps ensure that data is unaltered when in transit or at rest. However, it has limited capabilities when

  • data is transferred across different systems.
  • there is a time delay when the data is transferred from the source to the consumer.
  • end-to-end encryption only covers parts of the data pipeline.

Trustworthy Data-as-a-Service

The increasing challenges of data poisoning, hijacking or broken data require a solution capable of providing trustworthy data to applications or processes.
Therefore, Tributech has developed a blockchain-based data auditing solution for verifying data between source and consumer, we also call this solution Data Notary. A Data Notary takes care of audits covering data integrity, authenticity, and other quality parameters, exactly where they are most needed, between the data source and the consumer. A data quality seal providing these insights forms the much-needed base for data consumers. With this novel security technology, Tributech’s IoT and data management platform provides trustworthy data-as-a-service across all infrastructure layers between data sources and their consumers.

Together with the Welotec Edge Gateway and device management solution, customers benefit from an end-to-end solution for trustworthy IoT data. Welotec provides a perfect fit for Tributech’s platform and complements the solution with a highly secure operating system, TPM, firewall, VPN, device, and container management via Azure IoT and Welotec SMART EMS for remote OS updates.

Image: Complete solution for a reliable and secure data exchange at the edge.


Consequently, the solution enables the user to access data easy and secure at the Edge and transfer it to other systems, such as applications or platforms. In the first step the relevant data is collected and authenticated on the Welotec Edge device, this is done through the Tributech Agent. The next steps are a secure transmission of the data and a verification with Tributech Node (see image).

Tributech Platform

Tributech Node 

The Tributech Node offers an IoT and data management middleware with a blockchain-based data security layer for providing trustworthy data as a service.

The middleware offers a unified data integration path for IoT gateways, embedded IoT devices and API connectors. The included data management layer allows users to easily manage the data between warm and cold storage paths as well as accessing audit trails and well-structured metadata for each data source. Connected data sources are described and contextualized through digital twins and indexed in a data catalog. For each data point or package, data quality seals (proofs) are created to provide trust, traceability and auditability to data consuming applications or platforms. In addition to the vertical data integration, the platform also includes data exchange capabilities for advanced use cases to share / integrate data horizontally with other nodes and connect stakeholders along the (data) value chain.

Tributech Agent 

The Tributech Agent provides an application for IoT Edge gateways to collect, notarize and transmit trustworthy IoT data as-a-service. Any data that is collected through the Agent gets notarized by creating cryptographic proofs that are stored within a blockchain-based security layer. The Agent provides an open interface that allows developers to connect any data source and supports plug & play integrations with leading Industry protocols like MQTT or OPC-UA.

Welotec Edge Gateways with Remote Maintenance Solution 

Welotec Edge Gateway Series with hardened operating system 

Welotec Edge Gateways are fully integrated into the Azure IoT Hub through the implemented Azure IoT Edge Runtime. In addition to the industrial-grade computing platform, they feature a hardened Linux operating system, a secure TPM module and a cloud-integrated container environment. With their compact housing, the Edge Gateways are designed for DIN rail mounting and can be used in harsh environments. The EG500 series is also available including 5G connectivity and the EG600 with 4G LTE. 

Particularly noteworthy in the context of secure and trustworthy data processing and forwarding is the hardened operating system of Welotec’s Edge Gateway series. For maximum system security, the operating system only contains dedicated software that is necessary for operation in industrial IoT and edge infrastructures. In this way, the Edge Gateway guarantees correct operation in compliance with the highest security standards according to BSI.  As an implemented security layer, the operating system of the Edge Gateways is equipped with an integrated firewall in terms of software and a TPM 2.0 module in terms of hardware. The firewall makes it possible to manage the complete data exchange from and to the Edge Gateways. The TPM module is firmly bound to the device and thus enables a unique identification of the edge gateway. In addition, the secure exchange of certificates can be ensured. 

To ensure that the Edge Gateway can run any software based on the hardened operating system, the scalable container runtime is used. This makes it possible to roll out the desired applications and necessary packages within a container. Through this mechanism, the operating system of the Edge Gateway remains unchanged, and the desired software can be fully executed and used without restrictions.  

To simplify the management of these containers, the Welotec Edge Gateways have a seamless integration into the Azure IoT Hub. Using the TPM module, it is possible to connect the devices automatically and securely to the desired IoT Hub via the Device Provisioning Service (DPS) of Microsoft Azure. Any modules and applications from the Azure IoT Hub can then be remotely executed, used, and monitored on the device.

Welotec SMART EMS – Rollout and Management Software

Edge gateway configurations and firmware updates can be rolled out, managed, and installed centrally via the Welotec SMART EMS device management software. Zero touch provisioning ensures that rollout and management are carried out to the highest security standards. In addition, an integrated PKI enables the creation, allocation, distribution, and revocation of certificates.

Advantages and benefits of the solution 

  • Secure and trustworthy query of data, auditable from sensor to data consumer based on Welotec Edge Gateway and Tributech platform with blockchain-based data verification.
  • Easy implementation of data queries, data audits and configurations of IoT applications through Tributech platform.
  • Support for industry standards such as MQTT, OPC-UA, or ADS for data integration on the Welotec Edge Gateway through the Tributech Agent.
  • Plug-and-play solution for easy infrastructure setup and seamless connectivity to cloud platforms through Welotec Edge Gateway and Tributech Node.
  • Device management worldwide over the air and tunneled and encrypted remote access worldwide 24/7.