IoT: putting the cart before the horse

Internet of Things (IoT) is about “things” with some form of data connection and remote-control layer on top, all together enabling their synchronization, application execution and orchestration, and basic status analytics. Well, this is quite inexact; in fact, the above definition would apply perfectly to certain industrial environments already back in the 90s. IoT is much more than that: IoT is a full concept much like The Internet is, a collection of software plus hardware technologies and an associated communication network that aims to animate our physical reality to augment human existence and industrial efficiency through knowledge and awareness. In this regard, turning on the music with the click of a finger, or making the refrigerator do the shopping for us is just a little part of the story.

IoT industry fragmentation across vertical industry segments.
Bubbles: # of companies providing the function/service [1]

If we were to add the missing elements to what was already possible three decades ago, these would be: many more devices – 10000x factor, the diversity of devices is now innumerable – from PHY sensors and hardware triggers to deep digitization of every single device, data is much more abundant and storable, the huge progress in the communication infrastructure, which makes possible instantaneous access to any device from (almost) anywhere in the world – disregarding security concerns, as well as to leverage cloud computing for quasi-real-time analytics, and likewise the progress in software and control-plane capacity, thanks to which programming the experience is simpler and more automatable. The story flies by itself, but unfortunately – fortunately for engineers, the ambitions of IoT bring on great technical challenges that are being researched as we discuss; with data/datacom security being one of the most critical aspects.

Security is, and has always been, a major point of attention (downside?) in peer-to-peer networking or flat – little hierarchical – connectivity environments; and IoT is no exception. The greatest difficulty in ensuring data-secure IoT experience is not only doing it, but doing it while respecting other critical KPIs like battery life-cycle, cost, low connectivity fee, sufficient throughput, and as long range as possible. This has been the research focus of various companies in the sector like the European Sigfox (proprietary technology) and LoRa (open source) – previously focused on the low-power wireless comm. market and now aggressively addressing the IoT space (at least in EU), or Narrowband IoT, NB-IoT, or LTE – with non-negligible market share in the US. ID encryption and digital signatures, random frequency selection for transmission, anti-replay, VPN-based network slicing and cloud partitioning, time + frequency + space comm. diversity to improve the resilience against jamming, or attack-preventive flow control are some of the features of these communication technologies manage to reconcile. Note from the listed technologies that several security measures are taken, starting at the device itself, and continuing all the way through the network and the PHY to guarantee end-to-end protection. Other research initiatives rely on the delegation of the security force and the IoT network management/governance to a software entity (software-defined LANs) – possibly sitting on the gateway itself, which allows for the deployment of convenient and secure network segmentations, environment-specific communication/access policies, and device forwarding without the hassle that establishing a specific VPN entails while keeping the end-user in charge of what is happening in his/her environment.

Example of possible SD-LANs within a home network and among
multiple home networks [6]

In a format or in other, these approaches pose and/or demand quite unusual set of requirements to the communication networks that really need to keep pace, whether it be from the connectivity space – e.g. Satellites are revamping, from the quality of service perspective – e.g. the standardization of time-sensitive communication protocols, or from the network architecture design – e.g. Edge/distributed cloud. This infrastructural development is not optional, however, the progress in this field is much more difficult – and hence slow – than IoT’s, suggesting a dichotomic panorama in which we either: pause until we are all ready, or we just keep going.

For now, it seems that we have decided to put the cart before the horse, entrusting our “things” to one of the many competing security options – none of them perfect, none of them general enough to become standards round the globe – and keep growing our 7+ smart “things” per capita; injecting more and more traffic, exposing our data non-stop into the most insecure communication network by design, The Internet.

The opportunities tend to be as big as the risks themselves, data says; just that they look different every time. Good that IoT is becoming a huge, right…?

References

[1] M. K. Weldon, The Future X Network: A Bell Labs Perspective (2016), Taylor & Francis Group.

[2] Sigfox Website [Online]. Available: https://www.sigfox.com/en

[3] LoRa Website [Online]. Available: https://www.lora-alliance.org/

[4] Semtech Website [Online] . Available: https://www.semtech.com/technology/lora/what-is-lora

[5] B. Ray, “SigFox Vs. LoRa: A Comparison Between Technologies & Business Models,” LinkLabs, 2018 [Online]. Available: https://www.link-labs.com/blog/sigfox-vs-lora

[6] M. Boussard et al., “Software-Defined LANs for Interconnected Smart Environment,” in 27th International Teletraffic Congress, Ghent, 2015, pp. 219-227.

[7] Nokia Internal

Users who have LIKED this post:

•