By: Tom Jeltes, Eindhoven University of Technology

The Internet of Things (IoT) consists of billions of sensors and other devices connected to each other via internet, all of which need to be protected against hackers with malicious purposes. A low-cost and energy efficient solution for the security of IoT devices uses the unique characteristics of the built-in memory chips. Ph.D. candidate Lieneke Kusters investigated how to make optimal use of the chip's digital fingerprint to generate a security key.

The higher the number of devices connected to each other via the Internet of Things, the greater the risk that malicious hackers might gain access to important information, or even take over entire systems. Quite apart from all kinds of privacy issues, it's not hard to imagine that that someone who, for example, has control over temperature sensors in a chemical or nuclear plant, could cause serious damage.

Digital fingerprint

There is a different way: namely by deducing the security key from a unique physical characteristic of the memory chip (Static Random-Access Memory, or SRAM) that can be found in practically every IoT device. Depending on the random circumstances during the chip's manufacturing process, the memory locations have a random default value of 0 or 1.

"That binary code which you can read out when activating the chip, constitutes a kind of digital fingerprint of the device," says Kusters, who gained her doctorate at the Information and Communication Theory Laboratory at the TU/e department of Electrical Engineering. This fingerprint is known as a Physical Unclonable Function (PUF). "The Eindhoven-based company Intrinsic ID sells digital security based on SRAM-PUFs. I collaborated with them for my doctoral research, during which I focused on how to generate, in a reliable way, a key from that digital fingerprint that is as long as possible. The longer, the safer."

The major advantage of security keys based on SRAM-PUFs is that the key exists only at the moment when authentication is required. "The device restarts itself to read out the SRAM-PUF and in doing so creates the key, which subsequently gets erased immediately after use. That makes it all but impossible for an attacker to steal the key."

Noise and reliability

But that's not the entire story, because some bits of the SRAM do not always have the same value during activation, Kusters explains. Ten to fifteen percent of the bits turn out not to be determined, which makes the digital fingerprint a bit fuzzy. How do you use that fuzzy fingerprint to make a key of the highest possible complexity that nevertheless still fits into the receiving lock—practically—each time?

"What you want to prevent is that the generated key won't be recognized by the receiving party as a consequence of the 'noise' in the SRAM-PUF," Kusters explains. "It's alright if that happens one in a million times perhaps, preferably less often." The probability of error is smaller with a shorter key, but such a key is also easier to guess for people with bad intentions. "I've searched for the longest reliable key, given a certain amount of noise in the measurement. It helps if you store extra information about the SRAM-PUF, but that must not be of use to a potential attacker. My thesis is an analysis of how you can reach the optimal result in different situations with that extra information."

Originaly posted here.

CLICK HERE TO DOWNLOAD

This complete guide is a 212-page eBook and is a must read for business leaders, product managers and engineers who want to implement, scale and optimize their business with IoT communications.

Whether you want to attempt initial entry into the IoT-sphere, or expand existing deployments, this book can help with your goals, providing deep understanding into all aspects of IoT.

CLICK HERE TO DOWNLOAD

Now more than ever, there are billions of edge products in the world. But without proper cloud computing, making the most of electronic devices that run on Linux or any other OS would not be possible.

And so, a question most people keep asking is which is the best Software-as-a-service platform that can effectively manage edge devices through cloud computing. Well, while edge device management may not be something, the fact that cloud computing space is not fully exploited means there is a lot to do in the cloud space.

Product remote management is especially necessary for the 21st century and beyond. Because of the increasing number of devices connected to the internet of things (IoT), a reliable SaaS platform should, therefore, help with maintaining software glitches from anywhere in the world. From smart homes, stereo speakers, cars, to personal computers, any product that is connected to the internet needs real-time protection from hacking threats such as unlawful access to business or personal data.

Data being the most vital asset is constantly at risk, especially if individuals using edge products do not connect to trusted, reliable, and secure edge device management platforms.

Bridges the Gap Between Complicated Software And End Users

Cloud computing is the new frontier through which SaaS platforms help manage edge devices in real-time. But something even more noteworthy is the increasing number of complicated software that now run edge devices at homes and in workplaces.

Edge device management, therefore, ensures everything runs smoothly. From fixing bugs, running debugging commands to real-time software patch deployment, cloud management of edge products bridges a gap between end-users and complicated software that is becoming the norm these days.

Even more importantly, going beyond physical firewall barriers is a major necessity in remote management of edge devices. A reliable Software-as-a-Service, therefore, ensures data encryption for edge devices is not only hackproof by also accessed by the right people. Moreover, deployment of secure routers and access tools are especially critical in cloud computing when managing edge devices. And so, developers behind successful SaaS platforms do conduct regular security checks over the cloud, design and implement solutions for edge products.

Reliable IT Infrastructure Is Necessary

Software-as-a-service platforms that manage edge devices focus on having a reliable IT infrastructure and centralized systems through which they can conduct cloud computing. It is all about remotely managing edge devices with the help of an IT infrastructure that eliminates challenges such as connectivity latency.

Originally posted here

In the era of digitalization, IoT is fostering the upcoming revolution in mobile apps. The ways companies used to provide mobile app development are changing because of IoT. After helping thousands of corporates to deliver extraordinary user experiences, IoT is all set with some new and advanced mobile app development trends. 

The tech world is the one that is continuously evolving. Every year and each day, innovations come to light. Each of them is revolutionizing our lives in one or the other ways. From the first wheel to smart cities, humans have come a long way.

The evolution and foundation of smart cities is the result of IoT or the Internet of Things. IoT has definitely stirred quite an uproar in the digital world with the mass potential it has. It can bring everything and everyone online. 

As per the latest mobile app stats, IoT will become a more significant player in the mobile app development industry. The market share of IoT is going to increase more than double in 2021 with a staggering amount of 520 billion USD. While four years back in 2017, this number was 235 billion USD. 

Soon the IoT mobile app development will face new trends in the coming year and beyond.

Let us take a look at the top IoT mobile app development trends.

IoT App Trend #1: Cybersecurity for IoT

With an increase in the number of devices online, cybersecurity is the top priority for all businesses as IoT gains popularity. The network is expected to expand in the coming years, and so the data volume will also increase. All this draws attention to more information to protect.

IoT security will see an exponential rise as more users will store their data over the cloud. From banking details to home security, everything is easily breached if the security firewall is weak in IoT applications. 

Therefore mobile app development companies need to work upon the up-gradation of their IoT enabled mobile apps. 

IoT App Trend #2: Roaring Popularity of Smart Home Devices

When smart home devices were launched, many mocked them by calling them unrealistic toys for lazy youngsters. Now, the same people are finding it increasingly difficult to resist the charm of IoT devices. 

IoT devices are expected to be very popular in 2021 and the years to come. The reason behind their growing popularity is that the IoT devices are becoming highly intuitive and innovative. They are extended not only to the comfort of home automation but also to home security and the safety of your family.

Another great advantage of implementing smart IoT development adoption is the need to save energy. The intelligent lights or intelligent thermostats help in conserving energy, reducing bills. These reasons will lead to more and more people to adopt smart home devices.

IoT App Trend #3: Backed by AI and ML

Artificial Intelligence and Machine Learning both are thriving technologies. Both of these are the facilitators of automation. We all know how Artificial Intelligence has touched millions of lives around the globe. 

Together with IoT, AI and ML are unique data-driven technologies shaping the future of human-machine interactions. The developers set up a combination of IoT and Artificial Intelligence that helps automate the routine tasks, simplifies work, and gets the most accurate information.

IoT App Trend #4: IoT and Healthcare

With the revolution in the health-tech industry, healthcare companies are turning towards mobile platforms. IoT enabled apps to open up new opportunities to improve the medical sector.

IoT has immense applications that are already running in the healthcare field and is expected to increase by 26.2% 

Healthcare apps featuring IoT technology are expected to reform the world of medical sciences. These IoT mobile apps can even help doctors and medical professionals treat their patients even from a distance.

Smart wearables and implants will be able to record diverse parameters to keep the patient’s health in check. By integrating sensors, portable devices, and all kinds of medical equipment, real-time updates of a patient’s health can be recorded and sent to the concerned person. 

IoT App Trend #5: Edge Computing to Overtake Cloud Computing

This is a change where we have to be careful. For the past many years, IoT devices have been storing their data on cloud storage. However, the IoT developers, development services, and manufacturers have started thinking about the utility of storing, calculating, and analyzing data to the limit.

So basically this means, in place of sending the entire data from IoT devices to the cloud, the data is first transmitted to a local or nearer storage device located close to the IoT device or on the edge of the network. 

This local storage device then analyzes, sorts, filters and calculates the data and then sends all or only a part of the data to the cloud, reducing the traffic on the network avoiding any bottleneck situation.

Known as “edge computing”, this approach has several advantages if used correctly. Firstly, it helps in the better management of the large amount of data that each device sends. Second, the reduced dependency on cloud storage allows devices and applications to perform faster and also reduce latency.

Being able to collect and process data locally, the IoT application is expected to consume lesser bandwidth and work even when connectivity to the cloud is affected. After seeing these positive aspects, state-of-the-art computing is looking forward to better innovation and broad adoption in IoT, both consumer and industrial.

Reduced connectivity to the cloud will also result in fewer security costs and facilitate better security practices. 2021 will see better state-of-the-art IT in IoT.

IoT App Trend #6: Are You Excited About Smart Cities?

Well, all of us are super excited to witness smart cities. Smart cities are one of the significant accomplishments of IoT and modernization. Integrated with IoT-powered devices, smart cities promise improved efficiency and security for the common folk on the streets and inside their homes.

With superfast data transfer supported by 5G, public transportation will also see a massive change in the way they work. 

By now, we know that IoT will focus on developing smart parking lots, street lights, and traffic controls. To add up to this, with IoT and fast internet, we will live inside a world where our refrigerators will be aware of what food we have inside.

IoT will impact traffic congestion and security. It will also help in the development of sustainable cities leading us to a green future.

IoT App Trend #7: Blockchain for IoT Security

Many financial and governmental institutions, entrepreneurs, consumers as well as industrialists will be decentralized, self-governing, and be quite smart. Most of the new companies are seen building their territory on the entanglement of IOTA to develop modules and other components for firms without the cost of SaaS and Cloud.

IOTA is a distributed ledger especially designed to record and execute transactions between devices in the IoT ecosystem.

If you are in this industry, then you should prepare to see the centralized and monolithic computer models that are separated in the jobs and microservices. All this will be distributed to decentralized machines and devices. 

In the coming future, IoT will penetrate the disciplines of health, government, transactions, and others that we cannot think of right now. Such types of IoT technology trends will create significant effective differences.

IoT App Trend #8: IoT for Retail Apps

The eCommerce industry will also get benefited from IoT integration. Retail supply change will be more efficient after the incorporation of IoT mobile apps. It is expected to improve the online shopping experience for individuals across the globe.

Also, IoT will make the retail experience more personalized for each customer with in-app advertisements based on the user’s shopping history. We already get notifications once we purchase a product from a particular eStore. With IoT enabled mobile apps, the app will guide us to our favorite store using in-site maps.

IoT App Trend #9- Will IoT Boost Predictive Maintenance?

Yes, it will. In 2021 and beyond, the smart home system will notify the owner about plumbing leaks, appliance failures, or any other problem so that the house owner can avoid any disaster. Soon these intelligent sensors will enter our houses.

In response to these predictive skills of IoT, we can expect to see home care offers as a contractor service. If there will be a need for any emergency action, your presence in the house will not be necessary. 

IoT App Trend #10: Easy and Better Commuting

IoT mobile applications are expected to make commuting easier for students, the elderly, the business person, and many more. Today, due to heavy traffic, commuting is a significant issue for most of us. With major innovations in technology and integration of IoT, mobile applications will make traveling a breeze for everyone.

Here are some of the conventional ways that commuting will change:

• Smart street lights will make walking on the road safe for pedestrians
• Finding parking spaces will be a lot easier and seamless with data-driven parking apps. 
• In-app navigation and public transportation will definitely make public transit more reliable 
• IoT powered mobile apps will also improve routing between different modes of transfer.

With so many innovative ideas and benefits for iOS and android based IoT mobile apps, the mobile app development market will see an influx of transportation apps in the years to come.

IoT App Trend #11: Sustainable-as-a-Service Becomes the Norm.

While talking about the IoT trends, SaaS or Sustainable-as-a-Service is considered as one of the hot topics for the estimated market. Because of the low cost of entry, SaaS is quickly getting to the top list for being the favorite firm in the IT gaming sector. 

Out of these emerging technological IoT trends, Software-as-a-service will make the lives of people better than ever.

IoT App Trend #12- Energy and Resource Management 

Do you know what affects energy management the most? Well, energy management majorly depends on the acquisition of a better understanding of how to consume resources. IoT mobile app-based electronics are expected to play a significant role in the conservation of energy. 

All of these IoT trends can be integrated into resource management, making lives more accessible, more comfortable, and responsible.

Automatic notifications can also be added to the mobile app in order to send information to the owner in case the power threshold exceeds. Various other fancy features can also be added to these IoT mobile apps such as sprinkler control, in-house temperature management, etc.

Conclusion

We all know that IoT has great potential to bring revolutionary changes in the present mobile app development industry trends. It is expected to open up immense possibilities for every business or individual related to this field. Directly or indirectly, IoT will drive the future of almost every industry.

The above mentioned are some of the trends that will dominate the IoT app development ecosystem in the years to come. Amid all these predictions and trends, the future is promising and worth the wait. 

Today, the IoT devices are largely used by industries and households, smart bulbs can adjust the intensity of light by themselves, doctors can check the patient data remotely, IoT sensors can help in warehousing, and more, the potential is seemingly endless. There are billions of IoT devices on the field and billions more are expected in the next few years. The data that IoT devices produce are stored on the cloud, for example, a health monitor collects all the information about our health and stores it on the cloud. This information is further analyzed to provide us better services, but on the other hand if someone manages to get the data they can violate our privacy. Thus it is important to ensure the confidentiality and integrity of IoT solutions while mitigating the cybersecurity risks. There are many ways attackers can make their way into your system.

Most common IoT cyber attacks are:

Botnets

A botnet is a network of systems combined to remotely take control of distributing malware, controlled by botnet operators via Command-and-Control-Servers (C&C servers). They are used by attackers on a large scale for many things such as stealing private information, exploiting online banking data or spam, and phishing emails.

Man-in-the-middle

The man-in-the-middle concept is where an attacker is looking to interrupt and breach communication between two separate systems. It can be a dangerous attack because it is one where the attacker secretly intercepts and transmits messages between two parties when they are under the belief that they are communicating directly with each other.

Identity Theft

The main strategy of identity theft is to amass data, and with a little bit of patience, a lot of information can be fetched out. Generally, data is available on the internet, combined with social media information and data from smartwatches, fitness trackers, smart meters, smart fridges, and more. These data give a great all-around idea of your identity.

Recent research indicates that 85% of customers lack confidence in IoT device security, it is important to ensure the security of IoT devices by eliminating the IoT cybersecurity risk. 

Here are some best practices to ensure IoT cybersecurity:

Secure Boot

The secure boot helps a system to stop attacks and infections from malware, it is a feature embedded with IoT devices to detect tampering with the system. It works like a security gate as it restricts unauthorized access by validating the digital signature, detections are blocked from running before they attack the system. Deploying secure boot in the IoT ecosystem is important to ensure cybersecurity.

Secured passwords with two-factor authentication

You can activate two-factor authentication on almost any IoT device, it is important because it ensures authorized access to devices and automates trust into the system. Having two-factor authentication enabled with unusual passwords keeps IoT devices secure from being vulnerable to cyber attacks, it restricts attackers from making their way into the system.

Disabling the UPnP feature

UPnP feature allows an IoT device to get connected with other IoT devices, for example, smart bulbs can be paired with Google Home to turn it off or on via voice command. It is a feature that is convenient for users but poses cybersecurity risks at the same time. If hackers manage to make their way in one device they will easily be able to find another device that is connected. We can easily disable the UPnP feature as most of the IoT devices allow you to disable the UPnP feature from their settings.

Secure data storage

Keeping data in a large enterprise system is secured but the flash storage of a particular embedded device holds some important data from time to time that is not immediately secured or encrypted which can open you up to cybersecurity risk. Thus it is important to have system-level encryption of data for storage of sensitive information. If we do not encrypt the flash storage on the embedded device, someone can easily have their peak at your data.

Bottom Line

Securing IoT devices from cyberattacks is important for households and it is equally important for industries to ensure the confidentiality and integrity of their IoT devices and data produced by IoT devices. Researchers find that data breaches linked to IoT devices have increased rapidly in the past few years, according to a study by Ponemon, the number of cyberattacks due to unsecured connected devices have increased from 15% to 25% in the last two years. Thus securing the IoT devices can never be downplayed.

Author Bio- 

Piyush Jain is the founder and CEO of Simpalm, an app development company in Virginia. Piyush founded Simpalm in 2009 and has grown it to be a leading mobile and web development company in the DMV area. With a Ph.D. from Johns Hopkins and a strong background in technology and entrepreneurship, he understands how to solve problems using technology. Under his leadership, Simpalm has delivered 300+ mobile apps and web solutions to clients in startups, enterprises and the federal sector.

About The Eclipse Foundation
The Eclipse Foundation provides our global community of individuals and organizations with a mature, scalable, and business-friendly environment for open source software collaboration and innovation.

Helium, the company behind one of the world’s first peer-to-peer wireless networks, is announcing the introduction of Helium Tabs, its first branded IoT tracking device that runs on The People’s Network. In addition, after launching its network in 1,000 cities in North America within one year, the company is expanding to Europe to address growing market demand with Helium Hotspots shipping to the region starting July 2020. 

Since its launch in June 2019, Helium quickly grew its footprint with Hotspots covering more than 700,000 square miles across North America. Helium is now expanding to Europe to allow for seamless use of connected devices across borders. Powered by entrepreneurs looking to own a piece of the people-powered network, Helium’s open-source blockchain technology incentivizes individuals to deploy Hotspots and earn Helium (HNT), a new cryptocurrency, for simultaneously building the network and enabling IoT devices to send data to the Internet. When connected with other nearby Hotspots, this acts as the backbone of the network. 

“We’re excited to launch Helium Tabs at a time where we’ve seen incredible growth of The People’s Network across North America,” said Amir Haleem, Helium’s CEO and co-founder. “We could not have accomplished what we have done, in such a short amount of time, without the support of our partners and our incredible community. We look forward to launching The People’s Network in Europe and eventually bringing Helium Tabs and other third-party IoT devices to consumers there.”  

Introducing Helium Tabs that Run on The People’s Network
Unlike other tracking devices,Tabs uses LongFi technology, which combines the LoRaWAN wireless protocol with the Helium blockchain, and provides network coverage up to 10 miles away from a single Hotspot. This is a game-changer compared to WiFi and Bluetooth enabled tracking devices which only work up to 100 feet from a network source. What’s more, due to Helium’s unique blockchain-based rewards system, Hotspot owners will be rewarded with Helium (HNT) each time a Tab connects to its network. 

In addition to its increased growth with partners and customers, Helium has also seen accelerated expansion of its Helium Patrons program, which was introduced in late 2019. All three combined have helped to strengthen its network. 

Patrons are entrepreneurial customers who purchase 15 or more Hotspots to help blanket their cities with coverage and enable customers, who use the network. In return, they receive discounts, priority shipping, network tools, and Helium support. Currently, the program has more than 70 Patrons throughout North America and is expanding to Europe. 

Key brands that use the Helium Network include: 

• Nestle, ReadyRefresh, a beverage delivery service company
• Agulus, an agricultural tech company
• Conserv, a collections-focused environmental monitoring platform

Helium Tabs will initially be available to existing Hotspot owners for $49. The Helium Hotspot is now available for purchase online in Europe for €450.

IoT security testing should comprise activities like checking for endpoints, authentication, encryption, firewalls, and compliance requirements. The testing helps the IoT ecosystem to function safely and prevent incidences of a data breach.

The Internet of Things or IoT has swept the realm of technology and become mainstream as far as automation is concerned. Its popularity is attributable to features such as communication between machines, easy usage, and the integration of various devices, enabling technologies, and protocols.

When one talks about smart cities, smart transport, smart healthcare, or smart homes, the role of IoT is paramount.  According to Gartner, the number of connected things courtesy IoT is projected to reach 20.8 billion by 2020. Since IoT is about connected products that communicate with each other and share a huge volume of data, it is vulnerable to security breaches. With greater digitization and a rush towards delivering smart devices to add more comfort to people’s lives, businesses may end up keeping their flanks uncovered. The threats related to cybersecurity, besides threatening the smooth functioning of the digital ecosystem, are putting a question mark on the implementation of the IoT ecosystem.

The future is likely to be driven by smart systems with IoT at their core. Since such systems will witness a huge exchange of data, their security needs to be ensured. Also, as the smooth functioning of such smart systems will hinge on the accuracy and integrity of data, enabling IoT security at every step of the way should be the norm. If statistics are to be believed then around 84% of companies adopting IoT have reported security breaches of some kind (Source: Stoodnt.com.) The resident vulnerabilities in such systems are exploited by cybercriminals to exhibit malicious behavior such as committing credit card theft, phishing and spamming, distributed denial of service attacks, and malware distribution, among others.

How to conduct IoT security testing effectively

The security implications of a vulnerable or broken IoT system can be catastrophic for individuals, businesses, and entities. The devices and the transfer of data within them should be monitored by the implementing agency to check for a data breach. The best ways to conduct IoT security is as follow:

• Checking of endpoints: As more devices or endpoints are added to expand the network, more vulnerabilities are created. Since IoT systems are built using devices of different configurations, computing and storage power, and running on different versions and types of operating systems, every such device should be evaluated for safety. An inventory of such devices should be made and tracked.
• Authentication: Care should be taken that the vendor-supplied default passwords for specific systems should be dealt with at the beginning. If not, these can be exploited by hackers to take control of the IoT ecosystem and wreak havoc. Moreover, every device in the IoT system should be authenticated before being plugged into the network. This should be made an integral part of the internet of things testing.
• Firewalls: The firewall present in the network should be tested for its capability of filtering specific data range and controlling traffic. Also, data aimed at terminating the device to ensure its optimal performance should be tested.
• Encryption: Since IoT systems transmit data among themselves they should be encrypted for safety. During testing IoT applications the encryption approach and nitty-gritty should be thoroughly checked and validated. If not, then while relaying the location of assets in the IoT system, the information can be easily read by a hacker.
• Compliance: Mere testing of IoT devices is not complete unless compliance with standards like FCC and ETSI/CE is carried out. These regulations and standards have been instituted to validate the performance of the IoT devices based on certain parameters. So, any IoT testing approach should take into account compliance with such regulations.

Why IoT systems should undergo security testing?

The smart devices forming part of the IoT system need to undergo IoT testing (security) to:

• Prevent data theft: The unsecured endpoints within the system can leave a trail for hackers to strike but for the IoT device testing solutions. The vulnerabilities can be used to break into the controlling mechanism of the system in order to launch more malicious forms of attacks.
• Protect brand equity: When scores of companies are competing with each other to get a pie of the IoT market, a security breach or malware attack can put a brand in jeopardy. With IoT penetration testing, such attacks can be pre-empted with the elimination of vulnerabilities and glitches.

Conclusion

The IoT ecosystem is projected to grow at a humongous pace and scale. Technology companies having an integrated IoT security testing approach are likely to earn a huge chunk of the pie. The approach when executed at regular intervals should be able to help enterprises achieve growth across domains.

This blog is the final part of a series covering the insights I uncovered at the 2020 Embedded Online Conference.

In the previous blogs in this series, I discussed the opportunities we have in the embedded world to make the next-generation of small, low-power devices smarter and more capable. I also discussed the improved accessibility of embedded technologies, such as FPGAs, that are allowing more developers to participate, experiment, and drive innovation in our industry.

Today, I’d like to discuss another topic that is driving change in our industry and was heavily featured at the Embedded Online Conference – security. 

Security is still being under-prioritised in our industry. You only have to watch the first 12 minutes of Maria "Azeria" Markstedter’s ‘defending against Hackers’ talk to see the lack of security features in widely used IoT devices today. 

Security is often seen as a burden - but, it doesn’t need to be. In recent years, many passionate security researchers have helped to highlight some simple steps you can take to vastly improve the overall security of your system. In fact, by clearly identifying the threats and utilizing appropriate and well-defined mitigation techniques, systems become much harder to compromize. I’d recommend watching these talks to familiarize yourself with some of the different aspects of security you need to consider: 

• Azeria is a security researcher and Arm Innovator, she is passionate about educating developers on how to defend their applications against malicious attacks. In this talk, Maria focusses on shedding the light on the most common exploit mitigations to consider for memory-corruption-based exploits, when writing code for Arm Cortex-A processors, such as Execute Never (XN), Address Space Layout Randomisation (ASLR) and stack canaries. What’s really interesting is that it becomes clear from listening to Azeria’s talk and from seeing the audience comments that there is a lot of low-hanging fruit that we, as developers, are not fully aware of. We should collectively, start to see exploit mitigations as great tools to increase the security of our systems, no matter what type of code we are writing.
• In the same vein as Maria’s talk, Aljoscha Lautenbach discusses some of the most common vulnerabilities and security mechanisms for the IoT, but with a focus on cryptography. He focusses on how to use block cipher modes correctly, common insecure algorithms to watch out for and the importance of entropy and initialization vectors (IVs)
• A different approach is taken by Colin O'Flynn in his talk, Hardware Hacking: Hands-On. I personally really appreciate the angle that Colin takes, as it is something that, as software engineers, we tend to forget. The IoT and embedded devices running our code can be physically tampered in order to extract our secrets. As Colin mentions protecting from these attacks is usually costly, but there are a lot of steps we can take to substantially mitigate the risk. The first step is to analyse the weaknesses of our system by performing a threat analysis to ensure we are covering all bases when architecting and implementing our code. A popular framework to address the issue of security is the Platform Security Architecture (PSA) that Jacob Beningo describes in detail during his talk. Colin then moves on to introduce practical tools and techniques that you can use to test the ability of your systems to resist physical attacks. 

The passion of the security community to educate embedded software developers on security system flaws is shown during the talks and the answers to the questions submitted.

With the growing number of news headlines depicting compromised IoT devices, it is clear that security is no longer optional. The collaboration between the security researchers and the software and hardware communities I have seen at this and at many other conferences and events reassures me that we really are on the verge of putting security first.  

It has been great to see so many talks at the Embedded Online Conference, highlighting the new opportunities for developers in the embedded world. If you missed the conference and would like to catch the talks mentioned above*, visit www.embeddedonlineconference.com

*This blog only features a small collection of all the amazing speakers and talks delivered at the Conference!

In case you missed the previous posts in this series, here they are:

• Part 1, Embedded Online Conference – Developing for a Changing World
• Part 2, Embedded Online Conference – Software Defined Hardware

To participate in the 2020 IoT Developer Survey, organized by the Eclipse IoT Working Group, simply click here.  This survey should take less than 10 minutes to complete.

In the comments section of my 2020 embedded salary survey, quite a few respondents felt that much of the embedded world is being subsumed by canned solutions. Will OSes like Linux and cheap, powerful boards like the Raspberry Pi and Arduino replace traditional engineering? Has that already happened?

A number of people complained their colleagues no longer understand low-level embedded things like DMA, chip selects, diddling I/O registers, and the like. They feel these platforms isolate the engineer from those details.

Part of me says yeah! That's sort of what we want. Reuse and abstraction means the developer can focus on the application rather than bringing up a proprietary board. Customers want solutions and don't care about implementation details. We see these abstractions working brilliantly when we buy a TCP/IP stack, often the better part of 100K lines of complex code. Who wants to craft those drivers?

Another part of me says "save me from these sorts of products." It is fun to design a board. To write the BSP and toss bits at peripheral registers. Many of us got a rush the first time we made an LED blink or a motor spin. I still find that fulfilling.

So what's the truth? Is the future all Linux and Pis?

The answer is a resounding "no." A search for "MCU" on Digi-Key gets 89,149 part numbers. Sure, many of these are dups with varying packages and the like, but that's still a ton of controllers.

Limiting that search to 8 bitters nets 30,574 parts. I've yet to see Linux run on a PIC or other tiny device.

Or filter to Cortex-M devices only. You still get 16,265 chips. None of those run Linux, Windows, BSD, or any other general-purpose OS. These are all designed into proprietary boards. Those engineers are working on the bare metal... and having a ton of fun.

The bigger the embedded world gets the more applications are found. Consider machine learning. That's for big iron, for Amazon Web Services, right? Well, partly. Eta Compute and other companies are moving ML to the edge with smallish MCUs running at low clock rates with limited memory. Power consumption rules, and 2 GB of RAM at 1 GHz just doesn't cut it when harvesting tiny amounts of energy.

Then there's cost. If you can reduce the cost of a product made in the millions by just a buck the business prospers. Who wants a ten dollar CPU when a $0.50 microcontroller will do?

Though I relish low-level engineering our job is to get products to market as efficiently as possible. Writing drivers for a timer is sort of silly when you realize that thousands of engineers using the same part are doing the same thing. Sure, semi vendors often deliver code to handle all of this, but in my experience most of that is either crap or uses the peripherals in the most limited ways. A few exceptions exist, such as Renesas's Synergy. They go so far as to guarantee that code. My fiddling with it leaves me impressed, though the learning curve is steep. But that sort of abstraction surely must be a part of this industry going forward. Just as we don't write protocol stacks and RTOSes any more, canned code will become more common.

Linux and canned boards have important roles in this business. But an awful lot of us will still work on proprietary systems.

View original post here

For novel ideas about building embedded systems (both hardware and firmware), join the 35,000 engineers who subscribe to The Embedded Muse, a free biweekly newsletter. The Muse has no hype and no vendor PR. Click here to subscribe

Given my Telco background, it was logical that back in 2014, I published some of my first articles in my  IoT Blog about the topic “IoT Connectivity” . I described how the optimist predictions of analysts and companies like Cisco or Ericsson, made the Machine to Machine (M2M) an attractive market to invest.

The fact that “Tata Communications have acquired mobility and Internet of Things specialist Teleena is a clear indication of the phenomenal growth rate in the global IoT connectivity market. “By 2021, enterprises’ spending on mobility alone is set to surpass USD 1.7 trillion,” said Anthony Bartolo, Chief Product Officer, Tata Communications.  I hope to see Tata Communications/Teleena in the next Gartner´s Magic Quadrant for M2M Managed Services Worldwide.

There are still people who doubt that connectivity is a key component in the M2M/IoT Value Chain. Please remember without connectivity simply there is not IoT.

Obviously during these years many of my projects have been associated with IoT connectivity. From the analysis of M2M/IoT Service Providers to the conceptual design of end-to-end solutions where connectivity selection was a key component. One of the most interesting projects was the analysis that I made for the Telefonica project "IoT in a box". Without forget projects to compare LPWAN technologies, End to End Security, Identification of Uses cases for 5G. Sometimes also I had to sell IoT connectivity.

In the last years in the IoT connectivity market I have seen:

• Consolidation of the market like “KORE buys Wyless” or “Sierra Wireless, Inc. Completes Acquisition of Numerex Corp.”
• The appearance of companies like 1NCE, the first dedicated Tier 1, Narrowband IoT MVNO providing fast, secure and reliable network connectivity for low data B2B applications offering a set of optimized product features – such as an IoT flat rate and the first of its kind 'BUY ONCE'​ lifetime fee
• The still not bloody battle between LPWAN operators (SigFox, LoRA network operators, NB-IOT, LTE-M)
• Telco Vendors, Operators and Analysts talking about the promise of 5G
• New Wifi and Lifi IoT use cases
• IoT Security breaches
• Operators focus on key industries and use cases
• The partnership M2M/IOT Service Providers ecosystem evolution
• Agreements among M2M, MNO and Satellite operators.
• The lack of standards in the Smart Home connectivity
• The expectation for solve the real time connectivity challenges in Industry 4.0 and Edge Computing –
• Time Sensitive Networking Industry 4.0 use cases and test bed by IIC members
• ….

But in my opinion, enterprises still are confused and delaying their decisions to adopt IoT / IIOT because they need good advice about the right IoT connectivity not just the cheapest prices but easy integration or better customer support.

I want to remember again that I can help you in the selection of the right M2M /IoT Service Provider for your enterprise business requirements as a strategic decision.

IoT Connectivity - the ugly Duckling of IoT Network Operators

Telecoms operators’ more focused approach to bolstering their IoT businesses appears rooted in refining the technology inherent in their connectivity networks. And no wonder, The powerful GSMA has been helping Mobile Operators to define their role in IoT. At first sight, the best way for large telecoms operators generate value from the IoT might appear to be by providing connectivity via their networks. Additionally, they could leverage their vast experience in customer engagement, customer premise equipment (CPE) support and their robust, proven back-office systems by offering their OSS and BSS platforms externally to IoT users, using their OSS to provide users with a turnkey platform to manage their equipment proactively in real time, and their BSS to support the related billing requirements. In fact Global telcos set sights on IoT for growth in 2018.

Nevertheless, Analysys Mason, highlighted “Telcos have been working with the broader ecosystem, including developers, cloud players and hardware vendors this past year – all of which “should set the market up for an active 2018”.

Although many people think that IoT connectivity  is or will become a commodity with little value for customers and along with the hardware will form the ugly ducklings of the value chain, IoT Network Operators should strive to demonstrate that IoT connectivity is vital for the global adoption of the IoT and seek to increase the income derived from its connectivity services with aspect like security and the contextual data value that their networks transport.

IoT Data is the new Oil also for IoT Network Operators

If connectivity seems doomed to play the role of ugly duckling, the data on the other hand see how its value increases and increases with each new technology.

How many times have we seen a presentation with the title "Data is the new Oil”? Even taught by me

Many Telcos are in process of Digital Transformation. The want to compete with the Google, Apple, Facebook, and Amazon (GAFA) and avoid same situation lived with these Over the Top (OTT) vendors.  IoT is giving them an opportunity to monetize the IoT data and convert their networks in pipelines of value.

IoT data is a new source of revenue without forget that will also produce incremental profit through operational productivity and efficiency.

The new stream of data coming from the physical world and the billions connected things are mostly transported by the IoT Network Operator´s networks and once these data is captured, the IoT Network Operators can monitor everything and feed their AI systems. Is then, when finally, IoT Network Operators can make a lot of money of IoT contextual data and aggregated data.

Can you imagine the opportunities leveraged by the connection of millions of devices and intelligent things over your IoT network? A vast amount of useful data generated by smart containers, smart home appliances, smart cities, connected cars, smart healthcare devices, or wearables, which for many businesses is an extremely valuable commercial tool. IoT Network Operators possess the capability of performing real-time data analytics on readily available data to determine product performance, improve customer experience and forecast network capacity, all of all which IoT-ready businesses could benefit from.

Key Takeaway

IoT connectivity is still at the core of all IoT Network Operators / M2M Service Providers. But some of them are implementing different strategies to capture more business of the IoT value chain. The idea of IoT connectivity will become a commodity with not added value is influencing the decision to invest in new IoT enabled networks (5G, LTE-M, NB-IoT).

It’s clear that there are some strong opportunities for IoT Network Operators / M2M Service Providers looking to capture the full potential of IoT, and it’s time that they open up their services to support companies from all sectors who are looking to employ IoT connectivity but also machine data intelligence as part of their business models in this IoT driven digital transformation.

Telcos offering IoT connectivity should look to monetise data and offer businesses unique insights that could potentially open doors to new revenue streams or even improve operational efficiencies. 

If IoT business is about data and assets, Telcos need to shift from technology and connectivity to business value and creation of valued services.

Thanks in advance for your Likes and your Shares.

Guest post by Peter A. Liss.

Connectivity is wrongly thought of as a commodity, including in the IoT context. This article will give an overview of current developments in IoT Connectivity, and look at their effect on Network Operators, Platform vendors, IoT Solution Providers, and Enterprise & Consumer customers. 

I also cover the likely impact of 5G, Narrowband IoT and programmable SIM cards, and SDN (Software Defined Networks). These new connectivity technologies will bring differentiation, innovation and new revenue from IoT.

OVERVIEW – CONNECTIVITY AND DIFFERENTIATION IN IOT

These new IoT developments include:

1.   Newer networks such Sigfox, LoRA, Narrowband IoT, and soon 5G.

2.   IoT platforms that can manage all types of connectivity.

3.   The growth of eUICC (e-SIMs) or programmable SIMs.

4.   IoT connectivity platforms using SDN (Software Defined Networks).

There are two opposing views about connectivity. On the one extreme, some Vendors pitch that “IoT Connectivity is the foundation of differentiation” (recent Ericsson Webinar). At the other extreme, some Enterprise customers buying these services assume “all IoT connectivity is the same”. 

In my view, the truth is in the middle. On the one hand, IoT hardware such as sensors and IoT applications could drive even bigger differentiation and innovation than the type of IoT connectivity. On the other hand, IoT connectivity should never be viewed as just a commodity that is plug and play.

HOW TO DIFFERENTIATE WITH IOT CONNECTIVITY:

Let’s take a closer look:

1)   There are many different types of Connectivity to choose from (cellular, WiFi, Zigbee, Satellite, and different types of LPWAN (Low Power Wide Area Networks). The criteria for selection include data cost, device cost, data rate/speed, battery life, outdoor and in-building coverage, and latency. Some of the much talked about networks like 5G are not yet available, and Narrowband IoT is in its infancy.

2)   The variety of connectivity offerings are increasing. Even taking a single technology like 4G, the offerings in terms of coverage, cost, roaming, integration effort, and customer service do differ widely.

3)   Costs are declining– the cost per MB has decreased, however, this is not the same as connectivity being a commodity (i.e. indistinct service). On the contrary, with more offerings and price competition, there is a greater need to choose the connectivity provider carefully. Pricing models may differentiate not only on cost per MB, but also with additional charges for VAS, the period charged for (monthly, per annum etc.) or number of connections included, or amount of data included in a packaged price. In the case of LPWA, charging can be per message, and not just per MB.

4)   The IoT Connectivity platform is where some of the disruption is happening. This platform manages the cost of connection, quality of service, SIM and device status. Along with the type of connectivity chosen, hardware (gateways & sensors), and IoT Applications built, the connectivity platform will be a key differentiator to your business case or service launch. 

My scheme below shows the place of the IoT Connectivity Management platform as the foundation of the IoT technology stack. Some differentiation could be achieved at any level in the Stack, but the effort required to offer a total solution will depend greatly on the Connectivity chosen at the bottom of the stack.

WHAT USER CASES WILL NARROWBAND IOT SUPPORT?

Narrowband IoT (NB-IoT) greatly improves network efficiency and spectrum efficiency and can thus support a massive number of new connections. The same is true of the sister technology Cat-M1 in US, which may also play a role in Europe in future. The majority of these new IoT connections will be industrial IoT (IIoT) solutions that require long battery life, and ubiquitous coverage (including remote areas or indoors). These user cases also require competitive pricing models for low bandwidth solutions, since many industrial IoT cases are not data hungry. 

Some examples of Industrial use cases are monitoring of oil and gas pipelines for flow rates and leaks, noting that often there is no external power in inaccessible areas. Warehouses are another industrial user case for tracking goods with pallets equipped with an NB-IoT module. NB-IoT modules have a long service life, require no maintenance and have a link budget gain of 20 decibel compared with a conventional LTE deployment, giving approximately 10x more coverage than a normal base station, thus penetrating deep underground, and into enclosed spaces indoors. 

Consumer examples of NB-IoT are luggage tracking (click for link to Sierra Wireless Case study), air quality monitoring, and children’s communication devices, and parking solutions.

NB-IoT, is a software upgrade to existing cellular Base Stations (or if the Base Station is old, a new circuit board must be inserted). The Core network also needs some upgrading. NB-IoT is reliant on a SIM card in the IoT device/gateway and partly because of the SIM it offers the same security & privacy features expected of cellular networks. LPWA technologies, such as NB-IoT and category M1 (LTE-M), also offer increased network coverage over a wide area, at a low cost, and with very limited energy consumption. In the case of Narrowband IoT, a battery life of over 10 years or more, is promised by Vendors (it remains to be seen - in the field, it might need a larger battery at an extra cost of approximately 20 Euro).

NB-IoT networks are already becoming available, for example, Deutsche Telekom has rolled out its NB-IoT network to approximately 600 towns and cities across Germany since launch in June 2017. According to Telekom, more than 200 companies now trialling the technology already via commercially available test packages. Nationwide rollout in the Netherlands was completed in May 2017 and Deutsche Telekom brought the technology to six further European markets by the end of 2017. Other major operators have similar roll outs for NB-IoT.

As expected, many IoT platforms are now being designed or upgraded to offer Narrowband IoT connectivity management. Cisco already announced in 2018 the availability of NB-IoT on its Jasper Control Center platform.

WHAT WILL 5G BRING TO IOT?

5G is not yet available commercially, and we can expect the first roll-outs in selected countries in 2019, and even then, just city coverage, or home-based 5G. High speed, high reliability and low latency are the main benefits of 5G.  Whilst NB-IoT is targeted specifically at the IoT Market, 5G is targeted at business & consumer users too. Also, worth noting is that the NB-IoT roll-out is ahead of 5G.

Regarding the high bandwidth of 5G, example uses include security cameras and monitoring, computer vision used in Industrial production, connected car user cases (infotainment, autonomous vehicles, and safety), and traffic control in Smart Cities. The increase in speed between 4G and 5G can be as much as 100 times. This makes a big difference to user cases that require uploading and downloading of video-based content faster and in larger volume.  It remains to be seen whether IoT applications will need to use such high data speeds. Perhaps it will be the Augmented or Virtual Reality cases (AR and VR) that utilise this bandwidth.

With 5G there is very high reliability, which is important to support mission critical services in IoT (e.g. medicine, industry, traffic control). However, the real benefit for IoT is likely to be with the low latency of 5G. Low latency allows more of the computer processing or data analysis required by a device (IoT Gateway or Smartphone) to happen in the cloud. With latency of under a millisecond, there is almost no difference that the data is processed in the cloud rather than the device. This has perhaps more implications for the IOT Solution architect, rather than the user.

Indeed, the user cases that depend on 5G’s low latency are still to be proven in practice. For non-IoT user cases (i.e. human interaction), the latency (such as changing of a pixel on a TV, or response time for instant messaging and online Presence) might not be noticed. However, for an M2M or IoT application in theory there is a great need for low latency and a machine might notice the difference in latency when a human does not. For this reason, the low latency is being pushed by the 5G industry as compelling for IoT (but yet to be proved). IoT user cases that are expected to benefit are remote industrial control, and autonomous vehicles, where milliseconds could be critical.

As explained in the discussion of latency, one change with 5G could be more processing in the Cloud, especially with Edge computing being a focal point in the architecture, and this might help reduce 5G IoT device prices. Other Emerging developments that might affect IOT include virtualised RAN (Radio Access Network) and network slicing. Virtualised RAN is intended to offer bandwidth with lower network costs, since by “slicing” the RAN, it is not necessary to utilise the whole core network, but rather allocate a part of it and the associated costs, thus allowing for profitable use cases with 5G.

WHAT ADVANTAGES DOES A PROGRAMMABLE SIM OFFER IN IOT?

Programmable SIM cards (also called eSIMS or eUICC ) are not new. What has changed is the number of service providers that offer them for IoT. Some prominent examples are Stream, EMnify, Cubic Telecom, KORE, Nokia WING and Teleena. Furthermore, the new generation of Smart SIM and associated management platforms are challenging the MNOs in terms of quality of service and signal coverage. They might also challenge MNOs in terms of cost - see the section below on SDN.  

The “e” in eSIM can mean both electronic (it can switch network and be programmed over the air) and embedded (i.e. deep inside machinery, a car or a remote location). In other words, you do not need physical access to the embedded SIM to update it or to change network, service or security settings.

The advantages of an eSIM are that it can be programmed over the air to find the strongest signal, or according to customer network & service preferences. When a data-service failure is detected, the eSIM can switch dynamically to the best network service. Consider a user case such as Smart Metering. The meter is always connected by being programmed not only to select the strongest signal, but also to select the signal that is best for your Meter technology and customer requirements.

In sum, the IoT Service Provider does not own a network, but can still offer the following to its customers:

•Issue own SIM cards, that can be embedded and switch operator over the air.

•Attach to the best or cheapest radio signal (RAN) – automatically

•Billing capabilities, often in real time, for the pricing of new IoT services.

WHAT IS THE IMPACT OF SDN ON IOT?

As explained above, the e-SIM is the first disruptive step to being able to offer an IoT service, without being tied to one specific radio network (RAN). The second step is to bypass the Operator’s core network. This is now possible with some Service Providers using Software Defined Networks (SDN) and NFV (Network Feature Virtualisation). They have built their own virtualised core network that is cloud hosted. EMnify is one example that can offer the following advantages:

•Low cost, because designed for IoT, and using proprietary technology (therefore no licencing costs)

•Auto-configuration and scaling. Because it is Cloud Based the service is truly elastic (i.e. can be quickly and simply expanded to meet customer demand for increased data volume, or larger number of SIM cards)

•Pay-as-you-grow pricing

•Flexible and Real time billing that is accessible online

•Have own numbering resources (IMSI, IPv6, MSISDN)

•Manage your own virtual mobile IoT network including Elastic Packet Core, Subscriber Management, OSS/BSS, Management Portals and open APIs. 

•A private and secure device cloud and implement own security policies (such as own VPN – virtual private network - in the core network in the cloud).

The “Gorilla” MNO (e.g. Telekom, Verizon, Vodafone etc) is reduced to providing only the radio network, and with the eSIM you can actually switch networks. To be clear, you are not reliant on the operator for the core network at all, and you have a choice of radio network. In sum, the advantage is that such a virtual network in the Cloud allows IoT user cases that have lower revenues, because the IoT platform is designed for lower connectivity costs.

CONCLUSION – DISRUPTION IN THE IOT CONNECTIVITY MARKET

I have built the case that “boring” connectivity is going to be disruptive for IoT, and it will generate growth. In sum, this is because many IoT business models require lower costs for the lower “micro” or “mini” ARPU/revenue that they generate. Secondly, these new network technologies bring improved speed, latency, battery life, and coverage. Thirdly, new technologies like eSIM and SDN, give the customer choice and independence from the MNO.

Enterprise customers will need to get more knowledgeable about the types of connectivity on offer, and the pros and cons, and costs of each technology. Disruption in the market is starting, due to many new offerings from MNO, and MVNOs that are IOT focussed. 

Price declines for NB-IoT and 5G enabled devices will also be business drivers. Many connectivity platforms will struggle to distinguish themselves, but can do so, for example by focussing on particular Verticals, or a specific geographical focus, or own Cloud-based packet core. Enterprise customers need to get the balance between a price that enables the business case, but also choosing connectivity that provides the best service level. 

LPWA technologies such as Narrow-Band promise to open-up new business models due to lower device and connectivity costs better coverage and longer battery life. NB-IoT is still in its infancy and these benefits like lower device costs are still to be proven.  Importantly, the connectivity costs of NB-IoT (as well as module/device costs) will need to be low enough to support the proposed new business cases like parking meters, water meters, luggage tracking, pipe monitoring, and tracking goods in warehouses. 

5G for IoT will enable data hungry business models, insure against capacity constraints, and provide wider coverage and almost no latency. Since 5G roll-out is still in the future, it remains to be seen if (or when) the required network density (using such small cells) is enough to provide the wider coverage and higher data rates promised. Almost zero latency is likely to be the most interesting feature of 5G for the IoT World, especially for critical applications like autonomous driving and industrial control.

Big data, Analytics and Application Enablement Platforms/AEP might sound more exciting and promising for innovation and differentiation in IoT. They sound more compelling than a connectivity management platform and new types of connectivity. However, Connectivity is still the foundation of the IoT business case. It is not a commodity. In particular, Narrow-Band IoT, eSIM and SDN will drive new growth in IoT, together with the imminent roll-out of 5G.

Copyright: Peter A. Liss, an independent and commercially focussed IoT expert, based in Germany, who is also available for freelance consulting work.

This post originally appeared here.

Cover photo by Federico Beccari on Unsplash

The IoT market has changed in many ways throughout the years, and since it’s a growing industry, there’s an estimated 32.6% CAGR increase in the next five years.

As an industry predicted to spend trillions in solutions, IoT’s trends need to be carefully observed and examined in order for implications and applications to be future-proofed.

How do you go about doing this? By simply analyzing how IoT is being used, as well as identifying which sectors are showing potential growth. Right now, a lot of focus is given to consumer applications such as Amazon’s dash buttons and smart home appliances. However, there are many opportunities in remote IoT. This covers industries like industrial, transportation, healthcare, etc.

One challenge that needs to be dealt with is how connectivity is approached right now. As more IoT and M2M devices would be deployed in rural areas and places with limited connectivity, applications and machines would need an improved infrastructure in order to carry out their purpose in areas with little connectivity.

Additionally, the increase of transportation and emergency-related applications would require not only ways to deals with low connectivity but also call for a system that can access multiple networks depending on availability and location.

Another challenge is how current devices will handle the developments in IoT and M2M technologies in the next five years. The 2G sunset is just one-way communication companies are affecting the industry.

Don’t fret, though, as there are several ways to resolve this and many opportunities left to explore to get ready for IoT’s evolution in the coming years.

Want to learn more about the possibilities remote IoT connectivity presents and how you can prepare for them? Check out the following infographic from Communications Solutions Company, Podsystem, and start future-proofing your IoT and M2M applications.

By Ahmed Banafa

IoT is creating new opportunities and providing a competitive advantage for businesses in current and new markets. It touches everything—not just the data, but how, when, where and why you collect it. The technologies that have created the Internet of Things aren’t changing the internet only, but rather change the things connected to the internet—the devices and gateways on the edge of the network that are now able to request a service or start an action without human intervention at many levels.

Because the generation and analysis of data are so essential to the IoT, consideration must be given to protecting data throughout its life cycle. Managing information at all levels is complex because data will flow across many administrative boundaries with different policies and intents.

Given the various technological and physical components that truly make up an IoT ecosystem, it is good to consider the IoT as a system-of-systems. The architecting of these systems that provide business value to organizations will often be a complex undertaking, as enterprise architects work to design integrated solutions that include edge devices, applications, transports, protocols, and analytics capabilities that make up a fully functioning IoT system. This complexity introduces challenges to keeping the IoT secure, and ensuring that a particular instance of the IoT cannot be used as a jumping off point to attack other enterprise information technology (IT) systems.

International Data Corporation (IDC) estimates that 90% of organizations that implement the IoT will suffer an IoT-based breach of back-end IT systems by the year 2017.

Challenges to Secure IoT Deployments

Regardless of the role, your business has within the Internet of Things ecosystem— device manufacturer, solution provider, cloud provider, systems integrator, or service provider—you need to know how to get the greatest benefit from this new technology that offers such highly diverse and rapidly changing opportunities.

Handling the enormous volume of existing and projected data is daunting. Managing the inevitable complexities of connecting to a seemingly unlimited list of devices is complicated. And the goal of turning the deluge of data into valuable actions seems impossible because of the many challenges. The existing security technologies will play a role in mitigating IoT risks but they are not enough. The goal is to get data securely to the right place, at the right time, in the right format; it’s easier said than done for many reasons.

Dealing with the challenges and threats

Gartner predicted that more than 20% of businesses will deploy security solutions for protecting their IoT devices and services by 2017, IoT devices and services will expand the surface area for cyber-attacks on businesses, by turning physical objects that used to be offline into online assets communicating with enterprise networks. Businesses will have to respond by broadening the scope of their security strategy to include these new online devices.

Businesses will have to tailor security to each IoT deployment according to the unique capabilities of the devices involved and the risks associated with the networks connected to those devices. BI Intelligence expects spending on solutions to secure IoT devices and systems to increase five fold over the next four years.

The optimum platform

Developing solutions for the Internet of Things requires unprecedented collaboration, coordination, and connectivity for each piece in the system, and throughout the system as a whole. All devices must work together and be integrated with all other devices, and all devices must communicate and interact seamlessly with connected systems and infrastructures in a secure way. It’s possible, but it can be expensive, time-consuming, and difficult unless the new line of thinking and a new approach to IoT security emerged away from the current centralized model.

The problem with the current centralized model

The current IoT ecosystems rely on centralized, brokered communication models, otherwise known as the server/client paradigm. All devices are identified, authenticated and connected through cloud servers that sport huge processing and storage capacities. The connection between devices will have to exclusively go through the internet, even if they happen to be a few feet apart.

While this model has connected generic computing devices for decades and will continue to support small-scale IoT networks as we see them today, it will not be able to respond to the growing needs of the huge IoT ecosystems of tomorrow.

Existing IoT solutions are expensive because of the high infrastructure and maintenance cost associated with centralized clouds, large server farms, and networking equipment. The sheer amount of communications that will have to be handled when IoT devices grow to the tens of billions will increase those costs substantially.

Even if the unprecedented economical and engineering challenges are overcome, cloud servers will remain a bottleneck and point of failure that can disrupt the entire network. This is especially important as more critical tasks

Moreover, the diversity of ownership of devices and their supporting cloud infrastructure makes machine-to-machine (M2M) communications difficult. There’s no single platform that connects all devices and no guarantee that cloud services offered by different manufacturers are interoperable and compatible.

Decentralizing IoT networks

A decentralized approach to IoT networking would solve many of the questions above. Adopting a standardized peer-to-peer communication model to process the hundreds of billions of transactions between devices will significantly reduce the costs associated with installing and maintaining large centralized data centers and will distribute computation and storage needs across the billions of devices that form IoT networks. This will prevent failure in any single node in a network from bringing the entire network to a halting collapse.

However, establishing peer-to-peer communications will present its own set of challenges, chief among them the issue of security. And as we all know, IoT security is much more than just about protecting sensitive data. The proposed solution will have to maintain privacy and security in huge IoT networks and offer some form of validation and consensus for transactions to prevent spoofing and theft.

To perform the functions of traditional IoT solutions without a centralized control, any decentralized approach must support three fundamental functions:

• Peer-to-peer messaging
• Distributed file sharing
• Autonomous device coordination

The Blockchain approach

Blockchain, the “distributed ledger” technology that underpins bitcoin, has emerged as an object of intense interest in the tech industry and beyond. #Blockchain technology offers a way of recording transactions or any digital interaction in a way that is designed to be secure, transparent, highly resistant to outages, audit-able, and efficient; as such, it carries the possibility of disrupting industries and enabling new business models. The technology is young and changing very rapidly; widespread commercialization is still a few years off. Nonetheless, to avoid disruptive surprises or missed opportunities, strategists, planners, and decision makers across industries and business functions should pay heed now and begin to investigate applications of the technology.

What is Blockchain?

Blockchain is a database that maintains a continuously growing set of data records. It is distributed in nature, meaning that there is no master computer holding the entire chain. Rather, the participating nodes have a copy of the chain. It’s also ever-growing — data records are only added to the chain.

A blockchain consists of two types of elements:

• Transactions are the actions created by the participants in the system.
• Blocks record these transactions and make sure they are in the correct sequence and have not been tampered with. Blocks also record a time stamp when the transactions were added.

What are some advantages of Blockchain?

The big advantage of blockchain is that it’s public. Everyone participating can see the blocks and the transactions stored in them. This doesn’t mean everyone can see the actual content of your transaction, however; that’s protected by your private key.

A blockchain is decentralized, so there is no single authority that can approve the transactions or set specific rules to have transactions accepted. That means there’s a huge amount of trust involved since all the participants in the network have to reach a consensus to accept transactions.

Most importantly, it’s secure. The database can only be extended and previous records cannot be changed (at least, there’s a very high cost if someone wants to alter previous records).

 How does it work?

When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.

A set of approved transactions is then bundled in a block, which gets sent to all the nodes in the network. They, in turn, validate the new block. Each successive block contains a hash, which is a unique fingerprint, of the previous block.

There are two main types of Blockchain:

• In a public blockchain, everyone can read or write data. Some public blockchains limit the access to just reading or writing. Bitcoin, for example, uses an approach where anyone can write.
• In a private blockchain, all the participants are known and trusted. This is useful when the blockchain is used between companies that belong to the same legal mother entity.

The Blockchain and IoT

Blockchain technology is the missing link to settle scalability, privacy, and reliability concerns in the Internet of Things. Blockchain technologies could perhaps be the silver bullet needed by the IoT industry. Blockchain technology can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; allow for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by blockchains would make consumer data more private.

The ledger is tamper-proof and cannot be manipulated by malicious actors because it doesn’t exist in any single location, and man-in-the-middle attacks cannot be staged because there is no single thread of communication that can be intercepted. Blockchain makes trustless, peer-to-peer messaging possible and has already proven its worth in the world of financial services through cryptocurrencies such as Bitcoin, providing guaranteed peer-to-peer payment services without the need for third-party brokers.

The decentralized, autonomous, and trustless capabilities of the blockchain make it an ideal component to become a fundamental element of IoT solutions. It is not a surprise that enterprise IoT technologies have quickly become one of the early adopters of blockchain technologies.

In an IoT network, the blockchain can keep an immutable record of the history of smart devices. This feature enables the autonomous functioning of smart devices without the need for centralized authority. As a result, the blockchain opens the door to a series of IoT scenarios that were remarkably difficult, or even impossible to implement without it.

By leveraging the blockchain, IoT solutions can enable secure, trustless messaging between devices in an IoT network. In this model, the blockchain will treat message exchanges between devices similar to financial transactions in a bitcoin network. To enable message exchanges, devices will leverage smart contracts which then model the agreement between the two parties.

In this scenario, we can sensor from afar, communicating directly with the irrigation system in order to control the flow of water based on conditions detected on the crops. Similarly, smart devices in an oil platform can exchange data to adjust functioning based on weather conditions.

Using the blockchain will enable true autonomous smart devices that can exchange data, or even execute financial transactions, without the need of a centralized broker. This type of autonomy is possible because the nodes in the blockchain network will verify the validity of the transaction without relying on a centralized authority.

In this scenario, we can envision smart devices in a manufacturing plant that can place orders for repairing some of its parts without the need of human or centralized intervention. Similarly, smart vehicles in a truck fleet will be able to provide a complete report of the most important parts needing replacement after arriving at a workshop.

One of the most exciting capabilities of the blockchain is the ability to maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliances and regulatory requirements of industrial IoT applications without the need to rely on a centralized model.

 This article originally appeared here. Header photo has been modified, credit here.

References

http://www.cio.com/article/3027522/internet-of-things/beyond-bitcoin-can-the-blockchain-power-industrial-iot.html

http://dupress.com/articles/trends-blockchain-bitcoin-security-transparency/

https://techcrunch.com/2016/06/28/decentralizing-iot-networks-through-blockchain/

http://www.blockchaintechnologies.com/blockchain-internet-of-things-iot

https://postscapes.com/blockchains-and-the-internet-of-things/

http://www-935.ibm.com/services/multimedia/GBE03662USEN.pdf

What is Going on with Residential IoT

Cyber Security?

For sure you have heard about the recent DDoS attacks that occurred last October 21st on Dyn’s DNS service. The news broke out reporting that many well-known Internet services were not available. According to Hacker News Twitter, Etsy, Spotify and other sites were affected. Up to this point, there’s nothing new, just another DDoS attack. Large company outage means big news, but there is still a point that is key in this equation and that has not been addressed. 

• Was Residential or Consumer IoT affected?

According to Dyn’s report, “the attack come from 100,000 malicious endpoints”. 

On the second last paragraph they quote: “Not only has it highlighted vulnerabilities in the security of “Internet of Things” (IOT) devices that need to be addressed, but it has also sparked further dialogue in the internet infrastructure community about the future of the internet.”

Put both quotes together: 100,000 IoT devices have been Hacked. This is astonishing and outstanding!

There has been no news about how the 100,000 IoT device customers have been affected or supported:

• Do they still have the Bot inside their device? 
• Do the devices work correctly? 
• Do they know they have been hacked? 
• Do they know they are at risk? 
• Will the Bots change and do other things? 
• Will the Bots leave backdoors in their home networks?
• How long will it take for another Bot to hack their IoT device?
• What are Consumer Protection Agencies doing about this?
• What are Governments doing?

This is no joke, we are talking about 100,000 devices (IoT Customers), and therefore, has to be addressed very seriously.

Dyn and the Internet community will address the issue. That’s fine! But how and when will they solve the Residential IoT vulnerability problem. Residential IoT needs to be Secured, Monitored and its software Updated. Enterprise IoT already contemplates this, but Residential IoT does not. Individual devices are sold with no security, and in the best case, if they are well developed and secured they still need to be monitored because software always has vulnerabilities, no matter how well and secure it has been developed.

All the questions, above cannot be solved using secure policies inside IoT or in the Internet itself. More has to be done! This is a Game Changer; Home Networks have to be monitored and secured to prevent Malware and Attacks. If not, the Internet will soon be like Hell.

The Residential IoT Avalanche

Gartner estimates that by 2020 there will be 25 billion IoT devices, of these, 13 billion will be Residential Home Devices, more than 50% of the total. Imagine if only 1% of these devices are vulnerable, there will be 13 million devices to hack.

• Are the Internet Home Users aware of the risk they are taking?
• Are their Home Networks and GateWays (GW/Router) secure?
• Will the Internet itself be reliable and secure?

How to Secure Home Networks

Twenty years ago, Home Networks only had PCs, with well-developed software, for examples Windows, but many vulnerabilities were used to Hack Residential and Enterprise PCs. This problem brought up many Anti Malware (AM) Software Companies to safeguard Windows PCs. The same is happening right now with Residential IoT.

IoT devices don’t have the possibility or suppliers are not interested in incorporating AM software to their IoT. They are generally too small and only have specific dedicated software, i.e.: they cannot be easily protected with AM Software embedded in their devices:

• This is a big problem. How can it be solved?
• Where and how can AM software safeguard Home Networks, GWs and IoT?

Every Home Network connects to the Internet through the GW, which is the main door into our Home. As with Houses, shouldn’t an armored door be used to prevent thieves from coming in? The GW is the door to the Internet and it is also another device with CPU and Memory, a processing unit that can do the job. Why not use it to block hackers before they even get in? Thanks to FTTH and IoT itself, Gateways have become more powerful. If a GW does not have the power to cope with AM Security, then a security appliance should be connected to it. Using a secure GW, the entire Home Network will be protected from Malware and Attacks.

Many Security Providers and new startups have already foreseen the Secure GW solution.

Current Residential IoT/GW Security Innovation Trends

As described before, the most effective scenario to protect your Home IoT is to Safeguard the Home Network using the GW, this is currently being done with two innovative solutions:

Solution #1.              Attach a physical AM Security Appliance to the Home GW.

Solution #2.              Embedding AM Security software directly into the Home GW.

Solution #1 Is an interesting and effective approach, another device with more CPU and Memory means more processing power, but it adds another gadget to the end-user and it has to be physically connect to the Home GW’s 1Gbit Port.

The Pros: The Appliance adds an extra device to manage security, leaving the GW as it is. The customers will manage alerts and/or security configurations through a simple app on their smartphones. 

The Cons: All the traffic will bypass the appliance through a 1Gbit port, which needs a cable connected to the GW. Customers want to reduce physical gadgets, they already have many, such as the GW itself, IPTV DVB Decoder, the ONT, Game Station, Printers, cables, etc. Another device is not a bad solution but the current trend is to reduce home devices and cables, this solution will work but in a few years Solution #2 will make Solution #1 obsolete.

Solution #2. The Security Software will come within the GW device or it will remotely be installed.

The Pros: The customer will only manage alerts and/or security configurations, with a simple mobile app, that’s all. Simple, no physical appliance, no wires. 

The Cons: Many of the current GW hardware devices don’t have sufficient physical CPU and/or Memory capacity to manage security software, but with the FTTH and the IoT boom, Gateways are becoming more and more powerful and in a few years, most of them, if not all, will have the power to manage AM software.

Make it Simple, Intelligent and Economically Viable for Retail

Both solutions have their pros and cons, and both should, at least, address basic security surveillance. There are many threats that can be addressed using Cloud Intelligent Processing, analyzing Home Network Metadata (GW CPU will be liberated from many security tasks). But, most important of all is the combined Residential Cloud Intelligence, for example; if a new threat is detected and blocked on a provider’s vulnerable IoT device, the solution will automatically be propagated to all of the security providers’ customers, avoiding mass propagation and hacking damage. 

Residential Device “Internet Use Patterns” will be supervised and any mismatch will be reported to the customer or automatically be blocked if a malicious attacker is detected.

Customers don’t or cannot give proper maintenance to their Home IoT. The solution should or will control possible problems like vulnerable firmware, recommend changing easy or default passwords, block dangerous port access, grant or deny access, etc. Most of these simple actions will be prompted on the users’ smartphone, and the problem will easily be solved using a simple one click menu.

And finally, and probably most important, customers don’t want and can’t pay for a highly sophisticated solution. A next generation firewall type solution is way out of scope and expensive, the solution has to be smart and economically viable or sales will draw back.

There is no need to drill down into what can be done and what cannot, both solutions are effective. Solution #1 is good but #2 is in the core of the Home Network, the GW, and simpler for the end user, but it may take some time before all the GWs have sufficient power and capacity. 

Conclusions

• There are millions of Residential IoT Devices being hacked, but most users are unaware and the press doesn’t really talk about it.
• Residential IoT is in general insecure and with the predicted IoT Avalanche, hackers will take advantage of the situation to make the Internet be like Hell.
• Residential IoT must be Secured, Monitored and its software Updated using the Home GW Router.
• Make it Simple, Intelligent and Economically Viable for Retail.
• IoT Residential Customers must be 100% aware of the Security risks, this must be strongly driven by Consumer Agencies, Governments, The Press, IoT Suppliers and Security Vendors.

If the security actions described in this publication are not addressed correctly, the Internet and all of us will have to learn the hard way. 

Juan Mora Zamorano

Independent Security Contractor

https://es.linkedin.com/in/morajuan

As consumer electronics manufacturers release new gadgets for the holidays, security is likely to be the last thing on people's minds. Devices like Apple’s HomeKit turn your iPhone or iPad into a remote control for lights, locks, the thermostat, window shades and even your doorbell, making typical iOS functions like Siri voice-based extensions of controlling a smart home.

Yet even if most electronics on a home network employ top security standards, all it takes is a faulty webcam for an attack to happen.

We just saw this with internet infrastructure company Dyn in late October. Mirai malware took advantage of default, easy-to-guess passwords on the webcams of unsuspecting consumers, leading to a massive Distributed Denial of Service (DDoS) attack temporarily shutting down popular sites like Twitter and PayPal.

Along with Apple’s Authentication Coprocessor, HomeKit’s end-to-end encryption helps mitigate the risk of hacking. The coprocessor only sends a certificate that allows an iOS device to unlock an accessory (like your home’s light dimmers, thermostat and power meter) after the accessory completes a challenge sent by the iOS device. Any Internet of Things device that connects to this network, however, may not have the same robustness rules in place.

According to the IoT graphic from Arxan below, the number of devices connected to the internet reached 6.4 billion in 2016. Thus, in-home communication network security is only half the battle for consumers, as the cars they drive are increasingly becoming connected as well. Car manufacturers have different OEMs when it comes to displays and in-vehicle digital storage, meaning that all devices in a connected car may not use end-to-end encryption. Code scanners can interrupt critical functions and if you look further into automotive IoT security you’ll find that many parts of a vehicle that have been around for years--like the OBD2 port for engine diagnostics and on-board computers--could potentially be decrypted and injected with malware.

CB Insights has identified 78 private companies at the intersection of cybersecurity and connected hardware, which includes: critical infrastructure, mobile phones, connected devices, enterprise endpoints, and connected cars.

The breakdown of categories is as follows:

Critical Infrastructure: Startups in this category include Indegy which provides real-time situational awareness, visibility, and security for industrial control systems used across critical infrastructure, including energy, water utilities, petrochemical plants, manufacturing facilities, etc. Similar companies such as CyberX can detect network anomalies by analyzing the operational behavior of industrial internet networks using Big Data and Machine Learning. The company Bastille Networks is among the more unique startups in this category, with a product that scans air space to provide visibility into RF-emitting devices. Bastille has broad implications across the connected hardware cybersecurity market.

Mobile Phones: Companies in this category include three unicorns valued at $1B+. They are: Okta which offers cloud-based identity management and mobility management services, Lookout which is a smartphone security company for the Android and iOS platforms, and Avast Software which offers security and privacy solutions also for iOS and Android.

Connected Devices: Included are companies like Mocana which secures IP addressable devices as well as the information, applications, and services that run on them. Companies in this category also include MedCrypt which offers the ability to manage all of the digital keys needed for users to securely access medical devices.

Enterprise Endpoints: Startups like the unicorn Tanium offer a systems management solution that allows enterprises to collect data and update endpoints across networks. Another unicorn in this category is Cylance, which operates in defense of enterprises’ endpoints by applying artificial intelligence algorithms to predict, identify, and stop malware and advanced threats.

Connected Cars: Argus Cyber Security enables car manufacturers to protect technologically advanced connected vehicles from malicious cyber attacks.

The full company list is here.