The Internet of Things — or IoT — is taking the IT sector by storm. Although it only boasted two billion systems in 2006, it's set to reach 200 billion connected devices by 2020 — and even more beyond that.

As companies and consumers all continue to explore the benefits of the IoT, one thing has become clear: the IoT needs proper encryption.

Given the sheer amount of online and network-oriented threats today — including everything from traditional viruses to advanced malware and malicious computer coding — data encryption is necessary to ensure the long-term success of the IoT.

Establishing these protocols while the IoT is still in its infancy will provide additional integrity to IoT-fueled projects and generate increased interest in the platform as a whole.

Overcoming the Roadblocks to Success

Modern society is well on its way to embracing the IoT for everything from industrial automation to in-home convenience, but there are two significant roadblocks to the platform's success.

1. Power Consumption

Today's IoT networks, which contain servers, access points and peripheral devices, consume enormous amounts of power altogether, but some tools require more power than others. 

While traditional network-level encryption tools are optimized for larger systems and infrastructure, they don't always scale down to smaller formats in an efficient or viable manner.

Developing a chip with higher energy efficiency and the ability to scale down minimizes the strain on current and local power grids and makes it easier to secure individual devices via existing encryption methods. 

2. Data Security

Consumers have received an enormous dose of reality in the 21st century. Those who haven't fallen victim to a cyber attack or hack probably know someone who has. The number of data breaches involving consumer information is troubling.

There are even rumors of foreign entities interfering with U.S. elections, including the 2016 election of President Donald Trump. Data security is in the spotlight now more than ever before, and it's a tremendous obstacle for the IoT to overcome.

However, a new chip manufactured by the team at MIT solves both of these problems. Not only does it focus specifically on public-key encryption — a straightforward and user-friendly method of modern encryption — but it also consumes 1/400 of the power of comparable chips.

It also uses 90% less memory than current chips, which lets researchers execute commands and complete processes up to 500 times faster.

Encrypting Consumer Data via Mathematics

The newest chip utilizes elliptic-curve encryption. It's a highly sophisticated, dominant form of data security often used in HTTPS connections. MIT's latest advancement efficiently breaks this system down for use on the individual devices that comprise the IoT.

As noted by the team at MIT, "cryptographers are coming up with curves with different properties."

The new chip is flexible enough to support all the known curves in use today, giving it maximum compatibility with different organizational and governmental standards. The team hopes to implement additional support for any future curves, as well.

Making Advancements in Artificial Intelligence

The team at MIT is also making headlines in the area of artificial intelligence (AI). Between self-driving cars and increased automation both in the factory and the home, AI is a hotbed of debate. Whether consumers are in favor of automation or against the idea altogether, one thing is for sure: AI-driven robots must operate by an acceptable set of ethical standards.

Just like encryption, it's a subject that invites multiple interpretation and solutions.

To spur development into the future of AI ethics and programming, MIT recently took a poll of the online public. By seeking the input of the average consumer, the school hopes to play an essential role in how next-gen robotics make decisions, prioritize tasks and interact with their human counterparts on a daily basis.

How MIT Is Safeguarding Our Future

Between the increased need for data security and sophisticated AI, IT experts have their work cut out for them.

The work of individuals and groups like the team at MIT is already making headway into these areas, but society is only at the beginning of what will likely become a long-term, complicated relationship with technology.

Image by Kevin Ku

The recent distributed denial-of-service (DDoS) IoT attack against DNS is a wake up call to how fragile the Internet can be.

The IoT attack against Domain Name Servers from a botnet of thousands of devices means it’s way past time to take IoT security seriously. The bad actors around the world who previously used PCs, servers and smartphones to carry out attacks have now set their sights on the growing tidal wave of IoT devices. It’s time for consumers and enterprises to protect themselves and others by locking down their devices, gateways and platforms. While staying secure is a never-ending journey, here’s a list of twelve actions you can take to get started:

1. Change the default usernames and passwords on your IoT devices and edge gateways to something strong.
2. Device telemetry connections must be outbound-only. Never listen for incoming commands or you’ll get hacked.
3. Devices should support secure boot with cryptographically signed code by the manufacturer to ensure firmware is unaltered.
4. Devices must have enough compute power and RAM to create a transport layer security (TLS) tunnel to secure data in transit.
5. Use devices and edge gateways that include a Trusted Platform Module (TPM) chip to securely store keys, connection strings and passwords in hardware.
6. IoT platforms must maintain a list of authorized devices, edge gateways, associated keys and expiration dates/times to authenticate each device.
7. The telemetry ingestion component of IoT platforms must limit IP address ranges to just those used by managed devices and edge gateways.
8. Since embedded IoT devices and edge gateways are only secure at a single point in time, IoT platforms must be able to remotely update their firmware to keep them secure.
9. When telemetry arrives in an IoT platform, the queue, bus or storage where data comes to rest must be encrypted.
10. Devices and edge gateways managed by an IoT platform must update/rotate their security access tokens prior to expiration.
11. Field gateways in the fog layer must authenticate connected IoT devices, encrypt their data at rest and then authenticate with upstream IoT platforms.
12. IoT platforms must authenticate each device sending telemetry and blacklist compromised devices to prevent attacks.

Keeping the various components that make up the IoT value chain secure requires constant vigilance. In addition to doing your part, it’s important to hold the vendors of the IoT devices, gateways and platforms accountable for delivering technology that’s secure today and in the future.