Posts Tagged ‘iot’
A New Hope for IoT Security?
With the constantly rising number of connected devices also rises the number of IoT-based cyber-attacks, such as when the Mirai botnet launched one of the largest and most powerful distributed denial of service (DDoS) attacks on DNS provider Dyn and its customers, temporarily rendering services like Twitter, Reddit, and Spotify inaccessible.The situation has become so bleak that the US Congress even proposed an Internet of Things Cybersecurity Improvement Act to force the manufacturers of connected devices, such as webcams, printers, light bulbs, or home routers, to comply with what the regulators call minimal cybersecurity operational standards for IoT devices.
Currently, statistics show that there are approximately 20 billion connected devices worldwide, and some, such as ARM and SoftBank Chairman Masayoshi Son, expect a trillion connected devices by 2035. But unless IoT security fundamentally improves, we could be headed toward what can only be described as IoT apocalypse.
“These attacks have highlighted the very real need for better security measures to be implemented, throughout the value chain of connected devices, covering high-level infrastructure, such as energy supply and connected vehicles to low-cost devices, such as webcams and smart lighting. Breaches in security present a host of issues for those operating in the IoT. Leaks in confidential information, theft of personal data, a loss of control of connected systems and the shutting down of critical infrastructure, all represent major areas at risk,” states ARM on its community blog.
Considering how many IoT devices are built on the ARM architecture, which is known for its remarkable efficiency, and considering that the British multinational semiconductor manufacturer expects to have shipped 200 billion ARM-based chips by 2021, it’s easy to see why ARM might be interested in taking IoT security into their own hands to ease some of the concerns legislators and the general public already have.
Recently, almost exactly a year after Masayoshi Son announced his vision for a trillion connected devices by 2035 at Arm TechCon, ARM announced its open source Platform Security Architecture (PSA), which is described as an holistic set of threat models, security analyses, hardware and firmware architecture specifications intended to serve as a secure foundation for connected devices.
Some of the biggest names in the industry are already supporting PSA, including Google, Microsoft, Cisco, Vodafone, Symantec, SoftBank, and Alibaba, just to name a few.
According to Paul Williamson, vice president and general manager of IoT Device IP at ARM, “The growing number of devices being connected to the internet need to be secure without sacrificing the very diversity which make them innovative and unique. ARM chief system architect Andy Rose and his team made sure this was top of mind when developing PSA through analysis of devices and best practices for securing them.”
As such, PSA delivers hardware and firmware architecture specifications, built on key security principles, defining a best practice approach for designing endpoint devices and a reference open source implementation of the firmware specification, called Trusted Firmware-M, which is designed to work with the company’s ARMv8-M processor architecture. Trusted Firmware-M is scheduled for release in early 2018.
According to Naked Security, Trusted Firmware-M makes possible:
- A proper root of trust.
- A protected crypto keystore.
- Software isolation between trusted and untrusted processes.
- A way of securely updating firmware.
- Easy debugging down to chip level.
- A reliable cryptographic random number generator.
- On-chip acceleration to make crypto run smoothly.
Considering how many major industry players already stand behind ARM’s effort, it seems that the release of Trusted Firmware-M in early 2018 could be the tipping point that so many of those who have been preaching about the growing need for improved IoT security have been waiting for.
The last few years proved that IoT vendors cannot be relied on when it comes to securing their products as the entire world witnessed the consequences of poor security practices such as including weak default passwords in hardware or never releasing security updates to patch critical vulnerabilities.
ARM’s bottom-up approach to IoT security seems like the only reasonable way to go at this point, providing a strong incentive for IoT vendors to build their products using ARM’s cost-effective, scalable, easy-to-implement security framework.
“The value of the ARM ecosystem is to provide diversity and choice to end-customers, and this benefit extends to the IoT and its broad range of technologies and providers. ARM recognizes this potential, alongside the risks that threaten the devices, systems, and infrastructures operating within the IoT. PSA provides the common framework for the ecosystem, from chip designers and device developers, to cloud and network infrastructure providers and software vendors,” states ARM.
The Emerging Category of Invisible Devices
According to the International Data Corporation (IDC), 102.4 million wearable devices were shipped in 2016, and the wearable market is expected to double by 2021. But one wouldn’t have guessed that the popularity of wearables is on the rise after attending the 2017 GSMA Mobile World Congress, which is a combination of the world’s largest exhibition for the mobile industry and a conference featuring prominent executives representing mobile operators, device manufacturers, technology providers, vendors, and content owners from across the world.The winner of the Best Wearable category at MWC 2017 was the Huawei Watch 2, which is a sporty smartwatch aimed predominantly at men. While excellent in many ways, the Huawei Watch 2 isn’t exactly a groundbreaking departure from all other bulky sports smartwatches, which have been dominating the wearable world for the past few years.
The Huawei Watch 2 feels like a wearable piece of technology first and a watch second. Even people who are used to wearing a watch all the time might find it difficult to get used to the extra weight or the daily charging, not to mention the complicated synchronization with other devices. That might explain why fewer consumers use their wearables daily over time, as stated in a report from PwC. Wearables simply still feel too unnatural to become habitual or part of our daily routines.
“I don’t know about you, but when I’m adorning myself with wearable technology, I like it to feel natural. By that, I mean seamlessly integrated, so instead of being conscious that I’m wearing tech, I ideally want to reap the added bonus that it brings while not wearing any additional item: invisible, perhaps,” summarizes the problem Forbes contributor Lee Bell.
Thankfully, it seems that the wearable industry has recognized the need for seamlessly integrated wearables because a new category of smart gadgets is emerging, and the name of this category is “invisibles.”
As the name suggests, invisibles are so well-integrated that the users are not even aware of them unless they are actively taking advantage of the features they provide. Even though most invisibles that are currently available still focus mainly on the fitness market, there have already been several releases of invisible wearables that do other things besides heart rate monitoring.
Under Armour Gemini 3 RE Smart Shoes
The Under Armour Gemini 3 RE are smart shoes with a built-in motion sensor that tracks, analyzes, and stores virtually every running metric, synchronizing wirelessly with the UA MapMyRun smartphone application. The shoes can take advantage of a smartphone’s GPS sensor for even more comprehensive tracking, but they can also work on their own. Besides being packed with advanced electronic components, the Under Armour Gemini 3 RE also feature the innovative UA SpeedForm construction molds to the foot for a precision fit and the Threadborne midfoot panel for distinct style and enhanced ventilation. The shoes are available for $119.99 in two colors through Under Armour’s official website.Nokia Steel HR
Most modern smartwatches have one thing in common: they don’t look like traditional watches. They either fall into the same category of fitness-oriented products as the aforementioned Huawei Watch 2, or they go for the elegantly futuristic look of the Apple Watch. The Nokia Steel HR smartwatch is different, though. Featuring a traditional watch movement along with a small LCD display, the Steel HR shows all the information you might expect a smartwatch to show, including heart rate, number of steps, distance, calories burned, and alarm time, but without the annoying need for daily charging. The watch is also water resistant up to 50 meters and comes with a stylish black watchband that makes it look just as good when worn with jeans as it does with dress pants.JBL UA Sport Wireless Heart Rate Headphones
Under Armour have teamed up with audio experts JBL to produce a pair of wireless fitness-oriented headphones with a built-in heart rate monitoring functionality. Thanks to the ability of the JBL UA Sport headphones to monitor heart rate, users can receive updates for things like pace, distance, and heart-rate zones without looking at the display of a smartphone or smartwatch, which can be distracting and sometimes even impossible when in the zone. The heart rate monitoring functionality aside, the JBL UA Sport headphones offer excellent sound quality, good seal, and maximum comfort for daily listening. The headphones are water and sweat resistant, as fitness headphones should be, and they last up to 5 hours with audio and heart rate enabled on a charge.Myontec Mbody Connected Shorts
The Myontec Mbody connected shorts boast the most comprehensive and advanced training system available, featuring an array of sensors that capture heart rate, cadence, speed, distance, and other conventional performance. The sensors can also perform muscle overload analysis, determine training readiness based on warm-up monitoring, and analyze for imbalance and injury prevention. The shorts have been designed with the needs of cyclists, duathletes, and triathletes in mind, which is reflected in the use of 3D elastic compression textile by Carvico Revolutional, a leader in the national and international textile market. Unlike conventional sports shorts, the Myontec Mbody can be connected to a smartphone via Bluetooth and paired with the Mbody Live app, which is available for iOS and Android.Coros LINX Smart Bicycle Helmet
Modern cycling helmets already do many things to make cycling safer and more enjoyable, but they don’t help cyclists maintain a sharp focus on the road ahead. Every year, thousands of cyclists suffer serious and sometimes even fatal injuries because they use a smartphone for GPS navigation and communication. The Coros LINX smart helmet features wireless connectivity, allowing cyclists to wirelessly connect their helmet to their smartphone to listen to their own music, take phone calls, talk to fellow riders, and hear navigation and ride data through the helmet’s open-ear Bone Conduction Technology and a precision wind-resistant microphone. The helmet is available in four colors and two sizes.Levi’s Commuter Trucker Jacket
Levi’s Commuter Trucker Jacket is the first mass-produced article of clothing to feature Jacquard by Google, the first full-scale digital platform created for smart clothing that allows clothing manufacturers to add a new layer of connectivity and interactivity to everything from jackets to shoes to bags. In the case of the Levi’s Commuter Trucker Jacket, touch-sensitive fabric is woven into the sleeve, and the remaining electronic components are incorporated into the design of the jacket in such a way that the jacket is washable and virtually indistinguishable from ordinary jackets. When paired with a smartphone, the touch-sensitive sleeve makes it possible to control music, navigation, or phone calls.Conclusion
Together, all the invisible wearables described above demonstrate that consumers are interested in modern technology and its numerous benefits, but want to get them in a form that more seamlessly fits into their daily lives. As companies continue to develop new, more advanced textiles and sensors, we will likely see a boom of invisibles and the emergence of many never-before-seen smart products.
Machine-to-Machine (M2M) Communications and IOTA
Humans are not the only users of the Internet. Billions of machines need to deliver and process information in real time, and the Internet allows them to do just that. In 2011, the machine-to-machine (M2M) market was worth $200 billion, and the latest Machina Research report predicts that it will grow to $1.2 trillion by 2022. The question is what’s behind this growth and how does the future of machine-to-machine communications look like.Machine-to-Machine Communications in the IoT Era
Originally, the term machine-to-machine communication referred to two machines exchanging data without human interaction. Examples of such machines include industrial sensors, power switches, and various interconnected pieces of our modern infrastructure.Over time, machines have gained the ability to communicate wirelessly and become exponentially more capable. They’ve also taken on new roles and moved from warehouses and manufacturing facilities into our homes and offices. This shift is most notably reflected in the emergence of the term Internet of Things, or IoT.
The terms M2M and IoT are very similar to each other in their meaning, but IoT conjures up the image of Internet-enabled smart devices, such as light bulbs and thermostats, accessible via smartphone apps and producing heaps of data transmitted to the cloud for analysis. Most importantly, IoT devices are user-oriented, whereas many machines participating in machine-to-machine communication are often meant to interact only with one another.
The Rise of Machine Economy
As the number and the complexity of Internet-connected devices increases, a fascinating vision of a future where machines not only communicate with one another over the Internet but also trade resources emerges.In this new machine economy, a security system could autonomously purchase cloud computational capacity or storage space as needed, and an electric smart car could automatically charge from the grid without ever bothering the owner with low-battery alerts.
“Imagine you’re on the tennis court and your smart racket notices that your tennis balls have lost inflation. The racket, which has been tracking your swing performance and sending the data to your smart devices, decides to order and pay for three more balls from the auto-roving ball dispenser. Your device also determines that the auto-rover is using your favorite open source code, so it makes a small extra donation to the rover to help support future development via smart contract,” imagines how machine economy could look like in practice Russell Moore, an innovation director at TSYS and an advisor for the Technology Association of Georgia.
IOTA as the Currency of Machine Economy
All this communication and transactions exchanges between machines will need to happen in real-time, with zero fees, and in a secure fashion. That’s where IOTA, a new cryptocurrency that focused on M2M transactions, comes in.IOTA offers an infinitely scalable distributed ledger, called Tangle, that enables zero-cost transactions in real-time and even when offline. Machines can connect to this ledger to “trade exact amounts of resources on-demand, as well as store data from sensors and data loggers securely and verified on the ledger,” IOTA developers explain on the official website.
“While the whole world has adopted the ‘sharing economy’ in areas like driving and accommodation, IOTA enables a whole new realm where anything with a chip in it can be leased in real time. Most of our belongings stay idle for the vast majority of time that we possess ownership of it, but through IOTA a lot of these things like appliances, tools, drones, e-bikes, etc. and resources such as computer storage, computational power, Wi-Fi bandwidth, etc. can be turned into leasing-services effortlessly.”
Whether IOTA’s vision of the future is exciting or frightening is up to every individual to decide, but the fact is that it’s coming faster than many experts would imagine just a few years ago. In fact, the infrastructure is already here and working. Now it’s up to developers and the manufacturers of smart devices to build on it.
Edge Computing: The Future of The Internet of Things
During 2017, Gartner expects the total number of Internet of Things (IoT) devices to grow by 31 percent. Currently, most of these devices are connected to the cloud, but that may change soon as enterprises will find it increasingly difficult to meet the computing demands of modern IoT devices and connected applications.The cloud, the technology that has made it possible to move processing for large in-house data centers and individual devices to infinitely scalable infrastructures owned by third-party companies, such as Microsoft, Google, and Amazon, isn’t without its limits.
Privacy conscientious enterprises don’t like sending all their data outside their premises with no control over what exactly they send and what they keep to themselves or delete altogether. Developers of data-driven intelligent applications require nearly real-time data processing with a single-digit latency—something that the cloud and the current wireless technologies can’t easily provide.
A new enterprise infrastructure is emerging, and industry experts expect that it will become the most preferred architecture for IoT solutions. “The next big thing for enterprise IT comes in the form of edge computing—a paradigm where compute moves closer to the source of data,” writes Janakiram MSV, an analyst, advisor and an architect at Janakiram & Associates.
“Edge computing is a new paradigm in which substantial computing and storage resources—variously referred to as cloudlets, micro datacenters, or fog nodes—are placed at the Internet’s edge in close proximity to mobile devices or sensors,” explains The Emergence of Edge Computing paper by Mahadev Satyanarayanan from Carnegie Mellon University.
The edge is an exciting place full of sensors, modules, actuators, including GPS receivers, valves, motors, temperature and light sensors, and others. These devices receive instructions from applications running in the cloud, and they, in turn, gather various data, creating a complete feedback loop.
With edge computing, the data gathered by edge devices is sorted into two broad categories: hot and cold. Hot data are critical and should be processed as soon as possible. On the other hand, cold data can be processed with a substantial delay because they contribute only to long-term analytics based on historical trends moves.
Because hot data should be processed instantaneously, it makes sense to leverage the computational power of the edge itself, instead of sending them to a public cloud. The processing could be performed by a smart car, a smartphone, or a home automation system. It will be up to complex event processing engines to decide whether to process data locally or let the cloud infrastructure handle it.
Benefits of Edge Computing
Enterprises currently face many problems when running data-centric workloads in the cloud. Even with a direct fiber optics connection, latency is limited by the speed of light. For systems where a few milliseconds could mean the difference between life and death, such as self-driving cars, edge computing is the obvious way how to minimize latency as much as possible.When the bulk of data generated by edge devices is processed locally, at the edge, the overall bandwidth demand into the cloud is considerably lower. Security video cameras tend to be extremely bandwidth-demanding even though the video footage they capture is usually stored only for a few hours and rarely seen by a human being. This video footage could be stored and analyzed locally, with only metadata being sent to the cloud.
Because edge computing allows enterprises to retain sensitive data on-premises for as long as they want, it addresses growing concerns over data privacy arising from IoT system centralization. It would be up to each enterprise to set privacy policies that govern the release of the data to the cloud.
Finally, the ability of the edge to function independently of the cloud makes it much more resilient to network outages and malicious denial-of-service attacks. As more cities around the world become smarter than ever, they will have to make security one of their priorities to ensure safety and privacy of their residents.
Conclusion
The benefits of edge computing are numerous, but so are the technical challenges. The current edge comprises of countless devices with distinct roles, and managing them in a centralized way seems almost impossible. More realistically, a new generation of connected devices will emerge and make the old generation obsolete.This presents us with the classic chicken and egg problem: How to convince companies to develop solutions for an infrastructure that’s not here yet. Just like with the web, the technology itself will have to be sufficiently appealing on its own to attract enough early adopters to reach a certain critical mass.