Challenges for Mass Adoption of IoT – Security and Standardization

The world of Internet of Things (IoT) fascinates me for its potential to impact everyday life by extracting the immense power hidden within data and inference based actions. IoT infrastructure is a complex dynamic network of diverse intelligent devices, leading to interoperability and privacy issues. Data could be very privy and the implications of misuse so high that this disincentivizes users. The scale of deployment and diversity of devices, data types and infrastructure demands a strong standard for effective deployment and economics. As a solution architect, I would like to discuss the security risks and maturity of existing standards and possible solutions for a meaningful IoT solution.

Internet of Things devices and services comprise of data collection, analysis and inference based actions. The value IoT brings is through the scale of solution, something like economies of scale in a business sense. A set of sensors monitoring human lives might help in reducing health care costs through early warning, or a set of sensors inside vehicles can help reduce traffic jams and create an efficient transport system, thereby reducing fuel costs. Two concerns that stand out among others for IoT implementation are data security and inter-operability. Who among the entrenched solution provides contributes how much to provide the required data security? Is it the silicon vendor, network infrastructure provider, or data aggregator and analyzer? How much between hardware and software? Does the cost of security displace the value of IoT? These questions are only partially answered today. Silicon vendors provide security solutions like AES encryption, dedicated security controllers, secure boot, turnkey authentication solutions etc. Network infrastructure providers provide security solutions like reputation analysis, malware protection, and cyber security across network, endpoints, web and email. Additional security solutions include secure booting, access control, device authentication, firewall and deep packet inspection, secure updates and patches.

Research anticipates that there will be 212 billion connected devices by 2020. Whatever the numbers, this scale requires strong standards and process for a meaningful implementation without cacophony. Some of the questions that need to be addressed are how deep should the standard go? Should the inter-operability be at the physical layer or upper layers?

There are multiple consortia backing different standards and technologies. AllSeen Alliance backed by Microsoft, Qualcomm and Panasonic provides a secure, programmable software and services framework for applications with connectivity over WiFi, WiFi-Direct, Ethernet, Powerline, Bluetooth LE, 6LoWPAN, ZigBee, and Z-Wave for platforms like Android, iOS, Linux, OpenWRT, Windows, and OS X. It also backs the AllJoyn open source alliance. OIC lead by Intel, Broadcom, Dell and Samsung drives standards for interoperability across all IoT devices. OIC releases open source frameworks like IoTivity and reference implementations. Thread driven by Google’s Nest, Samsung, ARM, Silicon Labs and Freescale is driving towards a standard for smart homes based on 6LoWPAN. Apple’s HomeKit is driving a “Made for iPhone” standard based on Zigbee or Z-Wave. In addition to these, there are consortiums like IIC, IETF, ETSI, IEEE and ITU that are contributing to standardize IoT. Proprietary visions of IoT from Apple, Google, Cisco etc. also does not help. We need to find the right mix of security and standards for a feasible and fool proof IoT implementation. We should discuss this in the context of deploying IoT solutions for real life problems like irrigation and traffic congestion from an Indian context where value for money is important. Finally, it looks like a mix of open source standards and industry standard technologies will enable a stable solution. IoT brings a lot of hope, but has the technology matured to deliver a solution and make money for the entrenched while bringing value to the user? Why do silicon vendors seem to be backing out? This is what we need to explore.

Can we answer these questions?

1.) A gauge of complexity of IoT implementation and possible solutions.
2.) How much is a silicon vendor geared to the task?
3.) How much can a solution provider bet on the existing technologies?
4.) IoT implementation from an Indian perspective.
5.) Does IoT make true sense?

*Published in EE Times India