“Tell me and I will forget, show me and I may remember, involve me and I will understand” – these are great words of wisdom from Confucius. While I was trying to learn Internet of Things, I felt initially that Internet of Things (IoT) as a concept is difficult to understand, unless you really use and perceive it. It is the buzzword though, and is expected to be the “in” thing in the near future. For instance, take the definition of Internet of Things “The Internet of Things (IoT) is a scenario in which objects, animals or people are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.” Isn’t it intriguing or confusing?
Not really if we delve deeper. The ‘Thing’ refers to different devices or components (digital in nature), some of those could be unheard as of today. With a new set of IPv6 addresses being made available, a large range of IP addresses would be available on the internet and those could be utilized for a host of miniaturized components, in addition to today’s computing devices such as Personal computers, laptops, notebooks, tablets and smart phones. Let us imagine scenarios where an IP address is allotted to a person with heart monitor, or a car with sensors to alert the driver when the tyre pressure is low. Let us think of ways of connectivity wherein the doctor would be alerted if the heartbeat of the patient goes beyond a threshold. There are number of such opportunities, to pursue for a broader connected global ecosystem – the IoT.
However, isn’t this a rehashing of existing usage of similar communication methodologies? If you look at sectors in manufacturing, and power, oil and gas utilities, they have in-built distributed and automated communication systems. For example, there are level sensors or thermostats in different machines in a Thermal Power Plant with set parameters. So, if the temperature goes above a particular value, in a lubricating unit of a pumping motor, motor could be stopped with an alert or a valve for the coolant is opened to cool down the motor. There are innumerable such examples. Even in the 1980s, a Coke Machine was connected on the internet at Carnegie Melon University. The programmers used to connect to the machine over the internet, check the status of the machine, and decide whether there would be a cold drink available at the machine for them to pick up.
So, the thoughts / applications are not new, but the usage of Internet to be a backbone of such activities carrying all the different forms of data is itself humongous. The need for endpoints /sensors to be “digital” and “secured”, facilitating storage, analytics, sharing and usage of data is an important consideration. Also, with the increasing usage of devices over the internet, requirement for cloud computing would increase with large servers / datacenters globally handling the huge data in a secured manner.
The vision of Internet of Things has also improved focus of companies on smart components and devices like smart wearable, smart watches, smart phones, self-driving cars and industrial endpoints. The need for investigating whether the current forms of network would be sufficient has increased. So, following types of networks can be visualized in the future:
- BAN (body area network): the smart eye glass or lens, the smart heart monitor, the smart hearing aide, the smart t-shirts, are all part of this network.
- LAN (local area network): already exists in your office, but would get extended to cover your homes as well, e.g the smart meter as a home interface
- WAN (wide area network): today a WAN covers enterprises, but would get extended to connect bikes, cars, trains, buses, drones, etc.
- VWAN (very wide area network): these would help by building the ‘wise’ city as e-gov services everywhere and not localized in offices across the city.
As the IoT would affect our lives in the future, making them automated, driven by data, there would be security issues as well. Let us, for example, consider a smart robot doing an operation or surgery and collecting and sharing data over the internet to a Doctor for any feedback. Also, let us assume that an intelligent hacker invades this network and alters the data. Such data change would cause the operation to fail as the doctor would be misguided by such data causing incorrect actions or diagnosis.
Security is therefore of utmost importance for IoT. Hackers writing malicious code could penetrate the Internet network causing enormous loss of revenue and goodwill, besides causing physical harm or accidents. They could collect personal data and use them in various ways across the internet causing much harm.
Security is to be addressed throughout the device lifecycle in different ways. Here are some areas:
- Secure booting: Is the device secured while powering on? A cryptographic digital signature verification on the specific software to run here would be required, so as to prohibit malicious intents.
- Access control: Different levels and multiple types of access control would be required to the devices.
- Device Authentication: Any device plugged in or using the Internet would require authentication before receiving or transmitting data.
- Firewalling and IPS: This would be built in each device to ensure that the data required only by it is terminated and filtered into it.
- Updates and Patches: Once the device is on the Internet, it would receive updates and patches from time to time. Patch management would be done in a secured manner so that no other unwanted patch, is updated.
The challenges to building security in IoT are high and would require considerable time and effort for implementation. Also, IoT as a concept is in its infancy, in visioning stage and would take some time for maturity.
I believe the next decade, would let us see the world transform in a big way, a connected world with a wide assortment of smart products and smart initiatives. The Government and very big IT companies in the private sector have their bit to contribute, with core investment and their technical expertise – a common framework needs to be established. Smaller companies with lower investment would be a value add applying their research to build smart products or devices with rich and intelligent interfaces fitting IoT. With all the work still pending, I believe, this transition to IoT platform would require a span of 5 to 10 years of fruitful research and development, to be able to provide the infrastructure in a “fully secured” manner.
