With humongous amounts of data available on IoT devices in real-time, the connected world has become both exciting and challenging. Systems that prevent access to this data by unauthorised persons have become crucial. A few security principles have been spelt out to ensure a smart home that runs on connected devices is not invaded. Also, some very interesting trends are shaping the future of IoT solutions.
The Internet of Things (IoT) is dominating multi-disciplinary solutions in sectors like retail, manufacturing and healthcare. IoT services share data in real-time which is analysed and used for business processing. But for smarter solutions that span different industrial sectors, this may not be enough and unconventional solutions like Internet of Digital (IoD) and Internet of Humans (IoH) are needed.
Internet of Everything (IoE) is the amalgamation of IoT, IoD and IoH. It helps to create a connection between people, smart devices and organisations, and is driven by four principles – people, data, things and process. New age architecture for interdisciplinary application design needs a ‘boundaryless’ approach. For example, an end-to-end solution for retail stores requires financial services, retail store monitoring services, order processing to manufacturing units, and inventory management.
Internet of Digital is the group of data service applications that handle social networks, media services, data analytics, and cloud platforms, simply termed as SMAC (social, mobile, analytics and cloud). Internet of Humans deals with the smart devices that interact with humans like smart wristbands and connected medical devices to monitor and collect various datasets. These can be used for remote patient monitoring using cloud-based platforms or remote health advisory solutions through contact centre AI services.
Internet of Everything (IoE) is an emerging technology and requires costly infrastructure. However, smart ready-to-use IoE services are the future.
Here are the top 10 popular use cases of Internet of Everything (IoE).
Smart cities
Industrial automation
Energy management
Healthcare
Retail and supply chain management
Agriculture
Environmental monitoring
Connected cars
Personal safety and security
Entertainment and gaming
To address this, AWS has developed Timestream, which is a fast, scalable, serverless time series database that performs 1000 times faster than an RDBMS and costs one-tenth of the traditional database platforms. Timestream can store and analyse millions and trillions of events in real-time from IoT sources and can be integrated with SageMaker or QuickSight for analytics, visualisation or processing time series data.
Timestream is serverless and scalable, with an auto-scaling facility to ensure high availability with low cost and optimal resource usage. It can help manage the entire data life cycle. Timestream has a memory store for faster processing of the latest data and magnetic store for low-called historical data. Timestream provides encryption at rest and at motion, and allows key management service (KMS) based customer managed key (CMK) to encrypt historical data (in magnetic stores).
A built-in time series function enables quick analysis of time series data using SQL queries or to interpolate, aggregate and derive metrics in real-time. The data in memory operation is backed up automatically in s3 bucket for safety.
We now look at the top 8 IoT security principles that have been laid down keeping modern security threats and vulnerabilities in mind.
No universal passwords
Concept: Moving away from a single password for all devices. Each device should have a unique and strong password or use alternative authentication methods like biometrics (fingerprint scan) or multi-factor authentication (MFA).
Real-time example: Imagine a home with multiple smart devices, where each device, like the smart lock, thermostat, and camera, has its own unique password or requires fingerprint verification for access. This prevents a single compromised password from granting access to all devices.
Secured interfaces
Concept: Securing communication channels between devices, gateways, and the cloud using strong encryption protocols like TLS/SSL. This protects data from eavesdropping and tampering during transmission.
Real-time example: A fitness tracker transmits workout data to a smartphone app. Data encryption ensures only authorised devices can access the data, safeguarding sensitive health information.
Proven cryptography
Concept: Implementing established and well-tested cryptographic algorithms for encryption and decryption of data. This ensures the confidentiality, integrity, and authenticity of data throughout its life cycle.
Real-time example: A smart home hub uses AES-256 encryption to secure communication between connected devices and the hub. This industry-standard algorithm makes it incredibly difficult for attackers to decipher the data.
Security by default
Concept: Devices should be shipped with security features enabled by default, requiring no manual configuration by users. This simplifies security for non-technical users and ensures a baseline level of protection.
Real-time example: A new smart speaker comes pre-configured with strong password requirements and automatic software update functionality. This eliminates the risk of users leaving the device vulnerable with weak passwords or outdated software.
Signed software updates
Concept: Updates should be digitally signed by the manufacturer to verify their authenticity and prevent installing malicious firmware disguised as updates.
Real-time example: A notification appears on a smart TV prompting for a software update. The update is digitally signed by the manufacturer, assuring users it’s legitimate and not a tampered version.
Software updates applied automatically
Concept: Devices should automatically download and install security patches whenever they become available. This ensures devices are always protected against the latest vulnerabilities.
Real-time example: A smart thermostat automatically downloads and instals a security patch that addresses a recently discovered vulnerability in its software. This eliminates the need for manual intervention and ensures timely protection.
Vulnerability reporting scheme
Concept: Establishing a clear and accessible channel for users and researchers to report discovered vulnerabilities to manufacturers. This allows for prompt identification, investigation, and patching of vulnerabilities.
Real-time example: Security researchers discover a vulnerability in a popular smart home camera brand. They report the vulnerability through the manufacturer’s dedicated vulnerability reporting portal. The manufacturer promptly investigates, develops a patch, and releases it to all users.
Security expiration date
Concept: Assigning a life span to the security capabilities of a device. Manufacturers should clearly communicate when a device will no longer receive security updates or support, allowing users to make informed decisions about continued use or replacement.
Real-time example: A manufacturer announces that a specific model of smart sensors will no longer receive security updates after a certain date. Users are advised to upgrade to newer models with ongoing security support to maintain protection against evolving threats.
By adhering to these principles, manufacturers and users can work together to create a more secure IoT ecosystem, mitigating the risks associated with connected devices and protecting sensitive data in today’s ever-evolving threat landscape.
A secure smart home is a living space that leverages the convenience and security benefits of interconnected devices while prioritising data protection and minimising vulnerabilities. In a smart home, security is a top priority. Here’s what it entails:
Network router and firewall: This acts as the central control point for your network traffic. A good firewall filters incoming and outgoing data, blocking unauthorised access attempts.
Smart hub (optional): This centralises communication between various IoT devices and serves as a control centre for your smart home ecosystem. Choose one with robust security features.
IoT devices: Smart lights, thermostats, locks, cameras, and more – these are the gadgets that bring intelligence to your home. Ensure each one has strong security capabilities.
Intrusion detection/prevention system (optional): These systems actively monitor your network for suspicious activity and can take steps to prevent cyberattacks.
Mobile app: This application allows you to control your smart home devices remotely. It should be secured with strong passwords and multi-factor authentication.
A few principles must be adopted to ensure the security of your smart home.
Here are two examples of how this is put into practice.
Scenario A: You purchase a smart lock.
Secure architecture: The lock connects to your secure home network with a unique password and MFA enabled for access.
Explanation: This prevents unauthorised access attempts, even if someone discovers the password.
Scenario B: You have a smart camera system.
Secure architecture: The cameras connect to your secure network, and the video feed is encrypted during transmission. The cameras receive automatic security updates and have tamper-evident seals.
Explanation: Encryption protects your video data from prying eyes. Updates keep the cameras patched against vulnerabilities. Tamper-evident seals alert you if someone tries to physically tamper with the cameras.
As technology evolves, exciting trends are shaping the future of IoT solutions, paving the way for a more connected and intelligent world. Here’s a breakdown of these trends with the latest real-time examples.
Integration of AI and ML
Trend: Artificial intelligence (AI) and machine learning (ML) are becoming embedded within devices, enabling them to analyse data, identify patterns, and make intelligent decisions in real-time.
Real-time example: Predictive maintenance in buildings: Sensors on HVAC systems collect data on temperature, pressure, and vibration. AI algorithms analyse this data to predict potential equipment failures before they occur, preventing costly downtime and ensuring efficient building operations.
Rise of edge and fog computing
Trend: Shifting data processing closer to the source of data collection, at the ‘edge’ or ‘fog’ of the network. This reduces latency (delay) and improves efficiency for real-time applications.
Real-time example: Smart Retail: Cameras and sensors in stores track customer behaviour and product interactions. Edge computing allows for real-time analysis of this data to optimise store layouts, personalised product recommendations, and improve customer experience.
Blockchain for enhanced security and transparency
Trend: Blockchain technology, known for its secure and decentralised ledger system, is finding application in IoT to ensure data privacy, tamper-proof records, and secure transactions.
Real-time example: Food traceability: Sensors on food packaging monitor temperature and location throughout the supply chain. Blockchain stores this data securely, providing consumers with transparent information about the origin and journey of their food, improving food safety and reducing fraud.
Increased focus on interoperability and standardisation
Trend: The need for seamless communication and data exchange amongst devices from different manufacturers is driving efforts towards standardised protocols and interoperable platforms.
Real-time example: Connected cars: Different brands of cars are now incorporating standardised protocols like V2X (vehicle-to-everything) communication, allowing vehicles to communicate with each other and roadside infrastructure, improving traffic safety and facilitating autonomous driving capabilities.
Low-power wide area networks (LPWAN) for broader reach
Trend: LPWAN technologies like LoRaWAN and NB-IoT enable long-range communication with low power consumption, allowing for deployment of IoT devices in remote locations or battery-powered applications.
Real-time example: Environmental monitoring: Sensors in remote areas can monitor air quality, water levels, and other environmental factors using LPWAN networks. This enables real-time data collection and facilitates informed decision-making for environmental protection and resource management.
Emphasis on security and privacy
Trend: As the number of connected devices explodes, security and privacy concerns are paramount. Manufacturers are focusing on robust security protocols, data encryption, and user control over data collection and usage.
Real-time example: Smart wearables for healthcare: Fitness trackers and smart watches that monitor health data incorporate strong encryption to protect sensitive health information and provide users with control over who can access their data, ensuring privacy and reducing security risks.
About The Author
More Stories
The Shift in Peering Threatening the Internet’s Foundations
Remembering Alan Barrett: A Builder of the African Internet
From Email to Case Study: What We Learned About Connecting Refugee Communities in Just One Year