Welcome!

IoT Expo Authors: Roger Strukhoff, Pat Romanski, Liz McMillan, Kevin Benedict, Elizabeth White

Blog Feed Post

The Internet of (Secure) Things – Embedding Security in the IoT

By

We’re seeing a glimmer of the future – the Internet of Things (IoT) – where anything and everything is or contains a sensor that can communicate over the network/Internet. The underlying technology enabling IoT is Machine-to-Machine (M2M) communications. Your running shoe tracks your workouts, sending the data to a mobile app. Your wristband tracks your daily activities, including sleep patterns. Your smartphone controls your television. Your tablet displays recorded videos from your home DVR, anywhere in the world. Your refrigerator tracks your food consumption and contacts a nearby grocery store to restock (someday delivered by drones!) Your car self-tunes and in the future may self-drive and be aware of your schedule (so will self-start and adjust the environment when it’s time to go to work). These are examples of consumer-oriented sensors and devices, but that has occurred in parallel with business, professional, infrastructure, government and military applications. Here are some examples…

Healthcare: Think of medical devices and how they’ve progressed – pin pricks for testing blood sugar to diabetes pumps to contact lenses that can monitor your blood sugar. Pacemakers can report statistics on your heart to doctors and hospitals.

Homes/Offices: Companies and utilities are building sensors into major appliances and HVAC systems. You can opt-in to smart metering so that a utility can load balance energy distribution. That capability is starting to reach into the home, with NEST thermostats and smoke detectors for example. Security alarm systems have communicated with operations centers and police for a long time, but now allow monitoring and control from your smartphone. These smart home technologies are also being applied to smart office buildings. Sensors throughout a building monitor power demand, air temperature and moisture, light levels and external factors (e.g. weather reports). That data is integrated with the building control system and room schedules to optimize energy consumption.

Transportation: For automotive vehicles, there are speed and red-light cameras, EZ Pass toll payments, bridge stress sensors, and traffic management systems outside the vehicle. Inside, there are diagnostic monitors, heads-up displays, adaptive cruise control, and integration with smartphone or in-vehicle GPS/mapping systems. Similar sensor systems exist for rail, sea and air transportation.

Agriculture: GPS-directed combines and sensors on everything from sprinkler/irrigation systems to soil/fertilizer quality are connected via a mesh network to optimize production and quality (thanks Ray Van Houtte for your graduate work in the 1970’s!)

Military: Sensor systems are being used to improve operations from logistics to the battlespace. By tracking the details of every item, the supply chain can be dynamic and more easily optimized. Sensors on drones and robots – air, land and sea – communicate to human operators, analysts and soldiers in the field to improve situational awareness and tactics. There’s even an Android app that leverages M2M communication to a scope to enable a sniper rifle to hit the target every time, regardless of the shooter’s expertise.

Last year, there were over 10 billion connected devices, and estimates predict this number to climb to anywhere from 30 to 50 billion by 2020. In terms of sensors, HP Labs estimates that we’ll hit 1 trillion before too long. To leverage the data and information across a number of these areas, HP Labs is working on a project called CeNSE (Central Nervous System for the Earth)

CeNSE intends to deploy billions of nanoscale sensors that detect and communicate information across all five human senses. The goal is to better understand our world in order to improve resource management and predict dangers to safety and security in the physical world.

hpinternetofthings

With these burgeoning capabilities, there needs to be some focus on cyber security. In my previous blogs, I wrote about continuous monitoring. In today’s current environments, attempts to continuously monitor enterprise security are challenged to track their current assets, which for large organizations number in the hundreds of thousands. The IoT will multiply those assets by a million or more. Today those assets are built on a variety of platforms and operating systems; the software is rarely patched and their communications are not secured. We’ve already seen examples of exploits of these systems – automobile telematics, pacemakers, smart TVs, and more. Science fiction depicts the worst of these scenarios in movies like “Terminator” or “The Matrix”, with machines taking over the world. In the latest of these, Ray Kurzweil’s idea of the singularity moves to the dark side, with a human intelligence taking control of the IoT in “Transcendence

Things aren’t necessarily so dire. The need to embed security in the IoT, from sensors to mobile apps to back-end infrastructure, is recognized and there are a number of efforts working to address the issue.

In private industry, there are companies using their expertise in cybersecurity to provide solutions in this space – QNX, acquired by Blackberry, and Mocana. QNX is a mature Unix operating system that over the years has built the most secure real-time operating system (RTOS) for embedded systems, Neutrino. It’s being used in automobile systems, home appliances, and to secure M2M communications.

Mocana is working on a new type of product code called AtoM (App-to-Machine) that will allow different users to manage and control devices securely, depending on their authority. In addition, they have built a Device Security Framework that provides end-to-end security for any device, based on US Government standards and regulations

On the open source side, there is an effort to build common communication platforms and interfaces for the IoT called AllJoyn that simplifies device information and configuration, onboarding, notification, control, and audio streaming.

Similarly, the AllSeen Alliance expands AllJoyn’s framework to multiple manufacturers and communication fabrics.

By enabling the integration of the variety of devices to communicate and connect, these initiatives will provide a common framework to secure and monitor the IoT. It’s something we have to build in to the IoT ecosystem now. If we wait, we’ll be playing catch-up, just like we are in Internet security – but at a much larger scale. Of course, with billions and trillions of devices and sensors, the accumulation of this information leads to a discussion of big data and big security data, which I will address next time.

 

This post first appeared on George Romas’ HP Blog.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley, former CTO of the Defense Intelligence Agency (DIA), is Founder and CTO of Crucial Point LLC, a technology research and advisory firm providing fact based technology reviews in support of venture capital, private equity and emerging technology firms. He has extensive industry experience in intelligence and security and was awarded an intelligence community meritorious achievement award by AFCEA in 2008, and has also been recognized as an Infoworld Top 25 CTO and as one of the most fascinating communicators in Government IT by GovFresh.

Latest Stories from IoT Journal
Larry Ellison turned 70 and has decided to turn over the CEO reins at Oracle. Safra Catz and Mark Hurd, both in their 50s, will function as a “Ms. Inside and Mr. Outside” as co-CEOs, at least for awhile. Serious reverberations will be felt within this highly competitive company and the highly competitive industry in which it makes its money. Even while guiding his yacht to an America's Cup title, Larry Ellison remained in firm control of the company he founded in 1977. He still has an ownership stake of about 20% of the company--1 billion or so shares of Oracle stock worth about $40 billion. Who can imagine that he'll be a docile, passive Chairman? Yes, he is returning as Chairman, with Jeff Henley, currently in that role, moving aside to be Vice-Chairman. Ellison reports he will also serve as Chief Technology Officer. So it's clear he's not fading from the scene. But he will not be able to micromanage the company by any measure. What Does It Mean? Think of all of the very strong executives over the years who rose quickly and highly in Oracle, only to be banished from the kingdom and/or to start their own big companies. Ray Lane, Marc Benioff, and Tom Siebel spring i...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, will describe how to revolutionize your architecture and create an integrated, interoperable, reliable system of thousands of devices. Using real-world examples, James will discuss the transformative process taken by companies in moving from a two-tier to a three-tier topology for IoT implementations.
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the “Internet of Things” (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, will discuss the real benefits to focus on, how to understand the requirements of a successful solution, the flow of data, and how to best approach deploying an IoT solution that will drive results.
I write and study often on the subject of digital transformation - the digital transformation of industries, markets, products, business models, etc. In brief, digital transformation is about the impact that collected and analyzed data can have when used to enhance business processes and workflows. If Amazon knows your preferences for particular books and films based upon captured data, then they can apply analytics to predict related books and films that you may like. This improves sales. This is a simple example, but let me tell you what I learned yesterday in sunny and warm San Francisco about more complex applications.
IoT is still a vague buzzword for many people. In his session at Internet of @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, will discuss the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. The presentation will also discuss how IoT is perceived by investors and how venture capitalist access this space. Other topics to discuss are barriers to success, what is new, what is old, and what the future may hold.
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup loading complex sites necessitates hundreds of DNS queries. In addition, as more internet-enabled ‘Things’ get connected, people will rely on DNS to name and find their fridges, toasters and toilets. According to a recent IDG Research Services Survey this rate of traffic will only grow. What’s driving this increase? The growth in volume is largely attributed to the rollout of new services and applications along with expanding migration to the cloud and traffic spikes. The Internet of Things will also place a strain on DNS services. Are you ready for this surge of new services and applications along with potential DNS threats?
Building low cost wearable devices can enhance the quality of our lives. In his session at Internet of @ThingsExpo, Sai Yamanoor, Embedded Software Engineer at Altschool, will provide an example of putting together a small keychain within a $50 budget that educates the user about the air quality in their surroundings. He will also provide examples such as building a wearable device that provides transit or recreational information. He will review the resources available to build wearable devices at home including open source hardware, the raw materials required and the options available to power such wearable devices.
Where historically app development would require developers to manage device functionality, application environment and application logic, today new platforms are emerging that are IoT focused and arm developers with cloud based connectivity and communications, development, monitoring, management and analytics tools. In her session at Internet of @ThingsExpo, Seema Jethani, Director of Product Management at Basho Technologies, will explore how to rapidly prototype using IoT cloud platforms and choose the right platform to match application requirements, security and privacy needs, data management capabilities and development tools.
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at Internet of @ThingsExpo, Erik Lagerway, Co-founder of Hookflash, will walk through the shifting landscape of traditional telephone and voice services to the modern P2P RTC era of OTT cloud assisted services.
We were in contact recently with Shrikant Pattathil (pictured below), Executive Vice President of Harbinger Systems. Here are some of his thoughts about healthcare, the IoT, and disruption: IoT Journal: Healthcare, with all of its systems and dataflows, seems an ideal area for IoT solutions. What is Harbinger Systems doing in this area? Shrikant Pattathil: Being a service provider we work with many product development companies who are building new IoT-based applications to solve problems that plague the healthcare industry. For example, there is a need for applications to manage your medicine dosage, seek help, and notify your care provider. IoT Journal: And how do you go about addressing these problems? Shrikant: We are approaching IoT from mobile and cloud perspective. These are our key strengths. We are helping product companies in IoT space to quickly build the mobile interfaces for their product offerings. We are also helping them to place the data on the cloud in a secure way, so that they can truly exploit the benefits of IoT. IoT Journal: What are the advantages of the IoT here? Cost? Better care? What sorts of metrics can be applied, and are there intangibles as ...
The Internet of Things (IoT) is rapidly in the process of breaking from its heretofore relatively obscure enterprise applications (such as plant floor control and supply chain management) and going mainstream into the consumer space. More and more creative folks are interconnecting everyday products such as household items, mobile devices, appliances and cars, and unleashing new and imaginative scenarios. We are seeing a lot of excitement around applications in home automation, personal fitness, and in-car entertainment and this excitement will bleed into other areas. On the commercial side, more manufacturers will embed sensors in their products and connect them to the Internet to monitor their performance and offer pro-active maintenance services. As a result, engineers who know how to incorporate software and networking into their mechanical designs will become more in demand.
Launched this June at the Javits Center in New York City with over 6,000 delegate attendance, the largest IoT event in the world, 2nd international Internet of @ThingsExpo will take place November 4-6, 2014, at the Santa Clara ConventionCenter in Santa Clara, California with estimated 7,000 plus attendance over three days. @ThingsExpo is co-located with 15th international Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world. In 2014, more than 200 companies will be present at the @ThingsExpo show floor, including global players, and hottest new technology pioneers.
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With “smart” appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user’s habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can’t be addressed without the kinds of agile software development and infrastructure approaches pioneered by the DevOps movement.
As the Internet of Things gains momentum, the focus has been on securing billions of IoT devices and the servers that orchestrate their connectivity. However, the greatest security and authentication risks reside within the communications among devices and servers. In his session at Internet of @ThingsExpo, Todd Greene, Founder & CEO of PubNub, will discuss the top 10 challenges in securing IoT communications that, unsolved, render it impossible to deliver a secure IoT rollout. Learn the requirements for a ubiquitous, secure, bi-directional communication protocol for IoT. Specific design patterns to deliver secure device updates, as well as comprehensive solutions for malware defense and security credential management will also be shared.
The worldwide cellular network will be the backbone of the future IoT, and the telecom industry is clamoring to get on board as more than just a data pipe. In his session at Internet of @ThingsExpo, Evan McGee, CTO of Ring Plus, Inc., to discuss what service operators can offer that would benefit IoT entrepreneurs, inventors, and consumers. Evan McGee is the CTO of RingPlus, a leading innovative U.S. MVNO and wireless enabler. His focus is on combining web technologies with traditional telecom to create a new breed of unified communication that is easily accessible to the general consumer. With over a decade of experience in telecom and associated technologies, Evan is demonstrating the power of OSS to further human and machine-to-machine innovation.