Security in IoT

What even is security?

A big HELLO 👋🏻 from CroudThings and welcome to OUR THIRD ARTICLE!! This week we’re tackling the world of IoT and security. We’ll get to grips with what security means in IoT, what the big-hitting issues are and what might happen if we get it wrong.

The concept of security is generally one that’s overlooked by the majority of technology users, and is only ever really considered when you’re setting (or resetting – insert witty remark about Facebook logging you out after an eternity and not remembering your password) a password. While this strategy is acceptable (it’s definitely not recommended) for most purposes, when it comes to new and revolutionary technologies that deal with vast amounts of our private data, this laissez-faire approach just doesn’t cut it.

As is the nature of connected technology, it’s essentially impossible to make it completely secure and bulletproof. Generally speaking, as technologies age and more people use it, loopholes and weaknesses are ironed out making the technology even more secure (assuming the security updates are actually applied [1]). That said, for new technologies, the luxury of having a long track record of use isn’t available. For this reason, and the fact that connected systems will likely be running significant swathes of city infrastructure, running the risk of these systems being hacked is particularly unacceptable.


The Parts – Defining the Things

Generally speaking, security for IoT can be broken down into 3 distinct component categories, each with their own specific definition of ‘secure’. These categories are hardware, software and data. Let’s quickly define what security means for each:

Hardware: security in this context is focused mainly on the integrity of the hardware components that are being used within a connected device. If this seems like a slightly vague definition of security, take a look at this article published by Bloomberg that looks at the impact of small computer chips being secretly embedded within servers that were sold to some of the largest companies in the world.

Software: software security is concerned with the “hackability” of a particular system. As with all pieces of connected hardware, some amount of software is required to allow that device to connect and communicate with people or other devices. When you think of software security, literally think of those cringy hacking TV scenes:

Data: data security is probably the most challenging branch of security to isolate and explain. It crosses quite a few boundaries between privacy and software security, but the thinking can basically be boiled down to “how easily can my data be stolen and used”. Now before you jump down our throat at this point and say “HEY! That sounds like software security to me!!”, it’s important to remember that new technologies like blockchain ([2]), aren’t redefining software security, but revolutionising how data can be handled, authenticated and so, ultimately secured.

The tangible, the ethereal, and the difficult

The tangible – Hardware

As IoT devices become more and more prevalent, the potential damage as a result of hardware-based threats only increases. Consider for a moment that the vast majority of electrical components used around the world are produced in China. Up until recently, you would be forgiven for being quietly optimistic and trusting that there was a clear distinction between China’s manufacturing industry and the state. However, in light of the findings from Supermicro (see Bloomberg article linked above), we would be foolish to continue assuming this to be the case.

That said, China simply has no competition when it comes to low-cost electrical components. As IoT manufacturers continue looking for the lowest cost, biggest bang-for-your-buck hardware, many will inevitably opt for components manufactured in China. Obviously, not all components coming out from China will be compromised, but the point is there won’t be an easy way of telling which ones have been. In two years with the rate of growth of IoT, it’s entirely possible that compromised IoT devices will be in use all over the world (or they might already be…)

The ethereal – Software

Hacking doesn’t have to be as sophisticated as embedding a tiny microchip onto a server motherboard, it can literally be as simple as someone walking up to a smart sensor/device and re-flashing its firmware. With this, the hacker potentially gains access to the device itself, the data it’s acquiring and the network it is connected to.

As is inherent in IoT technology (i.e. things connected with each other), one of the major security risks is network attacks. One of the most notable of which is called the Mirai botnet (Wikipedia). The Mirai botnet was (and still is) a malicious software (aka malware) that specifically attacked network devices running Linux Operating System (no. 1 most popular OS). Mirai has turned Linux devices across 164 countries into remote-controlled “bots” allowing these devices to be controlled for malicious and nefarious ends. Mirai and its variations are still affecting IoT devices across the world.

The difficult – Data

Data security represents a critical component of overall IoT security. To consider and design systems to keep data secure, we have to consider the entire device and system tree (i.e. from the sensor all the way to the computer network). It’s for this reason that one of the most important parts of getting data security right is largely down to the methodology that’s adopted in handling the data.

The classic examples include losing laptops containing both the encrypted data, as well as the ability to decrypt it. It’s for this reason that data security is an all-pervasive issue that has to be considered at every level. As unsexy as it might seem, data policies applied by companies and governments have as much effect on data security as the technologies we use to generate and communicate the data. Fortunately, data security is increasingly on the radar of governments and companies as shown by the recent wholesale implementation of the General Data Protection Regulation (GDPR #buzzword).

Locking down your home

Before we wrap up, this wouldn’t be an article on security if we didn’t mention home security. There is a vast range of IoT devices designed to make your house more convenient and secure. Amazon with its recent updates of its virtual assistant introduced a feature where the device would utilise its microphone array to detect sounds like broken glass, the sound of a smoke alarm and even the sound of your own security system alarm. addition to this, there are also new smart locks that do away with the need for physical keys and allow you to detect if and when a door is left open or unlocked. You can even share temporary access keys with friend and family so they can let themselves in if they need to. A quick google will land you fully in the ocean of products out there to make your home smarter and more secure.


Yup, that’s all we’ve got…

Over this article, we hope we’ve been able to demonstrate quite how important, and at times complicated, the world of IoT security is. We’ve only really been able to scratch the surface in this article, but if you keen to learn more, make sure you SUBSCRIBE to receive regular updates. In our upcoming article series “The Three Pillars” (yup, we’re still running with that name), we’re going to tackle some of these areas in a lot more detail – so stay tuned!

With lots of  ❤,

~CroudThings

References:

  • https://www.tandfonline.com/doi/full/10.1080/23738871.2017.1366536

Footnotes

[1] This is a really important note. If you think back a few months, you’ll likely remember the National Health Service (NHS) in the UK suffering from a ransomware that was only able to exploit computers running Windows 7 called WannaCry. While Microsoft had issued security patches to prevent programs like WannaCry, the patches hadn’t been installed on many of the computers being used in hospitals and GPs across the country.

[2] If you’re really keen to learn more about blockchain and get a little down and dirty with it, we definitely recommend checking out this article series.

[3] In fact, unfortunately, the question of encryption is a little more complicated than even simply encrypting absolutely everything. Encryption requires computational power, and for IoT devices which generally operate on the limits of their hardware capabilities for efficiency, there often isn’t much computational power left over for encryption.

IoT and Home

Here We Goooo…

Welcome back to the second article in the “Beginners’ Guide to IoT”! This week, we’re taking a look at IoT and the Home. We will avoid specific bits of home automation and IoT kit you’ll no doubt have stumbled upon while browsing Amazon (other retailers are available), and instead we will inspect the broader implications for these technologies on the cities and communities our homes are a part of.

If you haven’t had an opportunity to read our first article, check it out here!

After our last article, we had really positive feedback, but one of the key questions that kept cropping up was “ok, I get that IoT is useful, but how exactly is it going to make people healthier and happier?”. This is a fantastic question but unfortunately not one that has a short or straightforward answer. We’re never ones to shy from a challenge, so by the end of this series, we hope to have put forward an understandable and genuinely convincing case for how IoT is going to rock our world (for the better…)!


The Grit

Through looking at a standard home and how it uses energy and resources from the environment, we can break down IoT use cases into four key areas (we’ll consider each in turn):

1) Energy 💡

The applications of IoT in relation to energy and its usage are vast. Ranging from a small connected temperature sensor for your home to complex devices capable of monitoring a whole power grid.

The premise of using IoT devices in this context is that they can help us better understand our energy usage and subsequently make saving energy a lot easier. Imagine having a network of sensors in your house allowing you to monitor and control everything from the lighting to temperature. With this level of understanding, we become able to optimise our usage of energy, resulting in energy savings, but with no visible change to the operation of the home. Furthermore, in the future we may never actually have to optimise the system manually. All of our appliances may adapt automatically for the most efficient energy consumption, passing on energy savings to the consumer without them having to do anything at all.

A fantastic example of this was given on the IoT Podcast, which if you haven’t listened to, definitely check it out! In this example, an energy company was paying a homeowner to install a smart controller in their house to control their heating. What this then allowed the company to do, was control the house central-heating so that the house could be pre-heated before the arrival of the owner during the day. The primary benefit of this being that the energy used to heat the house was largely generated from solar panels and at a time when demand on the power grid was relatively low. As a result, the cost of energy and subsequently heating the house was able to be reduced and so was the cost to the house owner.

2) The Internet of Trash (Waste and Recycling) 🗑

Through implementing networks of sensors throughout a city (on bins for example), it’s possible to optimise the collection routes taken by waste collection services as well as analyse the types of waste being generated. This technology isn’t theoretical either, Barcelona (arguably the smartest city on the planet) has implemented such a system and as a result is on track to save approximately $4 billion over the next ten years in waste collection services.

With the widespread usage of IoT in this context, we become better able to understand how cities produce, move and treat their waste. By doing so, we can start looking at how to reduce the amount of waste generated and maximise the amount we recycle.

3) Building Sensors 🏢

Building sensors represent a significant category for IoT in the home and can essentially represent anything from sensors that allow you to detect leakages in your pipes, to determining whether or not a building is safe after an earthquake. In the case of the former, commercial devices actually exist and is recommended by some insurers as a way of reducing the price of home insurance.

In the case of earthquakes, there are commercially available small, low-cost alert devices that start to show the power of a distributed network of sensors. While some of these devices are more targeted at businesses, they still demonstrate the potential for deploying a large number of accelerometers (sensors that can detect vibration) over a large area of earthquake-prone land, such that the occurrence and progression of earthquakes can be tracked and predicted. With this in mind, being able to provide people in their homes with an early warning earthquake alert could potentially save many lives. Furthermore, integrating building sensors that allow homeowners to determine the structural safety of their home goes further in protecting people from collapsing buildings as a result of earthquakes or other causes.

4) Water and Sewage 🚰

The consumer-facing benefits of implementing IoT into the home for monitoring water usage are very similar to that discussed above for energy. Installing sensors into a home to monitor the usage of water by various appliances allows homeowners to determine which appliances have exceptionally high-water usage and so may be areas where savings can be made.

The detection of leaks as touched upon above also offers an area where IoT can have a significant impact. In particular, being able to detect leakages in mains water supplies could massively reduce the quantity of water wasted. It is estimated that around 60% of all water wastage globally can be attributed to leakage from water mains. Through deploying leakage sensors across a water network, leaks can be detected and repaired sooner, resulting in a reduction in the amount of water wasted.

On the other side of the equation, the impact IoT can have on the handling of sewage is a little more complicated and less focused on the use of sensors at the house. Instead, companies like IBM have worked with Waste Water Treatment Plant (WWTP) companies in deploying connected sensor networks across the plant to optimise the environmental conditions for processing sewage. This use case is a little outside of the scope of this article, but if you’re interested, definitely check this article out.


Is That It?!

We could honestly write an entire book on the various applications of IoT in the home, especially once we start considering the applications of IoT in the cities within which our homes reside. But, as this series is about providing an overview of IoT and its applications, we’ll hold off on that one.

We hope you’ve found this article interesting and that you walk away with a great understanding of how IoT might revolutionise our homes (both in a local and a city sense). As usual, we’d love to hear from you!! If you have any thoughts or comments, please leave them below! All advice, encouragement and words of wisdom are appreciated!

If you haven’t already, get subscribed (at the bottom of the page) so we can let you know as soon as a new article comes out and check out our What We’re Reading page to keep up to date with us throughout the week.

With lots of  ❤,

~CroudThings

The Start – An Intro to IoT

The Start

Welcome to the FIRST OFFICIAL POST OF CROUDTHINGS and the croud goes wild!! (see what we did there? 😉 )

We’re really excited to be publishing our first article in our ‘Beginner’s Guide to IoT’ series. If you caught the intro post that preceded this one, you’ll have an idea of what we’re aiming to achieve through this series, but if not, don’t worry – the Beginner’s Guide to IoT sets out to provide a fundamental understanding of the Internet of Things. We won’t get too technical, and instead aim to provide you with all of the information you need to fully understand what IoT is, where it’s going and how it’s going to affect you.

Over the course of the series we’ll take a peek at what IoT will look like in the home, how IoT might affect our jobs, why security and privacy are pressing issues, and finally, we’ll shimmy on over to see what IoT might do for our healthcare systems. Following this series, we’ll start taking a deeper dive into IoT and smart cities in what we’re provisionally calling ‘The Three Pillars’ series (mainly because it sounds dramatic).


What is IoT?

To get us kicked off, we’d better tackle the first question that’s likely on your mind; what the heck is the Internet of Things?! Well, according to the Oxford English Dictionary (a force to be reckoned with in all areas technological), IoT is defined as “The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.”… so I’m glad we cleared that one up…

Clearly, that definition falls some way short of the mark, so let’s delve a little deeper and get a feel for what IoT looks like. For your everyday consumer human, IoT comes in the form of connected devices; your washing machine connects to your phone letting you know when it’s done, your fridge connects to your online shopping account and orders milk when you’re running low, and your smart lock sends a notification to your smartwatch when the front door’s been left open.

While this sounds all very fancy and useful, this concept of connecting things (hence, the Internet of things) actually has a lot more potential, especially when applied on a larger scale. Take for example, a smart traffic light system; such a system would be capable of varying its timings and order dependant on how busy the road was, and in what directions. The significant impact here is that through intelligently designing the system, traffic is able to move more efficiently, which has two important consequences. One, people arrive at their destination happier having not spent the entire journey stuck in traffic, and two, the amount of pollution created by the cars is reduced because the average running time of the engines is less.

The opportunities opened up by the Internet of Things are wide and varied, and many are still being discovered. At CroudThings, we really believe that IoT has the potential to change how we perceive the world around us, and ultimately help us better understand how we work as a society and as humans. From this, we learn not only more about how to make our systems, cities and societies more efficient, but we learn how to make the people who live in them healthier and happier.

How we actually realise this as an outcome is a challenging problem and one that is hotly debated and worked on by engineers, policymakers, and technologists the world over. As it stands today, there is no official consensus on what the right way of doing IoT is. Instead, there are many huge (and fewer small) companies all setting out to do it in their own proprietary, and subsequently paid, way. While this works well for individual applications where only a single company needs to be consulted to implement an IoT system, when you consider this happening on the scale of cities, you run the risk of a city’s core infrastructure being critically dependant on a single company. Seeing something like this brings the phrase ‘too big to fail’ to mind and our palms start to sweat.

The alternative to this is open sourcing IoT software and establishing clear standards on how IoT systems should be built. This route offers advantages over proprietary methods because it encourages collaboration between IoT companies, as well as reducing the cost for new companies or products to enter the market and so giving consumers a greater choice. Simply put, sharing information and learning about IoT for free, benefits everyone from the manufacturer to the consumer. Opening up IoT standards to a broader community allows the standards to be scrutinised and assessed ultimately making them more robust and safer – which is an indispensable outcome.


The End

We hope you enjoyed reading this article, and we’re very keen to hear what you thought of it. Was it too short or too long? Did we do a good job explaining a concept? Is there something we missed? Do you agree with our assessment of how IoT is going to impact our world?

Whatever you want to say, let us know down in the comments section! We’re currently working to publish articles every two weeks as this gives us enough time to research, write, discuss and produce something we hope is worth reading. You can expect our next article on how the Internet of Things is going to revolutionise the home on Wednesday the 31st. Subscribe to get the latest updates!

Until then, stay in tune with us through discussions below or on Reddit, and you can see what we’re reading throughout the week on the WWR page (or by following us on Twitter).

– James and Kyp 🙂

A Beginners Guide to IoT

Hi and welcome to A Beginners Guide to IoT!

In this series, we’ll explore all of the technologies, developments and applications that are essential to understanding where IoT is in today’s world. We’re in the process of writing the first article which will provide a fundamental introduction into IoT and explain a little more about what we have planned for this series.

In the meantime, you can check out our What We’re Reading (WWR) page to see the articles and news sources we’re currently reading on IoT and smart cities. You can also subscribe to CroudThings to keep up to date on all of our articles by entering your email in the box at the bottom of this page.

We’re really excited to get going, and we can’t wait to hear what you think. Don’t forget to check out our Reddit page to join the discussion.

– James and Kyp

Welcome!

Hello!

This isn’t a proper first blog post from CroudThings, but here you’ll soon be able to follow all of the progress and keep up-to-date with everything CroudThings.

We can’t wait to get cracking!

If you need to contact us, just pop an email over to either James or Kyp @croudthings.io and we’ll get back to you as soon as possible!

– Co-Founders James and Kyp