When it comes to products and solutions, organizations want to be No. 1—and it is no different with the Internet of Things. As more and more devices and appliances begin to connect to the Internet, organizations are racing toward the Internet of Everything, trying to connect IoT devices with other IoT devices.
“You can’t have an Internet of Things if the things can’t communicate with each other,” said Steve Eisenstadt, Linux Foundation spokesman. “It won’t work if individual vendors pursue siloed visions. The Internet of Everything connotes innovation beyond simple machine-to-machine communication to a level of highly intelligent interoperability among devices, systems, services and the people they serve.”
Currently, companies have rolled out or announced upcoming devices that talk to devices by the same manufacturer. For example, Bosch and LG both introduced a smart refrigerator with the ability to take photos of the contents inside and send a grocery list to a user’s mobile device at the 2014 IFA consumer electronics trade show.
In order to connect IoT devices to other IoT devices, organizations are working to create a universal framework that would do that regardless of operating system of manufacturer.
“We are in the beginning of the beginning. There is no clear architecture, but there is an amazing opportunity to rethink systems around us to enable efficiency and safety,” said Sanjay E. Sarma, professor of mechanical engineering and co-chair of the Auto-ID Labs at MIT. The Auto-ID Labs are a network of seven academic research labs that are working on the next generation of IoT.
While a universal framework that connects all devices is ideal, the benefits are double-sided, according to Daniel Miessler, practice principal at HP Fortify.
“On one hand you are unifying so that you can build security in one place and get the benefit across all systems that are using that protocol. But on the opposite side, the other edge of that sword is basically if you have vulnerability and it is unified, well now everything using it is now vulnerable,” he said.
Another challenge of a universal framework is that multiple organizations are working on multiple frameworks, according to MIT’s Sarma.
“The question is whether a dominant, powerful architecture will emerge to unify the space,” he said. “The issue is that vendors will likely jockey to make their products dominant rather than thinking about the larger picture: a tide that lifts all boats.”
Organizations working toward a standard
There can only be one universal framework, and plenty of organizations think they have the solution.
AllSeen Alliance: The AllSeen Alliance is an initiative created by the Linux Foundation dedicated to connecting IoT devices and systems with other IoT products, which group calls the Internet of Everything. It seeks to develop a shared universal framework that allows the connectivity of all devices, regardless of their manufacturer or operating system. The framework is based on AllJoyn, an open-source project initially developed by Qualcomm that would allow companies to design interoperable products that can discover, connect and interact with other AllJoyn-enabled products. The initiative has more than 60 member companies, including AT&T Digital Life, Cisco, HTC, Microsoft, Panasonic, Qualcomm and Sony.
Open Interconnect Consortium: The Open Interconnect Consortium is working on defining specification, certification and branding connectivity requirements to ensure interoperability for connecting IoT devices. The organization plans to tackle smart home and office solutions first, with specifications for automotive, healthcare and industrial IoT devices to follow. Members include Atmel, Broadcom, Dell, Intel, Samsung and Wind River.
Thread Group: The Thread Group is an organization working on a new wireless network that would sit alongside a user’s WiFi as a second network for IoT devices. Thread’s Internet Protocol-based wireless networking protocol would allow developers and consumers to easily and securely connect more than 250 devices into a low-power, wireless mesh network, according to the organization. Thread is working on connecting a variety of home products, including appliances, climate control, lighting, safety, security and access control. Members include ARM, Big Ass Fans, Freescale Semiconductor, Nest Labs, Samsung, Silicon Labs and Yale Security.
World Wide Web Consortium: The W3C is currently working toward a standard, and is launching a W3C Interest Group to gather people together to identify use cases, best practices, requirements and gaps, and to launch a standard, according to Dave Raggett, the lead for the W3C staff on the Web of Things. The organization recently held a workshop on the Web of Things look at what is necessary to open up markets for applications and services that sit on top of IoT devices and platforms. According to the W3C, there is a fragmentation with IoT products because they are being developed in isolation due to the lack of a shared approach to services and an excess of IoT protocols.
The Internet of Security
As the Internet of Things continues to rise, so does the risk of vulnerabilities, according to HP’s Miessler. The Internet of Things creates a large surface area vulnerable to attack, which grows even larger as IoT devices are connected.
“The Internet of Things security is not one-dimensional,” he said. “It is not just the device; it is a device with a Web app, with a mobile app, with network connectivity, with authentication and with a cloud component. All those pieces brought together is an ecosystem of what happens when you install that device, and if you are installing it into a vulnerable network, then you could potentially be vulnerable to attack.”
In fact, 70% of the most commonly used IoT devices are vulnerable to attack, according to an HP study. The study tested 10 of the most commonly used IoT devices: TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers. These were assessed based on the Open Web Application Security Project’s (OWASP) Top 10 Internet of Things vulnerabilities: insecure Web interface, insufficient authentication/authorization, insecure network services, a lack of transport encryption, privacy concerns, insecure cloud interfaces, insecure mobile interfaces, insufficient security configurability, insecure software/firmware, and poor physical security. Here’s what it found:
Privacy concerns: Eighty percent of devices raised privacy concerns, with many devices collecting some form of personal information such as name, address, date of birth, credit card number and health information.
Insufficient authentication/authorization: Eighty percent of devices failed to require passwords of sufficient complexity and length, with most allowing passwords such as “1234.”
Lack of transport encryption: Seventy percent of devices did not encrypt communications to the Internet and local network. The importance of transport encryption is imperative when transforming data between the device, the cloud and a mobile app, according to Miessler.
Insecure Web interface: Sixty percent of devices raised security concerns with their user interfaces, displaying concerns of cross-site scripting, poor session management and weak default credentials.
Insecure software/firmware: Sixty percent did not use encryption when downloading software updates.
“The Internet of Things makes the surface area for attack extremely large,” said Miessler. “That is really why we are seeing such high vulnerability counts. We are about to take a whole lot of devices and objects that have no understanding or context of being online and put them online. There will be implications that simply cannot be anticipated, and we are going to see those in the coming years.”
The University of Washington aims to power the Internet of Things with no-power WiFi connectivity
One of the concerns with connecting devices to the Internet is that they will have to run on batteries, and users will have to charge them or switch them out. In order to try to make the lives of IoT consumers easier, engineers at the University of Washington have developed a communication system that uses radio frequency signals as a power source and reuses exiting WiFi infrastructure to provide devices with Internet connections.
“If Internet of Things devices are going to take off, we must provide connectivity to the potentially billions of battery-free devices that will be embedded in everyday objects,” said Shyam Gollakota, a UW assistant professor of computer science and engineering. “We now have the ability to enable WiFi connectivity for devices while consuming orders of magnitude less power than what WiFi typically requires.”
WiFi Backscatter is a UW project that aims to connect low-power IoT devices to the Internet. WiFi Backscatter is able to connect devices to one another through a software update, without having to make any hardware changes.
“We developed a way of communicating with off-the-shelf WiFi devices, like your router, by selectively reflecting WiFi packets that are flying through the air, which can be done in a very power-efficient way, paving the way for an RF-powered Internet of Things,” said Bryce Kellogg, doctoral student in electrical engineering at the University of Washington.
The technology is built on previous research that showed how low-power devices could run without batteries or cords by harnessing energy from existing radio, TV and wireless signals. WiFi Backscatter takes it a step further by connecting those devices to the Internet.
“We’re hoping people will be able to use this technology to connect IoT devices like smart home sensors to their home WiFi,” said Kellogg. “It will essentially enable an RF-powered Internet of Things in the home or office or anywhere there is WiFi.”