In Stanley Kubrick’s movie ‘2001: A Space Odyssey’ (1968), there was an intelligent computer called HAL9000. HAL not only understands humans as they speak, but also finds the right solutions in given situations. This story from more than four decades ago showed many of us what to imagine and expect from the future artificial intelligence. As interest in IoT (Internet of Things) grows these days, voice recognition and artificial intelligence is once again taking the center of the attention. The market for IoT seems to have become more fully developed since it was highlighted at CES (Consumer Electronics Show), MWC (Mobile World Congress), and CeBIT. Cisco also came up with a new term, IoE (Internet of Everything) instead of IoT, for their marketing reasons.
Today, we will take a look at some of the basic principles of IoT and the security issues that shouldn’t be ignored.
The Principle of IoT
There is a lot of information readily available on IoT.
- What’s after Smart Phones? (1):
- What’s after Smart Phones? (2):
- Why the Internet of Things is Possible!:
IoT is basically all the internet related technology that can be used for embedded terminals. It is quite recent for IoT to be at the center of attention, but the technology itself is actually not that new. As all forms of technology do, IoT also has prior technology that made such progress possible and it is called M2M (Machine to Machine) that enables telecommunication between different machines. New IoT products such as Fuel Band, Smart Watch, and Google Glass can also be considered types of M2M. The distinction between M2M and IoT is based on their communication styles. Although M2M is only capable of one on one communication between two machines, IoT is capable of interaction between a man and a machine or two machines over the internet.
Even though some of the latest IoT products are connected to the net directly, well known products such as Smart Watch or Google Glass need smart phones for their internet connections. The IoT products that we all know, therefore, technically are on the boundary between IoT and M2M which are both used for communication between terminals.
In order to really grasp IoT before its commercialization, it is important to understand the machine to machine communication process as the basis of IoT. Telecommunication, as we know it, means two people with one acting as a transmitter and the other as a receiver giving and receiving data or information. This data communication is processed through three steps. To begin the process the terminals are needed for both transmitter and receiver. In the terminal they go through an access process to recognize each other, and a certification process to confirm each other and connect the users. Even if we access anonymously, this certification process is already being done internally. Finally, you have data transmission which is usually called communication. Whatever smart device such as PCs, smart phones, or tablet PCs are being used and whatever terminals that connects to the internet through these smart devices are, communication with these three steps is always the principle which IoT follows.
Security is the Key
As soon as you understand the principle of communication, you can also see what the problem is with these miniaturized IoT products. Many IoT products that we know of look very small these days, but IoT doesn’t always refer to these miniaturized devices. PC related products such as desktops or laptops and electronic displays in subway stations are also included in IoT. However, miniaturization of IoT products is one of the reasons for the problem. A terminal that has a PC- level performance and high computing power can run well even with a security application. However, because small IoT products’ have limited power, their performance can be limited.
In order to keep their performance level high, their computing power is usually minimized. Security, for this reason, becomes the first function to be taken out of the system because it takes the biggest amount of computing power. This is the reason why miniaturized IoT products are vulnerable for security although security shouldn’t be ignored in data communication. This leads to the recent hacking attacks of IoT, and most of them have come through communication systems. Because even the tiniest IoT terminals still have CPUs, memory, and OS, they can be used by hackers. Security is one of the most important parts of all data communication.
Encryption, the Basis of the IoT Security
As discussed earlier, the biggest issue for the miniaturized IoT terminals is keeping their performance and this problem is solved by using Wi-Fi, NFC or Bluetooth instead of 3G or LTE. However, the pairing technology for Bluetooth and NFC is known to have security problems. Although there are Bluetooth and NFC with stronger security features, they’re still more vulnerable than Wi-Fi. What can be done for these vulnerable terminals is encryption.
Encryption is the most common method for IoT security these days and it is used for the certification and data transmission process during communication to protect data. Encryption prevents hacking by certifying the integrity of the data.
Recently, ETRI (Electronics and Telecommunications Research Institute) and other organizations have been studying, developing, and launching the lightened encryption algorithm and platform for smart devices’ security including IoT. Along with this, the AES algorithm that is most widely used in telecommunication and ARIA, which was developed in Korea for easier application for embedded terminals, are also being used for IoT security. The AES algorithm is especially being recognized a lot and has proved its security ability and is considered to be the future federal standard algorithm in the U.S.
However, the most important thing is if these encryption algorithms can be used for small terminals with weak computing power because encryption takes a lot of CPU/battery power. Although recent small terminals have a better low computing power chipset, it’s still very different than in actual PCs. Some have a separate chipset solely for encryption, and this uses the hardware instead of software in order to not consume CPU power and in turn minimizes degradation and battery consumption. These so-called security chipsets are already quite easy to find and sometimes they include the security chipset in the main chipset for embedded terminals to make it a one-chip type. Nowadays, the IoT trend is to use this one-chip including a security chipset for their IoT products.
Although there is a growing expectation for IoT as many products have launched recently, the security issues have not been fully addressed. Big hacking incidents with great social impact have usually involved PCs and smart phones. If IoT gets popular without any suitable security solution, the dangers can be bigger than ever. It is necessary to figure out first how to minimize and prevent possible damages through IoT before getting too excited about its potentials.
Written by Hak-Jun Lee(http://poem23.com/)