Why we all talk about IoT
I know that there are a lot of good reasons to love the IoT or IoE (where E stand for everything) idea. I can just highlight a couple: Business and easier life.
The business behind IoT
The first point is quite clear, the tremendous growth of the Smart devices has create a new business that has gone beyond any analyst prevision. Nowadays it seems that it is impossible to think a world not interconnected. Anyway there are still great areas of improvement in terms of quality of the services provided and the spread of the population covered.
If we take a look at the growth of internet users from 1995 to 2014 we can perceive the dimension of this business. But as well we can see that yet the majority of the population is not internet connected. Even in the most developed countries Digital divide is a sensitive matter of discussion, that separate the digital literate from the digital illiterate people.
IoT can dramatically improve this market, while making the separation between digital connected and not digital connected wider. Some efforts are made by government or private company to cover this gap, I think, as an example, the UK effort to cover rural areas or the India project to bring internet for free to poor and not developed areas. But those effort are somehow inadequate to cover the great part of the population that is not connected. And even in developed countries as Italy, digital divide is still not perceived as a problem.
This although statistics tell us that the digital economy can improve company’s revenue and way of life of the population, but at the same time requires skills and infrastructures that, in many cases, are still obsolete.
It is interesting to notice that China and USA are covering the top positions, two countries that heavily invested in developing such technologies (USA as historical leader, China as underdog working to close the technology Gap).
Not to mention the other technological Asian giants, Japan and Korea, that have been anyway able to capitalize this growth.
Now it is clear that to maintain this thread we have to offer something new, and IoT is a good instrument to allow a solid growth in that market that start to show a little slowing:
Offering new Services is the Key to maintain a solid growth. And IoT from this point of view promise a tremendous growth: from demotic to cars, from wearable to control systems IoT can expand exponentially the business related to internet.
Can IoT makes us live better?
But can this means we can have a better life? This is questionable, of course, but overall the life experience with internet is way better than without. We can get access to more services, more communications, more information. Of course all of this has a cost, we still are creating the cognitive infrastructures to manage this enormous flux of information, but it is out of doubt that where internet arrive form a social point of view there is a dramatic change in use and costumes of the population. Sometimes this lead to nasty behaviors, I know, but at the same times it let ideas spreads, and ideas are like a virus so hard to stop when find a channel of infection.
It is not a case that the diffusion of internet saw a revamp of censorship efforts from government, as well as efforts to rules and control this communication (even without citizenship acknowledgment, think of Prism as an example). But I will turn back to this later.
Anyway is clear that the people that have access to the internet can enjoy and use a wider range of information, services and tools that people without internet can’t have. This is just a good justification per se to affirm that IoT can be a powerful instrument to improve our lives.
Thinks about smart object that can help you in the most tedious daily tasks, or able to give you some fun and relax to improve your quality of life, or help you to better manage resources to allow you to make savings…
What challenges ahead
So from this is the picture, a great business chance and a great life improvement, as internet showed us can provide.
But it is right now possible? What are the challenges?
To Connect or not to Connect?
Well there are a lot of things that have to be clarified around IoT. First of all is the business model behind, who will pay the bill?
IoT means always connected object to the internet, able to communicate between them and the owners, and, may be, with something else. A great flux of data that will flood our already congested networks. The connection is one of the main limit at the moment of the IoT approach.
While we like to think connectivity is not an issue, we have to realize that , on the contrary, the issue is quite big. And the obstacle is not technological but business related. Carriers have to change their business model somehow to allow this growth, and this is not an easy task to accomplish.
There are still great obstacle to a real interconnected world, and some are particularly nasty, think at roaming costs as an example.
Since we does not live in a world where a single carrier cover perfectly all the countries, we have to face with a plethora of carriers that cover partially an area. Some areas are well covered, other are suffering bad coverage due to 2 main reasons:
- Lack of connectivity
- Congestions
IoT can just increase this problem exponentially. Even in our better connected areas we can face congestions. One possibility to temporarily mitigate this problem is to allow the device to connect to another carrier if the preferred one is congested, but this will open to the roaming issues mentioned before, as well as the resistance of carrier to open their networks. And if is the case in rural not dense populated areas, can you imagine what they could say in dense populated areas?
Interoperability and universal access
Let be clear, if we think we can create an interconnected world with IPv4 we are out of our mind. There are a world of good reasons to think this is a bad idea, and security is one of them. But there are other considerations to take in account: what protocols and services will be necessary to IoT to work?
Just the simplest example. The real DNS infrastructure is not solid enough to guarantee such device explosion. The hierarchical DNS infrastructure has worked till now, not without some problems. thinking to increase the load of DNS traffic at a greater scale would make the situation unstable and put at risk the basic of communication itself: name resolution.
So different way to resolve address have to be implemented, some effort to implement peer to peer resolution has been done, but still we are far from a solid solution that would allow IoT to growth at the desired scale.
Would be too reductive to think that IoT device does not need a sophisticated name resolution capability, maybe it is the case now, but we should think ahead, what the future improvement could be.
Just, as an example, think of a medical device connected to a person travelling. May be would be useful to allow this device to connect to the closest interface when something happen to the person wearing it, and this can change related to the kind of analysis the device is able to do. Could be a pharmacy or a hospital, or a doctor or whatever. Being able to resolve a complex set of name resolutions would make the difference between a good device and a bad one. Of course we can ask Google to do all the job for ourselves and allow them to decide what are the next name resolution technologies we want, unless you live in china where Google services does not work.
DNS systems demonstrate its limits several times those years, and are also subject to geo political crisis that could badly interfere with an internet of things enabled world.
From a technological point of view the biggest obstacle is still the Operative System under which this IoT will run. The Operative systems, actually, it has not sense to think about a single OS, it would be inapplicable (although some governments would like this approach) so we will have a plethora of different OS running on small machines able to perform complex activities and able to connect in a quasi autonomous way. Interoperability and standardization will be imperative to avoid the chaos. As well as some general agreement on a minimum level of security features related to data acquisition and transmission (including what kind of sensor are allowed), authentication and so on.
There are concerns about privacy, kind of data processed, security also today, can you imagine what would be to be spied by your refrigerator?
But also networks can become our bottlenecks as mentioned before. Being able to set up enough bandwidth and quality of service is mandatory. And i can just imagine the workload that border routers, firewalls and other network gears will have to deal with.
Wondering if Carriers are preparing themself to face this change (I can’t see good signs at the moment, honestly).
Why IoT scares Me
I confess I am scared by the IoT affair. And there are good reason all related to security and privacy. My concerns are various, and cover a lot of aspects:
From a security perspective I can start from the basic, the operating systems that will run on those things.
I am aware that most of the code will be written in C or assembly like languages, and this open a world of vulnerability, since coding with C allow you to do basically everything with memory and device, and, as a matter of fact, it expose the device to your error. Buffer overflow is a typical example, this vulnerability generally is related to a lack of control in the C code at driver level, where speed and efficiency are mandatory and so controls are not always implemented.
A small lightweight OS would be prone to this kind of error, since it would not implement security controls on top of the driver set.
Let’s then talk about authentication. Another difficult realm to address. The authentication is of course related to the service provided, less important services can use a lighter authentication model, but thin about medical devices, or cars…would you like to leave your authentication efforts to a 4 digit password (“1234” of course) and a username?
But we cannot even force our user to remember 150 hexadecimal digit, right?
Do we want to talk about encryption? I love it till it works. But then we discovered that encryption is all but a simple affair, and as for authentication, it has a very weak point, the key exchange. Encryption per se will not solve all our security concerns during data transfer just because in the IoT world we will let the device manage the process, and since the device is prone to error or hacking also the encryption will be weaker.
Even the strongest encryption is easy to decipher once you have the key.
I don’t know what will be the computational power of my oven or fridge, considering the growing of processor power we continuously see, probably it will be more powerful than my T440 but I don’t expect a fully implemented OS running on it in the next 5 years (but, may be, I’m wrong and soon we will have an apple fridge that will download our sodas from I-grocery-store).
And there are also the bad guys to take into account: if we are suffering about cybercrime, cyberwarfare, cyberacktivism right now, what will happen in the IoT world?
Let assume your fridge can make shopping by itself, because it is so smart that understand you finished your eggs, orange juice and milk. it Will have your credit card information, been able to log to the online shop on your behalf and make the shopping. Great!
But what if someone hack the fridge and steal your credit card info, or just force the fridge to buy frozen broccoli that you hate?
Or your medical device report to your insurance company you have symptoms you do not have so that they close your contract with you (don’t worry someone else will arrive to offer a new one, just in case…)
We can expand those silly examples to the whole scale of IoT, and see what kind of playground we are creating for government, cybercriminal and acktivists of any kind. I am sure that NSA and GCHQ guys would be so happy to hack any device they can just to be sure. So if you buy kebab one day you are a villain suspected of terrorism … or in some countries if you eat pork, eat meat on Friday, eat cow …
Internet of Things, Internet of Everything can be a tremendous good thing from both a business and life perspective, but some cautious remarks should be done before we jump into this mess without a parachute. We are just understanding the magnitude of the problem that an always connected world can bring us, better be wise and do not let others to make the choices for us.