Informazioni personali

Cerca nel blog

Translate

Visualizzazione post con etichetta IoT. Mostra tutti i post
Visualizzazione post con etichetta IoT. Mostra tutti i post

martedì 12 novembre 2019

The IoT Files: the call for 5G

I have been recently interviewed on 5G issues and this made me realize how confusing is the knowledge and understanding about 5G.

Most of the time, when I heard on mainstream media comment about 5G I find form one side apologetic wonders of how this or that vendor with 5G can solve all human problems, form the other side fears related strictly to the fact that 5G today means Chinese or European vendors, for the first time in years the USA is not leading technologically a strategic sector.

even lesser I heard about the link between 5G and IoT and what this means.

Generally speaking, most of the discussions on IoT are focused on devices and not as a system, as well in most of the case I seldom find consideration related to 5G implementation and security. This is quite annoying from my point of view since security in IoT (I wrote about that on The IoT files) is more than the single device security and 5G security issues are not related to Huawei spying us.

And to say the truth from my point of view (Italian and European) would not make much difference if the spy comes from ChinaRussia, the USA, or the UK.

The first problem I to understand if there is a relationship between IoT and 5G. Well, the relationship is kind of simple: with the current technologies, the IoT is hardly limited due to connectivityIP and bandwidth issues. 5G aim is to overcome those limitations offering broadband connectivity that can support IoT needs. this will require investment, change of business models and…wait to read this go to my previous IoT articles, I called them the IoT files because there is so much thing to say an article can not cover everything.

Turning back to the point so, 5G is the technology that can glue IoT in terms of connectivity, but what does it mean? Well, when we listen to 5G we listen to how we can create smart cities, how we can connect cars together so they drive better and safer with autonomous drive and so on.

5G is exactly about this, allowing all this to happen.

All typos are because I never read slides back, lol forgive me

Almost everything you heard about IoT requires 5G to become reality because current mobile broadband would not be suited to cover those needs, we are not talking about a test with a few cars that can communicate over 4G but billion of devices somehow interconnected with different priority needs, bandwidth needs, security, and privacy needs.

Basically anything that is recently referred to as “SMART something” and IoT will be bound to a technology that will allow fast, secure and reliable data connections.

As of now, 5G is the answer but, there is a problem, the champions of 5G technology aren’t from the USA and the biggest player is Chinese (Huawei holds the highest number of patents on 5G technology).

All typos are because I never read slides back for proofreading, lol forgive me 😂

This thing that can be irrelevant is actually the big issue at the moment, so big that all serious consideration on 5G is demanded as an afterthought in a second-level line of consideration.

Geopolitical technology and economic issues are at the moment the rising stars, make enough rumor to cloud judgment and to move attention to serious issues.

I am not saying that those are no problems, and I agree nations should try to defend themselves, but targeting the wrong point on 5G will not help to address correctly “ab Initio” the complex problem that 5G will bring home. and the main reason behind this is that if you ask what is 5G, the answer is…just a faster mobile network.

If speed would be the only reason behind 5G I would kindly agree that geopolitical issues are the obstacles, but 5G is not just “speed” is way more and the 5G security issue goes beyond the specifics of the connectivity offered at broadband level but goes into the core of what 5G has been designed for: services.

All typos are because I never read slides back, lol forgive me

we use to think that broadband mobile develope was only more speed, but actually, speed has never been the only target, speed and services always have developed hand in hand.

from a mobile perspective, 1G was offering 2.4 kbps and was designed to allow mobile phones, it was no less, no more than an extension of your home wired phone. Basic voice services and an analog protocol, low bandwidth was all we needed. issues were more at the infrastructure level so no time to bare with things that were not even in customer imagination at that time.

the real revolution arrives with 2G, it’s broadband, it’s digital (GSM, CDMA), can carry data, more stable…a revolution. we were able to send text, see caller number who was not enjoying it? and some mobile phones start to offer even a graphic screen and games (like “snake”). who really care about speed, that actually moved from 2,4 kbps to an astonishing 64 kbps?

The nice thing about 2G is the introduction of the idea that mobile phones can be so much more than a simple device to phone, and text messaging was there to prove it.

You see when the consumer space sees the opportunity for cool kinds of stuff that can make the market big, the vendor will follow. With the pressure of the internet and the new services a new need for data rise up and here you have 3G.

3G was not only tremendously faster than the predecessor but was designed with the need to transfer data.no simple text messages, you can have internet in your phone now.

Again the real difference with 2G was not “speed” but the kind of services you were bringing on board. so as a natural evolution from the old internet we moved to the new one with video, streamingchatting and so on. A new class of services was required here the need for something more, something new 4G.

And as a matter of fact, besides the speed, the real need for 4G (or the not so cool but hey better than nothing 4.5G) was video capability.

The services drive the speed so the speed is just a consequence of the needs the technology has to address.

But if we limit to consider just the usual way we use the internet (facebook, youtubeYouPornLinkedIn, wechat-weixin, WhatsApp, Instagram, ticktock and so on) we could just add some megabytes more to our 4G (is what 4,5G does by the way) but here comes IoT.

IoT brings way more devices on the internet, with their needs in terms of bandwidth, connectivity, quality of services. all of this requires new technology, and being ambitious why then not thinking to make this technology able to address even the LAN\WAN realm?

This is not so stupid, the telcos have always tried to gain space in the LAN\WAN market, money can be a huge driver, the telco activities with the enterprise was related to offering connectivity to internet and voice service. The revenues for analog voice services were hight but VoIP lower dramatically the incomes since it was cheaper putting Telcos in a difficult position. If internet broadband services for home users have been a good business it requires substantial infrastructure investments that are not always covered by the revenues, hence the digital divide.

But 5G can turn all this upside down, justifying the investment that was not so cool, because 5G means all in telcos hands!

All typos are because I never read slides back, lol forgive me

If 5G is the backbone of IoT and Smart X this means an incredibly big market for telcos, since telcos will provide 5G connectivity. this is why telco vendors are so interested in 5G, alas this is a world also where security has always been a secondary issue if not a neglected one, so we cannot expect that security will be addressed correctly if other players will not put their nose in.

From this point of view governments and regulators could play a key role in leveraging security and privacy by design and by default in the 5G world design, alas at the moment all seems to be more focused on boring geopolitical issues than the real stuff

All typos are because I never read slides back, lol forgive me

In the 5G challenges, there are a few that are easy to spot if we understood that 5G is the IoT backbone. Without the lousy arrogance to think to be exhaustive here some that should, at least, taken into serious consideration:

1) fast connectivity between devices, this accordingly to the device\service need. not all IoT devices are born equal in terms of bandwidth, data processing, quality and sensitivity of data an so on, being able

2) segregation of traffic, that means every group of device that are under a specific service instance should have its traffic isolated and protected from the other ones. I would not enjoy my personal photo shared everywhere if the IoT device is my home HDD storage where I put them. segregation of traffic is the minimum level of security we have to think of when we plan a broadband multiservice environment.

3) Quality of service is a key factor here, even if the bandwidth is incredibly hudge this does not mean that there will be no latency or bandwidth bottlenecks, and some services have to be granted no matter what, telemedicine, telesurgery just to name a couple should be prioritized upon watching youtube.

4) authentication and authorization are not less important, we need in a heterogeneous environment bein able to authenticateand authorize with the correct level of permission every single device on every single service it needs to access and with its user ownership. failing this point will means access to anyone…

5) multivendor environment, this can seem a minor issue but in an ever-growing connected devices-users-services environment being able to reassure all the stuff will work seamlessly is not so easy. maybe someone remembers issues with a famous leading network gear vendor and the nic auto speed detection protocol? standard not always mean standard, but this can open a serious breach to operativity and security if not addressed correctly.

6) not all will be 5G at the beginning, and probably when the legacy world will end we will be on 6G (which will rid of part of the infrastructure leveraging peer to peer connection directly at the device level), 7G with 5G as the old stuff. so 5G will have to deal with ethernet as well as 4G as well as what will come in the future. A gateway between the different technologies is not so simple since service definition can differ.

7) in particular, the existing mobile environment and LAN/WAN battlefield should be carefully considered, form one side we still have 3G, form the other side LAN\WAN vendor will fight back to keep their domains intact. so will be an interesting battle where again, standards and regulators could drive a little light at the end of the tunnel (hoping it is not the train)

and more could be mentioned but if I want to continue better to stop with this list.

if you are here to read means you are interested in the subject, I am impressed and thankful 🙂

So the backbone for IoT will be, at least at the beginning, 5G network wich, just to be clear, is still on implementation. If we think of what is IoT definition:

The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems.

we can try to assume then that internet connectivity will be more and more 5G

All typos are because I never read slides back, lol forgive me

which should now clarify why speed is just one of the many issued of 5G and why 5G is not just bare connectivity but something should manage services. so now we should understand what this “service” word means here.

Basically a service is a mix of devices, connectivity, data, process and users that can be grouped somehow. There can be thousands, millions, billions of services under this simple definition (i know is mine but worth everyone to understand the point).

the main point is that services are not all the same: HTTP browsing can be a service under 5G and video broadcasting as well, the 2 are different in nature and in terms of requirements.

All typos are because I never read slides back, lol forgive me

different services require different needs and for once speed can be a good example to understand the point: what is speed?

the very concept of speed can vary from service to service, so consider the automotive and smart road ideas. In this scenario, we will have a small piece of critical data exchanged from one car to another and/or the infrastructure that has to be processed and transmitted as fast as possible. seems easy but we should consider that the cars are moving and the traffic can be largely unpredictable (I don’t know when someone will decide to get into the car to go somewhere, I can not predict if external issues will modify viability as crossing pedestrian, not in the dedicated areas, problems with the state of the road, holes, weather, flood, heartquake, superman vs batman and so on)

So here speed means very low latency, quick authentication and authorization, fast address resolution, and reliability at least. probably I should add geolocation and other critical missing point but I think we have an idea.

On the same hands if I have to move a big chunk of data, well speed means mainly bandwidth, QoS and conflict resolution if more agents/objects/users are trying to move the same os nearby data. so if you are trying to align your data center with your new cloud one and you want to move some Coperbyte of data and as well your neighborhood want to do this well we have to manage the bandwidth somehow…

Of course, if the need is just to browse and watch movies your needs are focused (remember we are in 5G) on DNS response and video-voice sync.

But since in a billion IoT devices there can be billions of services that at the moment do not exist, we need to create an environment able to define the need in advance (or wait for 6G for new services implementation).

so broadening the argument here 5G for IoT should, at least:

1)Segregate different services

A different class of services should be independent one to the other

Services should be arbitrary and the service set required should be one of the services definition parameters

2)Allow QoS for critical ones

Not all services are the same, internet browsing is not a running truck on a highway, a surgical operation is not like watching porn on your phone

3)Provide strong security and management featured for each service

Service should be identified

Authorization and authentication of service and users should be available and effective

4)Take into account security and privacy by design and default

and so on

Different scenarios on 5G require different analyses take as an example 3 easy to spot: your home environment, smart road, LAN\WAN substitution.

I love the home example because is something even not IT freak can understand. the photo depicts the world before and after 5G

if you have the internet at home you are probably in this scenario:

We have one router to connect to the internet

•All devices internally connect via wifi/LAN

•When devices need to talk one to the other they use their internal IP network on a private subnet

•When devices need to talk to the internet the call the router.

•Internet router interface through ISP to the internet offering some security services and NAT

•Smart devices like smartphones use a double connection wifi internal/sim external

•…

We know if we want to see what we have in our local storage we move data internally (At least we hope so) our gateway to the internet is our router which (should) provide some basic security stuff as firewalling and a minimum authentication at least for wifi internal connectivity. We live in a private network where connectivity is basically ethernet and wi-fi and we go on the internet with a natted address shared by all devices. Probably we have some devices that do not have a real internet exposition, other that goes just to search updates, some that connect to a web service to allow you to check and configure things and finally some that go to the internet by themselves for unknown reason (Alexa like, ROTFL). Ah, do not forget your smartphone that has both wi-fi and your 4G\4.5G connection with apps to manage both your internal LAN and the web interfaces of your LAN devices.

what 5G will change here? of course everything absolutely everything.

Everything is already on the internet

•All devices are able to connect directly to the 5G network and have public addresses

•Providers of 5G connectivity can be different and bound to users and/or device

•Devices need to know their «internal» realm in order to understand which device can be trusted or not for internal communication

•Different 5G providers have to guarantee device interoperability, segregation and security as devices were in a segregated LAN

•Internet communication should be controlled and monitored as it was a single one

Autonomous driving and smart roads are actually as fun as home networks but for the opposite reason, here we are talking about something does not exist yet, and the few test and implementation, by all means, are not a serious example of what means interaction of IoT vehicles.

the reality at the moment is simple:

•Cars do not talk to each other

•Cars do not talk to the road infrastructure

•Roads use sensors for limited scope (traffic light, street light)

•Limited information is provided by broadband connectivity (as Radio Traffic where available)

•Internet connectivity provided by car SIM or smartphone

•Some app can connect to the internet and provide indications as navigators do

•Some apps can provide autonomous analysis of traffic

•…

while in a 5G world:

•All vehicles are 5G connected

•Different car-service interact with road infrastructure

•Cars and car devices are equipped with 5G capabilities from different 5G providers

•They need to be bound with the owner\owners

•They need to recognize trustable information data source

•They need to interoperate independently from the 5G provider

•They need to cover the services even when crossing country borders

•…

with 5G is clear the need for fast reliable ubiquitous and vendor\provider independent connectivity.

maybe we should expect virtual sim configured to comply driver need, but what if 2 or more people share the same car? and what kind of interaction with your smartphone and other smart devices?

let explore some consideration on the most slippery of the 3rd example, trying to move from LAN\WAN to 5G (the telcos’ dream)

What we have today (more or less):

•There is an internal (LAN) and an outside

•internal services are protected by firewalls and other security technologies

•Connectivity is provided through NIC or WI-Fi using TCP/IP protocol leveraging usually private addressing and natting to reach outside resources

•Internal resources are accessible directly internally or through a web service\web interface externally

•Resources external to the LAN are accessible trough router/firewall upon natting and authentication/authorization

•Users external to the LAN connect to the internet through mobile broadband or through Wifi

•To connect to internal resources users are identified and connected through VPN or other secure means to the LAN

•…

do I really need to describe what is the current situation? lol 🙂

what would change with 5G?

•Almost all devices are 5G connected

•Connectivity is provided by different 5G providers and can be public (using public infrastructure) or private (5G infrastructure is local)

•Interoperability has to be guaranteed regardless 5G provider or device manufacturer

•Interoperability has to be guaranteed with LAN/Ethernet previous environment

•Segregation of the internal devices has to be guaranteed as in a LAN

•Security devices should be able to work seamlessly regardless of the hybrid LAN/5G environment

•Mobile users should be able to be part of the internal network for the services in use even if they are using their own device

•…

this scenario requires a careful understanding since we have all the security problems we have in a normal network implementation plus the fact all devices can reach the internet directly and are directly exposed because of their addressing, segmentation requires multiple levels since some segment can be internally nested to others (something like we today use VLAN) and all this should communicate with the legacy world, since it is not credible an immediate takeover of 5G against LAN\WAN. Moreover, all legacy security world should be able to interoperate with the new one.

this kind of scenario is compatible with a full cloud adoption less agile with hybrid or full local implementations.

Here security and privacy issues rise up to the next level since the disintegration of the concept of LAN, started with the introduction of mobile users and BYOD, extend to almost every node but with less clear control of what is going on.

5G security, if we understand some of the implications I mentioned before, embrace a way larger concept than what people generally think. Here we are not just thinking how to secure an encrypted communication channel, which is, by the way, a clear basic requirement, but extend on how to broker, manage and control services that run on 5G.

I do not have an easy answer to this, I have seen different proposals to address such problems, as an example a central security service broker that takes into account all the request and, accordingly to rules, AI, magic and tricks solve everything.

Of course, this service broker, hypervisor or call it as you like should be able to communicate with external entities, demand part of its configuration to third parties and so on. we are entering the realm of the NFV security (if of any interest you can read my post on “NFV network function virtualization security considerations“) with some issues more. and the attack surface is way wider than a simple: I can no trust Chinese equipment.

time t go to sleep, if you read all this till here thanks, comments are very welcome

Antonio

On IoT I also wrote:

The IoT Files: Intro

The IoT Files: IoT and Security

The IoT Files – IoT and Privacy

The IoT Files – Infrastructure

The IoT Files – IoT Business Models

The IoT Files: Culture

The IoT Files: is a small OS good for security?

The IoT Files: The need for cryptography in IoT

The IoT Files: the call for 5G

I have been recently interviewed on 5G issues and this made me realize how confusing is the knowledge and understanding about 5G.

Most of the time, when I heard on mainstream media comment about 5G I find form one side apologetic wonders of how this or that vendor with 5G can solve all human problems, form the other side fears related strictly to the fact that 5G today means Chinese or European vendors, for the first time in years the USA is not leading technologically a strategic sector.

even lesser I heard about the link between 5G and IoT and what this means.

Generally speaking, most of the discussions on IoT are focused on devices and not as a system, as well in most of the case I seldom find consideration related to 5G implementation and security. This is quite annoying from my point of view since security in IoT (I wrote about that on The IoT files) is more than the single device security and 5G security issues are not related to Huawei spying us.

And to say the truth from my point of view (Italian and European) would not make much difference if the spy comes from ChinaRussia, the USA, or the UK.

The first problem I to understand if there is a relationship between IoT and 5G. Well, the relationship is kind of simple: with the current technologies, the IoT is hardly limited due to connectivityIP and bandwidth issues. 5G aim is to overcome those limitations offering broadband connectivity that can support IoT needs. this will require investment, change of business models and…wait to read this go to my previous IoT articles, I called them the IoT files because there is so much thing to say an article can not cover everything.

Turning back to the point so, 5G is the technology that can glue IoT in terms of connectivity, but what does it mean? Well, when we listen to 5G we listen to how we can create smart cities, how we can connect cars together so they drive better and safer with autonomous drive and so on.

5G is exactly about this, allowing all this to happen.

All typos are because I never read slides back, lol forgive me

Almost everything you heard about IoT requires 5G to become reality because current mobile broadband would not be suited to cover those needs, we are not talking about a test with a few cars that can communicate over 4G but billion of devices somehow interconnected with different priority needs, bandwidth needs, security, and privacy needs.

Basically anything that is recently referred to as “SMART something” and IoT will be bound to a technology that will allow fast, secure and reliable data connections.

As of now, 5G is the answer but, there is a problem, the champions of 5G technology aren’t from the USA and the biggest player is Chinese (Huawei holds the highest number of patents on 5G technology).

All typos are because I never read slides back for proofreading, lol forgive me 😂

This thing that can be irrelevant is actually the big issue at the moment, so big that all serious consideration on 5G is demanded as an afterthought in a second-level line of consideration.

Geopolitical technology and economic issues are at the moment the rising stars, make enough rumor to cloud judgment and to move attention to serious issues.

I am not saying that those are no problems, and I agree nations should try to defend themselves, but targeting the wrong point on 5G will not help to address correctly “ab Initio” the complex problem that 5G will bring home. and the main reason behind this is that if you ask what is 5G, the answer is…just a faster mobile network.

If speed would be the only reason behind 5G I would kindly agree that geopolitical issues are the obstacles, but 5G is not just “speed” is way more and the 5G security issue goes beyond the specifics of the connectivity offered at broadband level but goes into the core of what 5G has been designed for: services.

All typos are because I never read slides back, lol forgive me

we use to think that broadband mobile develope was only more speed, but actually, speed has never been the only target, speed and services always have developed hand in hand.

from a mobile perspective, 1G was offering 2.4 kbps and was designed to allow mobile phones, it was no less, no more than an extension of your home wired phone. Basic voice services and an analog protocol, low bandwidth was all we needed. issues were more at the infrastructure level so no time to bare with things that were not even in customer imagination at that time.

the real revolution arrives with 2G, it’s broadband, it’s digital (GSM, CDMA), can carry data, more stable…a revolution. we were able to send text, see caller number who was not enjoying it? and some mobile phones start to offer even a graphic screen and games (like “snake”). who really care about speed, that actually moved from 2,4 kbps to an astonishing 64 kbps?

The nice thing about 2G is the introduction of the idea that mobile phones can be so much more than a simple device to phone, and text messaging was there to prove it.

You see when the consumer space sees the opportunity for cool kinds of stuff that can make the market big, the vendor will follow. With the pressure of the internet and the new services a new need for data rise up and here you have 3G.

3G was not only tremendously faster than the predecessor but was designed with the need to transfer data.no simple text messages, you can have internet in your phone now.

Again the real difference with 2G was not “speed” but the kind of services you were bringing on board. so as a natural evolution from the old internet we moved to the new one with video, streamingchatting and so on. A new class of services was required here the need for something more, something new 4G.

And as a matter of fact, besides the speed, the real need for 4G (or the not so cool but hey better than nothing 4.5G) was video capability.

The services drive the speed so the speed is just a consequence of the needs the technology has to address.

But if we limit to consider just the usual way we use the internet (facebook, youtubeYouPornLinkedIn, wechat-weixin, WhatsApp, Instagram, ticktock and so on) we could just add some megabytes more to our 4G (is what 4,5G does by the way) but here comes IoT.

IoT brings way more devices on the internet, with their needs in terms of bandwidth, connectivity, quality of services. all of this requires new technology, and being ambitious why then not thinking to make this technology able to address even the LAN\WAN realm?

This is not so stupid, the telcos have always tried to gain space in the LAN\WAN market, money can be a huge driver, the telco activities with the enterprise was related to offering connectivity to internet and voice service. The revenues for analog voice services were hight but VoIP lower dramatically the incomes since it was cheaper putting Telcos in a difficult position. If internet broadband services for home users have been a good business it requires substantial infrastructure investments that are not always covered by the revenues, hence the digital divide.

But 5G can turn all this upside down, justifying the investment that was not so cool, because 5G means all in telcos hands!

All typos are because I never read slides back, lol forgive me

If 5G is the backbone of IoT and Smart X this means an incredibly big market for telcos, since telcos will provide 5G connectivity. this is why telco vendors are so interested in 5G, alas this is a world also where security has always been a secondary issue if not a neglected one, so we cannot expect that security will be addressed correctly if other players will not put their nose in.

From this point of view governments and regulators could play a key role in leveraging security and privacy by design and by default in the 5G world design, alas at the moment all seems to be more focused on boring geopolitical issues than the real stuff

All typos are because I never read slides back, lol forgive me

In the 5G challenges, there are a few that are easy to spot if we understood that 5G is the IoT backbone. Without the lousy arrogance to think to be exhaustive here some that should, at least, taken into serious consideration:

1) fast connectivity between devices, this accordingly to the device\service need. not all IoT devices are born equal in terms of bandwidth, data processing, quality and sensitivity of data an so on, being able

2) segregation of traffic, that means every group of device that are under a specific service instance should have its traffic isolated and protected from the other ones. I would not enjoy my personal photo shared everywhere if the IoT device is my home HDD storage where I put them. segregation of traffic is the minimum level of security we have to think of when we plan a broadband multiservice environment.

3) Quality of service is a key factor here, even if the bandwidth is incredibly hudge this does not mean that there will be no latency or bandwidth bottlenecks, and some services have to be granted no matter what, telemedicine, telesurgery just to name a couple should be prioritized upon watching youtube.

4) authentication and authorization are not less important, we need in a heterogeneous environment bein able to authenticateand authorize with the correct level of permission every single device on every single service it needs to access and with its user ownership. failing this point will means access to anyone…

5) multivendor environment, this can seem a minor issue but in an ever-growing connected devices-users-services environment being able to reassure all the stuff will work seamlessly is not so easy. maybe someone remembers issues with a famous leading network gear vendor and the nic auto speed detection protocol? standard not always mean standard, but this can open a serious breach to operativity and security if not addressed correctly.

6) not all will be 5G at the beginning, and probably when the legacy world will end we will be on 6G (which will rid of part of the infrastructure leveraging peer to peer connection directly at the device level), 7G with 5G as the old stuff. so 5G will have to deal with ethernet as well as 4G as well as what will come in the future. A gateway between the different technologies is not so simple since service definition can differ.

7) in particular, the existing mobile environment and LAN/WAN battlefield should be carefully considered, form one side we still have 3G, form the other side LAN\WAN vendor will fight back to keep their domains intact. so will be an interesting battle where again, standards and regulators could drive a little light at the end of the tunnel (hoping it is not the train)

and more could be mentioned but if I want to continue better to stop with this list.

if you are here to read means you are interested in the subject, I am impressed and thankful 🙂

So the backbone for IoT will be, at least at the beginning, 5G network wich, just to be clear, is still on implementation. If we think of what is IoT definition:

The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems.

we can try to assume then that internet connectivity will be more and more 5G

All typos are because I never read slides back, lol forgive me

which should now clarify why speed is just one of the many issued of 5G and why 5G is not just bare connectivity but something should manage services. so now we should understand what this “service” word means here.

Basically a service is a mix of devices, connectivity, data, process and users that can be grouped somehow. There can be thousands, millions, billions of services under this simple definition (i know is mine but worth everyone to understand the point).

the main point is that services are not all the same: HTTP browsing can be a service under 5G and video broadcasting as well, the 2 are different in nature and in terms of requirements.

All typos are because I never read slides back, lol forgive me

different services require different needs and for once speed can be a good example to understand the point: what is speed?

the very concept of speed can vary from service to service, so consider the automotive and smart road ideas. In this scenario, we will have a small piece of critical data exchanged from one car to another and/or the infrastructure that has to be processed and transmitted as fast as possible. seems easy but we should consider that the cars are moving and the traffic can be largely unpredictable (I don’t know when someone will decide to get into the car to go somewhere, I can not predict if external issues will modify viability as crossing pedestrian, not in the dedicated areas, problems with the state of the road, holes, weather, flood, heartquake, superman vs batman and so on)

So here speed means very low latency, quick authentication and authorization, fast address resolution, and reliability at least. probably I should add geolocation and other critical missing point but I think we have an idea.

On the same hands if I have to move a big chunk of data, well speed means mainly bandwidth, QoS and conflict resolution if more agents/objects/users are trying to move the same os nearby data. so if you are trying to align your data center with your new cloud one and you want to move some Coperbyte of data and as well your neighborhood want to do this well we have to manage the bandwidth somehow…

Of course, if the need is just to browse and watch movies your needs are focused (remember we are in 5G) on DNS response and video-voice sync.

But since in a billion IoT devices there can be billions of services that at the moment do not exist, we need to create an environment able to define the need in advance (or wait for 6G for new services implementation).

so broadening the argument here 5G for IoT should, at least:

1)Segregate different services

A different class of services should be independent one to the other

Services should be arbitrary and the service set required should be one of the services definition parameters

2)Allow QoS for critical ones

Not all services are the same, internet browsing is not a running truck on a highway, a surgical operation is not like watching porn on your phone

3)Provide strong security and management featured for each service

Service should be identified

Authorization and authentication of service and users should be available and effective

4)Take into account security and privacy by design and default

and so on

Different scenarios on 5G require different analyses take as an example 3 easy to spot: your home environment, smart road, LAN\WAN substitution.

I love the home example because is something even not IT freak can understand. the photo depicts the world before and after 5G

if you have the internet at home you are probably in this scenario:

We have one router to connect to the internet

•All devices internally connect via wifi/LAN

•When devices need to talk one to the other they use their internal IP network on a private subnet

•When devices need to talk to the internet the call the router.

•Internet router interface through ISP to the internet offering some security services and NAT

•Smart devices like smartphones use a double connection wifi internal/sim external

•…

We know if we want to see what we have in our local storage we move data internally (At least we hope so) our gateway to the internet is our router which (should) provide some basic security stuff as firewalling and a minimum authentication at least for wifi internal connectivity. We live in a private network where connectivity is basically ethernet and wi-fi and we go on the internet with a natted address shared by all devices. Probably we have some devices that do not have a real internet exposition, other that goes just to search updates, some that connect to a web service to allow you to check and configure things and finally some that go to the internet by themselves for unknown reason (Alexa like, ROTFL). Ah, do not forget your smartphone that has both wi-fi and your 4G\4.5G connection with apps to manage both your internal LAN and the web interfaces of your LAN devices.

what 5G will change here? of course everything absolutely everything.

Everything is already on the internet

•All devices are able to connect directly to the 5G network and have public addresses

•Providers of 5G connectivity can be different and bound to users and/or device

•Devices need to know their «internal» realm in order to understand which device can be trusted or not for internal communication

•Different 5G providers have to guarantee device interoperability, segregation and security as devices were in a segregated LAN

•Internet communication should be controlled and monitored as it was a single one

Autonomous driving and smart roads are actually as fun as home networks but for the opposite reason, here we are talking about something does not exist yet, and the few test and implementation, by all means, are not a serious example of what means interaction of IoT vehicles.

the reality at the moment is simple:

•Cars do not talk to each other

•Cars do not talk to the road infrastructure

•Roads use sensors for limited scope (traffic light, street light)

•Limited information is provided by broadband connectivity (as Radio Traffic where available)

•Internet connectivity provided by car SIM or smartphone

•Some app can connect to the internet and provide indications as navigators do

•Some apps can provide autonomous analysis of traffic

•…

while in a 5G world:

•All vehicles are 5G connected

•Different car-service interact with road infrastructure

•Cars and car devices are equipped with 5G capabilities from different 5G providers

•They need to be bound with the owner\owners

•They need to recognize trustable information data source

•They need to interoperate independently from the 5G provider

•They need to cover the services even when crossing country borders

•…

with 5G is clear the need for fast reliable ubiquitous and vendor\provider independent connectivity.

maybe we should expect virtual sim configured to comply driver need, but what if 2 or more people share the same car? and what kind of interaction with your smartphone and other smart devices?

let explore some consideration on the most slippery of the 3rd example, trying to move from LAN\WAN to 5G (the telcos’ dream)

What we have today (more or less):

•There is an internal (LAN) and an outside

•internal services are protected by firewalls and other security technologies

•Connectivity is provided through NIC or WI-Fi using TCP/IP protocol leveraging usually private addressing and natting to reach outside resources

•Internal resources are accessible directly internally or through a web service\web interface externally

•Resources external to the LAN are accessible trough router/firewall upon natting and authentication/authorization

•Users external to the LAN connect to the internet through mobile broadband or through Wifi

•To connect to internal resources users are identified and connected through VPN or other secure means to the LAN

•…

do I really need to describe what is the current situation? lol 🙂

what would change with 5G?

•Almost all devices are 5G connected

•Connectivity is provided by different 5G providers and can be public (using public infrastructure) or private (5G infrastructure is local)

•Interoperability has to be guaranteed regardless 5G provider or device manufacturer

•Interoperability has to be guaranteed with LAN/Ethernet previous environment

•Segregation of the internal devices has to be guaranteed as in a LAN

•Security devices should be able to work seamlessly regardless of the hybrid LAN/5G environment

•Mobile users should be able to be part of the internal network for the services in use even if they are using their own device

•…

this scenario requires a careful understanding since we have all the security problems we have in a normal network implementation plus the fact all devices can reach the internet directly and are directly exposed because of their addressing, segmentation requires multiple levels since some segment can be internally nested to others (something like we today use VLAN) and all this should communicate with the legacy world, since it is not credible an immediate takeover of 5G against LAN\WAN. Moreover, all legacy security world should be able to interoperate with the new one.

this kind of scenario is compatible with a full cloud adoption less agile with hybrid or full local implementations.

Here security and privacy issues rise up to the next level since the disintegration of the concept of LAN, started with the introduction of mobile users and BYOD, extend to almost every node but with less clear control of what is going on.

5G security, if we understand some of the implications I mentioned before, embrace a way larger concept than what people generally think. Here we are not just thinking how to secure an encrypted communication channel, which is, by the way, a clear basic requirement, but extend on how to broker, manage and control services that run on 5G.

I do not have an easy answer to this, I have seen different proposals to address such problems, as an example a central security service broker that takes into account all the request and, accordingly to rules, AI, magic and tricks solve everything.

Of course, this service broker, hypervisor or call it as you like should be able to communicate with external entities, demand part of its configuration to third parties and so on. we are entering the realm of the NFV security (if of any interest you can read my post on “NFV network function virtualization security considerations“) with some issues more. and the attack surface is way wider than a simple: I can no trust Chinese equipment.

time t go to sleep, if you read all this till here thanks, comments are very welcome

Antonio

On IoT I also wrote:

The IoT Files: Intro

The IoT Files: IoT and Security

The IoT Files – IoT and Privacy

The IoT Files – Infrastructure

The IoT Files – IoT Business Models

The IoT Files: Culture

The IoT Files: is a small OS good for security?

The IoT Files: The need for cryptography in IoT

sabato 30 maggio 2015

IoT, Internet of Things or Internet of Terror?

Why we all talk about IoT

I know that there are a lot of good reasons to love the IoT or IoE (where E stand for everything) idea. I can just highlight a couple: Business and easier life.

The business behind IoT

The first point is quite clear, the tremendous growth of the Smart devices has create a new business that has gone beyond any analyst prevision. Nowadays it seems that it is impossible to think a world not interconnected. Anyway there are still great areas of improvement in terms of quality of the services provided and the spread of the population covered.

Source: Euromonitor, ITU, US Census.
Source: Euromonitor, ITU, US Census.

If we take a look at the growth of internet users from 1995 to 2014 we can perceive the dimension of this business. But as well we can see that yet the majority of the population is not internet connected. Even in the most developed countries Digital divide is a sensitive matter of discussion, that separate the digital literate from the digital illiterate people.

IoT can dramatically improve this market, while making the separation between digital connected and not digital connected wider. Some efforts are made by government or private company to cover this gap, I think, as an example, the UK effort to cover rural areas or the India project to bring internet for free to poor and not developed areas. But those effort are somehow inadequate to cover the great part of the population that is not connected. And even in developed countries as Italy, digital divide is still not perceived as a problem.

This although statistics tell us that the digital economy can improve company’s revenue and way of life of the population, but at the same time requires skills and infrastructures that, in many cases, are still obsolete.

Source: Morgan Stanley, Capital IQ, Bloomberg. Note: Market capitalizations are as of May 22, 2015 and December 31, 1995, respectively
Source: Morgan Stanley, Capital IQ, Bloomberg.
Note: Market capitalizations are as of May 22, 2015 and December 31, 1995, respectively

 

It is interesting to notice that China and USA are covering the top positions, two countries that heavily invested in developing such technologies (USA as historical leader, China as underdog working to close the technology Gap).

Not to mention the other technological Asian giants, Japan and Korea, that have been anyway able to capitalize this growth.

Now it is clear that to maintain this thread we have to offer something new, and IoT is a good instrument to allow a solid growth in that market that start to show a little slowing:iot3

Offering new Services is the Key to maintain a solid growth. And IoT from this point of view promise a tremendous growth: from demotic to cars, from wearable to control systems IoT can expand exponentially the business related to internet.

Can IoT makes us live better?

But can this means we can have a better life? This is questionable, of course, but overall the life experience with internet is way better than without. We can get access to more services, more communications, more information. Of course all of this has a cost, we still are creating the cognitive infrastructures to manage this enormous flux of information, but it is out of doubt that where internet arrive form a social point of view there is a dramatic change in use and costumes of the population. Sometimes this lead to nasty behaviors, I know, but at the same times it let ideas spreads, and ideas are like a virus so hard to stop when find a channel of infection.

It is not a case that the diffusion of internet saw a revamp of censorship efforts from government, as well as efforts to rules and control this communication (even without citizenship acknowledgment, think of Prism as an example). But I will turn back to this later.

Anyway is clear that the people that have access to the internet can enjoy and use a wider range of information, services and tools that people without internet can’t have. This is just a good justification per se to affirm that IoT can be a powerful instrument to improve our lives.

Thinks about smart object that can help you in the most tedious daily tasks, or able to give you some fun and relax to improve your quality of life, or help you to better manage resources to allow you to make savings…

What challenges ahead

So from this is the picture, a great business chance and a great life improvement, as internet showed us can provide.

But it is right now possible? What are the challenges?

To Connect or not to Connect?

Well there are a lot of things that have to be clarified around IoT. First of all is the business model behind, who will pay the bill?

IoT means always connected object to the internet, able to communicate between them and the owners, and, may be, with something else. A great flux of data that will flood our already congested networks. The connection is one of the main limit at the moment of the IoT approach.

While we like to think connectivity is not an issue, we have to realize that , on the contrary, the issue is quite big. And the obstacle is not technological but business related. Carriers have to change their business model somehow to allow this growth, and this is not an easy task to accomplish.

There are still great obstacle to a real interconnected world, and some are particularly nasty, think at roaming costs as an example.

Since we does not live in a world where a single carrier cover perfectly all the countries, we have to face with a plethora of carriers that cover partially an area. Some areas are well covered, other are suffering bad coverage due to 2 main reasons:

  • Lack of connectivity
  • Congestions

IoT can just increase this problem exponentially. Even in our better connected areas we can face congestions. One possibility to temporarily mitigate this problem is to allow the device to connect to another carrier if the preferred one is congested, but this will open to the roaming issues mentioned before, as well as the resistance of carrier to open their networks. And if is the case in rural not dense populated areas, can you imagine what they could say in dense populated areas?

Interoperability and universal access

Let be clear, if we think we can create an interconnected world with IPv4 we are out of our mind. There are a world of good reasons to think this is a bad idea, and security is one of them. But there are other considerations to take in account: what protocols and services will be necessary to IoT to work?

Just the simplest example. The real DNS infrastructure is not solid enough to guarantee such device explosion. The hierarchical DNS infrastructure has worked till now, not without some problems. thinking to increase the load of DNS traffic at a greater scale would make the situation unstable and put at risk the basic of communication itself: name resolution.

So different way to resolve address have to be implemented, some effort to implement peer to peer resolution has been done, but still we are far from a solid solution that would allow IoT to growth at the desired scale.

Would be too reductive to think that IoT device does not need a sophisticated name resolution capability, maybe it is the case now, but we should think ahead, what the future improvement could be.

Just, as an example, think of a medical device connected to a person travelling. May be would be useful to allow this device to connect to the closest interface when something happen to the person wearing it, and this can change related to the kind of analysis the device is able to do. Could be a pharmacy or a hospital, or a doctor or whatever. Being able to resolve a complex set of name resolutions would make the difference between a good device and a bad one. Of course we can ask Google to do all the job for ourselves and allow them to decide what are the next name resolution technologies we want, unless you live in china where Google services does not work.

DNS systems demonstrate its limits several times those years, and are also subject to geo political crisis that could badly interfere with an internet of things enabled world.

From a technological point of view the biggest obstacle is still the Operative System under which this IoT will run. The Operative systems, actually, it has not sense to think about a single OS, it would be inapplicable (although some governments would like this approach) so we will have a plethora of different OS running on small machines able to perform complex activities and able to connect in a quasi autonomous way. Interoperability and standardization will be imperative to avoid the chaos. As well as some general agreement on a minimum level of security features related to data acquisition and transmission (including what kind of sensor are allowed), authentication and so on.

There are concerns about privacy, kind of data processed, security also today, can you imagine what would be to be spied by your refrigerator?

But also networks can become our bottlenecks as mentioned before. Being able to set up enough bandwidth and quality of service is mandatory.  And i can just imagine the workload that border routers, firewalls and other network gears will have to deal with.

Wondering if Carriers are preparing themself to face this change (I can’t see good signs at the moment, honestly).

Why IoT scares Me

I confess I am scared by the IoT affair. And there are good reason all related to security and privacy. My concerns are various, and cover a lot of aspects:

From a security perspective I can start from the basic, the operating systems that will run on those things.

I am aware that most of the code will be written in C or assembly like languages, and this open a world of vulnerability, since coding with C allow you to do basically everything with memory and device, and, as a matter of fact, it expose the device to your error. Buffer overflow is a typical example, this vulnerability generally is related to a lack of control in the C code at driver level, where speed and efficiency are mandatory and so controls are not always implemented.

A small lightweight OS would be prone to this kind of error, since it would not implement security controls on top of the driver set.

Let’s then talk about authentication. Another difficult realm to address. The authentication is of course related to the service provided, less important services can use a lighter authentication model, but thin about medical devices, or cars…would you like to leave your authentication efforts to a 4 digit password (“1234” of course) and a username?

But we cannot even force our user to remember 150 hexadecimal digit, right?

Do we want to talk about encryption? I love it till it works. But then we discovered that encryption is all but a simple affair, and as for authentication, it has a very weak point, the key exchange. Encryption per se will not solve all our security concerns during data transfer just because in the IoT world we will let the device manage the process, and since the device is prone to error or hacking also the encryption will be weaker.

Even the strongest encryption is easy to decipher once you have the key.

I don’t know what will be the computational  power of my oven or fridge, considering the growing of processor power we continuously see, probably it will be more powerful than my T440 but I don’t expect a fully implemented OS running on it in the next 5 years (but, may be, I’m wrong and soon we will have an apple fridge that will download our sodas from I-grocery-store).

And there are also the bad guys to take into account: if we are suffering about cybercrime, cyberwarfare, cyberacktivism  right now, what will happen in the IoT world?

Let assume your fridge can make shopping by itself, because it is so smart that understand you finished your eggs, orange juice and milk. it Will have your credit card information, been able to log to the online shop on your behalf and make the shopping. Great!

But what if someone hack the fridge and steal your credit card info, or just force the fridge to buy frozen broccoli that you hate?

Or your medical device report to your insurance company you have symptoms you do not have so that they close your contract with you (don’t worry someone else will arrive to offer a new one, just in case…)

We can expand those silly examples to the whole scale of IoT, and see what kind of playground we are creating for government, cybercriminal and acktivists of any kind. I am sure that NSA and GCHQ guys would be so happy to hack any device they can just to be sure. So if you buy kebab one day you are a villain suspected of terrorism … or in some countries if you eat pork, eat meat on Friday, eat cow …

Internet of Things, Internet of Everything can be a tremendous good thing from both a business and life perspective, but some cautious remarks should be done before we jump into this mess without a parachute. We are just understanding the magnitude of the problem that an always connected world can bring us, better be wise and do not let others to make the choices for us.

  • Embracing business mobile for many benefits
  • Ignoring BYOD Can Be Disastrous To Mobile UC

IoT, Internet of Things or Internet of Terror?

Why we all talk about IoT

I know that there are a lot of good reasons to love the IoT or IoE (where E stand for everything) idea. I can just highlight a couple: Business and easier life.

The business behind IoT

The first point is quite clear, the tremendous growth of the Smart devices has create a new business that has gone beyond any analyst prevision. Nowadays it seems that it is impossible to think a world not interconnected. Anyway there are still great areas of improvement in terms of quality of the services provided and the spread of the population covered.

Source: Euromonitor, ITU, US Census.
Source: Euromonitor, ITU, US Census.

If we take a look at the growth of internet users from 1995 to 2014 we can perceive the dimension of this business. But as well we can see that yet the majority of the population is not internet connected. Even in the most developed countries Digital divide is a sensitive matter of discussion, that separate the digital literate from the digital illiterate people.

IoT can dramatically improve this market, while making the separation between digital connected and not digital connected wider. Some efforts are made by government or private company to cover this gap, I think, as an example, the UK effort to cover rural areas or the India project to bring internet for free to poor and not developed areas. But those effort are somehow inadequate to cover the great part of the population that is not connected. And even in developed countries as Italy, digital divide is still not perceived as a problem.

This although statistics tell us that the digital economy can improve company’s revenue and way of life of the population, but at the same time requires skills and infrastructures that, in many cases, are still obsolete.

Source: Morgan Stanley, Capital IQ, Bloomberg. Note: Market capitalizations are as of May 22, 2015 and December 31, 1995, respectively
Source: Morgan Stanley, Capital IQ, Bloomberg.
Note: Market capitalizations are as of May 22, 2015 and December 31, 1995, respectively

 

It is interesting to notice that China and USA are covering the top positions, two countries that heavily invested in developing such technologies (USA as historical leader, China as underdog working to close the technology Gap).

Not to mention the other technological Asian giants, Japan and Korea, that have been anyway able to capitalize this growth.

Now it is clear that to maintain this thread we have to offer something new, and IoT is a good instrument to allow a solid growth in that market that start to show a little slowing:iot3

Offering new Services is the Key to maintain a solid growth. And IoT from this point of view promise a tremendous growth: from demotic to cars, from wearable to control systems IoT can expand exponentially the business related to internet.

Can IoT makes us live better?

But can this means we can have a better life? This is questionable, of course, but overall the life experience with internet is way better than without. We can get access to more services, more communications, more information. Of course all of this has a cost, we still are creating the cognitive infrastructures to manage this enormous flux of information, but it is out of doubt that where internet arrive form a social point of view there is a dramatic change in use and costumes of the population. Sometimes this lead to nasty behaviors, I know, but at the same times it let ideas spreads, and ideas are like a virus so hard to stop when find a channel of infection.

It is not a case that the diffusion of internet saw a revamp of censorship efforts from government, as well as efforts to rules and control this communication (even without citizenship acknowledgment, think of Prism as an example). But I will turn back to this later.

Anyway is clear that the people that have access to the internet can enjoy and use a wider range of information, services and tools that people without internet can’t have. This is just a good justification per se to affirm that IoT can be a powerful instrument to improve our lives.

Thinks about smart object that can help you in the most tedious daily tasks, or able to give you some fun and relax to improve your quality of life, or help you to better manage resources to allow you to make savings…

What challenges ahead

So from this is the picture, a great business chance and a great life improvement, as internet showed us can provide.

But it is right now possible? What are the challenges?

To Connect or not to Connect?

Well there are a lot of things that have to be clarified around IoT. First of all is the business model behind, who will pay the bill?

IoT means always connected object to the internet, able to communicate between them and the owners, and, may be, with something else. A great flux of data that will flood our already congested networks. The connection is one of the main limit at the moment of the IoT approach.

While we like to think connectivity is not an issue, we have to realize that , on the contrary, the issue is quite big. And the obstacle is not technological but business related. Carriers have to change their business model somehow to allow this growth, and this is not an easy task to accomplish.

There are still great obstacle to a real interconnected world, and some are particularly nasty, think at roaming costs as an example.

Since we does not live in a world where a single carrier cover perfectly all the countries, we have to face with a plethora of carriers that cover partially an area. Some areas are well covered, other are suffering bad coverage due to 2 main reasons:

  • Lack of connectivity
  • Congestions

IoT can just increase this problem exponentially. Even in our better connected areas we can face congestions. One possibility to temporarily mitigate this problem is to allow the device to connect to another carrier if the preferred one is congested, but this will open to the roaming issues mentioned before, as well as the resistance of carrier to open their networks. And if is the case in rural not dense populated areas, can you imagine what they could say in dense populated areas?

Interoperability and universal access

Let be clear, if we think we can create an interconnected world with IPv4 we are out of our mind. There are a world of good reasons to think this is a bad idea, and security is one of them. But there are other considerations to take in account: what protocols and services will be necessary to IoT to work?

Just the simplest example. The real DNS infrastructure is not solid enough to guarantee such device explosion. The hierarchical DNS infrastructure has worked till now, not without some problems. thinking to increase the load of DNS traffic at a greater scale would make the situation unstable and put at risk the basic of communication itself: name resolution.

So different way to resolve address have to be implemented, some effort to implement peer to peer resolution has been done, but still we are far from a solid solution that would allow IoT to growth at the desired scale.

Would be too reductive to think that IoT device does not need a sophisticated name resolution capability, maybe it is the case now, but we should think ahead, what the future improvement could be.

Just, as an example, think of a medical device connected to a person travelling. May be would be useful to allow this device to connect to the closest interface when something happen to the person wearing it, and this can change related to the kind of analysis the device is able to do. Could be a pharmacy or a hospital, or a doctor or whatever. Being able to resolve a complex set of name resolutions would make the difference between a good device and a bad one. Of course we can ask Google to do all the job for ourselves and allow them to decide what are the next name resolution technologies we want, unless you live in china where Google services does not work.

DNS systems demonstrate its limits several times those years, and are also subject to geo political crisis that could badly interfere with an internet of things enabled world.

From a technological point of view the biggest obstacle is still the Operative System under which this IoT will run. The Operative systems, actually, it has not sense to think about a single OS, it would be inapplicable (although some governments would like this approach) so we will have a plethora of different OS running on small machines able to perform complex activities and able to connect in a quasi autonomous way. Interoperability and standardization will be imperative to avoid the chaos. As well as some general agreement on a minimum level of security features related to data acquisition and transmission (including what kind of sensor are allowed), authentication and so on.

There are concerns about privacy, kind of data processed, security also today, can you imagine what would be to be spied by your refrigerator?

But also networks can become our bottlenecks as mentioned before. Being able to set up enough bandwidth and quality of service is mandatory.  And i can just imagine the workload that border routers, firewalls and other network gears will have to deal with.

Wondering if Carriers are preparing themself to face this change (I can’t see good signs at the moment, honestly).

Why IoT scares Me

I confess I am scared by the IoT affair. And there are good reason all related to security and privacy. My concerns are various, and cover a lot of aspects:

From a security perspective I can start from the basic, the operating systems that will run on those things.

I am aware that most of the code will be written in C or assembly like languages, and this open a world of vulnerability, since coding with C allow you to do basically everything with memory and device, and, as a matter of fact, it expose the device to your error. Buffer overflow is a typical example, this vulnerability generally is related to a lack of control in the C code at driver level, where speed and efficiency are mandatory and so controls are not always implemented.

A small lightweight OS would be prone to this kind of error, since it would not implement security controls on top of the driver set.

Let’s then talk about authentication. Another difficult realm to address. The authentication is of course related to the service provided, less important services can use a lighter authentication model, but thin about medical devices, or cars…would you like to leave your authentication efforts to a 4 digit password (“1234” of course) and a username?

But we cannot even force our user to remember 150 hexadecimal digit, right?

Do we want to talk about encryption? I love it till it works. But then we discovered that encryption is all but a simple affair, and as for authentication, it has a very weak point, the key exchange. Encryption per se will not solve all our security concerns during data transfer just because in the IoT world we will let the device manage the process, and since the device is prone to error or hacking also the encryption will be weaker.

Even the strongest encryption is easy to decipher once you have the key.

I don’t know what will be the computational  power of my oven or fridge, considering the growing of processor power we continuously see, probably it will be more powerful than my T440 but I don’t expect a fully implemented OS running on it in the next 5 years (but, may be, I’m wrong and soon we will have an apple fridge that will download our sodas from I-grocery-store).

And there are also the bad guys to take into account: if we are suffering about cybercrime, cyberwarfare, cyberacktivism  right now, what will happen in the IoT world?

Let assume your fridge can make shopping by itself, because it is so smart that understand you finished your eggs, orange juice and milk. it Will have your credit card information, been able to log to the online shop on your behalf and make the shopping. Great!

But what if someone hack the fridge and steal your credit card info, or just force the fridge to buy frozen broccoli that you hate?

Or your medical device report to your insurance company you have symptoms you do not have so that they close your contract with you (don’t worry someone else will arrive to offer a new one, just in case…)

We can expand those silly examples to the whole scale of IoT, and see what kind of playground we are creating for government, cybercriminal and acktivists of any kind. I am sure that NSA and GCHQ guys would be so happy to hack any device they can just to be sure. So if you buy kebab one day you are a villain suspected of terrorism … or in some countries if you eat pork, eat meat on Friday, eat cow …

Internet of Things, Internet of Everything can be a tremendous good thing from both a business and life perspective, but some cautious remarks should be done before we jump into this mess without a parachute. We are just understanding the magnitude of the problem that an always connected world can bring us, better be wise and do not let others to make the choices for us.

  • Embracing business mobile for many benefits
  • Ignoring BYOD Can Be Disastrous To Mobile UC