The Future of IoT Security

With the onset of Internet of Things (IoT) technology, an enormous number of devices are now accessible via the Internet and are therefore vulnerable to cyberattack. Society is still adjusting to the fact that devices that people used to trust can now betray them in unexpected ways. Your television may expose your conversations, your printer may divulge your documents, and your fitness monitor may reveal your health information. All of these attacks become possible in the presence of IoT devices which are not designed with security in mind. System designers are trained to evaluate system design options in terms of their impact on system characteristics such as power, performance, and time-to-market, but security is a property which is less well understood. Designers of IoT devices need to have the ability to consider, both qualitatively and quantitatively, how design alternatives affect the security of the system. To do that, designers must understand the essential aspects of common cyberattacks.

The nature of cyberattacks is broad and ever-changing as attackers alter their techniques over time. However, there are a number of attack themes which are fundamental to many cyberattacks and change only infrequently. Designers need to understand these important attack themes and how to defend against them. A good example is a vulnerability to a buffer overflow attack which is usually a result of weak coding practices, such as neglecting to verify that the amount of data written into a buffer is not greater than the size of the buffer. Defense against buffer overflow can likely be achieved through static code analysis and proper testing techniques, without the need to include any security components in the IoT device.

Another attack against IoT devices is a battery draining attack which consumes power by exploiting features of the network communication protocol being used by the device. Different protocols, and their interface controllers, have different degrees of vulnerability to such attacks, and the system designer needs to be aware of this when selecting a communication protocol.

This essay appears in Circuit Cellar 309, April 2016. Subscribe to Circuit Cellar to read project articles, essays, interviews, and tutorials every month!

 
Defending against some attacks will require the use of software and hardware components which are dedicated to security-related tasks. Such components incur overheads which must be considered by the designer. A common example is whether or not to use encryption, what type of encryption, and whether that encryption should be implemented in hardware or software. Besides the power and cost trade-offs involved, the designer will need to be able to estimate how well each type of encryption protects the system from, for example, a man-in-the-middle attack which intercepts communications with other devices.

IoT security is clearly an important design property which must be considered by designers who understand the complexities of cybersecurity. A problem for the field of IoT is that there is a shortage of IoT designers who understand cybersecurity. There is a range of possible solutions to address the shortage problem which vary based on who takes responsibility to find a solution. One alternative is education or training to ensure that designers are aware of the complexities of the security problem and can address them during the design process. Individual IoT designers may take responsibility for their own training, which means that the designer will individually seek out learning materials and possibly courses. As a professor I feel that individuals should always take responsibility for their own education, but in practice this is difficult and may not consistently result in the best outcome for all concerned. An individual who is not familiar with security will have a hard time determining what is important to learn and what is not, so they may waste time and money on education with no real value. In my role as Vice Chair of Undergraduate Studies, I am frequently asked about what a student needs to learn to be productive in industry, but if an individual cannot find an appropriate mentor to provide them with some direction, then their attempts at education may not be fruitful.

Another alternative is to place the responsibility for the development of secure IoT devices on the companies which employ the designers and sell the IoT devices. For this to happen, company managers must first accept that security costs money and that security is worth some expenditure. As long as security is seen as an overhead with no direct financial benefit, industry is not be motivated to make the necessary changes to build secure systems. Too often, security is largely ignored until a successful cyberattack against a company is publicized and the company suffers in terms of reputation and possible lawsuits. Industry needs to accept the importance of security upfront to avoid the more significant costs of dealing with successful attacks.

Companies can take several different approaches to ensuring security including guaranteeing that their designers are appropriately knowledgeable about IoT security. A salary premium for security experts could motivate employees to take responsibility for their own security education. In-house corporate training can be provided to employees whose job responsibilities necessitate an understanding of security. Employers can outsource and pay for education at local or online schools. When a project is particularly security-sensitive requiring more expertise than is available internally, a contractor with the appropriate security expertise can be brought in. All of these options incur different costs which would need to be justified by the need for security in the market where the IoT devices will be used.

Eventually, a mixture of these approaches should be employed to achieve the best, and most secure, results. Individual designers need to make every effort to learn about security issues, and employers need to motivate them with appropriate salaries and facilitate their efforts by providing opportunities for education. The lack of security of current IoT devices has been used as an argument against their adoption, but there seems to be no stopping the growing use of the IoT. At the same time, cyberattacks are also growing in number, sophistication, and financial impact. Security needs to be a first-class design consideration for IoT systems, on par with cost, power, and the other constraints that embedded designers have always dealt with.

Associate Professor Ian G. Harris earned a BS in Computer Science at MIT and MS and PhD degrees in Computer Science from the University of California San Diego. He is currently Vice Chair of Undergraduate Education in the Computer Science Department at the University of California Irvine. His research group focuses on the security and verification of Internet of Things systems. He also teaches an IoT specialization entitled “An Introduction to Programming the Internet of Things.”

Industry 4.0: The Industrial IoT and the Future

The Internet of Things (IoT) is everywhere. Industry 4.0 is becoming serious and many companies develop hardware and software solutions. Relayr is a company with an interesting focus on the IoT and bringing industry to the cloud. Wissa Hettinga interviewed Jaime Gonzalez-Arintero Berciano, a Relayr developer and product evangelist, about the company, its technology, and future of innovation in the IoT space.

Cost-Effective, Long-Range, Low-Power Internet of Things Connectivity

SIGFOX and Texas Instruments  recently announced that they’re working together to increase Internet of Things (IoT) deployments using the Sub-1 GHz spectrum. Customers can use the SIGFOX network with TI’s Sub-1 GHz RF transceivers to deploy wireless sensor nodes that are lower cost and lower power than 3G/cellular connected nodes, while providing long-range connectivity to the IoT.TI - SIGFOX

Targeting a wide variety of applications ranging from environmental sensors to asset tracking, the SIGFOX and TI collaboration maximizes the benefits of narrowband radio technology. It also reduces barriers to entry for manufacturers interested in connecting their products to the cloud. Using the SIGFOX infrastructure reduces the cost and effort to get sensor data to the cloud and TI’s Sub-1 GHz technology provides years of battery life for less maintenance and up to 100 km range.

SIGFOX’s two-way network is based on an ultra-narrowband (UNB) radio technology for connecting devices, which is key to providing a scalable, high-capacity network with very low energy consumption and unmatched spectral efficiency. That is essential in a network that will handle billions of messages daily.

TI’s CC1120  Sub-1 GHz RF transceiver uses narrowband technology to deliver the longest-range connectivity and superior coexistence to SIGFOX’s network with strong tolerance of interference. Narrowband is the de facto standard for long-range communication due to the high spectral efficiency, which is critical to support the projected high growth of connected IoT applications. The CC1120 RF transceiver also provides years of battery lifetime for a sensor node, which reduces maintenance and lowers the cost of ownership for end users.

Sub-1 GHz networks operate in region-specific industrial scientific and medical (ISM) bands below 1 GHz including 169, 315, 433, 500, 868, 915 and 920 MHz. The networks are proprietary by nature and provide a more robust IoT connection, which is why the technology has been used for smart metering, security and alarm systems and other sensitive industrial systems. Additionally, the technology is low power, enabling years of battery life to reduce service and maintenance requirements.

Availability

SIGFOX-certified modules based on TI’s CC1120 were demonstrated at Mobile World Congress 2015 and are currently available.

Source: Texas Instruments; SIGFOX

 

Skkynet Expands Secure Cloud Service Registration for Embedded and IoT System Users

Skkynet Cloud Systems recently opened registration for its Secure Cloud Service, giving system engineers and managers of industrial, embedded, and Internet of Things (IoT) systems quick and easy access to a secure, end-to-end solution for networking data in real time. The Secure Cloud Service enables bidirectional supervisory control, integration, and sharing of data with multiple users, and real-time access to selected data sets in a web browser. The service is capable of handling over 50,000 data changes per second per client, at speeds just a few milliseconds over Internet latency.Skkynet-scs012715-01hi

First opened on a trial basis for selected customers in August 2014, the Secure Cloud Service has been used extensively, and rigorously tested for performance and security. During that time Skkynet has enhanced the system technically by increasing the range of connectable embedded devices and the number of supported data protocols, as well as automating the customer registration process.

Skkynets Secure Cloud Service allows industrial and embedded systems to securely network live data in real time from any location. Secure by design, it requires no VPN, no open firewall ports, no special programming, and no additional hardware.

Source: Skkynet 

Integrated Wi-Fi System in Package Module

EconaisThe EC19W01 is a small, smart, highly integrated 802.11b/g/n Wi-Fi system in package (SiP) module. The module is well suited for home automation and smart appliances; Wi-Fi audio speakers and headphones; wireless sensors and sensor networks; wireless monitoring (audio and video); smart appliances; health care and fitness devices; wearable devices; security, authentication, and admittance control; lighting; building/energy/industrial management/control; cloud-connected devices; remote control, data acquisition, and monitoring; and machine-to-machine (M2M) and Internet of Things (IoT) design.

The EC19W01’s features include an integrated 32-bit processor to support application customization, on-board flash and antenna, low power consumption, support for Serial-to-Wi-Fi and SPI-to-Wi-Fi, wireless transmit/receive rates of up to 20 Mbps, and a small 14-mm × 16-mm × 2.8-mm footprint.

Contact Econais for pricing.

Econais, Inc.
www.econais.com

ARM mbed Platform for Bluetooth Smart Applications

OLYMPUS DIGITAL CAMERAThe nRF51822-mKIT simplifies and accelerates the prototyping process for Bluetooth Smart sensors connecting to the Internet of Things (IoT). The platform is designed for fast, easy, and flexible development of Bluetooth Smart applications.

The nRF51822 system-on-chip (SoC) combines a Bluetooth v4.1-compliant 2.4-GHz multiprotocol radio with an ARM Cortex-M0 CPU core on a single chip optimized for ultra-low-power operation. The SoC simplifies and accelerates the prototyping process for Bluetooth Smart sensors connecting to the IoT.

The nRF51822-mKIT’s features include a Bluetooth Smart API, 31 pin-assignable general-purpose input/output (GPIO), a CMSIS-DAP debugger, Programmable Peripheral Interconnect (PPI), and the ability to run from a single 2032 coin-cell battery.

Through mbed, the kit is supported by a cloud-based approach to writing code, adding libraries, and compiling firmware. A lightweight online IDE operates on all popular browsers running on Windows, Mac OSX, iOS, Android, and Linux OSes. Developers can use the kit to access a cloud-based ARM RVDS 4.1 compiler that optimizes code size and performance.

The nRF51822-mKIT costs $59.95.

Nordic Semiconductor ASA
www.nordicsemi.com

A Low-Cost Connection to the IoT

In Circuit Cellar’s March issue, columnist Jeff Bachiochi tests the services of a company he says is “poised to make a big impact” on the Internet of Things (IoT).

This shows the I2C interface Bachiochi designed to enable available clamp-on current sensors to be monitored. He added four of these circuits to a PCB, which includes the circuitry for an imp card.

This shows the I2C interface Bachiochi designed to enable available clamp-on current sensors to be monitored. He added four of these circuits to a PCB, which includes the circuitry for an imp card.

Established in 2011, Electric Imp offers a flexible connectivity platform meant to enable any device to be connected to the IoT. The platform, called the “imp,” provides an SD-card sized module (including an 802.11b/g/n Wi-Fi radio package) that can be installed on any electronic device to go online. A powerful processor runs the imp OS.

“You only need to supply an SD card socket (and a few other components) to your product to give it connectivity,” Bachiochi says. “The imp’s processor has the power to run your entire product if you wish, or it can be connected via one of the supported serial protocols. The imp OS provides secure connectivity to the imp cloud. The imp cloud keeps your imp updated with the latest firmware, features online development tools, and provides cloud-side services for every imp in the field.”

“As with many cloud service organizations, development is generally free,” Bachiochi adds. “Once you’ve committed and have product rollout, the service will charge for its use. This could be a flat fee, a per-connection or data throughput fee, or a combination of fees. Basically you (or your customer) will have to pay to have access to the information, which pays for the support framework that keeps it all working.”

In his article, Bachiochi dives into a straightforward data-collection project to demonstrate how to use the imp in a product. The goal of his application was to log the activity of 220-V water pump and twin water softeners.  The project is the launching point for his comprehensive and detailed look at the imp’s hardware, software, and costs.

“It’s easy to design product hardware to use the imp,” he says. “There are two imp models, a card that can be inserted into an SD-type socket or an on-board module that is soldered into your product. Each version has advantages and disadvantages.”

Regarding software, Bachiochi says:

“Developing an imp application requires two parts to provide Wi-Fi access to your project: the device code (running in the imp) and the agent code (running on the imp cloud). The imp cloud, which is your connection to your device via the imp APIs, provides you with a development IDE. Web-based development means there is nothing else you need to purchase or install on your PC. Everything you need is available through your browser anytime and anywhere.”

Bachiochi also discusses the Electric Imp platform’s broader goals. While an individual can use the imp for device connectivity, a bigger purpose is to enable manufacturers to provide convenient Internet access as part of their product, Bachiochi says.

“The imp has two costs: The hardware is simple, it currently costs approximately $25 for an imp card or module. If you are using this in your own circuit within your own network, then you’re done,” he says. “If you want to roll out a product for sale to the world, you must take the next step and register for the BlinkUp SDK and Operations Console, which enable you to create and track factory-blessed products.”

BlinkUp, according to the Electric Imp website, integrates smoothly into apps and enables manufacturers and their customers to quickly connect products using a smartphone or tablet. The Operations Console enables tracking product activity and updating product firmware at any time, Bachiochi says.

The imp offers more than a low-cost way for DIYers and developers to connect devices to the Internet, Bachiochi says. A designer using the imp can save project costs by eliminating a microcontroller, he says. “Almost any peripheral can be easily connected to and serviced by the imp’s 32-bit Cortex M3 processor running the imp OS. All code is written in Squirrel.”

Bachiochi’s comprehensive article about his imp experience and insights can be found in the March issue, now available for membership download or single-issue purchase.

Bachiochi used the Electric IMP IDE to develop this code. Agent code on the top left runs on the imp cloud server. The device code on the top right is downloaded into the connected imp.

Bachiochi used the Electric IMP IDE to develop this code. Agent code on the top left runs on the imp cloud server. The device code on the top right is downloaded into the connected imp.

Dynamic Efficiency Microcontrollers

STMicroThe STM32F401 Dynamic Efficiency microcontrollers extend battery life and support innovative new features in mobile phones, tablets, and smart watches. They help manage MEMS sensors in smart-connected devices and are well suited for Internet-of-Things (IoT) applications and fieldbus-powered industrial equipment.

The STM32F401 microcontrollers include an ART accelerator, a prefetch queue, and a branch cache. This enables zero-wait-state execution from flash, which boosts performance to 105 DMIPS (285 CoreMark) at 84 MHz. The microcontrollers’ 90-nm process technology boosts performance and reduces dynamic power. Its dynamic voltage scaling optimizes the operating voltage to meet performance demands and minimize leakage.

The STM32F401 microcontrollers integrate up to 512 KB of flash and 96 KB SRAM in a 3.06-mm × 3.06-mm chip-scale package and feature a 9-µA at 1.8 V Stop mode current. The devices’ peripherals include three 1-Mbps I2C ports, three USARTs, four SPI ports, two full-duplex I2S audio interfaces, a USB 2.0 OTG full-speed interface, an SDIO interface, 12-bit 2.4-MSPS 16-channel ADC, and up to 10 timers.

Pricing for the STM32F401 microcontrollers starts at $2.88 in 10,000-unit quantities.

STMicroelectronics
www.st.com

Next-Generation Wi-Fi Modules

eConaisThe EC19D family is small, easily integrated, low-standby power single chip 802.11b/g/n Wi-Fi System In Package (SiP) modules for the Internet of Things (IoT).

The SiP modules help designers quickly and easily connect their devices to 802.11b/g/n Wi-Fi networks. At 8-mm × 8-mm, the EC19D modules can be embedded in almost any product or application. The EC19D will also include FCC, IC, and EC certifications to further simplify and speed up product design and production for use with Wi-Fi networks.

The EC19D incorporates the newest Wi-Fi 802.11b/g/n standards and features to provide designers with many options for embedding the module in their designs. The EC19D’s features include Wi-Fi Direct, ProbMeTM configuration, full TCP/IP stack, HTTPS/SSL, DHCP Client/Server, WPS, legacy Wi-Fi Client, and SoftAP modes with WPA/WPA2 support, serial to Wi-Fi, and Cloud service support.

Contact eConais for pricing.

eConais Inc.
www.econais.com

Places for the IoT Inside Your Home

It’s estimated that by the year 2020, more than 30 billion devices worldwide will be wirelessly connected to the IoT. While the IoT has massive implications for government and industry, individual electronics DIYers have long recognized how projects that enable wireless communication between everyday devices can solve or avert big problems for homeowners.

February CoverOur February issue focusing on Wireless Communications features two such projects, including  Raul Alvarez Torrico’s Home Energy Gateway, which enables users to remotely monitor energy consumption and control household devices (e.g., lights and appliances).

A Digilent chipKIT Max32-based embedded gateway/web server communicates with a single smart power meter and several smart plugs in a home area wireless network. ”The user sees a web interface containing the controls to turn on/off the smart plugs and sees the monitored power consumption data that comes from the smart meter in real time,” Torrico says.

While energy use is one common priority for homeowners, another is protecting property from hidden dangers such as undetected water leaks. Devlin Gualtieri wanted a water alarm system that could integrate several wireless units signaling a single receiver. But he didn’t want to buy one designed to work with expensive home alarm systems charging monthly fees.

In this issue, Gualtieri writes about his wireless water alarm network, which has simple hardware including a Microchip Technology PIC12F675 microcontroller and water conductance sensors (i.e., interdigital electrodes) made out of copper wire wrapped around perforated board.

It’s an inexpensive and efficient approach that can be expanded. “Multiple interdigital sensors can be wired in parallel at a single alarm,” Gualtieri says. A single alarm unit can monitor multiple water sources (e.g., a hot water tank, a clothes washer, and a home heating system boiler).

Also in this issue, columnist George Novacek begins a series on wireless data links. His first article addresses the basic principles of radio communications that can be used in control systems.

Other issue highlights include advice on extending flash memory life; using C language in FPGA design; detecting capacitor dielectric absorption; a Georgia Tech researcher’s essay on the future of inkjet-printed circuitry; and an overview of the hackerspaces and enterprising designs represented at the World Maker Faire in New York.

Editor’s Note: Circuit Cellar‘s February issue will be available online in mid-to-late January for download by members or single-issue purchase by web shop visitors.

Internet of Things (IoT) Resources

Here we list several handy resources for engineers interested in the Internet of Things (IoT).IoT-WordCloud

  • The IoT Events site is an easy-to-use resource for find IoT events and meet-ups around the world.
  • The Internet of Things Conference is a resource for information relating to “IoT applications, IoT solutions, IoT example and m2m opportunities in smart cities, connected cars, smart grids, consumer electronics and mobile healthcare.”
  • The IoT Counsel website includes useful info such as bios and contact info for engineers, innovators, and thinkers working on IoT-related projects.
  • Michael Chui, Markus Loffler, and Roger Roberts present a comprehensive article on IoT in the McKinsey Quarterly. While this isn’t a design-centric document, you’ll find it’s an interesting in-depth overview of the technology and its applications.
  • The Business Leaders Network (BLN) has a page on the IoT. The most recent IoT even took place in June, but the site still has some interesting info about speakers, partners, and more.

Let us know about other good resources. Send your links via email or Twitter @circuitcellar.