Much of the talk about the Internet of things focuses on such benefits for businesses as greater efficiencies and faster decision making, and the convenience that it will bring to consumers in their homes and work lives.
However, more attention recently is being paid to the questions of how to protect all those tens of billions of connected devices—from smartphones, tablets and cars to appliances, manufacturing systems and wearable devices—and the massive amounts of data passing between these intelligent systems over networks.
And that’s a good thing, according to Liat Ben-Zur, senior director of product management at Qualcomm Connected Experiences and chairman of the AllSeen Alliance, a project under the Linux Foundation to create open-source technology for the Internet of things (IoT).
“Fundamentally, the issue of security—and also privacy—[has moved] to the forefront of the conversation” regarding IoT, Ben-Zur told eWEEK in a recent interview. “That’s one thing that we really haven’t seen being talked about enough.”
Cisco Systems is forecasting there will be 50 billion connected devices by 2020 that will be sending data back and forth. Organizations will be able to capture this data, analyze it and quickly use it to make business decisions and create more efficient processes. Consumers will drive in cars that will constantly be sending and receiving data about roads, congestion and parking spaces, and use home devices that will turn on lights and get their morning coffee ready before they get out of bed.
However, security experts have warned that securing the 10 billion or so connected devices today is difficult, and exponentially increasing the number of such devices will only grow the “attack surface” available to hackers, which in turn could make the data running over the networks much more vulnerable.
“The IoT … should raise the hackles on every neck, given our current” security situation, Dan Geer, chief information security officer for venture capital firm In-Q-Tel, said during a conference on IoT security in May.
AllSeen’s Ben-Zur said security and privacy will be key issues going forward as the IoT continues to grow and expand into almost every area of business and personal life. She pointed to the fact that currently, homes can have 30 or more devices and systems connected to the Internet, ramping up the number of avenues increasingly sophisticated cyber-criminals can use to get into the house and its most personal information. It’s a dangerous proposition.
Vendors are beginning to take steps to address security on the IoT. For example, Cisco in March announced a competition that will offer up to $300,000 in prize money to people who develop the best IoT-related security technologies and approaches. And security experts are coming to such gatherings as the Security of Things Forum, which took place May 7 in Cambridge, Mass., an event sponsored by the IT security blog Security Ledger and aimed at addressing the issue of security in the IoT age.
AllSeen’s AllJoyn Framework Could Ease IoT Security Concerns
Ben-Zur said AllSeen’s work on its AllJoyn framework will be able to reduce that attack surface by giving users greater control over which of their connected systems they want to expose to the Internet. AllSeen was founded six months ago by a wide range of industry vendors—from Qualcomm, Sharp, Cisco and D-Link to LG Electronics, Panasonic, Silicon Image and Wilocity—and charged with creating an open software framework that vendors, service providers and developers can leverage to create interoperable devices and services.
The original framework that has become AllJoyn was created by Qualcomm Innovation Center, a subsidiary of Qualcomm, and contributed to the AllSeen Alliance. The consortium now has 44 members.
The idea is that devices and services that adopt the AllJoyn framework will be able to autonomously discover and interact with each other regardless of the programming languages, tools, operating systems, hardware platforms or brands of each device.
That could help ease security concerns, Ben-Zur said. She envisions an environment where those 30 AllJoyn-enabled connected devices in a home or business can communicate with each other, exchanging data back and forth, but not every one of them is exposed to the Internet. Consumers and business users can decide which of those systems needs to share its data on the Internet, and then allow that access, while other devices are kept off the Internet.
“You can let me decide what goes out onto the Internet,” she said. “You start to imagine a much more controlled environment.”
The method is not foolproof and won’t eliminate all vulnerabilities to attack, Ben-Zur said. But it can reduce the number of avenues available for hackers to try to exploit, and cut down on the security and privacy risks.
IoT security will continue to be a focus of the AllSeen Alliance going forward, and Ben-Zur indicated that a significant announcement around security and privacy will be coming from the consortium in the coming months.