Securing the Internet of Streams

---

The evolution of IoT is now at a point that it will require a comprehensively redesigned approach to security threats in order to ensure its continuous growth and expansion.

---

The relentless flow of new product introductions keeps fueling the gargantuan estimates of billions of connected communicating computing devices which is projected to imminently make the Internet of Things ubiquitous within every facet of our lives. The IoT has been portrayed as the key enabler of a smarter world with compelling use cases that cut across a wide array of both personal and industrial ecosystems.

A great description is that the IoT is the global nervous system. This could be a pun, as IoT is increasingly producing troubling headlines. Stories abound, detailing security breaches that sound as if they were taken from a sci-fi movie, from hacked security cameras to a spamming refrigerator.

Figure 1 (Source: re-workblog.tumblr.com)

The explosive growth of the IoT coincides with an alarming increase in reported rates of identity theft and hacker attacks on everyday gadgets and appliances. Security researchers have easily established the feasibility of attacks against TVs, cars, security cameras, and medical equipment. There is much more than stolen money on the line if these types of attacks are carried out. The evidence demonstrates that existing security mechanisms are insufficient or ill-suited to address the risks inherent with the ubiquitous deployment of the IoT.

The need for a new original approach

The traditional approach to security, applied to both consumer and business domains, is one of separation – preventing those who are considered bad actors from accessing devices and networks. However, the dynamic topology of the network environments in which IoT applications are deployed largely invalidates the separation approach, making it both impractical and overly rigid. For example, with BYOD (bring-your-own-device), enterprises struggle to apply traditional security schemes to devices that may have been compromised while outside the perimeter firewall.

Many IoT devices self-configure and run autonomously. User interaction is limited to the devices’ operations, and there are no means to change security parameters. These devices rely on the manufacturer to implement security, both in the hardware and the software.

Moreover, manufacturers have to consider the broader ecosystem, not just their own products. For example, recent research has revealed inherent security flaws in USB memory stick controller hardware and firmware. Users must be concerned not only about the safety of the data on the memory stick, but if the memory stick controller itself has somehow been compromised.

To thwart similar issues, IoT device vendors are rushing to upgrade their product portfolios to low-power, high-performance microcontrollers that include firmware upgrade and data encryption mechanisms.

Figure 2 (Source: Atmel’s White Paper: Integrating the Internet of Things)

In the hyper-connected world of IoT, security breaches will gravitate towards the weakest link in the chain. It will become very hard to maintain the confidence that any particular device, user, application or service maintains its integrity; instead, the assumption will be that things will occasionally break for a variety of reasons, over which there is little control and no method for fixing. As a result, IoT will force the adoption of new concepts for the establishment of trust.

A smarter network combined

In the loosely coupled world of IoT, security issues are driving a need for greater collaboration among the vendors participating in the ecosystem, recognizing their respective core competencies. Hardware vendors make devices smarter. Software developers make applications and services smarter. The connective tissue, the global Internet with its myriad of communication transports and protocols, is tasked with carrying the data that powers IoT. This begs the question – can the network be made an enabler of IoT security by becoming smarter in its own right?

Context is essential for identifying and handling security threats and is best understood at the application level, where the intent of information is processed. This points towards a higher-level communication framework for IoT – the Internet of Data Streams. This framework enables apps and services to view things as consumers and producers of data. It allows for descriptive representations of devices’ operational status and real-time detection of their presence or absence.

Elevating the functional value of the Internet, from a medium of communication to a network of data streams for IoT, would be highly beneficial to ease collaboration among the IoT ecosystem participants. The smarter network can provide apps and services with the ability to implement logic that detects things that break or misbehave, flagging them as suspect while ensuring graceful and consistent operation using the redundant resources.

For example, a smarter network can detect that a connected sensor stopped functioning (e.g. due to a denial of power attack, possibly triggered through some obscure security loophole) and allow the apps that depend on the sensor to provide uninterrupted service to users. Additionally, a network of data streams can foster a global industry of security-as-a-service solutions, which can, as an example, send real-time security alerts to app administrators and device manufacturers.

The evolution of IoT is now at a point that it will require a comprehensively redesigned approach to security threats in order to ensure its continuous growth and expansion. Addressing the surfaced issues from an ecosystem standpoint calls for apps, services and “things” to explicitly handle communication via a smarter data network, which has the promise of placing IoT in safer hands, courtesy of the Internet of Streams.

Arduino-based turntable uses toy blocks to build beats

---

Watch out Tiesto! With simple designs like this being thought of by Makers across the globe, a new wave of DJs is on the way.

---

A Swedish designer by the name of Per Holquimst is redefining the use of the old-school turntable. No longer will the instrument solely play music; in fact, his Arduino-based tangible interface turntable will have you forming beats from scratch in no time!

As a graduate student at Beckman’s College of Design in Sweden, Holquimst created the Beat Blox to enable anyone — from a child to an experienced DJ — to reinterpret the way they make music and sounds. Even though the device looks like it was created by a Swedish furniture store, the device will allow music to be assembled with ease.

How does it work? Each machine contains five digital distance sensors in its wooden arm. The instrument can analyze up to 15 different blocks, therefore allowing complex rhythms to be established. These sensors interpret the locations of the blocks and relay that data back through the Atmel MCU powered system, making music based on certain pre-programmed metrics. As the user adds a block to the deck, the distance sensor plays a sound; thus, creating a wildly different melody is as simple as moving a block an inch to the left on the rotating wheel.

This tangible interface instrument is an ideal tool to teach children about sound patterns and musical theories. Holmquist himself notes that Beat Blox is “an interactive music machine that offers free creative expression without requiring prior knowledge.”

In what may be just as entertaining as the giant floor piano at FAO Schwartz, this innovative device uses tangible interface technology and motion sensors to turn child’s play into music.

IoT’s 7th layer will facilitate scaling and real-time

The spurring growth of the Internet of Things (IoT) has taken rise in business, with a number of startups stemming from the software alley, Maker Movement and crowdfunded space already contributing to the industry. Within idea making and product baking, various origins ferment the constant demand for transparency and community. This reveals strong elements of Conway’s law.

The Internet of Things cannot evolve into what everyone expects it should without the larger open source component. Let’s go back and take a look at Conway’s law.  In perspective of both systems of the individual and organization, we are trying to create and the organization also creates it. Interoperability, integrations and the ability to share across communities hold the vital keys in the system.

An organization looking to build into IoT will need to help mature an open development organization, where we all have the ability to participate in the decisions, code, wiring, funding, and the ramp up of the work. By removing the attachment of intellectual property and changing the dynamics of the development team helps to keep things engaged and promotes the resolve attained by larger communities in moving forward and solving problems.

Partnerships across the breadth of business and enterprise will eventually surface the need to have wider and more comprehensive APIs; these APIs are agile and act as the seamless building blocks for sharing of data and bridging the real-time events into the symphony of various different devices, which can integrate easily into enterprise solutions. The API is the building block and cementing agent for innovative uses of connected devices — the Internet of Things.

For example, partnerships between two companies can quickly enable the creation of smart energy service, opening up opportunities to integrate energy appliances combined with data analytics showing home heating and air conditioning as well as consumer usage. An output like this not only creates added value chain, but also helps unify the customer-centric view for businesses wanting to grow closer with their customers, allowing them choices in their activity and usage.

The connected home market ― even connected consumer devices to energy harvesting ― will all require partnerships between companies, enabling them to deliver a smart energy service that integrates energy devices and appliances with data analytics around air conditioning and home heating systems designed for a device-agnostic platform. The partnership allows pools of expertise (enterprises, startups, or newly-established IoT services) to draw upon energy efficiency algorithms to enhance customers’ home energy use and automation.

Partnerships have already been used to spark and create new services for U.S. households. A growing number of sensors are emerging into the marketplace as well as threading these aggregate sensor results to end-to-end to products/solutions.

As previously seen on Bits & Pieces, we talk about PubNub. This is a service that is already widely used, distributing traffic to 200 million real-time IoT devices across 14 data centers worldwide, serving 3 millon messages a second all within a ¼ second in latency. That’s close to global real-time one can get with that many tenets/nodes on the cloud. In shear numbers, there are well over 1000s of apps leveraging this solution. In fact, this company has really got big plans for the Internet of Things, as it’s already powering thousands of real-time apps streaming 3 million messages per second to over 100 million devices each month. For example, just take some of their notable customers who are already using their services and technology to scale real-time applications and devices onto their own domain expertise solutions.

App developers like CBS Outdoor and Coca-Cola are using these integrations with real-time data aggregation transmitted by the sensors to produce some really powerful results. CBS Outdoor integrates sensors on embedded controllers to sync content on real-life digital billboards with online web displays using PubNub. Another IoT integration is found with Coca-Cola enabling friends to chat and annotate live video in real-time on the red carpet at the American Music Awards. The beverage giant has also introduced live voting (“You Decide the Ending”) and IoT experience synchronization using PubNub during their Cokechase.com campaign.

As demonstrated by both Coca-Cola and CBS Outdoor, companies are using/scaling this real-time device connectivity across their services. With their availability of an SDK kits for both Arduino (AVR-based Microcontrollers) and Rasberry Pi, Pubnub is quickly on their way to establishing a hook into the Maker Movement; a class of hackers, crowdfunded makers, creative tinkers, and app coders who can wield the power of this API to help take their ideas from prototype to a product.

This is all done with open code and idea contribution, building a collective number of APIs.

APIs are core to the expansion of IoT. What an inventor needs are the following:

1. A standard protocol (ie. Restful, CoApp, MQTT, etc)
2. A set of variables with enough data points to create a sophisticated algorithm that maximizes efficiency or augments information or experience
3. Arduino SDK (Development and Coding into AVR based Microcontrollers)

Pubnub is enabling their customers to rapidly develop, more importantly, scale real-time applications. Explore solutions to some of these examples they offer ranging from (1) challenges for IoT building, (2) building real-time dashboards to connected devices, (3) bridging devices across networks from lan to wan, (4) connecting the car, and (5) home automation.

Interested in learning more about the Arduino SDK kit? Please visit the PubNub Developer site and then get to IoT exploring. Get ready to jump start the rapid building and connecting of devices for the Internet of Things.

Securing offline passwords with Atmel MCUs

Over the past few months, Bits & Pieces has featured a number of DIY offline password keepers built around Atmel microcontrollers (MCUs).

First up is the official HackADay Mooltipass. Powered by Atmel’s ATmega32U4, the device is equipped with an easily readable screen, a read-protected smart-card (AT88SC102) and flash memory to store encrypted passwords.

Next up is the USBPass. Designed by a Maker named Josh, the platform comprises an ATmega32U2 MCU, USB connector, three buttons and a few passives chips. Like the Mooltipass, the USBPass is connected to a computer via USB and read as an HID keyboard.

The latest Atmel-powered offline password keeper to surface in the Maker community and on the HackADay website? Cyberstalker’s ATMega32U4-packing Final Key, which includes a single button and LED, all neatly enclosed in a 3D printed case.

According to HackADay’s Mathieu Stephan, the Final Key is linked to the host computer via USB and recognized as a composite comm device/HID keyboard, requiring Windows-based devices to install drivers.

“AES-256 encrypted passwords are stored on the device and can only be accessed once the button has been pressed and the correct 256 bit password has been presented through the command line interface,” Stephan explained. “Credentials management and access are also [executed by] the latter.”

Interested in learning more about the ATMega32U4-powered Final Key? You can check out the project’s official page here.