Tag Archives: Internet of Things Security

Atmel launches the industry’s first hardware interface library for TLS stacks used in IoT edge node apps


The new HW-TLS platform provides an interface between software TLS packages and the ATECC508A cryptographic co-processor.


With the rise of the Internet of Things, security has become a pressing topic because autonomous remote devices are now routinely connecting to wireless networks to form complex smart device and cloud-service ecosystems. As a result, autonomous IoT gadgets constitute a significant part of those networks and must be able to authenticate themselves to the network resources to maintain the integrity of the ecosystem. In addition, these remote, resource-constrained clients must be able to perform this authentication using minimal processing, memory and power.

Ate.png

Cognizant of this, Atmel has launched the industry’s first hardware interface library for TLS stacks used in Internet of Things edge node applications. Hardening is a method used for reducing security risks to a system by applying additional hardware security layers and eliminating vulnerable software. This new Hardware-TLS (HW-TLS) platform provides an API that allows TLS packages to utilize hardware key storage and cryptographic acceleration even in resource constrained edge node designs. HW-TLS is a comprehensive solution pre-loaded with unique keys and certificates designed to eliminate the complexities of generating secure keys in the manufacturing supply chain.

OpenSSL is a general-purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and TLS protocols. wolfSSL is a cryptography library that provides lightweight, portable security solutions with a focus on speed and size. Atmel’s new ATECC508A-OpenSSL and ATECC508A-wolfSSL are available for immediate download at their respective software distribution repositories, offering seamless adoption of more secure elements without disruption to the developer workflow.

OpenSSL

Secure hardening for both OpenSSL and wolfSSL is made possible with HW-TLS which enables those TLS software packages to interface seamlessly with the ATECC508A CryptoAuthentication co-processor. This IC provides protected key storage as well as hardware acceleration of Elliptic Curve Cryptography (ECC) cipher suites including mutual authentication (ECDSA) and Diffie-Hellman key agreement (ECDH). As such, HW-TLS allows developers to substantially harden Transport Layer Security (TLS), enhancing security for IoT ecosystems.

When used together, HW-TLS and the ATECC508A let even extremely small, low-cost IoT nodes implement strong cryptographic security. All private keys, certificates and other sensitive security data used for authentication are stored in secure hardware and protected against software, hardware and back-door attacks. Beyond that, the integrated ECC accelerators in the ATECC508A offload cryptographic code and math from the MCU allowing even a low-end processor to perform strong authentication.

ATEC

“Everyone with an interest in IoT security should be excited about Atmel HW-TLS with wolfSSL,” explains Larry Stefonic, wolfSSL CEO. “The combination of our secure software and Atmel’s new chips brings TLS performance and security to a level unrivaled in the industry. Atmel’s HW-TLS platform also makes it easier than ever for developers to incorporate truly hardened security into our TLS stack.”

Traditionally, TLS performed authentication and stored private keys in software. However, Atmel’s latest platform closes the vulnerability gap in this arrangement by offloading the crucial key management responsibility to dedicated, tamper-resistant secure elements such as the ATECCC508A crypto engine. What’s more, the intensive crypto algorithms are processed in the CryptoAuthentication device, offloading the MCU on the remote devices and enabling the IoT edge node to authenticate to the cloud without a user-perceptible delay. Furthermore, Atmel Hardware-TLS comes as a complete platform pre-loaded with unique keys and certificates for eliminating the complexities of adding secure keys to each device in a manufacturing supply chain.

“With more and more remote devices being connected to the cloud every day in the era of the IoT, it becomes increasingly critical to ensure these devices are not vulnerable to attack,” adds Nicolas Schieli, Senior Director of Atmel’s Secure Products Group. “Such devices can be entirely secure only when they are hardware secure, meaning the ‘secret’ keys are stored in a separate hardware unit. We are excited to bring this innovation to market, enabling device manufacturers that need to connect to the cloud to take advantage of hardware security.”

Cry

The Hardware-TLS complements Atmel Certified-ID, a seamless and secure keys provisioning platform for assigning trusted identities to devices joining the IoT.

Dojo wants to monitor and secure your IoT devices


This IoT security device will notify you of any danger through a wireless, color-coded orb.


With billions of connected things already in existence today, and a few billion more expected in the next two years, the need for security has never been greater. Cognizant of this, one Bay Area startup has come up with an innovative solution that monitors the behavior of smart devices on your network to protect and ensure the privacy of your home. Introducing Dojo.

Dojo

The brainchild of Dojo-Labs, this IoT security system is comprised of a few parts: a white dock that plugs into your Internet gateway, a pebble-like unit which receives alerts over Bluetooth and an accompanying smartphone app that puts control right in the palm of your hand. Whenever activity occurs on the network worth your attention, the light rings on the stone will start to glow in one of three colors — red, yellow and green.

Once connected to your home network, Dojo will add each respective device and begin tracking their activity, informing you of any odd or peculiar behavior. A red light suggests action must be taken, orange signifies that a problem is being fixed, and green denotes that everything is fine.

“Dojo knows when the TV is still recording your voice even if it’s off and when that data is being uploaded to the cloud,” explains Yossi Atias, co-founder and CEO of Dojo-Labs. “We all lock our front doors and yet our devices are wide open. Our homes contain our most intimate data but the security of these things is an afterthought. We created Dojo as the first technology to help us safeguard our homes.”

dojo-app-screens.jpg

Dojo doesn’t examine the incoming and outgoing content on network, but instead analyzes metadata about who the gadgets are talking to and how. The system prevents attacks and detects intrusions through machine learning and behavior tracking. It learns what’s normal for each device and then checks to see whether it’s doing anything differently. Without even having to look at the data or knowing what those threats are, Dojo can block them. It grows increasingly intelligent as new attacks and equipment are introduced.

What’s more, Dojo can sense when something is up and will immediately notify the user by displaying a simple message in the mobile app, while also changing the color emanating from the pebble. You will be prompted to either allow or block the activity, as well as communicate back to the system through that same text-messaging interface.

The Dojo approach to security and its role in the home is incredibly unique and was designed by Gadi Amit and the team at NewDealDesign. With a growing number of appliances coming online, perhaps this could be the solution to put everyone’s mind at ease.

Intrigued? Head over to Dojo’s official page here.

Report: 100% of tested smartwatches exhibit security flaws


HP report finds a majority of smartwatches to have insufficient authentication, lack of encryption and privacy concerns.


While wearable technology continues to increase in popularity, it appears that embedded security may have been left behind. That is according to new research conducted by HP, which discovered serious vulnerabilities in a vast majority of today’s most popular wrist-adorned timekeeping devices.

Wathc

Without question, the wearables space has experienced tremendous growth over the last couple of months, with analysts now projecting the space to surge upwards of 150 million units by 2019. However, as smartwatches like the Apple Watch, the Motorola Moto 360 and the Samsung Gear become mainstream, malicious hackers have found a new entry point for consumers’ most valuable and confidential data.

For its “Smartwatch Security Study,” HP combined manual testing along with the use of digital tools and its HP Fortify on Demand methodology to evaluate 10 of what they believe to be today’s “top” gadgets. The team found many of the devices to be susceptible because they simply lacked basic, industry standard security measures. While the results may be disappointing, they are not too surprising given the latest string of hacks and breaches.

“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” explained Jason Schmitt, general manager of HP Security, Fortify. “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

Topping the list of flaws included insufficient verification, lack of encryption, insecure web interfaces and other privacy concerns. Not only did every tested unit lack a two-factor authentication process and the ability to lock out accounts after three to five failed password attempts, but the company flagged as many as 30% of the wearables to be vulnerable to account harvesting, a technique where an attacker could gain access to the device and data using a combination of weak password policy, lack of account lockout and user enumeration.

Security_Touch_SS_83000362

Additionally, researchers uncovered that the devices demonstrated a lack of transport encryption protocols. While each of them implemented encryption using SSL/TLS, 40% of the watches remained defenseless to known vulnerabilities such as POODLE, allowed the use of weak cyphers or still used SSL v2.

30% of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns. In a separate study, three in 10 exhibited account enumeration concerns with their mobile applications as well. This flaw enables hackers to identify valid user accounts through feedback received from reset password mechanisms.

Making matters worse, 7 out of 10 gadgets analyzed are said to have problems with firmware updates. Researchers revealed that most of the smartwatches did not receive encrypted firmware updates, and while a number of updates were signed to help prevent malicious code or contaminated updates from being installed, a lack of encryption did allow files to be downloaded and looked at elsewhere.

If that all wasn’t scary enough, HP says the wearables demonstrate a risk to personal security and privacy ranging from names, addresses and date of births to weight, gender and heart rate information. Given the account enumeration issues and use of weak passwords on some products, exposure of this personal data is surely a concern.

“As manufacturers work to incorporate necessary security measures into smartwatches, consumers are urged to consider security when choosing to use a smartwatch. It’s recommended that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data,” HP concludes.

Want to delve a bit deeper? Be sure to check out HP’s entire report, as well as explore ways to embed hardware-based security into future wearable designs.

The politics of IoT privacy


Kaivan Karimi, Atmel VP and GM of Wireless Solutions, explores the ongoing privacy issues around the Internet of Things.


When it comes to the Internet of Things (IoT), most people use the security and privacy issues of IoT as a two-in-a-box item that go hand-in-hand. This means, if you don’t have security, you cannot have privacy and vice versa, right? Well, yes and no. There is a lot being said and done to secure the end-to-end IoT systems via advanced policy-driven private and public keys, and threat management systems. More needs to be done, and we will have to figure it out. That is, until someone finds a vulnerability and the technology race starts over with new best practices being promoted. I plan to blog on some of the pitfalls we are experiencing in security technology rollouts in the future. But, for this specific blog, I will only focus on the privacy issues of IoT, since privacy issues can only be resolved through strong legislation and enforced by governments (aided by privacy and security technologies).

IoT

Today, I am promoting Privacy by Design (PbD). In the U.S., I am less hopeful that we will get real privacy legislation correct. As an IoT evangelist, my issue with the privacy requirements of IoT is not with the governments collecting meta data for fighting terrorism, but more so with private sectors having access to my personal data. Specific to this angle, my views are very similar to Blackberry CEO John Chen, who articulated his views here. (My hats off to John for a piece well done on this topic.)

A couple of years ago, I talked about my privacy concerns of private sectors having access to my personal data at a Gigaom conference. The Internet of People is the Wild Wild West. Today in the Internet of People, any time someone is surfing the web, there are over 200 private entities shadowing you. Unfortunately, our laws in the U.S. support “Opt Out,” meaning you have to opt out of a “service” in order to get out of it — unlike in most European countries that have implemented “Opt in” policies. In the U.S., companies have made it extremely difficult to opt out of this intrusion with methods that are still entirely legal. So in my humble opinion, the American government didn’t get it right when it came to the privacy of its citizens on the Internet of People. The government caved in to special interest groups who advocated for “Opt Out” policies in their own interest to use one’s data to advertise goods and service. While for the Internet of People, our government failed us, we all know that for the Internet of Things, the stakes will be much higher.

With IoT on the cusp of rapid growth, and intelligent sensors being integrated into every aspect of one’s lives, without sound privacy laws there will be a few thousand “intruders” following you, via your homes, cars roads, at work, in school, and more. Add your contextual compute platforms (smart devices) along with local and remote data analytics engines to the mix, and the “intruders” would know everything about you — even better than you do. Are you comfortable with that? Not to mention what criminal elements would do with that data.

Among the many benefits of IoT, I believe the healthcare industry will be revolutionized through discoveries on many scientific parallel fronts and the evolution and convergence of disciplines that are disjointed today (e.g. biogenetics, data analytics, sensor fusion, database linkages, etc.). One such technology is the impact that wearables with integrated biometric sensing will have on the future of healthcare. This new category of wearables will put the focus on prevention versus disease management, but new privacy laws need to be in place so that people are not turned off by their “fitness” data (politically correct with the new FDA ruling – subject of another blog) in the hand of these “intruder-advertisers.” Here’s a link to one of my talks on “healthcare revolution,” which includes the required privacy laws, from Toronto’s Smart Week 2014 held last October. The talk starts at 2:55:00 here.

A couple of years ago, I wrote a blog entitled “The need for Internet of Things (IoT) Consumer Bill of Rights.” There, I talked about the privacy and security concerns of IoT and posted a link to What your Telco knows about you: six months of data visualized.

If you click on the link and press the “play” button below the map, you will see how cell phones are being tracked by various towers and all that data is available through your wireless operators. Die Zeist (which means “The Time” or “Times”) is the most widely read and highly-accredited German weekly newspaper. This paper is not a news outlet from the fringes of sanity. In this paper, you can see ‘black-and-white’ how easily your center of universe (your smart phone) is allowing you to be tracked. Nothing new here, but It has a different effect when you can actually visualize it in black and white. With the Internet of Things, this would be the tip of the iceberg.

Regarding opting out, when you are using a screened device (your computer or smart device) and have no clue how to “Opt out,” how are you expected to “Opt out” through a ‘headless’ (screenless) device or sensor? The only way is to enforce privacy laws through legislation.

Due to these scenarios and (the lack of) privacy of our web, I have been keenly following FTC’s hearings and positions on IoT privacy issues. The first FTC conference on IoT was held in November 2013, a time when there was lot of talk around IoT privacy — especially after FTC’s 2012 Privacy Report — where it defined a number of categories deemed to be ‘sensitive’ data. One of the more fascinating talks at that conference was the keynote by Mr. Vint Cerf, Vice President and Chief Internet Evangelist of Google. For those of you who don’t know, Mr. Cerf was a lead engineer on the Army’s early 1970s Internet prototype, ARPANET, hence a celebrity around the web and one of the pioneers of the Internet.

During the keynote, Mr. Cerf mentioned: “Privacy is something which has emerged out of the urban boom coming from the industrial revolution. [Therefore] privacy may actually be an anomaly [and not the norm].” In fact, this is a creation of the industrial age. He basically promoted the idea that privacy rules of the Internet of Things should be as hopeless as the privacy laws for the Internet of People. I was amazed at the cavalier approach displayed with that keynote by Mr. Cerf at the FTC event, making the wrong impression on the FTC officials who were considering making policy choices.

The topic surfaced again at CES this year during a keynote by FTC Chairwoman Edith Ramirez discussing the three privacy challenges of IoT including:

  • The ubiquitous data collection of personal information, habits, location and physical condition over time
  • The unexpected uses of consumer data flowing from smart cars, smart device and smart cities
  • The heightened security risks of the Internet of Things

According to Ramirez, “In the not­-too-­distant future, many, if not most, aspects of our everyday lives will be digitally observed and stored. That data will contain a wealth of revealing information that, will present a deeply personal and startlingly complete picture of each of us when patched together.” She promoted the ideas of security by design, minimizing and anonymizing data for privacy, and increasing transparency by companies as key steps that need to be taken.

It was a brilliant speech and you can find it here. There is an array of hope for all individuals who want to accelerate the adoption of IoT technologies and the benefit these technologies can bring to society. Ramirez’s views on the privacy laws required for the IoT is a stark contrast to the laws in the book protecting the privacy of individuals in the Internet of People. For a few days I was grateful, and hopeful that the lobbyists wouldn’t bully the legislators into a meaningless version of Ramirez’s speech.

Since CES, several legislators have come out against Ramirez’s speech, stating that legislating privacy of IoT will suppress innovations. They’ve continued to argue against Ramirez’s view and stating that the report issued after that was “without examining costs or benefits… encourages companies to delete valuable data…primarily to avoid hypothetical future harms.” These legislators have also argued that the FTC hasn’t done enough economic analysis to issue industry guidelines or legislative proposals for what he called the “still-nascent Internet of Things.” I have seen this movie before, and it seems again as if the interest of a handful of very large advertising companies strong-arming the legislators will be taking precedence over promoting sound IoT privacy laws.

With the recent talk on Capitol Hill chastising Ramirez’s speech, I am now not very hopeful that the IoT privacy laws in the U.S. are going to be any better than our privacy laws for the Internet of People here. Hence I stand my ground and effectively promote the Privacy by Design principals, as the next best thing to strong privacy laws.

Interested in reading more from Kaivan Karimi? Be sure to check out his recent pieces on both Bluetooth Low Energy connectivity and net neutrality.

Report: Smart home devices have security flaws


Connected home devices like cameras and thermostats can be easy targets for hackers, cybersecurity firm explains. 


With a new breach seemingly every day, consumers are more on-guard than ever before when it comes to ensuring the security of their personal information from cyber criminals. And, rightfully so. Validating the cause for such concerns is a new report from Synack that highlights the ease in which malicious hackers can access a majority of smart home devices on the market today. Quite ironically, many of them are security gadgets — the same products that are supposed to keep you protected.

smart-homes-privacy

Writing for Gigaom, Stacey Higginbotham notes that the firm had conducted an in-depth analysis on a number of today’s most-popular smart home gadgets, including cameras, thermostats, smoke detectors and automation controllers. Upon reviewing 16 of these devices, researchers discovered a vast majority of them possess some serious vulnerabilities.

Colby Moore, a security analyst for Synack, told Gigaom that it took him only 20 minutes to break into all but one of the assorted devices during testing. Furthermore, the company believes the lack of security for such products could derive from the fact that there are no set standards for smart home security.

“Right now the internet of things is like computer security was in the ‘90s, when everything was new and no one had any security standards or any way to monitor their devices for security,” Moore says.

Upon finishing the investigation, Synack found the worst performing devices to be, in fact, connected cameras. Each of the five camera products examined had issues either with encryption or password security. As for thermostats, Nest was deemed to be the most secure, although it did lose points for a weak password policy. Others were cited for having problems with password policies, encryption and a long history of flaws across product lines.

synack_takeaways-100568116-large

Meanwhile, a number of smoke and carbon dioxide detectors didn’t fare so well either. The analyst reveals that this category could fall victim to a supply chain-based attack, meaning someone could intercept the device and change a component.

Lastly, a few of the home controllers are believed to have issues with exposed service and insecure architecture, while others lack proper password policies as well. In all, Moore shares with Gigaom that the security of smart home devices today is “abysmal.” He suggests users hardwire as many devices as possible, enable automatic firmware updates and utilize strong passwords.

“Smart homes are a dumb idea if they are not secure. And that means secure at every node,” Atmel resident security expert Bill Boldt chimed in on the matter. “Who wants a home that allows people to monitor them? There is already a website out there showing pictures of people intercepted from their own home security cameras. That is just the top of the iceberg. Nodes of all types from thermostats to cameras, to meters, appliances need to be authenticated and encrypted. Consumers will soon figure that out and demand it.”

Interested in reading more? Head over to Gigaom’s entire writeup. You can also discover how to add enhanced authentication and encryption into your next design here.

Security researcher discovers vulnerability in talking toy dolls


That doll just said what?! 


Vivid Toy’s best-selling doll My Friend Cayla has vulnerabilities which can be exploited by malicious hackers to make the talking toy say what they want remotely, which was first revealed by security researcher Ken Munro of Pen Test Partners in a recent interview with BBC News. While the actual flaw has not been disclosed, it is known to be in the pairing of Cayla with the mobile device.

unnamed

Cayla may appear to be like any other doll on the market today — 18” tall, blond hair, jean jacket, graphic t-shirt and pink skirt — but is equipped with a built-in speaker and a necklace that acts as a listening device. She uses uses speech recognition software and Google Translate technology to answer children’s questions, all while transmitting the words to an app on either an iOS or Android device. That device connects to Cayla via Bluetooth and relays what the child says, translates it into text and uses keywords to browse the web for a response.

BBC reached out to Vivid Toys regarding the vulnerability, who stated, “The hacking was an isolated example carried out by a specialist team – but nevertheless the company would take the information on board as it was able to upgrade the app used with the doll.”

The doll’s distributor had noted that if a child were to say a foul word or pose an question, it would refrain from answering with anything more than “That’s inappropriate” or “I don’t know.” However, as Munro’s research reveals, that she can be made to say much worse things to a child if hacked. For instance, Cayla closes out the interview warning, “Be careful parents. Who knows what I may say next?”

As mentioned in a recent Forbes writeup, a lack of security on the mobile app makes it rather easy for a hacker to change her stock responses from child-friendly platitudes to much more offensive content. An attacker would simply need to pair the dolly with their own device, Munro warns, either by quickly grabbing the toy or finding a way to remotely exploit the phone.

“We don’t think it would take much to turn her into a device to spy on and potentially interact with children. You would be well advised to make sure that she is switched off when not explicitly in use and make sure that the mobile device is secured with a strong PIN, also kept and patched up to date. In the longer term the manufacturer should apply a PIN for the Bluetooth pairing process, but we don’t think that can be done without a product recall.”

Coincidentally enough, Atmel resident security expert just examined the issue in-depth, highlighting that while some sort of IoT is possible without security, without security it would really just be a toy. And this incident proves just that… literally.

“Security matters because users must trust that the nodes are who they say they are (i.e. authentic). Additionally, confidentiality of the data is important to keep unauthorized third parties from getting the data and misusing it. Also, without data integrity mechanisms there is no way to ensure that the data have not been tampered with or corrupted. All three of these matter. A lot,” Boldt writes.

Securing the Internet of Streams


The evolution of IoT is now at a point that it will require a comprehensively redesigned approach to security threats in order to ensure its continuous growth and expansion.


The relentless flow of new product introductions keeps fueling the gargantuan estimates of billions of connected communicating computing devices which is projected to imminently make the Internet of Things ubiquitous within every facet of our lives. The IoT has been portrayed as the key enabler of a smarter world with compelling use cases that cut across a wide array of both personal and industrial ecosystems.

A great description is that the IoT is the global nervous system. This could be a pun, as IoT is increasingly producing troubling headlines. Stories abound, detailing security breaches that sound as if they were taken from a sci-fi movie, from hacked security cameras to a spamming refrigerator.

IoT-Global-Nervous-System

Figure 1 (Source: re-workblog.tumblr.com)

The explosive growth of the IoT coincides with an alarming increase in reported rates of identity theft and hacker attacks on everyday gadgets and appliances. Security researchers have easily established the feasibility of attacks against TVs, cars, security cameras, and medical equipment. There is much more than stolen money on the line if these types of attacks are carried out. The evidence demonstrates that existing security mechanisms are insufficient or ill-suited to address the risks inherent with the ubiquitous deployment of the IoT.

The need for a new original approach

The traditional approach to security, applied to both consumer and business domains, is one of separation – preventing those who are considered bad actors from accessing devices and networks. However, the dynamic topology of the network environments in which IoT applications are deployed largely invalidates the separation approach, making it both impractical and overly rigid. For example, with BYOD (bring-your-own-device), enterprises struggle to apply traditional security schemes to devices that may have been compromised while outside the perimeter firewall.

Many IoT devices self-configure and run autonomously. User interaction is limited to the devices’ operations, and there are no means to change security parameters. These devices rely on the manufacturer to implement security, both in the hardware and the software.

Moreover, manufacturers have to consider the broader ecosystem, not just their own products. For example, recent research has revealed inherent security flaws in USB memory stick controller hardware and firmware. Users must be concerned not only about the safety of the data on the memory stick, but if the memory stick controller itself has somehow been compromised.

To thwart similar issues, IoT device vendors are rushing to upgrade their product portfolios to low-power, high-performance microcontrollers that include firmware upgrade and data encryption mechanisms.

Atmel's IoT Layered Security Solutions

Figure 2 (Source: Atmel’s White Paper: Integrating the Internet of Things)

In the hyper-connected world of IoT, security breaches will gravitate towards the weakest link in the chain. It will become very hard to maintain the confidence that any particular device, user, application or service maintains its integrity; instead, the assumption will be that things will occasionally break for a variety of reasons, over which there is little control and no method for fixing. As a result, IoT will force the adoption of new concepts for the establishment of trust.

A smarter network combined

In the loosely coupled world of IoT, security issues are driving a need for greater collaboration among the vendors participating in the ecosystem, recognizing their respective core competencies. Hardware vendors make devices smarter. Software developers make applications and services smarter. The connective tissue, the global Internet with its myriad of communication transports and protocols, is tasked with carrying the data that powers IoT. This begs the question – can the network be made an enabler of IoT security by becoming smarter in its own right?

Context is essential for identifying and handling security threats and is best understood at the application level, where the intent of information is processed. This points towards a higher-level communication framework for IoT – the Internet of Data Streams. This framework enables apps and services to view things as consumers and producers of data. It allows for descriptive representations of devices’ operational status and real-time detection of their presence or absence.

Elevating the functional value of the Internet, from a medium of communication to a network of data streams for IoT, would be highly beneficial to ease collaboration among the IoT ecosystem participants. The smarter network can provide apps and services with the ability to implement logic that detects things that break or misbehave, flagging them as suspect while ensuring graceful and consistent operation using the redundant resources.

InternetOfThingsHorizontal

For example, a smarter network can detect that a connected sensor stopped functioning (e.g. due to a denial of power attack, possibly triggered through some obscure security loophole) and allow the apps that depend on the sensor to provide uninterrupted service to users. Additionally, a network of data streams can foster a global industry of security-as-a-service solutions, which can, as an example, send real-time security alerts to app administrators and device manufacturers.

The evolution of IoT is now at a point that it will require a comprehensively redesigned approach to security threats in order to ensure its continuous growth and expansion. Addressing the surfaced issues from an ecosystem standpoint calls for apps, services and “things” to explicitly handle communication via a smarter data network, which has the promise of placing IoT in safer hands, courtesy of the Internet of Streams.