Is “Smart” Really Smart?

Giovanni Perrone and Massimo Vecchio
July 17, 2017

 

Even if numbers change between different reports, there is consensus that we are on the edge of a turning point regarding the diffusion of IoT devices. The Ericsson Mobility Report November 2016 [1] in its IoT chapter, presents data saying that, by 2022, there will be a total of 18.1 billion short and long-range IoT devices active and inter-connected. Nevertheless, even without looking at 5 years from now, IoT is becoming more present in our daily lives, with cars and several other mundane equipment already supplied with Internet connection.

Introduction

As IoT is diffusing in our houses as well, it’s no surprise that data recently presented at CES 2017 (Consumer Electronic Show, one of the biggest trade show in the consumer electronics market) say that 15% of the houses (presumably in the United States) already host smart devices of some kind [2].

At the same time, the month of October 2016 has seen the largest (in terms of bandwidth of data used) Distributed Denial of Service (DDoS) attack taking place in the history of computer security, with previously unseen volumes of data used to knock-down various Internet services, both in the United States and in Europe. The attack has been carried out using a malware named Mirai that is specifically designed to attack and hijack IoT devices, transforming them into bots that can be later used to carry out coordinated attacks [3]. Two key aspects of what happened are definitely worth of attention:

  1. Mirai has been designed to hijack “smart” devices, kidnapping them and using them not only as hostile bots (controlled by an external control center) but also as infective vectors to propagate the virus to other devices;
  2. Mirai exploited the vulnerabilities present not only in the devices to be infected, but also in the installation environment: it gains root access by trying a hard-coded sequence of 66 typical user id/password pairs (e.g. “admin/admin”, “user/password”, etc.). Considering that more than 100 thousand devices were infected, it’s easy to infer that basic security prevention measures like changing the default administrator password were not taken into account when these devices have been installed

Thinking in terms of lessons learnt, there are some fundamental warnings that have to be understood and taken into account for the future:

  • IoT is vulnerable;
  • Low-cost smart devices often are more vulnerable than an average PC;
  • Even if the large public may now be more educated and conscious about PC security, there is no wide spread understanding in the typical user that smart devices are actually small computers and, as such, need to be managed and maintained from a security standpoint.

When “smart” may not be so smart

Surely, IoT will bring significant improvements to our quality of life. Applications like smart power grids, with self-adjusting power distribution and availability based on almost real-time demands, are already having a significant positive impact both on the economics and on environmental performances of the power distribution facilities [4]. On smaller scale, intelligent systems for finer regulation of the heating temperature in our houses can bring up to 20% [5] savings in energy consumption, reducing therefore pollution and heat dispersion. IoT penetration is also becoming a key differentiating factor in the automotive domain, where, just to mention a not-so-typical example, implementing connectivity between traffic lights and cars may help reducing fuel consumption and pollution [6].

The above are just a few examples of applications that exploit, in different ways, the various concepts that are behind the vision of IoT and that can reasonably be defined as “useful”.

However, the explosive short and mid-term growth of IoT is obviously a powerful attractive for all businesses, from small start-ups to giants like Google, Apple or Amazon, and the race for transforming every possible thing that surrounds us in a smart device is ramping up. The already mentioned CES 2017 was a good showcase for this trend and the audience had the possibility of watching live demonstrations of smart door bells and locks, smart sun shades and, last but not least, smart and internet-connected hair brushes [7].

Doubts about the real usefulness of such devices may be, to say the very least, legitimate but at the end of the day, the market will decide if there is a real need for an intelligent brush that suggests you how to comb your hair and gives hints about complementary luxury treatments most suitable for your specific wig.

However, in this race for “smartening” typical day-by-day objects, the crucial point is that, while a huge emphasis is put on the incredible benefits that technology will bring to everybody’s life (think about how envious your friends will be when you will be proudly showing your new smart hairstyle), the security risks that an explosive dissemination of connected devices may represent is completely neglected.

Hacking a connected world

We have already mentioned Mirai and the massive attacks perpetrated using it. But even on smaller scales, the hackers’ world is looking more and more actively towards IoT and its weaknesses. And the more the penetration of smart devices increases, the more also the impact of possible attacks amplifies.

The hacking conference Defcon 24 [8], held in Las Vegas on August 2016, hosted several sessions on IoT and its applications. Topics for these sessions ranged from highlighting possible fraud and prevention schemes in smart traffic applications to an analysis on how to attack high-security electronic safe locks (like the ones used for guns safes). While the contents of this type of conferences may not be characterized by their scientific rigor in their proceedings and methods, a look at the presented material reveals that the apparently safe and protected world of the connected devices is actually very permeable to malevolent actions, and that interfering or taking control of these devices do not necessarily require exceptional knowledge nor expensive devices.

Combine this scenario with the expected massive penetration of smart devices and it is not difficult to imagine the threats that this very transformation could bring.

Without taking in consideration the possibility already exploited by Mirai to use IoT agents to carry out attacks in the virtual world, the physical dimension of the smart devices we will live with will inevitably bring the dangers in the real world.

Think about, for instance, a smart house with a central control hub (a design layout typical for most smart houses applications). The house is provided with a smart door lock, video cameras and a smart thermostat. A pretty basic design after all.

In this scenario, suppose the hackers gain access to the central hub: not only they will be connected in the private WiFi or LAN network internal to the house (exposing therefore all devices to potential intrusion) but once with control over the hub the door lock could be opened remotely giving thieves possibility of entering into the house without efforts. The same thieves could know in advance when house owners are not in the house since they will have access to the WiFi cameras and to the thermostat (that will be set to “Away” mode). Using the cameras they may also know where the most precious objects are located, further reducing the time required to do the job. Once inside, with dedicated (and cheap) equipment they could easily open the high-security electronic lock used for the safe. And of course before leaving they could delete all pictures from all cameras leaving no trace behind. And lock the door.

Privacy and confidentiality are areas of serious concerns as well. Already in 2014 researchers proved that hacking popular smart devices like intelligent thermostat could be easily done and could represent a threat to users’ privacy and confidentiality [9]. And things are not going to improve with personal assistants like Amazon Echo or Google Home, devices aware of your physical location and equipped with microphones constantly listening to the environment to detect their “activation word” [10] and that can interact with other devices in your house (thermostats, cameras, bulbs, etc.): convenient for sure, but with a possible price tag on security and privacy [11].

Conclusions

The lack of clear (and compulsory) standards on IoT security has been and still is a matter of debate and concern. Many proposals have been made and even if the EU is funding projects on IoT security platforms but we’re still far away from having the situation under control where each new smart device can be considered “reasonably” safe to be installed and used.

At the same time, more and more smart (or not-so-smart) applications and devices are spreading, making the boundary between the virtual and physical world thinner and thinner, giving to the end user the illusion of being part of a safe, seamless, connected nest where nothing can go wrong and we are protected by the new technology we are introducing in our lives.

The need for implementing security by design is therefore becoming a matter of urgency and we may be well already late in this race. In the meantime, perhaps a more cautious and conscious approach to the IoT transformation should be transmitted to the wide public, letting everyone more aware of the risks brought by a smart world.

References

[1]           https://www.ericsson.com/assets/local/mobility-report/documents/2016/ericsson-mobility-report-november-2016.pdf
[2]           http://www.ces.tech/show-floor/marketplaces/smart-home
[3]           https://www.us-cert.gov/ncas/alerts/TA16-288A
[4]           http://smartgridcc.org/wp-content/uploads/2013/10/SGCC-Econ-and-Environ-Benefits-Full-Report.pdf
[5]           https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/447144/6.656_DECC_JG_Annual_Report_2014-15_AW_WEB.pdf
[6]           http://www.ijicic.org/ijicic-11-06076.pdf
[7]           http://www.cnbc.com/2017/01/04/loreals-smart-brush-listens-to-hair-recommends-luxury-treatments.html
[8]           https://www.defcon.org/html/defcon-24/dc-24-index.html
[9]           http://www.blackhat.com/docs/us-14/materials/us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home.pdf
[10]         https://www.theguardian.com/technology/2015/nov/21/amazon-echo-alexa-home-robot-privacy-cloud
[11]         https://www.linkedin.com/pulse/5-awesome-illegal-uses-alexa-shelly-palmer?trk=hp-feed-article-title-hpm


Giovanni PerroneGiovanni Perrone has been working in the mobile and Telco domain for more than 12 years, coming from another 10 years spent in the design of digital solutions for renewable energy and industrial automation applications. In the last 10 years he has been working in the post-sales area, specializing in project and program management, earning a PMP certification in 2007 and a CSM one in 2012 and has more than 10 years of experience in project and program management in Telecom, IT and Hi-Tech domains. In parallel to his working activities, he is currently cooperating with the "SMART Engineering Solutions & Technologies (SMARTEST)" Research Centre of the eCampus University (Italy), where he is completing his Master degree in Informatics and Control Automation. He has a Degree in Electronics Engineering and he is currently engaged in activities ranging from research to business development and leadership and project management seminars and workshops through the PMI CIC chapter.

 

Massimo VecchioMassimo Vecchio received the Laurea degree in Computer Engineering (Magna cum Laude) from the University of Pisa and the Ph.D. degree in Computer Science and Engineering (with Doctor Europaeus mention) from IMT Lucca Institute for Advanced Studies in 2005 and 2009, respectively. His research background is on computational and artificial intelligence techniques, such as metaheuristics for global optimization and fuzzy logic. During his Ph.D. degree, however, his research interests moved towards power-efficient engineering and application designs for pervasive systems and devices. From October 2008 to March 2010, he worked as a research engineer at INRIA-Saclay (France). Then, he joined the Signal Processing in Communications group at the University of Vigo (Spain) as a post-doctoral researcher. Upon his return to Italy (October 2012), he worked as a senior researcher at CREATE-NET (an ICT research center) within the "Smart Internet of Things (RIoT)" research unit, mainly in the field of Internet of Things devices and resources virtualization. Starting from May 2015, he is an associate professor at the eCampus University (Italy), holding also a course on mobile and embedded systems and heading the "Everything Connected (EC)" research unit of the "SMART Engineering Solutions & Technologies (SMARTEST)" Research Centre. He is the author of one book monograph and co-author of two book chapters, as well as several journal and conference papers.

 

 

A New Memory to Enable Ultra Low Energy Devices

Sylvain Dubois
July 17, 2017

 

The Internet of Things (IoT) has the potential to drive applications worth trillions of dollars – with every device connected to other devices and people across a wide range of applications such as smart homes and buildings, smart industrial plants or cities. Several factors are driving the rapid growth of IoT. Moore’s law is still at work creating faster, smaller, cheaper devices. Other technological advancements like low power and lower cost communications that can interconnect tiny sensors with cloud-based applications enable new business models that harvest greater value from sharing information. But there are obstacles.

Overcoming Power-Hungry Operations in Next Generation IoT Devices

More connected devices create more data every second that is stored, processed, uploaded and shared. The abundance of sensors including temperature, pressure, direction, speed, weight, paces, heart beats, light intensity, etc. will generate a flood of information to transmit. The available energy budget of IoT devices is limited. And continuous wireless data transmission is a power-hungry operation requiring far too much energy for battery-powered applications.

Next generation IoT devices will be low-cost, highly integrated systems requiring specialized SoCs with more functions on chip. Most will need to run on a single battery charge for 5-10 years, or even harvest energy from their environment. This is particularly critical in remote applications, such as smart sensors deployed across wide areas like cities, where regular battery changes would be impractical and economically non-viable.

Meeting the energy budget will necessitate a variety of energy-saving strategies and many devices will be designed to spend most of their time in standby or other energy saving modes, active only to perform necessary functions. Designers will be looking for ways to reduce not only the volume of data to be transmitted, but also the frequency and duration transmission to conserve power. With such restrictive energy budgets, memory will need to operate on far less power and be more integrated than what’s possible with today’s memory technologies, which are too power hungry, slow, unreliable and difficult to manufacture.

IoT devices need innovative, energy-efficient memory technologies

Innovative memory technologies can help address the most critical IoT energy challenges. Lower power and lower voltage operation, monolithic integration, faster read and write times, non-volatility and higher capacity are all ways that memory technology can help IoT devices to achieve greater energy efficiency. By design, non-volatile memory can be completely powered down, yet retain all stored information.

More powerful, yet lower power microcontrollers make pre-processing a viable way to reduce the volume of sensor data to be transmitted. However, efficient processing necessitates greater local memory capacity for stored data to be processed and programs to execute. To reduce the frequency of data transmissions, designers will make greater use of local data buffering, as batching data for transmission allows the frequency of transmissions to be significantly reduced. Faster read and write times enable data to be sent more quickly, reducing the duration of each transmission, and optimizing on/off duty cycles.

More memory will also be needed to ensure interoperability, as the lack of a globally accepted IoT connectivity standards will require devices to support multiple protocol stacks. Today’s on-chip memory technologies do not scale economically to greater densities, so SoC designers are forced to rely on external chips for this additional memory.

ReRAM to the Rescue

Resistive Random-Access Memory (ReRAM) is widely hailed as the most promising technology in the race to develop innovative, low energy, more scalable, high-capacity, high-performance and reliable storage solutions. ReRAM cells typically employ a switching material sandwiched between two metallic electrodes that can exhibit different resistance characteristics when a voltage is applied across it. Significant performance differences can be achieved depending on the switching materials and memory cell organization chosen.

Figure1

Unlike flash, ReRAM is bit/byte-level addressable and can be architected with small pages that can be independently reprogrammed. On-chip storage drastically simplifies the complexity of the microcontroller by removing a large portion of background memory access required for flash-related data management. It also enables the use of wide memory buses that break the bandwidth bottleneck between computing cores and storage. ReRAM achieves visible benefits in read and write latencies, lower energy consumption and increased lifetime of the storage solutions.

At the memory cell level, ReRAM improves programming performance and reduces power consumption; on a system level, on-chip storage memory reduces energy consumption by up to 50x than external NVM . Lower, more predictable latencies also reduce energy by shortening the execution time of code fetching or data streaming.

Monolithic integration of storage memory eliminates the need for a variety of mechanical connectivity components and methods of varying complexities that can lower yields and increase overall fabrication cost. Moreover, ReRAM technology can easily integrate with standard CMOS logic circuitry and be manufactured using existing CMOS fabs. More on-chip storage enables data logging applications to achieve energy savings of 40X compared to Bluetooth Low Energy (BLE) wireless transmission.

Figure 2

ReRAM solutions can enable radical innovations in the connected IoT device world. Low energy, fast, nonvolatile memory that can be easily integrated in very large capacities on a single SoC along with logic, analog and RF components that can operate for years without a battery charge, will enable the future of smarter devices across Internet of things, consumer electronics, and industrial applications.


Sylvain DuboisSylvain Dubois joined the Crossbar management team in 2013 as Vice President of Business Development and Strategic Marketing. He has 17 years of semiconductor experience in business development and strategic product marketing.

Prior to joining Crossbar, Dubois led strategic product positioning and market engagement for developing new products at Spansion. Responsible for identifying new growth opportunities and expanding the product portfolio, Dubois was instrumental in defining the Spansion Flash memory product roadmap. Prior to Spansion, he was a System-on-Chip architect of OMAP application processors at Texas Instruments.

Sylvain Dubois holds a Master of Science in Microelectronics from E.S.I.E.E. (Paris), University of Southampton (UK) and Universidad Pontifica Comillas (Spain).

 

 

IPv6 and Internet of Things: Prospects for Latin America

Rosa Delgado
July 17, 2017

 

“The Internet needs to keep evolving and there are things that should happen beyond IPv6, but to overcome the present address space exhaustion, we need to implement IPv6 essentially everywhere” (Vint Cerf, father of the Internet). Information Technologies (IT) experts predict that there will be over 50 billion ‘connected devices’ by 2020. However, despite the existence of Network Address Translation (NAT), the current Internet Protocol version 4 (IPv4) offers just under, 4.3 billion unique IP addresses. Internet of Things (IoT) clearly needs more IP addresses than IPv4 can provide. As a result, there is no IoT without IPv6.

The rapid and massive proliferation of smart mobile devices on the Internet, broadband and cloud services, have already exhausted the available IP addresses in its current Internet Protocol, IPv4. The new Internet Protocol version 6 (IPv6) extends the IPv4 address space from 32 bits to 128 bits (340 undecillion or 340 trillion trillion trillion), which should be sufficient for the next decades.

IPv6 is about vision, leadership, innovation and competitive edge. IPv6 enables to enhance the provision of Internet services and become a more competitive and innovative player for IoT, SmartCities, SmartGrid, Mobile Internet, eGoverment, eEducation, eHealth and sensor networks services. It also improves the quality of public services, energy con­sumption and mobility through the capacity to process big data that will help to bring better solutions to crucial sustainable development issues.

Today, more than 19% of wired-up Internet users are already connected to IPv6 services. IPv6 seems to be new, though in fact it has been around since 1999, and until 2012 experienced a rather slow uptake (see Fig. 1). IT experts predict that by 2019, the barrier of 50% will be surpassed.

Fig 1: IPv6 Adoption: percentage of users that access Google over IPv6.

Fig 1: IPv6 Adoption: percentage of users that access Google over IPv6.

Today, most operating systems are IPv6-enabled by default. In the next decade, IPv6 and IPv4 will co-exist, adding more complexity to an already multi-diverse network environment of things, mobile devices and clouds; while this is the easier path to follow from the point of view of a smooth migration, it increases the points of vulnerability from a holistic design viewpoint. Security needs to be taken into account from day 1 of the IPv6 adoption process and the possibility of addressing connected objects individually rather than by means of gateways, this gives IPv6-based systems a competitive edge in terms of simple, uniform and more easily secured architectural design.

According to McKinsey, the IoT market will generate between $6 to 10 trillion a year by 2025, which represents 13% of the global economy and, more than 40% of this growth could be generated in emerging nations. Opportunities for low-cost, wide coverage networks to accomplish services that solve local issues are tremendous. Thus, the future of leveraging IoT for emerging countries is promising.

Internet of Things (IoT): Latin America and Peru

The IoT adoption, mobile Internet, fixed broadband, overall data traffic and contents in the region are all projected to grow in the years to come. Leading countries, like Brazil and Mexico, are already developing some large-scale IoT projects to achieve real solutions in different industry sectors. Brazil’s Secretary of Information Technology Policies said, "We need to work on real projects and achieve real progress. Brazil's problems and solutions sometimes are not the same as those in Europe, and as such can be leveraged and adapted by the other parties." In 2017, the government has agreed to the creation of a “Brazilian Association of IoT” to include private sector entities, telecom operators, academia and startups to foster open innovation in all sectors of society.

Latin America is currently shaping its future with a greater use of Internet technologies (broadband, mobility, PKI, IPv6), new business models and applications. As the demand for Internet services continues to grow, more nations, especially late-comers, recognize the great importance of adopting IoT and being among its early adopters. Today, IoT is more relevant for lesser developed than for developed regions as an enabler for technology development and technology integration with technologically advanced countries. However, the region still faces challenges in strengthening the efficiency of public agencies, policies, levels of expertise in different industry sectors and the quality of infrastructure.

The region is also closing the gap with the rest of the world, in particular in mobile services, as more than 400 million people will be connected in the next decade.

The IoT’s impact in Peru follows the world development trend with a growing demand of specialized and intelligent solutions by the local industry. This requires advanced networks, locally developed solutions and greater skills and knowledge, crucial for development and job creation in some specific sectors such as: education, health, government and new business models for industries like smart-cities, financial services, energy, insurance, agro-export, agriculture, mining, oil, gas, ‘clean technologies’, manufacturing and so on.

The industry has also begun to invest in “I+R+D”, to develop more IoT projects in response to state funds and tax incentives (Produce, FINCyT). Today in Peru, academia and startups develop most of the local robotic and artificial intelligence projects.
A few IoT examples among many others (Cisco Peru, source),

  • IoT for environment: The startup qAIRa won the Best Entrepreneur Award at the ‘SeedStars Summit 2017’, the most important global emerging market competition in Switzerland. qAIRa, monitors contaminated air through high technology drones powered to fly over mining zones located at 4,000 to 5,000 meters above sea level.
  • IoT for Agriculture: Universidad del Pacifico (startup) has developed some drone networks to perform topographical and geological surveys and surveillance.
  • IoT for Agro-export: Universidad Nacional de Ingenieria (startup) has developed robots that classify fruits and vegetables by color and size.
  • IoT for Security, Verisure company provides services to control the security of clients homes remotely.
  • IoT for financial, VisaNet or Mastercard gets information (big data) through M2M devices.

Peru was the fastest growing economy in Latin America in 2016 and Brazil, the biggest. Compared to other economies of the region, the Peruvian ICT market is still small, according to the Global Entrepreneurship Monitor however, Peru continues to be Top 4 in entrepreneurship, having an Entrepreneurial Activity Rate (EAR) of 25.1%, at a rate well above the regional EAR, 18.8%.

New Internet (IPv6): Latin America and Peru

Peru, Ecuador and Brazil are the top three countries with the highest IPv6 adoption rate in the region. Peru has been the leading country in IPv6 deployment in Latin America since 2013 – Top 5, Top 10 and Top 15. Telefonica del Peru (TdP) is a leading provider in the region because of its IPv6 expertise, infrastructure and commitment.

In 2009, TdP was warned that Peru had enough IPv4 addresses to last only until 2012. Telefonica Madrid chose Peru to run the project ‘Switching a country to the new IPv6 protocol’. TdP deployed IPv6 native connectivity to more than 3 million broadband residential customers in Lima (fixed ADSL lines). Today, TdP is expanding IPv6 to the rest of the country and mobile services. Peru has currently an IPv6 deployment rate of 17%, according to APNIC lab’s IPv6 measurement. TdP has an IPv6 deployment rate of 14%, according to World IPv6 Launch.

The government and the IPv6 Council of Peru have been quite active in promoting the leading IPv6 role of Peru to the private sector, academia, local enterprises and the local administration through awareness events and workshops.

Conclusions

  • There is no IoT without IPv6. Nevertheless, most services are still available in IPv4 only;
  • Innovation must serve the needs of people, to create real projects and achieve real solutions with the support of local scientists and talents that create opportunities for the local industry;
  • Latin American governments recognize the critical importance of IoT and IPv6 to become more competitive and innovative despite of their impact on the local job market;
  • Latin American private sector, government and academia need to accelerate the IoT and IPv6 adoption, to meet the ‘fourth industrial revolution' and other challenges such as, lack of capacities, applications, contents, commercial approach and unwillingness to change what works.

Rosa DelgadoRosa Delgado, ICT Consultant, received an Engineering Degree from the Universidad Nacional de Ingenieria of Lima, Peru. She also holds a Master degree in ‘Digital Communications’ from Warwick University, UK and a ‘Communications and Business Strategies’ from the Université de Genève.  She is an Emeritus Internet Society Trustee (www.internetsociety.org). She was involved in the creation of the IPv6 Task Forces of Peru and Egypt and since 2000, founding member of the European Union IPv6 Task Force. She was the decisive force behind the creation of dot-Aero, dot-Post, dot-Eurovision and dot-Radio Internet Top Level Domain Names. She provides mentoring to new tech and innovation startups and accelerators. Rosa is currently President of the IPv6 Forum of Peru working with government agencies to ensure IPv6, Internet of Things and Smart Cities are taken in consideration in government and private sector plans. She previously worked at the World Health Organization (WHO, www.who.org), WiseKey (www.wisekey.com), Société International de Télécommunications Aéronautique (www.sita.aero), International Telecommunication Union (www.itu.int), United Nations (Disaster Emergency Network) and CERN (www.cern.ch). In 2017, she received the IPv6 Forum Award, for supporting the IPv6 adoption in Peru (http://peru.com/epic/tecnologia/nap-reconoce-aporte-instituciones-migracion-al-ipv6-noticia-495984)