Automating IoT Security: The EU CONCORDIA Approach

Samuel Lindemer, Anum Khurshid, Han Wang, Martin Furuhed, and Shahid Raza
November 21, 2019


Industries and governments around the world continue to make great strides towards a vision of smart manufacturing, smart cities and the Internet of Things. The accelerating rate of this transformation has, unfortunately, outpaced our readiness to handle the security implications. Much of our critical infrastructure already depends on vast networks of low-cost embedded devices.

These devices are typically produced through a global supply chain that combines software and hardware from several different vendors into a single product.

Digital Sovereignty

Many vendors do not reveal their code or chip designs in order to protect their intellectual property. This raises some difficult questions: How can we trust devices if we have no right to see their design? Who is accountable if a design flaw leads to a costly security breach? Should vendors be compelled to update their products when these flaws are discovered? What if those vendors are no longer in business?

These concerns have led, in part, to a push for digital sovereignty in the European Union. CONCORDIA is an EU project established in pursuit of this goal. The project has recently grown to 55 partner institutions in both academia and industry across 19 countries and works closely with ENISA, EUROPOL, EDA and NATO’s CCDCOE [1]. CONCORDIA’s IoT strategy aims to automate and streamline credential management, remote attestation, firmware patching, certification, malware detection – essentially every aspect of device security – such that these operations become economical even for highly constrained devices.

Digital Identities for IoT Devices

Many IoT devices used in infrastructure projects are deployed in dangerous or difficult-to-reach places. Consider, for example, waste-water treatment plants, oil refineries, suspension bridges (e.g., structural health monitoring) and electrical substations. Performing frequent maintenance in these environments incurs a prohibitively high labor cost, so devices must remain operational for months or years without human intervention. Naturally, this precludes the use of any passwords or PIN codes. Devices must be configured to simply boot and establish a secure network connection automatically. In other words, each IoT device needs a unique digital identity to authenticate itself with.

Figure 1: Digital identity provisioning and lifecycle for the IoT.

Figure 1: Digital identity provisioning and lifecycle for the IoT.

To address this challenge, our work has focused on developing automated, lightweight public key infrastructure (PKI) solutions for managing IoT credentials. Digital certificates and asymmetric cryptography have traditionally been viewed as “too heavy” for very small devices. Many network operators have, instead, opted for ­­pre-shared keys (PSK) as a convenient alternative. However, PSK solutions do not provide authentication, key revocation or end-to-end security – these are only possible if each device has a unique identifier and secret key. Moreover, if an attacker compromises a network PSK, all devices need to be physically retrieved and provisioned with a new key.

In our recent work on the CEBOT project, we developed new lightweight protocols for certificate enrollment, re-enrollment, and compression that can run on virtually any device capable of running an IP network stack [2]. The enrollment protocol is now making its way through the IETF standardization process (see Figure 1) [3]. Our ongoing work in this area includes lightweight credential revocation and the integration of IoT PKI in the healthcare and automotive sectors.

Continuous Updates and Re-certification for IoT

The EU Cybersecurity Act of 2019 introduces for the first time an EU-wide security certification scheme for electronic devices [4]. This presents unique challenges for research and industry. In the case of safety certification, a rigorous process of testing and documentation endows a high level of confidence that a device will behave as expected. In contrast, history has shown time and again that every complex software system contains exploitable vulnerabilities. Hundreds are discovered in the Linux kernel every year [5].

In practice, security depends on our ability to issue software updates patches as soon as vulnerabilities are discovered. There are three basic building blocks required to automate this process on IoT devices, namely:

  1. Digital certificates backed by a reliable PKI are needed in order to sign firmware images. For encrypted updates, digital certificates also provide the basis for end-to-end security between devices and update authors.
  2. A trusted execution environment (TEE) on each device provides hardware-enforced isolation of security-critical software.
  3. A small amount of trusted immutable code (i.e., the trusted computing base, or TCB) with exclusive access to the device hardware root of trust.

The TCB code executes in a TEE and is responsible for installing firmware updates on the device, and for providing the device owner with a cryptographic proof that this has been done correctly – a process known as remote attestation. The advantage of this approach is that only the TCB and the hardware itself is fully trusted. The operating system and application code are complex and therefore likely to require security patches.

Ultimately, our objective is to create an automated re-certification solution, whereby devices can be issued with an EU-backed security certification that is valid until a vulnerability is discovered. When this occurs, devices must be patched and re-certified without any physical interaction. There are already ongoing efforts in the IETF SUIT working group to standardize the distribution of firmware updates and metadata [6]. Our primary research focus in this area is the implementation of TEEs on open-source RISC-V architectures. Currently, TEEs in the embedded and cloud spaces are dominated by ARM TrustZone and Intel SGX, respectively. Developing future IoT devices on open-source platforms has the potential to bolster consumer confidence that the security claims about a device are correct, and to accelerate the discovery and patching of vulnerabilities.

Threat Intelligence at the Network Edge

For the foreseeable future, most IoT devices will contain closed-source IP manufactured, at least partially, in another country. This raises concerns for many about attacks on the supply chain, hidden backdoors or pre-installed malware for data exfiltration. Most importantly, compromised devices must not become a source of attacks against the wider Internet (see Mirai DDoS attack). One mitigation strategy we are investigating is threat intelligence at the network edge. This entails analyzing network traffic in real-time with federated machine learning on the network border router in order to detect malicious behavior on the part of devices within the network. This approach is in line with privacy by design and default as envisioned by GDPR (as opposed to exporting and processing all data on the cloud).


The European Union has introduced an IoT security certification framework for ICT products and services. No device should be declared secure unless it can be securely and dependably updated in the future. Given the scale and sprawl of the IoT, it is crucial that devices can be managed, updated and re-certified remotely. Additionally, networks must be protected against IoT devices, which we aim to accomplish through federated machine learning at the network edge. The EU CONCORDIA project connects academic and industrial institutions in order to develop scalable and automated solutions to these challenges.


  2. J. Höglund, S. Lindemer, M. Furuhed, and S. Raza, “PKI4IoT: Towards Public Key Infrastructure for the Internet of Things,” Computers & Security, p. 101658, Nov. 2019.


Samuel LindemerSamuel Lindemer received his B.Sc. in Electrical Engineering from Northeastern University in Boston, MA in 2017. In 2019, he completed his M.Sc. in Embedded Systems at KTH Royal Institute of Technology in Stockholm, Sweden and began his industrial Ph.D. studies at RISE Cybersecurity and Uppsala University. His current research focus is on trusted execution environments on embedded RISC-V architectures.


Anum KhurshidAnum Khurshid is a Ph.D. student at RISE Cybersecurity and Uppsala University in Sweden. She completed her M.Sc. in Computer Science with a specialization in Cybersecurity in 2017 from COMSATS University in Pakistan. Her current research is focused on security for resource-constrained IoT, including software security and trusted execution environments in the ARM TrustZone ecosystem.


Han WangHan Wang received a double M.Sc. in Computer Science from Uppsala University and National Taiwan Normal University in 2017. She is currently an industrial Ph.D. student at RISE Cybersecurity and Uppsala University. Her current research focus is on machine learning for IoT security.


Martin FuruhedMartin Furuhed works as a product manager at Nexus Group in Sweden, responsible for the Certificate Manager CA platforms and has experience from the PKI industry since 1998. He is active in, and is driving, several projects extending and adapting traditional PKI solutions for IoT scenarios for both industries and the public sector.


Shahid RazaShahid Raza received his M.Sc. degree from KTH Royal Institute of Technology in Stockholm, Sweden, and his Industrial Ph.D. from RISE SICS in Stockholm and Mälardalen University in Västerås, Sweden in 2013. He is an expert researcher and the Director of RISE Cybersecurity, where he has been involved with research since 2008. Shahid is also an Associate Professor at Uppsala University Sweden. His current research interests include all aspects of IoT security.



Ten Trends of IoT in 2020

Ahmed Banafa
November 21, 2019


The Internet of Things (IoT) is actively shaping both the industrial and consumer worlds. Smart tech finds its way to every business and consumer domain there is—from retail to healthcare, from finances to logistics—and a missed opportunity strategically employed by a competitor can easily qualify as a long-term failure for companies who don’t innovate [3]. The year 2020 will hit all 4 components of IoT Model: Sensors, Networks (Communications), Analytics (Cloud), and Applications, with different degrees of impact.

By 2020, the Internet of Things (IoT) is predicted to generate an additional $344B in revenues, as well as to drive $177B in cost reductions. IoT and smart devices are already increasing the performance metrics of major US-based factories. They are in the hands of employees, covering routine management issues and boosting their productivity by 40-60% [1]. The following 10 trends explore the impact of many technologies on IoT and predict what is next for IoT (see Figure 1).

 Figure 1: 10 Trends of IoT in 2020.

Figure 1: 10 Trends of IoT in 2020.

IoT Prediction 1: Growth in Data and Devices with More Human-Device Interaction

By the end of 2019, there will be are around 3.6 billion devices that are actively connected to the Internet and used for daily tasks. With the introduction of 5G that will open the door for more devices, and data traffic. You can add to this trend the increase adoption of edge computing which will make it easier for business to process data faster and close to the points of action [1].

IoT Prediction 2: AI a Big Player in IoT (Again)

Making the most of data, and even understanding on a basic level how modern infrastructure functions, requires computer assistance through artificial intelligence. The major cloud vendors, including Amazon, Microsoft, and Google, are increasingly looking to compete based on their AI capabilities. Various startups hope to increase their market share through AI algorithms able to leverage machine learning and deep learning, allowing businesses to extract more value out of their ever-growing volumes of data. [2].

Artificial intelligence is the fundamental ingredient needed to make sense of the vast amount of data collected these days, and increase its value for the business. AI will help IoT data analysis in the following areas: data preparation, data discovery, visualization of streaming data, time series accuracy of data, predictive and advance analytics, and real-time geospatial and location (logistical data) [1].

IoT Prediction 3: VUI: Voice User Interface will be a Reality

it’s a battle among industry leaders who would like to dominate the market of IoT at an early stage. Digital assistant devices, including HomePod, Alexa, Siri, and Google Assistant, are the future hubs for the next phase of smart devices, and companies are trying to establish “their hubs” with consumers, to make it easier for them to keep adding devices with less struggle and no frustrations [1].

Voice represents 80% of our daily communications, taking a chapter from Sci-Fi movies, talking to robots is the common way of communications, R2D2, C-3PO, and Jarvis to name a few. The use of voice in setting up the devices, change that setups, giving commands and receiving results will be the norm not only in smart houses, factories but in between like cars, wearables for example.

IoT Prediction 4: More Investments in IoT

IoT’s undisputable impact has and will continue to lure more startup venture capitalists towards highly innovative projects in hardware, software, and services. Spending on IoT will hit 1.4 trillion dollars by 2021.

IoT is one of the few markets that have the interest of the emerging as well as the traditional venture capitalists. The spread of smart devices and the increasing dependency of customers to do many of their daily tasks using them will add to the excitement of investing in IoT startups. Customers will be waiting for the next big innovation in IoT—such as smart mirrors that will analysis your face and call your doctor if you look sick, smart ATM machine that will incorporate smart security cameras, smart forks that will tell you how to eat and what to eat, and smart beds that will turn off the lights when everyone is sleeping [1].

IoT Prediction 5: Finally, a Real Expansion of Smart IoT

IoT is all about connectivity and processing, nothing will be a better example than smart cities, but smart cities have been in a bit of a holding pattern recently. Smart sensors around the neighborhood will record everything from walking routes, shared car use, building occupancy, sewage flow, and temperature choice 24/7 with the goal of creating a place that’s comfortable, convenient, safe, and clean for those who live there. Once the model is perfected, it could be the model for other smart neighborhoods and eventually smart cities [1].

The potential benefits for cities, however, make IoT technology especially compelling. Cities of all sizes are exploring how IoT can lead to better efficiency and safety, and this infrastructure is increasingly being rolled around the world. Transportation will likely lead this change, as bringing connectivity, intelligence and automation to roads and public transportation has proven to significantly improve efficiency and experience. One factor expected to play a role in smart city development will be 5G, making the lightning-fast transfer of streaming analytics more realistic. 5G rollouts will spur a race to build applications that tap into the numerous market opportunities it creates [2].

Another area of spreading smart IoT is the auto industry with self-driving cars become a normal occurrence in the next few years, today tons of vehicles have a connected app that shows up to date diagnostic information about the car. This is done with IoT technology, which is the heart of the connected vehicle. Diagnostic information is not the only IoT advancement that we will see in the next year or so. Connected apps, voice search, and current traffic information are a few other things that will change the way we drive [1]. 

IoT Prediction 6: The Rise of Industrial IoT & Digital Twin Technology

An amalgamation of technologies is pushing this new techno-industrial revolution, and IoT plays a big part in making manufacturing more efficient, less risky, and more profitable. Industrial IoT brings enhanced efficiency and productivity through data integration and analysis in a way that isn't possible without an interconnected manufacturing process.

Another notion that is gaining popularity is “digital twin” technology. Through its use, organizations can create a clear picture of how their IoT devices are interacting with the manufacturing process. This gives keen businesses insight into how the life cycle of their machines operates and allows them to predict changes that may be needed ahead of time. According to a Gartner survey, 48% of smart manufacturing adopters have made plans to make use of the digital twin concept [3].

IoT Prediction 7: More Movement to the Edge

Edge computing is a technology that distributes the load of processing and moved it closer to the edge of the network (sensors in case of IoT). The benefits of using fog computing are very attractive to IoT solution providers. Some of these benefits allow users to minimize latency, conserve network bandwidth, operate reliably with quick decisions, collect and secure a wide range of data, and move data to the best place for processing with better analysis and insights of local data[1]. Edge computing has been on the rise in recent years, but the growing scope of IoT technology will make this move even more pronounced. Two factors are leading this change:

  • Powerful edge devices in various form factors are becoming more affordable
  • Centralized infrastructure is becoming more stressed.

Edge computing also makes on-device AI a realistic proposition, as it allows companies to leverage real-time data sets instead of having to sift through terabytes of data in a centralized cloud in real-time. Over the coming years and even decades, it’s likely that tech will shift to a balance between the cloud and more distributed, edge-powered devices [2].

Hardware manufacturers are building specific infrastructure for the edge deigned to be more physically rugged and secure, and security vendors will start to offer endpoint security solutions to their existing services to prevent data loss, give insights into network health and threat protection, include privileged user control and application whitelisting and control, that will help in the fast adoption and spread of edge computing implementations by businesses [1].

IoT Prediction 8: IoT Focus on Security Using Blockchain

The IoT tech market will see a renewed focus on security as complex safety challenges crop up. These complexities stem from the diverse and distributed nature of the technology. The number of Internet-connected devices has breached the 26 billion mark. Device and IoT network hacking will become commonplace in 2020. It is up to network operators to stop intruders from doing their business [4].

The current centralized architecture of IoT is one of the main reasons for the vulnerability of IoT networks. With billions of devices connected and more to be added, IoT is a big target for cyber-attacks, which makes security extremely important.

Blockchain offers new hope for IoT security for several reasons. First, blockchain is public, everyone participating in the network of nodes of the blockchain network can see the blocks and the transactions stored and approves them, although users can still have private keys to control transactions. Second, blockchain is decentralized, so there is no single authority that can approve the transactions eliminating Single Point of Failure (SPOF) weakness. Third and most importantly, it's secure—the database can only be extended and previous records cannot be changed.

In the coming years, manufacturers will recognize the benefits of having blockchain technology embedded in all devices and compete for labels like “Blockchain Certified” [1].

IoT Prediction 9: More Social, Legal, and Ethical Issues

IoT devices represent a largely unregulated new technology. IoT will inevitably find itself facing social and legal questions in the near future. This is particularly relevant for data collected by these devices, which may soon find itself falling under the umbrella of the General Data Protection Regulation (GDPR). This regulation regarding the handling of personal data and privacy in the European Union, the GDPR extends its reach beyond the European region. Any business that wants to successfully operate within the EU will need to comply with the guidelines laid out in its 88-page document. Security issues are essential when it comes to the legal regulation of personal data. Development teams can ensure the required level of security and compliance on various levels, including data encryption, active consent, various means of verification and other mechanisms. Their goal is to collect data legitimately and keep its accessibility, processing, and storage to a minimum that is dictated by the software product [3].

IoT Prediction 10: Standardization Still a Problem

Standardization is one of the biggest challenges facing the growth of IoT—it’s a battle among industry leaders who would like to dominate the market of IoT at an early stage. But what we have now is a case of fragmentation. One possible solution is to have a limited number of vendors dominating the market, allowing customers to select one and stick to it for any additional connected devices, similar to the case of operating systems we have now have with Windows, Mac, and Linux for example, where there are no cross-platform standards.

To understand the difficulty of standardization, we need to deal with all three categories in the standardization process: Platform, Connectivity, and Applications. In the case of the platform, we deal with UX/UI and analytic tools, while connectivity deals with customer’s contact points with devices, and last, applications are the home of the applications which control, collect and analyze data. All three categories are inter-related and we need them all, missing one will break that model and stall the standardization process. There is no way to solve the problem of fragmentation without a strong push by organizations like IEEE or government regulations to have common standards for IoT devices [1].




ahmed banafaAhmed Banafa has extensive research work with focus on IoT, Blockchain, cybersecurity and AI. He served as an instructor at well-known universities and colleges. He is the recipient of several awards, including Distinguished Tenured Staff Award, Instructor of the year and Certificate of Honor from the City and County of San Francisco. He was named as No.1 tech voice to follow, technology fortune teller and influencer by LinkedIn in 2018, featured in Forbes, IEEE-IoT and MIT Technology Review, with frequent appearances on ABC, CBS, NBC, BBC, and Fox TV and Radio stations. He is a member of MIT Technology Review Global Panel. He studied Electrical Engineering at Lehigh University, Cybersecurity at Harvard University and Digital Transformation at Massachusetts Institute of Technology (MIT). He is the author of the books: Secure and Smart Internet of Things (IoT) using Blockchain and Artificial Intelligence (AI) , and Blockchain Technology and Applications , Winner of Author & Artist Award 2019 of San Jose State University for "Secure and Smart IoT" Book.



Understanding the Convergence of IoT-AI-AR for the Industrial Sector

Saverio Romeo and Mark Sage
November 21, 2019


Adoption of the Internet of Things (IoT) in public and private organizations has grown strongly during the last decade with no end in sight. Today, IoT applications are becoming increasingly ubiquitous, touching every aspect of life and business – from manufacturing to retail to smart cities. However, challenges remain in the effort to accelerate IoT adoption and bring it to a more refined level of development.

Currently, IoT applications are primarily focused on using IoT devices to monitor and control spaces. The next steps in the evolution of IoT should be to be able to predict events and conditions, prescribe actions and automate the processes with the necessary balance between cloud and edge activities. This needs to happen in a secure manner, ensuring scalability and maximum efficiency while maintaining a continuous focus on business values all along the IoT solution lifecycle.

In all this, there is also a need to enhance the interaction between those intelligent spaces and the people who work within them. To do all that, the IoT needs to work together with other technological frameworks. These include:

  • Artificial Intelligence (AI) to produce the right intelligence based on data gathered;
  • Distributed Ledger Technology (DLT) to support trust and decentralization;
  • 5G to enable different connectivity applications and performance depending on needs; and
  • Augmented Reality (AR) to create a conducive relationship between humans and intelligent spaces.

This article will briefly illustrate the work being done within the AREA on the convergence of IoT, AI, and AR.

The AREA – An Innovation-Driven Alliance

The AREA[1] represents more than 60 members – AR solution providers, enterprises implementing AR, and non-profit institutions – dedicated to the adoption of AR in enterprise environments. The alliance supports its members in a variety of ways, including a continuous flow of market and technological research. The AREA’s member-funded research activities tackle key issues related to the implementation of AR in enterprises. In the first half of 2019, I began working with the AREA to address the convergence IoT-AI-AR.

The Reasons for the Convergence and the Architectural View of It

The research aims to understand the convergence of IoT with AI and AR in strongly process-oriented organizations, such as manufacturing, oil and gas, mining, and energy. Starting from the assessment of the status quo of IoT, the research found that AI and AR together can address some of the limitations and issues of IoT, enabling manufacturing companies to solve some of their key problems, such as inefficiencies in the use of resources and downtime. Based on the architectural framework illustrated in Figure 1, the research explored the technological components of the convergence and the community of players involved in developing it.

 Figure 1: Architectural Framework for the Convergence of IoT-AI-AR (source: AREA).

Figure 1: Architectural Framework for the Convergence of IoT-AI-AR (source: AREA).

In the architecture proposed, the complexity of an IoT solution made of devices, connectivity, and an Industrial IoT platform is increased by the addition of an Industrial AI/Machine Language platform and an AR platform. 

Successful Proofs of Concepts Are Creating Momentum Around IoT-AI-AR

Despite the architectural complexity, the research (based on extensive interaction with vendors and adopters) revealed strong enthusiasm within an IoT-AI-AR community still in development and, sometimes, surprisingly disconnected. Successful proofs of concepts are driving that enthusiasm and creating momentum around the theme. The proofs of concept affirm the hypothesis of this research: that the convergence of IoT-AI-AR successfully addresses important manufacturing problems and enhances the potential of an IoT deployment in an industrial setting.

Organizational and Market Challenges Are the Major Concern

Despite the successful projects, the adoption of IoT-AI-AR-based projects is still at an early stage. There are technological challenges to overcome. The IoT-AI-AR community is less worried about technology and more concerned about the business and organizational implications of introducing those technologies in the enterprise.

For example, there is a common view that the current lack of AR device choices is a challenge, but there is also the confidence that this challenge will be solved within two years. Another issue is organizations’ data readiness to run ML algorithms for predictive solutions, but again, the community is convinced that the situation is improving and soon several organizations will be ready for ML in cloud and edge environments. Even on the security side, despite being a top concern, the community is confident in its maturity.

But that confidence diminishes when the issue becomes more organizational and business-oriented, such as the perception of privacy and control among workers wearing AR devices or developing business models for the enterprise when the current AR business models are tailored for the consumer market.

Changing the Narrative Around IoT-AI-AR and Reinforcing Collaboration Through Ecosystems

It appears that the community is bound by its shared trust in technological progress but disconnected on the rest of the issues with no answers to address them. That disconnection is slowing the speed of adoption even though the proofs of concepts demonstrated that the convergence of IoT-AI-AR can solve manufacturing companies’ issues and introduce new and better ways of working. Considering all this, the conclusion of the report almost put aside technology, trusting in the extraordinary innovation capabilities of the community, to instead focus on some key organizational and business messages. Among them, there are two important messages to highlight:

  • The narrative around IoT-AI-AR is a narrative of fear, the fear of automation and of the loss of any role for humans. This narrative is wrong and needs to be overturned. The convergence of IoT-AI-AR, like other technological developments, is being explored to solve problems, to reduce the role of humans in dangerous activities, and to enhance their working roles to allow for more intellectual activities. That change of narrative needs to come with a strong educational program.
  • The convergence of IoT-AI-AR will come only when IoT-AI-AR ecosystems are formed. Innovation and market collaborations become essential for overcoming the challenges discussed.

Conclusion – Inter-Alliance Collaboration Will Help Advance IoT-AI-AR Convergence

The report, available exclusively to AREA members, begins to shed light on the potential applications and benefits of IoT-AI-AR convergence. There is much more to explore. That work should be done collaboratively between consortia and alliances involved in the three technological frameworks. Bringing together the AREA and alliances from the worlds of IoT and AI in a dedicated working group can help drive the development of IoT-AI-AR ecosystems, stimulate cross-discipline debates, promote best practices and tools for the design and development of IoT-AI-AR projects, and articulate a new language that positively and inclusively describes the scope of the convergence.



Saverio RomeoSaverio Romeo is Associate Lecturer at Birkbeck College on emerging technologies (IoT, blockchain, and AI) and their impact on innovation and policy. He runs modules for postgraduates and undergraduates on emerging technologies and contributes to research activities on the impact of technologies in business and society. He has almost 20 years of experience in M2M and the IoT in various positions, from analyst to adviser, from telco engineer to technology policy consultant.


Mark SageMark Sage is the Executive Director of the Augmented Reality for Enterprise Alliance (AREA). The AREA is a membership funded alliance, helping to accelerate the adoption of Augmented Reality (AR) through a comprehensive ecosystem. With a focus on creating value and ROI for its members, his goal is to develop a robust and active ecosystem for AR. His background includes a strong interest in mobile, AR, VR, and IoT and he is excited to work with enterprises, providers and research organizations to the benefit and growth of the AR within the enterprise.



How Li-Fi Is Set to Revolutionize the Smart Buildings and Smart Cities

Livia Rosu
November 21, 2019


Light Communications, also known as Light Fidelity (Li-Fi), is a technology that allows data transfer over light signals, enabling high speed internet access for specific indoor use cases. It is based on the Light Emitting Diode (LED) and can be used to send or receive data between Li-Fi transmitters and Li-Fi receivers by using the visible light spectrum range from 380nm to 780nm.

Modulated with technology, Li-Fi is set to be the next major innovation in realizing the full potential of both the Smart Home and the Smart City. It has great potential for Smart Homes with high-density connectivity needs, especially where sensitive data needs to be transmitted between multiple connected devices within one room. The hybrid combination of a wired network with a Li-Fi wireless network can provide a secure, robust and flexible connectivity solution for any environment without requiring new infrastructure.

Light Communications (LC) technology is still in its infancy, and consumers are currently unable to buy Li-Fi systems in the same way that they could for Wi-Fi. However, ongoing work by the International Telecommunication Union (ITU) and Institute of Electrical and Electronics Engineers (IEEE) to standardize LC is bringing the industry closer to making it accessible for a variety of market segments.

Why Use Light Communications?

Li-Fi supports larger bandwidths, can act as both a source and receiver, has low power consumption, enhanced security and is easy to install. It offers no interference to existing wireless communications (e.g., Bluetooth or ZigBee). Moreover, Li-Fi can provide more accurate location information, in contrast to the existing wireless technologies.

Due to its wide range of applications, Li-Fi has the potential to eliminate the need for other wireless technologies such as Infrared and Bluetooth. The light spectrum provides low latency and avoids the kind of disruption that can often happen with the radio frequency spectrum during congested periods.

Li-Fi also does not require a license to use the spectrum of visible light, providing instead an alternative method of data communication that does not add to the demand for radio frequency spectrum, which is needed for Wi-Fi and cellular radio systems. Radiofrequency spectrum is a finite resource, and the increasing number of wireless applications that need spectrum means that alternatives need to be found. Li-Fi is one of these solutions.

Potential applications of Light Communications include vehicle to vehicle communication, robots in hospitals, underwater communication, and information displayed on signboards. It also has applications in areas that are sensitive to electromagnetic waves, such as aircrafts and hospitals where radio signals (such as those used by mobile phones) otherwise interfere with the waves of other machines.


The primary benefit of Li-Fi is that the signals cannot pass through walls – something that is often seen as a downfall for other technologies. This dramatically increases the security of any communication using Li-Fi, as it cannot be interfered with by anyone outside of the room where the signals are occurring.

In situations where sensitive data needs to be transmitted between multiple connected devices within one room, Li-Fi is the ideal technology to use. This is because the light spectrum has a low power consumption, offers enhanced security and is easy to install.

In other words, for environments that require a high level of security such as schools and hospitals, Li-Fi reduces electromagnetic interference, therefore not affecting sensitive devices. For airports or government buildings, where there is more sensitive information that could be a target of a cyberattack, Li-Fi eliminates the risk of data interception by outsiders which are out of sight, therefore offering a vastly enhanced security platform.

Li-Fi and Wi-Fi

Li-Fi and Wi-Fi are both wireless technologies that complement each other and can be used together in smart buildings and smart transport topologies to provide the users with a wide range of benefits.

Wi-Fi provides the user with greater freedom of movement, as Wi-Fi signals can extend throughout the home and through walls, to ensure complete coverage for consumers in the home. This is suited to scenarios where the user is moving throughout the building and needs to maintain a connection.

In contrast, Li-Fi requires a line of sight between a lightbulb LED transceiver and a connected device. In circumstances where communication channels need to carry more sensitive information that could be a target of cyberattacks, Li-Fi offers a vastly enhanced security platform.

How Does This Impact Service Providers?

Li-Fi significantly reduces the need for expensive, time-consuming and disruptive laying of cables. Instead, the LED-powered Li-Fi connections can be used to beam data directly to the destination. This could be used for example with office buildings, allowing data transfer without needing to lay additional cables from one access point to another.

Traffic management is also an area where Li-Fi has a lot of potential applications. The large amounts of data that is transferred over public Wi-Fi are neither secure nor capable of effectively managing the network traffic. Li-Fi could allow for both vehicle-to-vehicle and vehicle-to-infrastructure communications enabling tremendous opportunities for the smart transport market. Using a vehicle’s headlights and the LED lighting in traffic lights, citywide traffic management systems could collate and distribute live traffic data to reduce congestion and prevent accidents on the roads.

The Future of Light Communications

The Li-Fi market is growing at an unprecedented rate and is expected to exceed ten billion devices by 2023. The Smart Grid market is also expected to grow from 23.8 billion USD to 61.3 billion USD by 2023, to facilitate smart cities’ evolution.

For Light Communication to reach its full connectivity potential, in-premises networking must provide a strong backbone for the access points. HomeGrid Forum’s wireline technology provides the most reliable backbone for both Li-Fi and Wi-Fi media, according to each use case and the corresponding requirements.

As technology is driving forward at such rapid speed, the potential for Li-Fi is enormous. Consumers are going through a period of unparalleled change. It is no longer just about connected devices, but a whole new suite of applications that will be delivered by a range of technologies, of which Li-Fi is set to be key. Li-Fi technology will be vital in making wireless connectivity more secure due to its unique capability to support specific use cases and eliminate common issues in environments – particularly where there are concerns surrounding security.

Over the next few years, we can expect to see further developments, with the emergence of Li-Fi products into the consumer market, together with the provisioning of Li-Fi connectivity for smart buildings and smart vehicles. HomeGrid Forum has already started working on a certification for Li-Fi high-speed indoor optical wireless communication products and as the benefits of Li-Fi become more widely acknowledged the possibility of the technology will increase exponentially.


  1. “LiFi Technology”
  2. “Data at the speed of light – HomeGrid Forum sees VLC technology as the latest development in the Smart Home/City revolution supported by”
  3. “HomeGrid Forum lays out roadmap for a secure wireless connected future with Light Communication”


Livia RosuLivia Rosu is the Chair of the Marketing Working Group of the HomeGrid Forum and has been on the Board of Directors since 2014. She is a Computer Science engineer with 18 years of business development experience in the telecommunications industry, dedicated to semiconductors and the standardization of revolutionary technologies ranging from Smart Cards to Smart Cities. Livia has built a strong knowledge of industry associations having previously worked for MaxLinear, Marvell Semiconductor, ETSI, PSO Protocol Council of ICANN, the ISG by the EC-POP and the ISOC-AC. Livia received an MBA from EDHEC Business School in France in 1999. She holds a Masters in Computer Science and Internet Security (M.Sc., 1997) and a Bachelor of Science degree with Honours in Automation Engineering and Network Management (B.Sc., 1996) from Polytechnic University of Romania with scholarship award from France. Livia is fluent in 6 languages.