I originally wrote the following article in March of 2014 as Chairwoman of the AllSeen Alliance. I think it is just as relevant today as it was back then. Perhaps even more so now…
SECURITY SHOULD BE TOP OF MIND FOR ANYONE BUILDING A CONNECTED DEVICE
Devices do not need to be connected to the internet, to make them “smart”. The Internet of Everything does not require that everything needs to be connected to the Internet.
How many light sockets do you have in your home? How about electrical outlets? On top of that, how many kitchen appliances, HVAC/thermostats, entertainment devices, audio devices, gaming stations and other smart devices do you have in your home? For the average home owner, this count is getting quite high.
As all of these things start to get “connected,” many are raising questions about security and privacy. Indeed, there is no lack of stories about baby monitors being hacked, smart toilets being controlled remotely, and even home automation hubs being attacked which give hackers access to everything from your doors to your lights, IP cameras and thermostats. And in article after article from this year’s CES show in Vegas, pundits pontificate about the security risks posed by the Internet of Things. Many agree that if an object is connected to the Internet, it can be discovered and hacked.
So why does the industry continue to think that the only way to make a device “smart” is to connect it to the Internet? Why does each bulb, each plug, each appliance, each door lock need its own Internet connection?
Here’s a shocker: The Internet of Everything does not require that everything needs to be connected to the Internet. What if devices could discover, connect and interact with one another simply because they’re near each other, and a distributed system could enable some devices to keep all communications local while others can connect out to the cloud? And what if you could decide which devices connect to the Internet and which don’t?
Here are some of the reasons everything does not need to be connected to the Internet:
1. Scalability & Architectural Flexibility
The number of things that are getting connected is large. Morgan Stanley predicts that 75 Billion devices will be connected to the Internet of Things by 2020. Cisco envisages 25 Billion devices connected by 2015, and 50 Billion by 2020. And Bosch estimates there will be 6.593 Billion devices connected to the Internet by 2015. Regardless of whose forecast you believe, it’s big. While each of these devices will likely have an IP address, the dogma that all of these connected devices will be directly accessible from the Internet should be challenged. Just as there will always be certain devices that require Internet access, there will be many devices that do not; these devices can still be “smart” and “connected” by interacting with proximal devices and perhaps even accessing the cloud through nearby gateways. We need to be smarter about how we scale the Internet of Everything. Mickey McManus, president, CEO, and principal of MAYA Design, eloquently captured this, “a world with a trillion-node network will likely even have a whole bunch of things that compute and connect, but never directly touch the Internet. If the Internet represents the main arteries, these branches will be like capillaries and veins.”
While I am excited to have a connected home which can anticipate my needs and automate my daily routines, I am not interested in having my personal, daily routine captured and tracked in some company’s cloud. I don’t, for example, want my smart door lock to send data to the Internet every time I open and close my front door. And, more importantly, I certainly don’t need my smart door lock directly accessible on the Internet or a cloud service to know every time my toilet flushes. That’s not to say that I don’t want a smart lock or a smart toilet. But, why can’t these devices be just as smart, just as intuitive, without being directly connected to the Internet or sending data out of my home? What if they can discover, connect and interact with nearby devices, on a proximal-only network? Today, many of the Internet of Everything devices are being built with cloud access because that’s the easiest and fastest way to bring to market smart devices you can control with your smartphone. Perhaps there is a better way via direct peer to peer connections. You don’t need every light bulb, every switch, to be connected to the cloud. I can have 50 connected devices that can discover and interact with one another, but of those 50 devices, what if I want 20 or 30 of them to keep their interactions local, private, and more secured?
Having 50 apps to control 70 things around your home and requiring different security passwords to access devices through each app seems unwieldy. To make things more manageable, the consumer is likely to use a single passphrase for all devices and across all apps. This may offer a dangerous exploit opportunity through identifying a single device with a poorly implemented passphrase protection. In contrast, we need a frameworkdesigned to authenticate users using global identity services supporting open protocols such as OpenID. Or optionally, a device’s owner can personally authenticate access to devices if a global ID is not used. Once authenticated, security should be designed to authorize access to not just devices, but individual interfaces made available by the device. So when you have guests visiting, you can authorize them to only have access to the thermostat for 3 days during their stay. If their flight gets cancelled and guests stay longer, their attempts to control your thermostat will fail. Or you may authorize them to only turn the thermostat on or off, but not access the interfaces that allow for setting temperature. That way, you can ensure your energy bill doesn’t get too high. Authorization and identity are very important concepts for the future of the Internet of Everything.
It all boils down to not trusting the weakest link. One bad connected device can compromise an entire network. Since all devices need to know your SSID and WPA passphrase to connect to your home network, if only one of them can be persuaded to give up that information, your home network may become wide-open to attackers. You need to ensure that your devices have the narrowest attack plane possible by providing device owners with the ability to selectively enable/disable individual devices from being accessed by Cloud services (or delivering data to the Cloud).
Security should be top of mind for anyone building a connected device. Hardened gateways, improved authentication and authorization techniques, and taking pains to reduce the attack surface of your home network can all help. There is no way to eliminate every security risk, but through careful design and intelligent architecture, it is possible to reduce the likelihood of security breaches.