IOT stands for the internet of things, which is a system of interrelated computing devices and machines around us where the machine generated data is collected over a network without human interference and processed to get insights for decision making in real time.
I am part of a generation who can say that,
The only thing in my house that was connected to the network was my PC 😀
In 2014, 3.8 billion devices were connected to the internet, By 2015 it became 5 billion in which majority were smartphones and tablet with the increasing services of IOT products to help man make decisions on the go, it is estimated that by 2020 we will be having around 20 billion devices on the internet which may start from your coffee machine to the bed in which you rest.
All these concepts of remote control, better insights, internet automation of things around us sounds really exciting and makes people think about ideas which were only possible in dreams . For example, the Car would know your schedule of the client meeting and then automatically prepare your calendar so that you can be on time for the meeting with respect to the traffic and other associated data.
Think about the IOT machines in DAMS, Powerplants, Cars, manufacturing plants etc and the kind of access the services will possess over the human decisions.
But !! All these real time features are possible only with the exchange of human access to these machines
I am not trying to impart fear in the hearts of people, but trying to ask them question which is,
What’s gonna be our complex trade off of our data for these IOT services ??
There are huge security risks involved with these IOT machines and people/organizations have not been able to establish proper channels for coming up with product designs and privacy guidelines.
There’s so much of confusion in the air with respect to the IOT architecture that people use or the standards that people can verify their IOT services with.
In this blog, I am gonna address few of these issues with a futuristic perspective.
IOT field being so interdisciplinary is the main reason companies/organizations have not been able to come to a conclusion, people fear that their business opportunities down the road may be in trouble when such standards and policies come into place.
The above statement is not an allegation it’s the ground truth that policies may restrict few data parameters to companies and we all know that,
DATA is the new Oil 😛
The recent incident of IOT Mirai bot which took down Krebs and launched a Tbps DDoS Attack on OVH. Security researchers claim that the bot was not a very complex code, it just used telnet with the default passwords of the vendor to access the IOT devices.
These incidents are just a teaser to what could happen .. we definitely need to get more responsible in the way the IOT devices function.
We need new ideas and paradigm that have to arise for the security space of IOT and solving these complex problems, we cannot use the same authentication as we did for our web services. These new implementations must look into all levels of the architecture starting from the hardware to the service running in the cloud.
Biometric verification really excites me 🙂 but still scratching my head how can I leverage it completely
Another thing I want to bring up is USER TRACKING in the space of privacy, I am not just gonna talk about website user tracking, but think of user tracking in real time situation via voice, CCTV cameras etc without the user even knowing it. (Ohh .. this scares the hell outta me)
Products such as Facebook, Amazon Alexa, Google home and all our smart devices are collecting so much of data. I just have a few questions for all of them,
- Do these services need all these multiple data points ?
- What else are these service providers doing with my data ?
- Are they engaging with me in any form to improve their services ?
- Do they keep their customers informed about their back-end activities in terms which they understand ?
Let me give you an example for all of the above I feel (these are my personal hypothesis) whenever we interact with intelligent application such as Facebook or Google assistant we are making their services better by correcting algorithm output which helps them to train their machine learning models to improve its services (now think of facebook image tagging and google photos) now does it make sense like how this magic is happening to people getting their photos tagged automatically.
Based on the above questions I have compiled a list of privacy policies and security tools for the future which can potentially help improving people’s privacy and bring more standards for security verifications etc.
Future IOT Privacy policies :-
Standardization of IOT data
Currently, apps ask for user permission of GPS, camera, storage etc but going ahead we need IOT frontends asking people like are you okay sharing the voice data for sentimental analysis ?
These are the kinds of user clarity I am talking about in order to keep the user privacy first !!
Users should be aware why particular service provider needs the data and for what all processes is using the data.
Violation of the above is what’s happening now when you upload an image or voice data, companies right now are using it to improve their services across many verticals, this should stop immediately because of the fact that people didn’t sign up for that.
Authorize only feature vectors – certain data features only !!
IOT devices should guarantee to record only the particular features of the real-time information which is required for providing a particular service.
Encryption of data packets, to ensure user preferences of data sharing in the IOT device. A new network layer service running to ensure the only user selected data features are being transferred and block/ report to the user if the IOT devices are violating any user preferences.
SSL kinda handshake for IOT devices, this is an intelligent service which is going to ensure that packets coming in via the bridge have information for which the companies has purchased data certificates, for example only voice data features will be permitted via this connection. Don’t know if this is possible but just a fantasy.
Symbols to indicate services are running in IOT devices
In public areas, if people are having IOT devices performing some services, I ask them to inform the people with a symbol over the device by which people can understand that these are not just regular devices and it’s up to them whether to be part of the data collected by the IOT device.
Community should invest in open data
The problem I am trying to solve here is the space of decentralization, the algorithm as microservice has been trending in the market where we can plug these epi’s and make our product more intelligent with the data which is coming in, but only a few players in the market are actually giving human level accuracy.
For decentralization to happen we need people coming up and contributing to open data so that researchers can utilize it, to make microservices which are open and accessible to all.
Future IOT Security and architecture :-
Biometric verification of the data being sent it’s like we need protocols and certificates which can be incorporated with the data features in order to provide higher security and encryption.
Based on all of these factors I have started an open project name OpenIOT, where the aim is to create a community of people to make the above tools come true, create architectures for IOT using open source tools/software and make POC’s for the policies by which companies/organizations can give it a try.
OpenIOT architectures is a simple DevOps repo in which IOT app developers can scale and create secure production environments (research in progress) .
Thanks for reading my 1000+ words blog 🙂
Reading and link list :-
IOT Mirai bot :
Web privacy blog :
Picture in this blog is taken from Google images