A year or two ago security in the Internet of Things was at the top of few people’s minds. Perhaps it should have been. Now IoT security is a hot topic as editor-in-chief, Jeremy Cowan found when he talked to Zach Shelby, director of the IoT Business Unit at ARM, a multinational semiconductor and software design company based in Cambridge, UK.
M2M Now: In the last few months Application Security has arrived centre stage as a consideration for enterprises launching M2M and IoT? Why the sudden focus? Is it more important than before? Or are services more vulnerable than before?
Zach Shelby: New security threats are emerging every day – from malware programs that can be inadvertently installed on a user’s machine, to phishing attempts that deceive employees into giving up confidential information, to viruses, worms, and strategic identity theft attempts. Embedded devices brought to market in the past were rarely designed to be hooked up to the internet, and its associated security threats, and did not take even basic precautions. That is the root cause of most embedded device security issues being uncovered today.
Security is imperative when we talk about connecting 50 billion devices on the internet. For this reason, and lessons learned from past embedded device security shortcomings, security is centre stage as it very well should be.
M2M Now: How can ARM help to deliver greater security for IoT users and service providers?
ZS: IoT is a heterogeneous system with several hardware and software components from devices to infrastructure and services. IoT devices need to trust services and vice versa. For that to happen we need to secure the device, networks and the services running on top of them.
ARM is well known for providing key technology that enables security mechanisms in mobile such as TrustZone. We recently announced the ARM mbed platform, which will include security components required for creating secure devices and using them with services in a trusted manner. Key features of this include device asset protection, key management, secure boot loading and TLS-based public-key communication security.
M2M Now: What other steps should the industry be taking to protect its customers and its future?
In general, the industry needs to make security technology widely available and included by default, not as a specialised high-cost addition. Choosing the right architecture for IoT – IP to the edge will help end to end security. As people introduced protocol translation gateways in the past they introduced vulnerability in the system.
The use of open standards will make security threats better understood. Reliable authentication of devices and appropriate security controls are needed, as are encrypted data processing and secure communication channels.
M2M Now: Can Standards bodies ever catch up with IoT developments, or should the industry rely instead on platforms such as the ARM mbed IoT Device Platform?
ZS: Just like the internet, the Internet of Things is made up of standards-based building blocks, most of which are already available, well understood and mature. The challenge today is not a lack of standards, but how we get quality implementations of standards integrated into complete solutions into the hands of developers making products and services. The ARM mbed platform simply gets key IoT security and communication standards into the hands of those developers as an end-to-end solution that is easily accessible.
M2M Now: How significant for IoT growth are developments such as the GSMA’s recently announced Embedded SIM specification or initiatives from oneM2M, Alljoin, ETSI, etc.?
ZS: To cover a wide range of IoT applications we need a wide range of alliances and standards. Some of these alliances and standards will become very relevant and some of them will fade away. Just like the evolution of the internet we will see that the open standards will drive IoT growth.
The most significant standards that we see today are the widely applicable security and communications standards from the IETF (Internet Engineering Task Force) and device management from the OMA (Open Mobile Alliance) that apply to almost any IoT system. In addition some solutions are applicable to certain network technologies (e.g. Embedded SIM), ad-hoc networking (e.g. Alljoyn and DLNA) or telecom operators (OneM2M).
M2M Now: How do you expect value chains and ecosystems to evolve in the IoT over the next two years?
ZS: We are already seeing wider adoption of IoT technology in enterprise sectors, in particular related to Smart Cities. Broader consumer adoption in the Smart Home is expected to pick up during 2015 and 2016 as we make the technology more easily accessible to innovators. The key driving factors will be:
- Efficiency improvement to drive down the cost of operation
- Emerging new business models based upon the new insights/intelligence gathered from the sensor data. For example, some companies are already starting to offer Product + Service business models.
- We will see that tools and technology to build IoT systems become widely available and easily accessible
- We will see many start-ups – both on the device side as well as service side. Currently the industry is stuck in value-chain silos so it’s hard to build orthogonal solutions spanning across various vertical markets. We will see many new orthogonal applications that we haven’t thought about.
- Standards are reaching a level of maturity and understanding in IoT that allows companies to bring systems to market with more confidence and less engineering effort
M2M Now: Will most IoT ecosystems be a partnership of equals or will they be dominated by one party, such as system integrators or network operators?
ZS: IoT market segments are very heterogeneous, which will make it hard for any one party to really enable growth. Instead we are seeing the emergence of peer-based ecosystems that include players from the entire value chain. A great example is the mbed Ecosystem ARM announced in October together with silicon vendors, system integrators, telecom vendors, OEMs (original equipment manufacturers) and both small and large cloud providers.
M2M Now: Thank you, Zach.
Zach Shelby is director of Technical Marketing,
ARM Internet of Things Business Unit.