IoT between passion and reason

In an excellent article published on June 25th by The Register (a media source from England), the author warns us of two major dangers facing the world of connected objects: the love of data and the security problems related to large scale production. The forecasts of many institutions are betting on an explosion of connected objects, with predictions of nearly 15 billion objects sold in a few years (other estimates are even up to 30 billion). But these objects are a key issue for all those who wish to exploit, in one way or another, the data they collect in real time and which are usually extremely personal. The volume of data generated could reach the astronomical level of 500 zettabytes by the end of 2019, as indicated by Cisco.

Therefore the main question remains: what will these operators do, these manufacturers who sell us on promises of a better life that is connected and analyzed permanently?

Iot, where are our data stored?

Where the problems begin is when you imagine storing these data somewhere: where are they and are they safe? Either they stay on the connected device, or they are retrieved and transferred to a server waiting to be analyzed. According to John Moor, the managing director of the IoT Security Foundation, while in general data security is focused on three axes: confidentiality, integrity and accessibility, for the IoT it would be necessary to focus on confidentiality and accessibility. This is because the recovered data is used for the analysis and improvement of the production systems for the company on the one hand, and the lives of people on the other hand. What would happen if, while the data remains on the object, a third party introduced itself into the integrated circuits and modified this data?

It is conceivable then that the data collected could contaminate and destroy a production unit or an app or even endanger the health of a person or an entire population (for example, by causing the shutdown of a factory or, on the contrary, causing its overheating).

Answers to protect data

One of the answers provided by the research is the PUFs (physically unclonable functions) technology developed in the hardware security modules. PUFs analyze the random electrical signals emitted by integrated circuits to produce a unique encryption key on demand that no longer needs to be stored on the device. We understand then that the hacker has no access to this key that is ephemeral and not reproducible. The problem remains the cost of integrating this technology into connected objects that, produced on an industrial scale, are offered at relatively low prices on the market.

The problems associated with transferring data from the IoT to the servers to perform the analysis are, in fact, related to the available bandwidth. If it is weak, the manufacturer or the operator will recover it later and at a slower rate, thus opening the door to piracy. But sometimes the data must be processed instantly by “computers on board”, as, for example, it is done in autonomous vehicles. It is not possible to send to the cloud the data recovered by the instruments, such as the embedded cameras, since the data is used to make decisions in real time. In this case, the manufacturer must separate the data to be analyzed “on the spot” from that which can be processed later for the purposes of performance analysis and machine learning, for example.

As we can see, there is a nascent dilemma between this desire for data and the need to distinguish between that which is indispensable for functioning and that which feeds on the projections or attempts to predict the uses and behaviors of people. Ensuring the security of the IoT may happen through a decrease in the amount of data thus recovered. At least, this is what some experts recommend to date. Too much data often leads to serious security problems.