By Jimmy Jones, Head Of Security – ZARIOT
When companies significantly scale, almost all key considerations of IoT solutions are directly impacted. Discover why companies cannot be blasé.
Today we are blasé when reading about 30.9 billion connected IoT devices by 2025, but these are numbers usually reserved to describe “Voyager” space missions rather than meters and doorbells. Jimmy Jones, head of security, ZARIOT, discusses why we may be too relaxed and why scale urgently needs attention.
Almost all key considerations of IoT solutions are directly impacted when you significantly scale. This means if there is any chance of significant growth, this should be central to your initial design thinking. That statement seems obvious, but it already raises the question, “how can you be sure?”
IoT solutions and devices have (in IT terms at least) incredibly long lifecycles – possibly decades – and you only have today’s information on which to make an assessment. But the world around us is changing faster than ever before; keep in mind “Alexa’s” first request was just seven years ago, so caution is prudent.
The World Is Changing Fast
IoT is becoming more complex, moving away from basic M2M silos to more comprehensive solutions, but even simple use cases are changing dramatically. Sensors are probably the simplest IoT and being integral to smart city solutions or Industry 4.0 scale is an obvious consideration, but to fully appreciate the magnitude, we must look ahead.
“Digital twin” is the ability to collect sufficient data to replicate and analyze a physical situation in a digital environment. It could be applied to anything, for example, a city transportation system or manufacturing production line. These are complex systems and therefore require astronomical amounts of data to replicate. Call to mind the video we’ve all seen of football players wearing a black suit with sensors on every angle of their bodies performing their signature moves for emulation in a computer game. Now, remember that that’s just one individual and a single movement. Cristiano Ronaldo is not having his temperature, heartbeat, and blood pressure taken at the same time. For a digital twin, any and every factor or data point could be the key, so thousands of different sensors may be needed.
All data from each device needs to be reliably transmitted, and with cabling unworkable, wireless is the only option. The decision as to which wireless technology best suits the needs of any given project must now include the impact of scale and device density beyond the normal considerations such as bandwidth needs, coverage, battery life, cost etc. The selected technology must be able to deal with a plethora of unsynchronised autonomous devices all trying to communicate, meaning it must effectively manage signal interference and display efficient error correction capabilities.
Scaling-Related Problems in Connectivity
Most likely, within expansive deployments, such as a factory, there would be multiple access technologies, e.g., WiFi security cameras, Bluetooth door access etc. For the vast number of sensors and meters, though, we can probably focus on LPWAN.
Most LPWAN technologies work in the unlicensed spectrum, which means it is open to anyone to use, as opposed to licensed spectrum, where bandwidth is strictly allocated by the appropriate government body. There is more bandwidth available in the licensed spectrum, but it is still precious and fetches an eye-watering amount of money. The FCC sold a portion of 5G bandwidth for $81 billion earlier this year.
Within the unlicensed spectrum, there are multiple technologies using various techniques, each affected differently by scale.
“Ultra-narrow band” maximizes efficiency by shrinking the signal bandwidth as small as possible; this facilitates more communication channels in any given frequency. Sigfox uses this technique. At a high scale, its issue is caused by the time it takes to transmit data via this restricted bandwidth, which can amount to seconds. The longer the communication is taking place, the more likely it is that there will be interference from other devices, thereby driving down the quality of service.
LoRa is a very popular LPWAN technology and uses “Spread Spectrum”, a technique famously patented by Hollywood actress Hedy Lamarr. It involves continually changing the frequency of the narrowband signal, utilizing Ms. Lamarr’s observation that you can maintain communication performance by injecting more bandwidth. This is an inefficient use of bandwidth, creating more noise in an already congested environment. There are additional mitigation techniques using different spreading factors and bandwidth combinations (or simply more receivers), but this can dramatically increase network complexity.
Quality of service in both “ultra-narrow band” and “Spread Spectrum” is further impacted as they use asynchronous communication, i.e., data is not transmitted at regular intervals. Retransmission is an option to overcome this but aggravates the congestion issue.
In the unlicensed spectrum, the only technique derived from a standards body is “Telegram Splitting”, which follows ETSI-TS-103-357 and entails dividing an ultra-narrowband telegram into sub-packets and sending them at random frequencies and times. This reduces the time and the bandwidth used in data transmission and when combined with forward error correction, the susceptibility to interference. MIoTY utilizes this technique.
In the licensed spectrum, everything is standards-based, underpinned by established cellular technologies, which provides excellent quality of service. NB-IoT is the cellular LPWAN technology but both NB-IoT and LTE-M, used for IoT requiring higher bandwidths, are backward-compatible to 5G. This is important as 5G’s massive Machine Type Communication (mMTC) released in 2022 will improve the device development density and power consumption, bringing these elements in line with non-licensed technologies. Cost point has always been an issue with cellular, but this should also be addressed with 5G’s more effective network architecture to support IoT and other advances such as moving to eSIM/iSIM.
Massive scale presents other problems beyond connectivity, such as supply chain control, device management and security.
Scaling-Related Problems Beyond Connectivity
Device manufacturing must provide quality and be cost-effective but also plays a critical role in end-to-end security. Devices must secure their communications and be individually identifiable to allow proper network authentication and management. To achieve this, the factory should enable a tamper-proof “root of trust”. This contains unique cryptographic keys to secure communication and other processes such as booting.
Keys must be unique and randomized. Replicated or predictable keys enable a single breach to compromise an entire ecosystem, with scale greatly amplifying the problem.
Security can never be guaranteed, so appropriate monitoring and analytics, able to identify unexpected behavior in the large complex environment is a must. This should be coupled with good management systems and policies to respond and resolve issues, remove devices when damaged and replaced, and security patching.
Scale impacts the IoT ecosystem again by necessitating encryption and enhanced data security. More devices means more data. This data in isolation may not be a problem. But when combined and processed, possibly using AI or Machine Learning to build insight, seemingly innocuous information could be enriched to become subject to GDPR, HIPAA, or similar legislation.
IoT is expected to have an $11 trillion impact on the global economy by 2025, necessitating governments to foster and protect the digital economy. So, anticipate more standards and compliance certification and expect them to be more stringently enforced. Legislation on 5G security is already in place in the UK with the EU about to ratify IoT device security obligations next quarter, expect more to follow.
Scale affects every aspect of IoT from initial design to maintenance strategies, even how you decommission massive install bases. We cannot afford to be blasé.
Originally published on Toolbox