internet-of-everything

Ad Infinitum – Internet For Everything

Internet For Everything

The hypothesis that a new Internet-for-everything society will come, as it is desired by the fundamentalists, is in fact very weak, not to say improbable” —Philippe Breton

Despite what Breton wrote in 2011, small devices across the globe are increasingly capable of fully qualified networking. This technological advancement of small, autonomous devices equipped with adequate sensors builds up the foundation for the Internet of Things. What Breton was pointing out is that this development is like a Trojan horse, incurring massive social implications. His key message was that this transformation of society is largely unquestioned. Under the populistic notion of practicality, the issue is presented as inevitable, despite the challenges it poses to the core values of his society as he expresses them: the Law, Speech and the Individual.

Clearly, with its close connection to contemporary globalization, the increasing number of tiny, autonomous devices operating throughout society will also raise concerns and research questions about security, privacy and ethical matters. Consequently, there is more and more research published on the technical security of these devices, the networking between them, and their backend systems. Take for example what Hossain, Fotouhi and Hasan contributed in their recent paper for IEEE World Congress. While technical solutions essentially and comprehensively identify and classify the parts and their interconnected links, they leave out the important questions of “who governs” and “whose security”.

Furthermore, technical maneuvers rarely bring about direct financial advantages for businesses.

Backdoor in the refrigerator

future-techThe technical vulnerabilities of interconnected devices are often explained using rather abstract, if not surreal, scenarios. Yet the fact is that networked small devices often provide new injection points for various rogue actors, and also generate new business for security appliance providers.

These fictional examples are often reinforced by referring to more severe environments like healthcare, industrial or military appliances where a backdoor in one small device could compromise the whole system. Many nations are presenting these threats as real, and investing in research both to identify them and sometimes also to gain offensive capabilities. As the basis of the Westphalian State is to be in possession of the ultimate coercive force, the local law enforcement office eagerly wants to secure their ability to invade your fridge. The armed forces, on the other hand, might want to do the same thing abroad for the sake of national security.

The threat is not that far-fetched, as recent headlines have demonstrated how innocent game consoles were used for plot against the sovereign. While competent security agencies are well aware that state security involves much more than taking away or intercepting digital toys, this kind of headline incurs huge value for the securitizing process in the public mind.

Global Business Infrastructure

The fundamental aims when securing any information system are to ensure that the data stays coherent, confidentiality is not lost and the data is available when needed. While these and any derived requirements are commonly implemented today in traditional web applications and infrastructure, by definition, the complex and evolving IoT has some particular restrictive characteristics. Yet for global businesses, and indeed, as noted, increasingly for states too, it is essential that they and their customers are able to operate safely in the world of Things.

tech evolution

Many devices in the mesh-like network of Things are expected to be rather autonomous, and yet need to be in connection with other devices. As such, a backend system is usually included in the architecture, to coordinate communication across the devices. While useful from the point of view
of the application, this kind of dependence and transfer of data will introduce an expansion of the borders of the IoT security domain. While completely autonomous devices could conceptually be developed, in practice, business and legal requirements often lead to practical hybrid solutions, where parts of the application and data are stored on the device and parts are shared across the network.

Perhaps one of the most widely spread IoT-like systems is the RFID or biometric passport. Capable of storing essential details and getting power over the air, it contains essential cryptographic features to ensure that gates at the border are not easily led astray.

biometric-passports

(Image Source: Automatic Border Control Process – Wikipedia)

Active chips are equipped with an internal power source, so that they can initiate communication as well. While they are forerunners on the market of Things, these small devices have also been known to be tragic examples of failures of security. Setting up a trivial antenna on the street could initiate connection to any passport within range, and by knowing or guessing its password, gain access to personal details. While the feature is apparently designed for the border gates, it demonstrates the practical dangers of building backdoors in the Internet of Things.

By Kristo Helasvuo

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading programs.

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords Simple passwords are no longer safe to use online. John Barco, vice president of Global ...
Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Private Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle ...
Five Reasons Why Machine Learning Needs To Make Resumes Obsolete

Five Reasons Why Machine Learning Needs To Make Resumes Obsolete

Machine Learning Needs To Make Resumes Obsolete Hiring companies nationwide miss out on 50% or more of qualified candidates and ...
Common Cloud Mistakes - And How To Avoid Them

Common Cloud Mistakes – And How To Avoid Them

Common Cloud Mistakes One of the first lessons in order to avoid common cloud mistakes with anyone entering the tech ...
Four Trends and Realities Confronting Security Today

Four Trends and Realities Confronting Security Today

Realities Confronting Security Today, the number of attempted data breaches, cyber attacks, and other bad behavior by bad actors continues ...
Secure Business Agility

Contrary to popular belief, a pro-privacy stance is good for business

Pro-Privacy Stance Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the ...
Amazon, MLB add machine-learned stats to cloud deal

Amazon, MLB add machine-learned stats to cloud deal

SAN FRANCISCO (Reuters) - Amazon.com Inc will provide a new set of real-time statistics and graphics on live baseball games later this season, expanding its cloud computing deal with U.S. Major League Baseball, the two ...
Netflix subscriber slip hints at 'lumpy' road ahead

Netflix subscriber slip hints at ‘lumpy’ road ahead

(Reuters) - Shares of Netflix Inc fell 13 percent on Tuesday after it reported a surprise shortfall in subscriber additions for a second quarter marked by the lack of a blockbuster new show and the ...
Google hit with record $5 billion EU antitrust fine

Google hit with record $5 billion EU antitrust fine

EU regulators hit Google with a record 4.34 billion euros ($5 billion) antitrust fine on Wednesday for using its Android mobile operating system to squeeze out rivals. The penalty is nearly double the previous record ...