Data on the cloud provides an ease of use. We can access it over our phone, tablet, laptop or any other computing device. This ease of working on the data from any device also brings along with several questions, the biggest of which being, Is my data secure from unauthorised access?
There have been many instances where we have had technology without a good use case wherein to use them, while on the other hand there have been a lot of use cases which lacked proper supporting technology. So, let’s take a step back and look at how these technologies evolve over the years and mitigate our security concerns.
Communication through the years
If we go back ten years and look at electronics, it would be hard to find connected devices. We mostly had standalone devices that would function properly on their own, and required hard-wired connections. Coming back to today, “It is hard to find an unconnected device. There is some sort of communication standard implemented in every device,” says Ashwin Ramachandra VP and head engineering R&D, Sasken Communication Technologies.
Connecting for a greater purpose
When we look at devices that will be connected in the future, they will most likely be connected for a purpose. “This purpose is not going to be sending mails, or checking Whatsapp. That purpose is going to be very from what we have today. A lot of communication in the future is going to be about status updates,” adds Ramachandra.
These include device functioning, their parameters and such. If you set updates periodically, it will only work when there is an alarm. These devices that connect will not be working at our whims, and will be automatic. The setting up or evolution of other communication standards hence becomes another very important factor. Once these devices start connecting on a large scale, there will a different set of rules for these devices. People will still want multiple gigabits in their devices, but these devices will be governed by a different set of rules. This leads to a third point to be considered about the rules for this newer connectivity.
Developing connection standards
Today we have Wi-Fi and Bluetooth as the stable standards for general-purpose short-range communication. Their use cases are no mystery. But when we bring in IoT and the expected number of devices in billions, we require a newer set of standards capable of handling the added number of devices efficiently.
These standards for communication need to be refined and that is the primary change that has happened over the last five years. At present, we have multiple channels to communicate starting from Near Field Communication (NFC) and Bluetooth for very short distance, to Wi-Fi and Long Range Wide Area Network (LoRaWAN) for medium distances.
Consider a use case
Any technology is primarily guided by the motivation for implementation, that is the number of use cases. Let’s say we require a wireless security camera for surveillance. Now we can’t connect it to ZigBee, as the camera would require higher bandwidth than provided by ZigBee. For such applications, a Wi-Fi network makes more sense. Such use cases typically govern the implementation of such technology.
IoT and communication standards
The current sellers provide two technologies on the same chip. One of them is generally a short-range communication technology whereas the other constitutes a medium range tech, with cellular services covering the long-range communication standards.
With the increase of IoT devices, “we will have more and more focused chips coming up,” says Ramachandra. IoT calls for smaller bandwidth applications, as most of the transmissions are updates and switching signals.
NFC is coming up as a major proponent in terms of IoT devices. Some of the features that make a good option are the data security, and the ability to connect unconnected devices. The ease of use and user control over usage are already established factors.
“Today NFC chips come in two variants, one is the standalone one found in payment gateways etc. while the other is the combo one available as part of Bluetooth or Wi-Fi module,” further adds Ramachandra. The second module caters to the current market segment very well, as the demand for multiple technologies on a single chip is high.
IoT is expected to hit anywhere between 20 to 50 billion devices. “At this point it becomes meaningful to make a chip that supports just the one communication technology,” adds Ramachandra.
Another technology that makes sense, considering the number of electronic devices in the future, is LoRaWAN. We have cases of things being connected to a LoRa network that are making lives easier. From a simple case of bicycle theft to life saving flood warning systems, LoRaWAN is making waves in terms of application usability. However the true potential is yet to be seen as the adoption is slow. Unless LoRaWAN undergoes communication on a regular basis, and prove sturdy, the adoption will be gradual.
Z-Wave is another wireless communications protocol being used for home automation. Oriented to residential control and automation market it is intended to provide a simple and reliable method for lighting control, HVAC, security systems, home cinema, automated window treatments, swimming pool and spa controls, and garage and home access controls.
Z-Wave uses a source-routed mesh network architecture and is more prevalent among hobbyists. The devices can communicate to one another by intermediate nodes to circumvent household obstacles or radio dead spots that might occur in a house.
Another recent collaboration between the ZigBee alliance and the Thread group to provide an interoperable solution for streamline product development, will be also something to look forward to. Ultimately the requirement is to improve the consumer’s experience in a connected home.
Considerations for development
From the developer point of view, developing devices that cater to IoT enthusiasts becomes an important factor. With the ever-increasing rise in connectivity there is also the need to look into security of these connections. “For the development we are effectively looking at the cost power utilization and hence you look at how secure the technology is,” adds Ramachandra.
A good thing is a lot of software that is coming out today is open source. So the bigger challenge would be productisation that is making sure that thing works. “The challenges on the digital front are much more simpler in terms of implementing these solutions. This goes extremely complex on the RF front, where there is a completely different set of challenges like antennae design.” says Ramachandra.
Size of the chip is another factor of consideration. For an OEM manufacturer, the smaller the size of the chip, the larger the battery they can put in. Hence the size is due in fact to the use case.
Security in Communication
Today we have NFC being used in vehicle safety. There is a small NFC tag provided along some phones, which switches your cellphone to silent mode while you are driving, hence preventing or reducing accidents. Leading RFID tag makers are already investing in the area of making RFID more secure. These tags are already being used in passports for the past decade.
The hacking problem
NFC goes active only when you want it to. The chip isn’t even working during standby mode. It activates for instance when you checkout at a retail store using their NFC terminal.
So, even if a hacker got close enough at the right moment, hacking into your phone via NFC would require some heavy mental acuity. NFC signals are extremely sensitive in terms of direction as well. if you turn your phone slightly, it won’t be able to read the smart tag. So for somebody to somehow catch your signal, would require heavy manoeuvring just to get the hacking device’s antenna exactly right. Cracking the signal is secondary.
Evidently the standards are still evolving
A vulnerability with the system in was uncovered in AES-encrypted Z-Wave door locks. These could be remotely exploited to unlock doors without even the knowledge of the encryption keys, and due to the changed keys, subsequent network messages, like “door is open”, would be ignored by the network. This vulnerability however ended up being an implementation error rather than a flaw in the Z-Wave protocol specification.
The security levels infrastructure is based on CCM, which adds encryption- and integrity-only features to CCM. If sources are to be believed, Zigbee Home Automation 1.2 uses fallback keys for encryption negotiation which are known and cannot be changed. This makes encryption highly vulnerable. But hopes are still high and probably newer editions of the system can take care of the errors.
Addressing the data security concerns
The primary focus has been changing from personal communication to things communication. “What we believe is that it is going to be an incredibly connected world. So there are going to be four or five standards in the initial four to six years, before you get back to established one or two main technologies.”
When things were stand alone, nobody cared about security. All we had to do for security was to lock the device in a safe and be done with it. “The moment you connect it to some network, the data on it becomes accessible,” adds Ramachandra. The moment the data on a particular device becomes available, you have to worry if the data is restricted or not, If you don’t implement suitable measures, you risk the big danger of getting hacked.