IoT: Definition, Standards, and Security
Almost every day you can read something about Internet of Things (IoT). This market segment is defined as the next big opportunity for the electronics industry and thus for EDA. Yet many questions remain and some of them, if not answered correctly, will become stumbling blocks. Not surprisingly I found that there are professionals that share my concerns.
There are a number of issues to be solved in IoT, and unfortunately they will be solved piecemeal, as problems arise since humans are better at solving problems than at avoiding them. To address all of the possible issues and potential solutions the article would have turned into a book, so I decided to limit the topics discussed to just three for now.
IoT Still Needs a Full Definition
I asked Drew Wingard, CTO of Sonics if IoT was sufficiently well defined. His answer “Yes and no. If you think of IoT as an umbrella, it covers an incredibly wide variety of disparate applications. What is needed is some kind of characterization or taxonomy below the umbrella. For example, the I IoT is the Industrial Internet of things. IoT also includes wearables–medical wearables, other wearables…it’s multi-dimensional.” This is a great answer. it is great because it is honest, no marketing spin here. What it says to me is that at the local node level IoT is well defined. We can design and build devices that collect information, make decisions, and provide feedback in the form of controls at the local level. What is missing is the experience and thus the strongly defined architecture that defines how and where the heterogeneous data is processed into actable information. Also we need to define if and how diverse segments of IoT like wearables and automotive for example, should and how communicate and interact.
Developers of IP have of course turned their attention to the needs of IoT systems. The Tensilica group of Cadence has just announced a new product, Fusion DSP, to deal with communication and computational requirements in local IoT nodes. During the discussion they showed me how diverse IoT opportunities for IP are projected to be as shown in Figure 1.
Lauro Rizzatti, a well known verification consultant told me that ” If you ask 10 people for a definition of the Internet of Things, you’ll get 10 different descriptions. One thing is certain: IoT chip designs will need sophisticated verification tools to fully test the functionality.” This is, unfortunately, no surprise. We are still at the point where verification is a key component of design. It is human nature to fix problems, not avoid them.
Omri Lachman, co-founder & CEO of Israeli wireless charging startup Humavox, points out that “IoT is a term that is defined yet still far from resonating with end users. People may be using IoT associated devices or products but for most, the term IoT means nothing. History shows that in order to bring a revolution you need to have all relevant stakeholders in line with one overall objective in mind. IoT is probably one of the biggest life changers we’re going to see in the coming time. It is all about personalization and optimization of technologies/products/services for us as people. Connecting humans, homes, transportation with medical, industrial and enterprise environments is a huge objective to take on. In order for this revolution to succeed, all stakeholders should be involved in the education of the people. Visual aids should be created to help individuals of all life categories to easily connect the dots. Consumers need to be better educated about the endless opportunities that can fill their life by adopting IoT. Ultimately, the key here is better consumer education, better selling of the vision that IoT is expected to deliver and the creation of visual aids so anyone can easily grasp the concept.”
Vic Kulkarni, SVP & GM, RTL Power Business, ANSYS-Apache Business Unit described the IoT architecture by breaking the system in three functional parts: Sensing and Processing, Connectivity, and Storage and Analytics. The first part must deal with MEMS and RFID issues, the second with Network, Gateway, and Supervisory Logic design and verification, and the third deals with processing at the cloud and data center level. Vic thinks that revenue from IoT will divide almost equally between consumer and industrial segments, with a slight advantage of the industrial sector (52% to 48%). In the consumer segment Vic places wearables, connected cars, and connected homes. While connected cities, healthcare, oil and gas, transportation, and the industrial internet make up the bulk of the industrial segment. ANSYS is addressing the market in its electronics and semiconductor business units by providing design and analysis tools for IC, PCB, MEMS/Antenna, Thermal, and Physical Impact.
From what Dr. Kulkarni is saying it is clear that IoT is not just an electronics system, but an heterogeneous collection of diverse parts that must be assembled into a system in order to design, verify, and build the product. EDA already provides tools for power and signal integrity, but has either not yet addressed or not completely addressed Structural Reliability, Thermal, and Regulatory Compliance.
IoT Needs Standards
One of the most creative portion of my engineering career was spent creating standards within consortia and the IEEE. As the discussion about IoT heated up I became concerned with the absence of standards to interconnect the “things” to the conglomerating nodes and these to the cloud. And then I heard about the Open Interconnect Consortium (OIC).
International Data Corporation expects that the installed base of IoT will be approximately 212 billion “things” globally by the end of 2020. This is expected to include 30.1 billion installed “connected (autonomous)” things. Today, these devices are connecting to each other using multiple, and often incompatible approaches. The members of the Open Interconnect Consortium believe that in order to achieve this scale, the industry will need both the collaboration of the open source community and industry standards to drive interoperability of these devices.
Guy Martin of Samsung describes the purpose of the consortium this way: “There’s a lot of great work going on in different areas of the IoT – you’ve got digital health, obviously smart home is huge, you’ve got in-vehicle – but there’s nothing that does a really good job of connecting all of those things together. We believe that while you may have a lot of good things going on in those individual communities, the next big thing in IoT is going to be the applications that span multiple verticals. What we’re really trying to develop is the framework for that.”
OIC is the sponsor of the IoTivity Project, an open source software framework enabling seamless device-to-device connectivity to address the emerging needs of the IoT. The Consortium is recruiting other industry leaders to collaborate and join the efforts. The goal is to define a comprehensive communications framework to enable emerging applications in all key vertical markets. You can read more about the consortium at http://openinterconnect.org.
Ron Lowman, strategic marketing manager for IoT at Synopsys believes that standardization of communication protocols especially at the thing to local conglomerator nodes is either already here or will happen in a short time. He thinks that: “Everyone has their own definition of the concept of IoT, and the market has a lot of great semiconductor products for IoT including many microcontrollers with mixed-signal IP, such as 12-bit 5Msps ADCs, Bosch Sensortec & PNI’s sensor hubs, and the Intel® Curie™ module, all of which will be used in everything from wearables, smart homes and cities, and building and factory automation. Kickstarter is a great example of where to find a sample of the limitless opportunity that IoT creates. What will actually define IoT, and what is currently missing, is the massive adoption of connected products and we’re just on the brink of this larger adoption in 2015.”
It is curious that the architecture uses the term “Internet” since it does not look like the Internet protocol will be used locally, like in the intelligent home and certainly not in wearables. The natural question for Ron was: “Are local protocols already standardized? If so what are they?”
Ron responded: “Wearables obviously have seen the adoption of Bluetooth Smart as a de facto standard for a couple reasons. Companies such as EMMicro have benefited from that with their low power Bluetooth capabilities. The cost of implementation including die size, stack size and power budget, is significantly better in Bluetooth Smart than WiFi and it’s available on our most personal devices (mobile phones and tablets). Ethernet and WiFi protocols weren’t initially designed for “things” and the protocols defining “the field bus wars,” such as Modbus, were not designed to be streamed to websites, however there are a myriad of standards organizations that are tackling this problem very proactively. The important thing to note is that these standards organization’s efforts will provide an open source platform and open source abstraction layer that will enable developers and designers to focus on their key value generation to the market. Interoperability will be a reality. It will not be a single solution but a small array of solutions to fit the different needs for each IoT subsegment.”
IoT Needs Security
No one disputes that security is of paramount importance in IoT applications. When everything is connected the opportunities for mischievous and illegal activities are just too great. During my discussion with Vic Kulkarni he recalled how in 2008 it was shown that pacemaker devices could be hacked at a range of a few centimeters, that is less than one foot, but recently MIT graduate students hacked a pacemaker device at a range of 1,524 centimeters, or approximately 50 feet. Such capability enables electronic murder perpetrated by a totally anonymous killer.
Two of the most obvious reasons for hacking are: collection of information and illegal control of functionality. Vic also provided information on automobile vulnerability both to the control of an individual vehicle and to car-to-car communication for collision avoidance function.
Jason Oberg, CEO at Tortuga Logic, observes that: “With the advent of IoT, we are going to see a drastic shift in the security landscape. Attacks have already been demonstrated on embedded devices such as pace makers, automobiles, baby monitors, and even refrigerators. Most companies are trying to solve this problem purely with software security, but this is a constant cat-and-mouse game we cannot win. As IoT grows, we are seeing more software being pushed down into hardware and our modern chipsets are growing in complexity. This is driving attackers to begin focusing on hardware and, without ensuring our chipsets are built in a secure manner, these attackers will continue to succeed.”
When thinking about security I generally think about software based hacking, but breaches that use physical techniques are just as damaging. The Athena Group, Inc., a provider of security, cryptography, anti-tamper, and signal processing IP cores, has introduced a comprehensive portfolio of IP cores with side-channel attack (SCA) countermeasures, based on advanced differential power analysis (DPA) countermeasure approaches pioneered by the Cryptography Research Division of Rambus.
DPA is a type of SCA that involves monitoring variations in the electrical power consumption or electromagnetic emissions from a target device. DPA attacks are non-invasive, easily automated, and can be mounted without knowing the design of the target device. Unlike invasive tampering, electromagnetic attacks can even be performed at a distance. As an example, attacks on cell phones have been demonstrated at a range of 30 feet. DPA countermeasures are essential to protect devices that use cryptographic keys, especially sensitive defense applications that require strong anti-tamper protection of advanced electronics and commercial devices that perform high-value processing, including mobile devices and IoT endpoints.
Although I am not privy to any official information from government agencies I can develop an example of security treats from published articles, both in print and on the net. The network of cell phones is a good example of a candidate IoT. If one wants to gather information on the location and use of individual cell phones and the relationship between and among two or more such devices it can use the cell phone networks. My cell phone, for example, gathers environmental information, location, and behavioral profile as I go about my daily activities. It also records and submits to my service provider who I call, how long I talk, what data I download, what pictures I upload, and so on. Without security such information is available to any one capable and willing to build and use a tracking system to collect and analyze all that data. Can my cell phone be disabled remotely? Can an app be installed on it without my knowledge? The answer is yes for both questions.
In spite of what some editors and analysts have written, there is not a clear, generally shared definition of IoT that can be used as a base for architectural design at all hierarchical levels of IoT. So in this article I chose to write about IoT definition as well as two issues that are not much talked about: standards, and security. Obviously there is much more to say about IoT, and I am grateful to all those who have sent a large volume of input for this article. What I have learned I will not keep for myself and I will share more information about IoT in the near future.
Gabe Moretti has been in EDA for 45 years. First as an individual contributor with TRW Systems and Compucorp. Then as a manager with Intel and Signetics. He has been a member of the executive management team with EIS Modeling (a company he founded), HDL Systems, and Intergraph/Veribest. From 2000 to 2005 he was technical editor for EDA at EDN. Since then Gabe has run his own consulting company, GABEonEDA. He has a B.A. in Business Administration and a Master in Computer Sciences.