IoT Security and 3 Other Trends I Saw at the IoT International Conference

By Geert-Jan Schrijen,
Chief Technology Officer, Intrinsic ID

I had the privilege of attending and presenting at the IoT International Conference last week in Brussels. This inaugural conference sought to provide an in-depth understanding of IoT issues, such as device-level design requirements, system-on-chip (SoC) needs and sensor development. Organized along five tracks, the conference provided a device-level technologies perspective on building the IoT.

As I spoke with attendees and other presenters during the conference four key trends emerged.

1. Wireless Radio Protocols

A range of wireless radio protocols are being developed to connect IoT devices and sensors in various network topologies, to each other and to the Internet. Protocols that work on the free (unregulated) frequency bands such as Lora and Sigfox are very popular now, since they provide very low cost models for connecting devices over long distances, albeit at low data rates. At the same time the existing network providers operating in the regulated frequency spectrum are pushing standards such as NB-IOT. Currently an NB-IOT subscription is more expensive but offers much higher data rates and there is a discussion on reliability and availability. Some people think that in the long run NB-IOT will win out, since it scales the best as more and more devices communicate wirelessly. Too much radio signals in the free bands will have a serious impact on reliability of the connections. In the regulated NB-IOT spectrum this is much less of a problem.

2. Cost

To reduce costs for IoT products we see a clear trend of further integration of multiple functionalities in a single chip. Whereas current IoT modules work with separate chips for radio, sensor data processing, running applications and security, more of this functionality will be integrated into single chip solutions in the future.

3. AI and Big Data

The real power of the IoT comes from the possibilities in the back end. The artificial intelligence that processes all the big data captured by sensors in the field can make use of this for predictive purposes. For instance, people’s health condition can be monitored and early signs of potential diseases or unhealthy lifestyle can be flagged in time. Another example is the costs savings achieved by closely monitoring running systems for predictive maintenance.

4. Security

My own presentation focused on security, specifically secure key provisioning. The Internet of Things connects billions of standalone devices that are often embedded in sensitive or critical systems, and hence need to be secured properly. Every device must have a security subsystem that is bootstrapped with a set of cryptographic root keys, but traditional key methods to store such root keys lead to undesirable liabilities, increased costs or inadequate security. My discussion touched on how SRAM Physical Unclonable Function (PUF) technology enables every chip to generate its own cryptographic root keys, which removes the barriers to secure a broad range of IoT devices and builds the foundation for an IoT that can be trusted.

Conversations throughout the conference touched on other aspects of IoT security:

  • IoT security is often an afterthought. Security in many IoT applications is still an afterthought, but all agreed this must change – security needs to be designed in from the start. One of the most important starting points would be a secure boot mechanism, combined with a mechanism that allows firmware to be securely updated in the field. Realistically, software will contain bugs that lead to vulnerabilities so timely updates are essential.
  • Device makers looking for help. Since a lot of IoT device makers don’t have enough security experience, they need complete solutions that help them secure the software/application on the device, as well as to secure the production/supply chain. Key provisioning is an essential part of such a flow.
  • Toward Security Integration: In IoT use cases where there is an urgent need for security, some device makers choose to add a separate secure element. The cost adder that comes with such an additional component (and its provisioning) may be affordable for early product ranges for security sensitive customers, but will probably not scale for a competitive mass market where production costs become critical. Therefore the trend is to increasingly integrate security subsystems into the main processor. We also see this trend in the NB-IoT market, where current modules use SIM cards to authenticate to the network. The standard SIM will be replaced by eSIM (embedded SIM) in the near future, enabling a device to connect to the provider that has the strongest reception and setting up their profile on the eSIM dynamically. Still, the eSIM is a separate component on the radio module. To save board space and costs, in the future the eSIM will be replaced by an integrated SIM, or iSIM. This integrates the SIM functionality into the same chip that contains the radio and the main processor of the NB-IoT module. In such a scenario there is a clear need for a security subsystem with a strong embedded secure key storage and provisioning solution.

 

So the IoT International Conference offered a lively two days in Brussels and a very good opportunity to hear what others are seeing and doing in IoT.

 

Do you have thoughts on these trends, or see others on the horizon for IoT? Let us know in the Comments section below.

Leave a Reply

Your email address will not be published. Required fields are marked *