The year is 2029, approximately 35 years after the Internet went mainstream and today the world, its people and things are connected in ways that the Internet’s pioneers could never have imagined. The Internet of Things (IoT) or as Cisco put it, The Internet Of Everything (IoE) is now a reality, enhancing our lives in myriad ways.
Today’s vehicles are computers on wheels, able to self-diagnose and communicate with service centers, schedule appointments for servicing, even arrange alternate transportation during downtimes. Cars, trucks and other transportation vehicles such as buses and trains communicate with each other, warning of impending traffic problems or detours, signalling the onset of inclement weather or advising of nearby vehicle-on-vehicle accidents which are now greatly reduced.
Vehicles in 2029 also communicate with city infrastructure – everything from traffic lights to roadways – changing signal lights on an “on-demand” basis, and advising transportation authorities of roads that are shepherding passengers less smoothly, signalling a need for repair.
Today’s smart cities offer benefits far beyond traffic and lighting energy optimization, providing infrastructure health assessments to city leader’s on a daily basis. IoT sensors that diagnose impending structural problems, such as increased building or bridge vibration, have ushered in an era of structural disaster prevention, replacing an era where costly reaction to an event that had already happened was the only available option.
The connected world, that is so much part of our culture today, is also a highly efficient one. Per capita, fewer vehicles occupy our highways than did ten years ago, thanks to the plethora of easily-accessible driverless vehicles. Smart buildings and factories, and the smart regions that contain them, consume far less energy than years ago, and the energy-savings benefits that started in the commercial sector are now fully extended to the home with applications like smart metering, and smart appliances universally in place. In total, despite significantly more e-applications in our world, energy consumption is down globally, with more energy self-sufficient countries than ever before.
IoT’s positive impact has also touched the earth’s most valuable commodity, our natural resources, as much of the world’s water supply is now fully connected, allowing for monitoring of water quality, and early detection and communication of damaged water delivery infrastructure. Water utilization can now be monitored and distributed on a home-by-home basis during conditions of extended drought – ensuring that the essential water needs of communities are always met.
IoT has also positively impacted the forestry sector, as soil-monitoring sensors communicate moisture levels, helping to drastically reduce forest fires near urban centres by ensuring water is strategically and automatically delivered to vulnerable regions.
The IoT impact goes well beyond the Transportation, Infrastructure, Energy and Natural Resources segments, and today positively affects the Health Care, Agriculture, and Distribution industries.
Wearable devices today monitor heart rates, cholesterol levels, blood sugar and many other health indicators, advising both individuals and their care providers of potential health risks, and communicating the actions required to mitigate such risks. Heart failure rates have been reduced.
Agriculture production yield per acre for staples such as wheat and corn have skyrocketed with IoT applications that monitor humidity and temperature levels, virtually eliminating fungus and other microbial contaminants, and greatly contributing to the reduction of world hunger.
The Distribution industry today uses IoT to not only monitor shipments, but also to advise of unauthorized container openings, and inappropriate storage of high-risk goods, such as explosive items, in an inappropriate environment. IoT in this sector has also eliminated the heinous act of smuggling humans in massive containers.
Barrier to Entry
And while the IoT world that we live in today has delivered many economic and other benefits to the world and its connected people, the growth of the IoT was very nearly stopped in its tracks due to the earliest market entrants’ failure to recognize that three things were essential to ensure rapid, safe adoption of IoT solutions.
Early-stage IoT efforts, particularly with connected vehicles and the Smart Grid, relied on dated, non-scalable security protocols, like PKI, that had already been proven to be highly vulnerable to outside threats. Still, companies persisted in pushing forward with inferior, cumbersome security schemas, leaving the door wide-open for cyber-terrorists to inflict substantial damage. Early connected vehicle programs were easily hacked, in some cases causing injuries and deaths as hackers randomly disabled vehicular security systems, such as brakes and acceleration. Even airlines and their planes were subject to attacks, as hackers found ways to break through their inferior security with ease.
The 2013 Snowden revelations, and the ‘Years Of The Breach’ that followed, ushered in an era of widespread mistrust as nations throughout the globe realized that the e-communication in their respective worlds had been breached, effectively giving spying nations and criminal gangs open access to what was being digitally communicated and stored. From that point forward, nations worldwide – even allies – no longer trusted each other. The only way that the potential of IoT was fully realized was through the introduction of an IoT application-delivery model that established each individual nation as its own “trust centre,” while providing the ability for information to flow easily and securely from one trust centre to another. The trust centre model that was universally adopted became known as ‘social by design’, because secure ‘things’ from one country could securely authenticate and communicate with secure ‘things’ in another.
Identity of Things (IDoT):
Many early-stage IoT efforts didn’t incorporate or even consider Identity as a key design component, adding a layer of application vulnerability to their solutions. (Note: it wasn’t until IoT 2.0 products and solutions that the term IDoT and the functionality it implied emerged as a key component in the IoT solution-development design process).
The message soon became abundantly clear: IoT applications “protected” by previously trusted security, delivered from non-trusted nations, and lacking any capability to identify the “things” that were connected, was tantamount to giving spying nations and criminal gangs the keys to our respective kingdoms.
The Key to Ubiquitous Adoption
While IoT growth stalled with each new security breach, it eventually exploded with the widespread adoption of Identity Based Encryption 3.0 – the first security schema that was truly designed for IoT. IBE 3.0 wasn’t a case of fitting old security into a new solution. Rather, it was about embedding modern security at the first stage of solution development, and ensuring that the ability to confirm the Identity of things was a key design component.
The first IoT players to adopt this approach were the major IoT network operators and semiconductor companies, who quickly realized that IBE 3.0 could be embedded at the chip level, ensuring ironclad security between any given chip ecosystem, its controller and any other IoT applications with which it needed to interact. A Tesla’s 62 microprocessors, for example, could safely exchange information between the chips and the vehicle’s central controller, with Smart Cities, and even with other vehicles. An oil rig was protected from the dangers posed by outside threats as its up to 30,000 sensors now had ironclad authentication and encryption embedded at the chip level.
The path to widespread IoT adoption of IBE 3.0 accelerated with the establishment of in-country “trusted universities” with which the early IoT networks and semiconductor companies worked to develop solutions. The process was elegant and simple. The IoT provider had an application that it wanted to secure with IBE 3.0. It engaged with an in-country trusted university that was entrusted with the IBE 3.0 code, and together they designed the IBE code needed for their developers to secure their products and networks to be brought to market. IBE 3.0’s emergence as the de facto standard for IoT ushered in a new era of dramatic growth in the world’s leading economies as the pundits’ 2015 projections of a $17 Trillion IoT market soon became a reality. As happened in other periods of massive technological change, new companies emerged displacing those who didn’t or couldn’t react to the new business order, and others – including many semiconductor companies – were swallowed up as the industry consolidated, pushing the early IBE 3.0 adopters to the top of the microprocessor heap.
Security. Trust. Identity. These were the pillars of IBE 3.0 that paved the way to widespread safe adoption of IoT, and the many benefits that accrued from this remarkable technology. The world in 2029 is a better, more efficient, dramatically safer place thanks to the widespread acceptance and adoption of the IBE 3.0-powered Internet of Secure Things.
Prior to posting this article, I asked several of my colleagues to read it and provide input. They kindly obliged. (Thanks to those who contributed – you know who you are). One common theme among the early reviewers of this post was a request to better understand how IBE 3.0 (which we have branded Certificate-Less Authenticated Encryption or CLAE) can be applied at the chip level.
First, deploying CLAE in cars (or any other connected devices, or networks), will secure the data within the device (chip-to-chip security), and secure the connection externally (car to traffic system, etc …). The CLAE Trusted Center (TC) generates the decryption keys for any connected chip (an internal or an external connection with other devices/sensors/appliances). The TC needs to be authenticated, as an essential security requirement.What follows are some different scenarios for deploying IBE 3.0/CLAE on chips.
A light/tight version of CLAE can be configured in an ASIC designed with a tamper-resistant memory, which will allow running the Trust Center (TC) functions at high performance levels. ASIC’s can be re-programmed after fabrication, allowing for needed upgrades post-deployment. This could be implemented using a single or multiple TCs, depending on the level of security given to a group of chips (different trust level within the same ‘thing’ – a car, for example).
A master chip serves as a gateway to route, to secure and to authenticate all communication with the external TC. In this case, CLAE is implemented in standard mode (as described in our technical documentation).
In this instance the TC is deployed on the master chip, allowing it to function as the internal TC which communicates with the external TC. The external TC has administrative privilege over the internal one, and CLAE is applied to securely authenticate the communication between other external and internal TC’s.
With CLAE embedded at the microprocessor level, IoT product makers would be able to purchase CLAE-protected chips, allowing them to develop products that are able to securely communicate with other CLAE enabled IoT devices, sensors and routers and grow their IoT presence without having their offerings compromised from a security or privacy perspective.