Internet of Things (IoT)

---

Internet of Things (IoT) are devices that can report state and configuration data and be remotely managed over IP networks.

• refers to the global network of wearable technology, home appliances, home control systems, vehicles, and other items equipped with sensors, software, and network connectivity, enabling them to collect and exchange data
• Sensors are small devices designed to detect changes in the physical environment
  • e.g., temperature, humidity, and motion
• actuators can perform actions based on data collected by sensors
  • e.g., turning on a light or adjusting a thermostat
• IoT devices communicate with each other and other systems over the Internet
  • to exchange data and receive instructions
• Cloud-based systems form an essential component of IoT infrastructures
  • provide the computational power needed to perform data analytics on the large amounts of data generated by IoT devices

IoT Examples

• smart homes
  • sensors and actuators to control lighting, temperature, and security systems
• smart cities
  • to manage traffic, monitor air quality, and improve public safety
• IoT wearables
  • can collect data on patient health and send it to healthcare providers for analysis
• IoT in agriculture
  • monitor soil conditions, weather patterns, and crop growth

Factors Driving IoT Adoption

• significantly decreased cost of IoT sensors and devices
  • has enabled the development of a wide range of IoT applications and services
• Advances in connectivity technology
  • e.g., 5G and low-power wireless networks
  • made connecting and managing IoT devices easier and more efficient
• improved the speed and reliability of data transmission
  • enabling real-time monitoring and response
• explosion of data generated by IoT devices
  • led to new data analytics tools and techniques
    • e.g., machine learning and artificial intelligence
• COVID-19 pandemic
  • accelerated the adoption of IoT in many industries, particularly in healthcare
    • e.g., remote monitoring and telemedicine

Security Risks

• large number of IoT devices deployed without adequate security measures
• devices are designed with limited processing power and memory
  • making it difficult to implement strong security controls
• need for more standardization in IoT devices and protocols
  • Compatibility issues make integrating different IoT devices and services difficult
  • make implementing security controls more difficult
• sheer volume of data generated by IoT devices can make securing and protecting sensitive information difficult
  • increasing risk of data breaches and cyberattacks
• often have poor security characteristics
  • typically designed to focus on functionality rather than security
  • have limited processing power and memory
  • must be low cost
  • are rushed to market without proper security testing
• need more awareness of the security risks associated with IoT devices
  • changing default passwords or updating firmware

Best Practice Guidance for IoT

• The Internet of Things Security Foundation (IoTSF)
  • https://iotsecurityfoundation.org
• Industrial Internet Consortium (IIC) Security Framework
  • https://www.iiconsortium.org/iisf/
• Cloud Security Alliance (CSA) IoT Security Controls Framework
  • https://cloudsecurityalliance.org/artifacts/iot-security-controls-framework
• European Telecommunications Standards Institute (ETSI) IoT Security Standards
  • https://www.etsi.org/technologies/consumer-iot-security

Consumer-Grade Smart Devices

Smart devices are used to implement home automation systems.

IoT smart device network is made up of:

• Hub and control system
  • IoT devices require a communications hub to facilitate wireless networking
  • must also have a control system
    • IoT devices are headless
      • have no terminal interface
  • e.g., headless hub could be implemented as a smart speaker
    • operated by voice control or use software app for configuration
• smart devices
  • IoT endpoints implement the function
  • capable of compute, storage, and network functions
  • most use Linux or Android kernel
  • vulnerable to standard attacks associated with web applications and network functions
    • effectively running mini-computers
  • Integrated peripherals, such as cameras or microphones, could be compromised to facilitate surveillance
• While the control system is typically joined to the Wi-Fi network
  • smart devices may use other wireless technologies, such as Z-Wave or Zigbee, to exchange data via the hub
    • These protocols are designed for operation on low-power devices without substantial CPU or storage resources

Physical Access Control Systems and Smart Buildings

A physical access control system (PACS) is a network of monitored locks, intruder alarms, and video surveillance cameras.

A building automation system (BAS) is a smart building for offices and datacenters.

• includes
  • PACS
  • network-based configuration and monitoring of HVAC
  • fire control
  • power and lighting
  • elevators and escalators
• these subsystems are implemented by
  • programmable logic controllers (PLCs)
  • various sensors