Three Challenges to the Internet of Things

There’s little doubt that the Internet of Things is the next wave of computing, the next chapter in the story that began more than 50 years ago and has already passed at least five major milestones:

  • The original vacuum tube computers of the 1940s and ’50s;
  • The solid-state mainframes of the ’60s;
  • The minicomputers of the ’70s;
  • The personal computers of the ’80s;
  • The laptops of the ’90s;
  • The smartphones of the ’00s.

The potential for the IoT is as vast as the market for electricity. IoT gives us control over lighting, heating and cooling, music, TV, surveillance, driving, health, cooking, and fitness, weaving all these devices together with our personal goals, moods, and situations. It’s going to be a bonanza for gadget makers, app developers, chip and gear builders, and service providers.

It’s also going to open up new horizons for criminals, but every new technology does; some of the biggest names in tech were founded on criminal activities, such as Napster and YouTube. Some clean up their acts and go straight, as YouTube has done (for the most part), and others go out of business, like Napster and Aimster.

The Security Challenge

The criminal side is getting a lot of attention in the IoT space right now, which is good because better security is going to be in place by the time the market for IoT really takes off. Strong security audits are a big part of value proposition for Apple’s HomeKit, an ecosystem and overall control framework for consumer IoT devices that’s pretty lackluster from the standpoint of device choice and ease of use. If consumers are willing to prioritize security over low price and broad choice in devices, HomeKit will be a success. And if it builds a following, there’s not much doubt that Apple will develop some consumer-facing tools as well as some devices to make it even more powerful.  So challenge number one is security, which is to say protection against criminals.

The Standards Challenge

Security is a challenge in this space in part because there are so many standards to choose from in IoT devices. Some use Wi-Fi, Bluetooth, and IEEE 802.15.4, old and well-established standards. That’s not always a plus, since there are well-known security shortcomings in these standards, but a lot of people are working on them so momentum and broad consumer interest will keep the bar ascending ever higher.

Other communication standards common in the IoT world are proprietary or semi-proprietary systems such as Z-Wave, ZigBee, Clear Connect, Insteon Dual Band, Google Thread, and a host of 915 MHz systems. If there’s a common strategy it’s to start with 802.15.4’s lower level protocols running over 915 MHz spectrum and add link and network layer protocols on top; that’s how Google’s Thread works.

In some sense, it doesn’t really matter what happens below Internet Protocol since the encryption, authentication, and authorization protocols are well higher in the protocol stack than IoT’s native low-level protocols. Apple’s HomeKit uses whatever network you have as long as it can use IP. IPv6 is going to be an essential part of the IoT world because it greatly simplifies the business of connecting to your home network from outside your home network. So the key standards challenge is the successful migration to IPv6 – especially in home routers – and the adoption of two-factor credentials for enrolling and controlling devices.

The Legacy Challenge

Another aspect of standards relates to good old-fashioned electricity. Homes built in the last 30 years are fully polarized, so there’s a hot wire, a neutral wire, and a ground wire at light switch, but older homes just have a hot wire and a ground. So manufacturers of light switches and wall sockets have to make both types, or combo devices that can work with either wiring plan. The older electrical device companies such as GE, Lutron, and Cooper have a better handle on this problem than the newer companies.

And yet another standards issue relates to newer lighting technologies such as LED lights. LED light bulbs aren’t built to common standards as incandescents are; some an LED from manufacturer X will not always work with a smart light switch from manufacturer Y. So the switch companies have to test and certify specific dimmable LEDs and CFLs they work with. That’s a level of complexity we’re not used to dealing with, and could be greatly simplified by some standard device types.

Bonus Challenge: Policy Matters

The three challenges I’ve listed are here-and-now issues that affect the ability of consumers to make use of IoT devices and systems today and the costs of building them. These issues will all sort themselves out as the technology improves, industry converges on common platforms, and consumers express their preferences more strongly. As the IoT gains momentum, we will ultimately reach a point where wide area network infrastructure becomes critical, not only wireless spectrum but also high-capacity fiber.

It’s easy to get a bit awestruck by the fact that that we can watch streaming video on our phones today, but we can also use our phones, tablets, and laptops to see streams coming from security cameras. It’s not hard to imagine scenarios where a home has 10 or 15 security cameras, and while we won’t usually have a need to watch more than one at a time where will be cases in which we’ll be looking at screens made from 4 – 8 cameras at a time. At least for short periods of time, that means a big jump in network utilization.

The Great Tech Hope

One new technology with the ability to address multiple issues in the IoT space is Software-Defined Networks. With SDN, we’ll be able to partition networks into zones of security as well as performance, which will make a host of problems easier for consumers by outsourcing them to service providers. Another bit of magic that’s already making a dent is cloud computing. Simple cloud storage simplifies the process if accessing those video streams from outside the home network, and keeps them from vanishing as well.

But a more intriguing prospect is to simply replace TCP/IP with more up-to-date and well designed network protocols. This will be the subject of an upcoming podcast and some additional blogs. Stay tuned.

  • I’d add maintenance as a concern. It’s a huge undertaking to provide software updates over a device’s expected lifespan, which could be decades, and to keep cloud services running. Much harder than knocking together a few off-the-shelf components to get a Kickstarter funded. Even SCADA companies selling expensive industrial controllers do a piss-poor job of it.

    • Good point, Fazal. The current and future security model for the Internet “detect and react” which means software updates are essential. Each of the millions of devices needs to updatable or disposable, and open source software is vital.

      • I;d go further, given that there are Gbps-class botnets in the wild made of compromised IoT devices (mostly routers and printers). Devices should have a policy of “if the OS hasn’t been updated in X months, disable yourself”.

        • Same goes for the network stack above the OS, doesn’t it?

          • Sure, but usually they are updated as an atomic unit in IoT appliances (when the distinction between OS and app exists at all, which isn’t the case in a unikernel and many embedded platforms).

          • Can we make an exception for devices that don’t have the ability to access the Internet directly? My concern is for devices made by companies that go bust, which is certainly going to happen. Maybe they need to turn their code over to some open source project or something like that.

          • That’s just one aspect of lifecycle. Startups, like teenagers, incorrectly assume they are immortal. That’s why I hardly ever purchases devices that are doorstops without some external service to support them.

            I take it you mean “a device is unable to access the Internet directly” is one that lacks IPv4 or IPv6 connectivity. If so, can it still be called part of the Internet of Things (as opposed to a sensor/actuator for a hub device that is)?

  • Security is not always the top priority when manufacturers are designing their product.