A new publication from the National Institute of Standards and Technology (NIST) provides a basic model aimed at helping researchers better understand the Internet of Things (IoT) and its security challenges.
But what is the IoT? There are many ways to describe the IoT. More than 20 professional and research groups have worked to characterize the IoT, but so far there is not one universally accepted definition. Despite that, the International Data Corporation predicts the global market for IoT solutions to grow to $1.7 trillion by 2020. After studying the recent attempts to define the IoT, NIST computer scientist Jeff Voas determined that "there is no formal, analytic or even descriptive set of building blocks that govern the operation, trustworthiness and lifecycle of IoT components," according to his introduction in the just-released NIST publication, Networks of 'Things.'
Voas created a new model based on distributed computing, which has been in use for decades. In distributed computing, computer components are networked and share messages about tasks to operate efficiently. A simple example is the local area network in an office where computers share a printer.
The Network of Things (NoT) model is based on four fundamentals at the heart of IoT— sensing, computing, communication and actuation.
The model's five building blocks, called "primitives," are core components of distributed systems. They provide a vocabulary to compare different NoTs that can be used to aid understanding of IoTs.
Let's use an example of a simple NoT in a home to understand the primitives.
The NoT is programmed to turn off the overhead light if no one is in the living room. The first primitive is a sensor, in this case a motion detector, that measures physical properties. The second primitive, a communications channel, transmits the data from the motion sensor to an aggregator primitive. The aggregator is software that processes the sensor's raw data into information using an external utility primitive such as a laptop computer. The decision-trigger primitive determines whether or not the light should be turned off.
The model of the NoT includes six elements—environment, cost, geographic location, owner, snapshot-in-time and a unique device ID—that all play a role in the reliability and security of a NoT.
A car is also a network of things with potential vulnerabilities. For example, the car's speed sensor might malfunction after years of being exposed to heat and water in its natural environment. In an instance of poor sensor security, an attacker might access a smart building's temperature sensors (which control the temperature of a server room) and physically replace them with inactive ones. The result could be that the air conditioning in the server room is turned off, overheating the drives and causing computers to fail.
These simple examples just touch upon the reliability and security issues that can occur in networks. The NoT model was developed to assist researchers as they model simple problems, and help them understand what is needed to secure larger, more important networks.
"The vocabulary and science of the Network of Things will help researchers understand how the components of IoT interoperate, and compare the security risks and reliability tradeoffs," Voas said.
Voas continues to test his model, and other researchers are, too. One of them, George Hurlburt, chief scientist of STEMCorp, finds that "reducing the IoT to a smaller environment is a huge step forward" and is currently working on a paper based on Voas' work. STEMCorp is a Maryland-based nonprofit researching network systems architecture.
Voas is continuing to explore reliability and security issues using his model and encourages research into security, reliability, pedigree and trust concerns related to the model. Another area for investigation is a scalability problem—how will big data handle the vast amount of information that the plethora of sensors will produce?
NIST welcomes feedback on the NoT model at firstname.lastname@example.org.