November 27, 2017

    Internet of ThingsThis blog is the second of a five-part series that looks at the impact of the Internet of Things (IoT) on society.

    “Will the IoT be secure?” It’s a loaded question, but one that I hear often.

    The honest answer is probably “no.” In the same way that life and the internet aren’t secure — the Internet of Things (IoT) won’t be secure.

    But that’s not a very satisfactory response, so let’s explore this further. What are the parameters of IoT security? How do these parameters interact, and what can be concluded? Specifically, we’ll look at these three factors:

    • The cost of IoT security
    • How security changes over time
    • The scope of IoT security

     

    Secure Home

    The economics of IoT security

    Let’s start with a cost/value perspective. The typical scenario (and anyone who’s been in the security business will recognize this) is that everybody starts out wanting “the best” security, but that position usually softens pretty quickly if it comes with a hefty price tag. Security follows the usual economic laws: the higher the security, the higher the cost. And cost includes not only the security measures themselves, but also the convenience toll: multiple password entries, repeatedly requested, quickly expiring.

    So what’s an acceptable cost? In accordance with typical economic laws, the cost of something should be in balance with its value. So the cost of the security measures should be in balance with the value of the item that’s secured and the risks associated with a security breach. Logically, then, the higher the value of something and/or the larger the risk of a security breach, the higher the price that someone should be willing to spend securing it.

    Logical, yes — but it isn’t quite that simple. How do you determine the value in an IoT scenario? It’s a simpler question when asked about something that can be replaced with a single trip to a store, but more difficult here. Ask a museum director for the value of a painting, or a parent about the value a child home alone. And what about evaluating the risk? Spend a few minutes reading about the continuing string of data security breaches and it quickly becomes clear that we’re underestimating the risk.
     

    Technology progress: The risks of more and more complexity

    The second parameter is technology — or to be more precise, the progress of technology. Something that’s secure today can be broken tomorrow, and something that was out of reach in the past is solvable today.

    Over the last few decades, security has been in a race with hackers. System complexity, and the lack of absolute end-to-end oversight, also play roles. Systems today are becoming so complex that holes in security are easily introduced — and when they’re identified, those holes need to be rapidly patched. Some suggest that this increasing complexity, and the costs associated with it, are the largest risk for being able to build secure systems. In any case, the progress of technology at any given moment is an important factor in overall IoT security.
     

    The scope of IoT security

    This is a tricky one. There is no scope around security as a whole, no level playing field. Every security solution is an answer to a (possible) particular security breach, and it assumes that breach plays by certain rules, staying within that issue’s scope.

    The problem with this, and as perhaps best said here, is the only real rule is that there are no rules.

    Let’s look at a few examples:

    • Security systems. Consider a house with a security system that calls a dispatch center when an alarm is triggered. When the power is down, the security system won’t work. Adding a battery backup would work, unless the power is also down at the dispatch center. And even if the security system is working as expected, the truth is that the house still has windows that can be broken and items grabbed and stolen before security personnel can arrive at the home.
    • Wireless technology. All the data going through the air is fully encrypted. But someone recording the encrypted data (like a username and password) and then replaying that data will gain access. No need for decrypting.
    • Wi-Fi patterns. Or imagine that someone is listening to the Wi-Fi traffic of a house for a few days. Soon it would be easy to know when someone is in the home — or not. In other words, even with all of our secure Wi-Fi connections, we’re still essentially broadcasting information about when and if we’re at home.

     

    secured and private

    Pulling it all together

    Even these simple examples should give you a feel why security is such a challenging issue — and internet security in particular — and why there’s no reason to think it will be any simpler with the IoT.

    Technology progress and the ongoing redefinitions of scope create a dynamic situation that forces us to constantly revisit current security measures. We don’t know what’s coming next and we can’t see the whole range of threats looming on the horizon. So how can we possibly know that we’re secure?

    Despite how it may sound, there’s no need to despair. We all live our daily lives making reasonable assessments of how to stay out of trouble. This applies to the IoT as well.

    And what’s happening today in technology also comes with great new opportunity. The IoT will enable us to collect more data, to know more, and to make better (“more qualified”) decisions faster. This new territory will improve the quality of our lives and create further prosperity. Of course, we do need to learn how to maneuver in this new world — and how to stay out of trouble. Progress isn’t free.
     

     

    Read all the blogs in our series about the IoT's impact on society:

     

    Have another topic that you would like Qorvo experts to cover? Email your suggestions to the Qorvo Blog team and it could be featured in an upcoming post. Please include your contact information in the body of the email.

    Cees Links

    About the Author

    Cees Links
    General Manager, Wireless Connectivity Business Unit

    Cees Links (pronounced "Case") was the founder and CEO of GreenPeak Technologies, acquired by Qorvo in 2016. He is a pioneer of the wireless data industry, a visionary leader bringing the world of mobile computing and continuous networking together. In 2017, he was honored as a Wi-Fi pioneer with the Golden Mousetrap Lifetime Achievement Award by Design News.

    The Impact of the IoT Demystified
    The Impact of the IoT Demystified

    Explore how the Internet of Things will affect society, from jobs to artificial intelligence and more.

    Read the White Paper >
    • Applications
      Internet of Things

      Qorvo's innovative portfolio enables the smart home, smart energy and other IoT applications.

    • Products
      Low Power IoT

      Qorvo's ultra-low-power, wireless data communication controller chips enable applications for the smart home and IoT.

    • Applications
      Smart Home

      Our future-proof portfolio of RF communication chips for the smart home support Zigbee, Thread and Bluetooth® Low Energy communication protocols.

    • Applications
      Lifestyle Systems

      Qorvo technology enables a total system solution for reliable and proven senior and family lifestyle applications.