The term Internet of Things or IoT, often mistranslated with Internet of Things when the translation "Internet of Objects" would be more appropriate, it has now become part of the common lexicon of those involved in ICT technologies (Information Communication Technology, ed).
During these notes, I set out to clarify the technologies adopted, the components and the possible security problems of IoT solutions.
I start by saying that IoT solutions have particular characteristics that make them unique. The high number of devices, which are usually part of an IoT solution, imposes scalability characteristics based not so much on performance as on the need to manage and maintain an installed fleet characterized by extremely significant cardinality (extremely high numbers). All this is reflected in the amount of data to be stored and analyzed.
The ultimate goal of IoT solutions in the various application fields is always to provide tools that, in the face of a natural or artificial physical phenomenon, allow us to understand what is happening, why it is happening and potentially what could happen. Sensors and actuators are therefore the means that allow you to interact with the environment and with the physical phenomenon that you want to control. It is therefore a question of managing and analyzing a large number of data of a different nature by aggregating and processing them in order to derive information from them on the basis of which specific actions can be performed (in English Actionable Information).
I continue with the affirmation that over the last 2-3 years there has been the availability of a set of catalysts that have favored the development of the technologies necessary for the realization of IoT solutions and consequently the attention of the industry towards this type of technologies. it has grown in proportion. By now talking about IoT solutions represents not so much a frontier experimentation, as the need to deal with specific implementation problems.
Among the catalysts that contribute to the adoption of IoT solutions we can mention:
- the availability of sensors and actuators of different and varied types;
- the offer by the main Cloud solution vendors of platforms dedicated to this environment and equipped with primitives designed to address some of the specific characteristics of this type of applications;
- the availability of specialized communication protocols capable of supporting the peculiarities (cardinality, resilience, reliability) necessary in the IoT field.
Before going into the analysis of an IoT solution and related technological components, it is worth spending a few words on the concept of sensors and actuators that represent the fundamental elements of such a solution.
Sensors are hardware components specialized in reading a physical parameter (temperature, pressure, humidity, light intensity, ...) and in transmitting the data detected in digital or analog form through a set of rules (protocol) that allow the receiver to interpret it correctly. A very simple example can be a temperature thermometer: it generates a value expressed in degrees Celsius or Fahrenheit which is usually detected by reading a special graduated scale or a small display.
If the thermometer is equipped with a minimum of logic for the transmission of this value to another component, using an appropriate protocol, we will have created a temperature sensor. Naturally, the sensors can be of different types and very complex capable of detecting several physical quantities at the same time.
Today there are sensors capable of detecting the transit of a person through a gate (logical gate) and identify its direction (entrance or exit), sensors capable of recognizing barcodes or fingerprints, sensors capable of measuring the relative distance between two objects and so on. All data collected by the sensors must be appropriately encoded for subsequent processing.
Returning to the example of the temperature sensor, it will also be necessary to provide for the sending or signaling of the associated measurement unit: Celsius or Fahrenheit. The data generated by the sensor must therefore be suitably formatted for sending and subsequent processing.
While the sensors take care of capturing a data and sending it for subsequent processing, it is also necessary to have the possibility to perform actions following the processing performed starting from the data provided by the sensors or by a control system. This is the task of the actuators. As before, a simple example can be the closing or opening of a circuit upon receipt of a specific command (very trivial example: the house door opener).
Similarly to what has been stated for sensors, actuators can also be complex and multifunctional: think, for example, of the need to rotate a motor at a specific speed or the positioning of a mechanical arm to release a content (circuit opening ). Also in this case, the actuators must be equipped with primitive communication functions that allow the reception of commands and the interpretation of their meaning.
The communication protocols
Sensors and actuators must therefore, for what has been said, be able to transmit and receive information to a higher level system for subsequent processing. Note that for both sensors and actuators, communication must generally be bidirectional and therefore both the transmission and reception of data and commands must be managed towards both. For example, in a sensor it may be possible to define a unique string that identifies its positioning, while an actuator must be able to provide an error indication if the requested function (position, speed, opening / closing of a contact ...) is not feasible.
The set of rules and formats with which sensors and actuators communicate with a processing system (PLC, Gateway, Edge Computer, ...) constitutes the communication protocol used between these entities. The communication protocol must address a number of situations to be effective and support the implementation of the intended solution.
Some of the issues that must be solved by the protocol are:
- How to uniquely address the specific sensor / actuator in an installation
- How to prioritize access to the transmission medium (who speaks first)
- What to do if the transmission medium is busy (who is speaking)
- How to report any errors
- How to format the transmitted or received data (e.g. how many bits to assign to a specific quantity)
- How to ensure that the transmitted data is not corrupted during the transmission
- And many more
The requirements that these protocols must meet include both the simplicity of implementation given the limited processing capacity and the need to reduce the consumption of any batteries of the sensors and actuators. The protocols are then made available on different transmission media: from the classic copper pair up to Wireless connections on non-licensed bands (ISM bands). A common feature of these protocols is the limited bandwidth required for data transmission as a consequence of the simplicity of the data transmitted.
In the IoT field there are various proprietary and standardized communication protocols, among these we can remember IO-Link, ModBus, LoraWAN, En-Ocean, the last two on radio transmission medium.
The architecture of an IoT solution
Obviously, an IoT solution does not end with the sole availability of sensors and actuators but requires the presence and coordination of a series of components that make it possible to extract decision-making information (Actionable Information) from the data.
The figure schematizes the various components of an IoT implementation.
Proceeding from left to right you can see the sensors and actuators responsible for capturing the data and for any modification of the controlled environment. The transmission protocols allow to consolidate these data in intelligent devices which differ substantially in the processing capacity required according to the characteristics of the system to be created.
Let's say right away that if a response from the overall system is not required in a very short time (near real-time), the data will be consolidated by an Edge Gateway1 of more limited capacity than an Edge Computer capable of providing sophisticated local processing.
The data thus consolidated, normalized and suitably formatted are then transmitted to a Cloud application which will extract the information of interest. Also in this further transmission step, the characteristics of the communication protocol used to forward the data to the application area in the cloud are fundamental. Compared to the case of transmission from sensor / actuator to / from Edge device, however, in this case there is a significant and important difference: all the protocols used (MQTT, AMPQ, OPC UA, ...) are based on a single common denominator represented by the IP protocol on which the protocols previously identified are then supported at a higher level.
In the application field, the servers or the corresponding Cloud services will provide the necessary primitive functions for storing, processing and presenting the information extracted from the captured data.
It should also be considered that the main Cloud service providers today offer specialized platforms for the IoT field that offer a series of primitive features aimed at simplifying the implementation process and addressing the installation, configuration and management needs of Edge and Gateway devices. that Computer.
A necessary clarification must be made regarding the Edge Computing functionalities necessary, as we have stated, for the realization of implementations characterized by very stringent time requirements. This is the case of control solutions for critical systems for which the delay (and possibly the unavailability of Cloud applications) is not tolerable and it is therefore necessary to provide an answer (an action) in a very short time. Local processing therefore replaces cloud processing which is able to exploit algorithms and historical data.
Summarizing, therefore, the technological chain of an IoT implementation is composed of a certainly high number of components which can however be aggregated into three main categories:
- The sensors / actuators responsible for the interaction with the environment to be created or controlled
- Edge devices that concentrate, normalize and transmit data to application processing systems
- Applications that extract usable information from data and make them available by presenting them appropriately.
Despite the apparent simplicity of the solutions, the critical aspects that must be analyzed in detail are numerous: in particular, the security aspects deserve particular attention.
Security in IoT creations
Like any system. ICT security plays a fundamental role also in IoT creations. It is therefore a question of identifying any critical issues and specific components that must be considered in planning a security strategy in the IoT field.
Following the previously identified technological chain, some considerations can be hypothesized starting from sensors and actuators.
These are usually relatively simple components characterized by limited processing capacity in order to reduce the consumption of any power supply batteries. The quantities on which sensors / actuators must intervene are represented by a numerical value (temperature, pressure, rotation of a stepping motor ...) or digital (on / off, open / closed, ...) which takes on a specific meaning in the global context of the considered solution.
We can affirm that the value of the SINGLE data is therefore limited and of little interest: the perspective is completely different when it comes to the SET of data that can then be correlated. In any case, the sensors / actuators are equipped with a firmware relatively simple and very often not upgradeable.
A first safety assessment must therefore be carried out on the firmware of the device and then on the communication protocol that allows the forwarding of data to the edge device. Note that in this case we are dealing with specialized protocols, in some ways proprietary, for which the availability of compromise or interception tools is in any case limited. This does not mean that any risks of compromise of these protocols / transmission media have to be evaluated.
The scenario related to edge devices is different: in this case the possible security compromises can be many. The firmware of the device in this case is often based or in any case includes components Open Source that may present vulnerabilities: it is therefore necessary to evaluate both the behavioral aspect of the device and the possible presence of dormant "backdoors" that may be present in some software module.
The use of IP-based communication protocols then opens up the possibility of vulnerabilities typical of IP-based environments. Fortunately, these are well understood and documented in the technology realm, and sophisticated tools exist to minimize the risk of compromise at this level.
The main Cloud solutions in IoT dress today offer a whole series of tools to address the problems of a secure connection between an edge device and the related Cloud application: these tools provide, among other things, the encryption of the transmitted data, the mutual authentication between applications and edge device, the verification of the integrity of the data and the non-replicability of the same. To complete the possible vulnerabilities of an IoT solution, mention should be made of those relating to the Cloud environment and the applications and data installed there, for which detailed information exists in the literature.
To conclude, IoT solutions in the face of a conceptual simplicity due to the schematic nature of the network architecture, on the other hand, present a series of complexities deriving from the high number of devices involved, from the consequent need to have effective management tools and problems. of security that can be realized, in different ways, in several points of the realization requiring the application, coordination and management of defense instruments of different nature. This involves a multidisciplinary knowledge of technologies and products that can be partly borrowed from previous experiences in the ICT field when associated with the necessary mastery of the physical environment (of the Objects) that you want to control and / or create.
1 Edge Gateway: this term identifies a communication device that is able to extract the information received through a specific communication protocol and format it appropriately for transmission and forwarding through a different protocol. For example, an Edge Gateway is able to detect the status of a digital contact (ON / OFF) and format this information appropriately so that it can be transmitted to an application residing on a server using the TCP / IP protocol.