“We trust that data is the marvel of our opportunity. It is the world’s new common asset. It is the new premise of upper hand, and it is transforming every profession and industry. In the event that the greater part of this is genuine – even unavoidable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every organization on the planet.”
– IBM Chairwomen Ginni Rometty
Chapter 1 aims to provide the background to Internet of Things (IoT) in general by exploring the journey to the concept and its current usage. The chapter highlights the key objectives of the project and the motivation for undertaking it. The approach for undertaking the project and the structure for presenting the findings is also discussed.
The inception of the Internet a couple of decades ago have played a key role in revolutionizing the way computers communicate and interact. It has gone on to pave the way for a variety of Internet dependent services including the World Wide Web (www).
The internet remains a difficult concept to define due to its ability to be utilized in a variety of ways (Soceity, Internet Society). The norm of internet interaction via traditional computers has existed for many years and continues to be an integral part of the internet eco-system.
The success of the Internet has not gone unnoticed and a considerable amount of engineering has gone into a wide range of devices and objects in order to leverage it. The driver for leveraging the Internet for these objects (aka “things”) ranges from user experience, efficiency and cost-reduction amongst other benefits for a number of applications (Borne, 2014) (Miller, 2015). This concept has given birth to the ‘Internet of Things’ (IoT) where a variety of devices or objects are interconnected to enable communication to deliver an enhanced level of services.
The Internet of Things (IoT) is a developing worldview concentrating on the association of gadgets, items, or “things” to each other, to the Internet, and to users. IoT innovation is foreseen to end up a fundamental prerequisite in the advancement of smart homes, as it offers accommodation and effectiveness to home occupants with the goal that they can accomplish better personal satisfaction. As per recent research it is reported that there are more connected objects than humans on the planet (Soceity, Internet Society).
IoT usage aims to provide benefits to a number of sectors including but not limited to home consumers, transport, health, buildings and industry (Miller, 2015). Some of these proposed use cases are described briefly in the following section to provide some context and background to the project.
1.2 IoT Use Cases
A number of uses cases are described below where IoT is making an impact now and will continue to do so significantly in the longer term.
1.2.1 Smart Homes / Buildings
The implementation of IoT in buildings provides a wide range of benefits. The presence of sensors to gather attributes such as heat, light, humidity is vital in this implementation. The data gathered from sensors in buildings could be fed via the internet to building management systems that can be used to regulate the buildings’ environment with regards to these factors. It is expected that real or near real-time management and regulation provides an effective and efficient way of managing the building thereby driving down cost. A typical use case is for detecting faults in a building heating system before it actually fails and thereby planning ahead to resolve to avoid inconvenience and further costs (Engineering).
Additionally there are a number of smart home devices currently on the market as reviewed by Valentina Palladin and Stewart Wolphin in their report (Valentina Palladino, 2015).
IoT applications are expected to play a significant part in various aspects of transportation. This trend is applicable to various aspects of transportation including cars, trains, ships etc. Sensors can be used to gather information about different attributes of transportation that can be used to control various aspects of a vehicle, control traffic, schedule trains, schedule maintenance etc. A key area where IoT can provide huge benefit is in the area of parking where sensor detection can be used to relay and provide parking availability information to motorist; thereby cutting down on significant time expended on finding appropriate parking and associated congestion (Iakovidis).
Healthcare is a key area where it is expected that IoT will be further advanced and utilized on a large scale with an equally large return on investment. Recent government research concludes that IoT has the tendency to help change the focus of healthcare by focusing more on prevention rather than cure (Science, 2014). Application of IoT in prevention and early diagnosis could involve the use of sensors for monitoring key patient body indicators such as heart rate, blood sugar levels, temperature, chemical composition etc. to aid in early diagnosis and provide a proactive way of dealing with key health issues. Separate research also discusses uses involving wearable gadgets to alert healthcare professionals if certain critical health conditions occur (Johanna Virkki, 2013).
Early diagnosis and management of such health issues has a direct and positive influence in effective and efficient healthcare and making huge savings
The energy sector is perhaps the only area that has benefited the most from IoT investment to date. It is strongly believed that smart grid development will deliver safer, sustainable and cost-effective energy for future generations of British consumers and represents a major growth opportunity for Britain (Ernst & Young, 2012). The most common use case is the implementation of smart meters.
Another significant benefit is in the area of smart grid where the delivery of energy is tailored to consumer request and adapting to demand. This enables energy to be provided at the required time and for the right price. The key component underpinning this is use of smart sensors that translate information between a user’s smart meter and the smart grid system (Infobright, 2014).
Agriculture can also benefit in a number of ways when IoT applications are used. In the field of agriculture, attributes such as temperature, humidity and chemical composition sensors can be used to determine the status of various agricultural elements. A typical use case is monitoring soil humidity through sensors from probes in the soil and correlating that with weather forecasts, and thereby allowing the farmers to plan ahead or take early critical decisions that affect productivity. The Beecham research report (Research, 2015) suggests industry must embrace the Internet of Things (IoT) if it is to feed the 9.6 billion global population expected by 2050.
1.3 Objectives and Motivation
The main aim of this project is to explore the IoT implementation in the context of a Smart home with a greater focus on the security implication of this growing phenomenon. Based on this, the following objectives have been set.
• Investigate and discuss components and current usage of Smart home IoT applications.
• Complete and discuss findings of a risk assessment of a model Smart home application.
• Discuss potential security controls for Smart home application based on the outcome of risk assessment.
• Discuss potential privacy and legislative implications of Smart homes.
• Discuss potential future trends and further research of Smart home IoT applications.
The scale of connected devices at the moment already presents the need for revised security considerations and an approach to deal with its associated challenges. It is inevitable that this will result in diverse security challenges in the midst of expected benefits.
Motivation and interest in this subject is mainly based on the fact that there is so much uncertainty on what these challenges will be together with the expected benefits. Most notable is the impact it will have on the average home where it is anticipated the greatest impact will be felt. In relation to this, it provides the opportunity to critically analyze where we are, where we are going, what potential hurdles we will typically face and how we can begin to plan to address these in a fairly logical and informed way.
1.4 Approach and Structure
The nature of the project and the objectives directs a theoretical and analytical approach making use of existing literature in most cases. The developing nature of this field requires a thorough analysis of up to date material to reflect the current situation. General literature such as books and journals (including online resources) will be reviewed as well as targeted vendor and independent literature on particular aspects of IoT. Aspects will include potential analysis with some subject matter, aspects in industry, vendors and end users of smart devices.
The report follows a logical structure with each chapter beginning with a summary of the chapter objectives to provide a reader with the context.
Chapter 1 of this report provides a general introduction to IoT to enable readers to familiarize with the concept and provide some relevant background information. It covers key objectives and motivation for undertaking the project and the approach to be taken.
In chapter 2, a preliminary literature review is given and the fundamentals of IoT are covered. The chapter follows on to explore and discuss briefly the component parts that make a typical IoT system. It aims to allow the reader understand the components at a fairly high level, enough to allow them to understand the role that each plays in the overall implementation.
Chapter 3 delves further into a typical Smart home scenario, which has specifically been created for the purpose of achieving the objective of the project. It outlines the design and functional components of a model smart home
Chapter 4 is the core of the project that analyzes and conducts a risk assessment of the model described in chapter 3. It describes the risk assessment method, analysis, justification and assumptions for carrying out the assessment and provides a conclusion to the assessment
Chapter 5 builds on chapter 4 by prioritising key risks and discussing and proposing suitable controls and recommendations to mitigate the risks derived from the assessment exercise.
Chapter 6 discusses privacy concerns and the role of regulation and legislation.
Chapter 7 discusses areas of further research and future trends in smart homes IoT.
Chapter 8 summarises and provides a logical conclusion on the project based on the predefined set of objectives.
2 Literature Review and IoT Fundamentals
This chapter aims to discuss key concepts in IoT, touching on existing research and the nature of the review to be carried out and how it will be used to accomplish the project objectives. It will go on to outline the key components of an IoT implementation
2.1 Literature Review and Current Research
The concept of IoT is still a very new and an evolving one with ongoing research into different aspects of its application and the impact to the wider community. Most research to date has been driven mainly by the need to be efficient, effective and cost effective in service delivery, which in turn has given rise to the development of a variety of use cases for IoT as previously described in Chapter 1. Previous, current and ongoing research mainly involves industry, government and academia, and has a strong focus on maximizing the usage. There is very limited and mostly inconclusive research on the security implications of implementing these use cases.
The available literature on the current usage and fundamentals of IoT was utilized to present the topic and expanded upon to set the context and provide an overview. This was further used to generate a sample smart home model.
A number of risk methodologies will be analyzed from existing literature and built upon to analyze the model and to conduct a risk assessment of the implementation.
A number of control frameworks will be reviewed, however recommendations will be made where this needs to be tailored to address the specific risks identified from the assessment.
Existing privacy issues and legal and regulatory considerations will be expanded upon in the context of the IoT smart home concept and discussed.
2.2 Key components of an IoT implementation
Any IoT implementation consists of key components required to enable the desired functionality. The components can be categorized as follows:
• Smart device (Thing)
• Local Network (LAN, PAN, WLAN)
• Device gateway
• Internet / WAN / Switch
• Presentation Devices