.A brief history of the IoT
The concept of adding sensors and intelligence to physical objects was first discussed in the 1980s, when some university students decided to modify a coca cola vending machine to track its contents remotely. But the technology was bulky and progress was limited. The term “Internet Of Things” was coined in 1999 by the computer scientist Kevin Ashton. While working at Procter & Gamble, Ashton proposed putting radio-frequency identification (RFID) chips on products to track them through a supply chain. He reportedly worked the then -buzzword ‘internet’ into his proposal to get the executives’ attention. And the phrase stuck.Over the next decade, public interest in IoT technology began to take off, as more and more connected devices came to market. In 2000, LG announced the first smart refrigerator, in 2007 the first iPhone was launched and by 2008, the number of connected devices exceeded the number of people on the planet.In 2009, Google started testing driverless cars and in 2011, Google’s Nest smart thermostat hit the market, which allowed remote control of central heating.
Connected devices fall into three domains: consumer IoT, such as wearables, enterprise IoT, which includes smart factories and precision agriculture, and public spaces IoT, such as waste management. Businesses use IoT to optimize their supply chains, manage inventory and improve customer experience, while smart consumer devices such as the Amazon Echo speaker, are now ubiquitous in homes due to the prevalence of low-cost and low-power sensors. Cities have been deploying IoT technology for more than a decade — to streamline everything from water meter readings to traffic flow. “In New York City, for example, every single building (so more than 817,000) was retrofitted with a wireless water meter, starting back in 2008, which replaced the manual system where you had to walk up to a meter read the numbers and generate bills that way,” says Jeff Merritt, the World Economic Forum’s head of IoT and Urban Transformation. “Many cities now leverage license plate readers, traffic counters, red light cameras, radiation sensors and surveillance cameras to manage day-to-day operations.” In medicine, the IoT can help improve healthcare through real-time remote patient monitoring, robotic surgery and devices such as smart inhalers. In the past 12 months, the role of the IoT in the COVID-19 pandemic has been invaluable. “IoT applications such as connected thermal cameras, contact tracing devices and health-monitoring wearables are providing critical data needed to help fight the disease, while temperature sensors and parcel tracking will help ensure that sensitive COVID-19 vaccines are distributed safely,” according to the Forum’s State of the connected World report. Beyond healthcare, IoT has helped make COVID disrupted supply chains more resilient, automated activities in warehouses and on factory floors to help promote social distancing and provided safe remote access to industrial machines.
.The future of IoT
The range of potential IoT applications is “limited only by the human imagination” and many of these applications can benefit the planet, as well as its people. A 2018 analysis of more than 640 IoT deployments, led by the World Economic Forum in collaboration with research firm IoT Analytics, showed that 84% of existing IoT deployments address, or have the power to advance, the UN’s Sustainable Development Goals. These include promoting more efficient use of natural resources, building better, fairer “smart cities”, and developing clean, affordable energy alternatives. IoT smart roads that connect with self-driving cars could improve driver safety and optimize traffic flow, potentially reducing the average commute time by 30 minutes. Emergency responder times could also be cut significantly. Real-time crime mapping and predictive policing tools could also help prevent crime. McKinsey estimates that using data to deploy scarce resources more effectively could save 300 lives a year in a city with the population and profile of Rio de Janeiro.
IoT requires security measures at all three layers; at physical layer for data gathering, at network layer for routing and transmission, and at application layer to maintain confidentiality, authentication, and integrity. In this section the state-of-art security measures that address the specific features and security goals of IoT are discussed
In 2011, Zhao presented a mutual authentication scheme for IoT between platforms and terminal nodes. The scheme is based on hashing and feature extraction. The feature extraction was combined with the hash function to avoid any collision attacks. This scheme actually provides a good solution for authentication in IoT. The feature extraction process has the properties of irreversibility which is needed to ensure security and it is light weight which is desirable in IoT. The scheme focuses on authentication process when the platform is trying to send data to terminal nodes and not the opposite. Although the scheme will improve the security while keeping the amount of information sent reduced, it works only on theory and there is no practical proof to support it. Another method for ID authentication at sensor nodes of IoT is presented by Wen . It is a one-time one cipher method based on request-reply mechanism. This dynamic variable cipher is implemented by using a pre-shared matrix between the communicating parties. The parties can generate a random coordinate which will serve as the key coordinate. Key coordinate is the thing which actually gets transferred between two parties, not the key itself. The key, i.e. password, is then generated from this coordinate. All the messages are sent by encrypting them with the key, along withkey coordinate, device ID, and time stamp. The two devices communicate by validating timestamps, and thus they can cancel the session based on it. This cipher can be used where securing IoT is not very sensitive and crucial because key can be repeated for different coordinates. If key coordinate is changed regularly, security can be optimized for that particular IoT framework. The installation of pre-shared matrix needs to be secure for this work to be implemented for a large number of IoT devices. Creating correct access controls is as important as authentication for security, and these two functionalities go hand in hand in securing IoT. To address these functionalities, Mahalle et al. presented an Identity Authentication and Capability based Access Control (IACAC) for the IoT. This research attempts to fill the gap for an integrated protocol with both authentication and access control capabilities to achieve mutual identity establishment in IoT. The proposed model uses a public key approach and is compatible with the lightweight, mobile, distributed, and computationally limited nature of IoT devices plus existing access technologies like Bluetooth, 4G, WiMax, and Wi-Fi. It prevents man-in-the-middle attacks by using a timestamp in the authentication message between the devices, which serves as the Message Authentication Code (MAC). The scheme works in three stages; first a secret key is generated based on Elliptical Curve Cryptography-Diffie Hellman algorithm (ECCDH), then identity establishment is made by one-way and mutual authentication protocols, and lastly access control is implemented. The shared secret key is formed by the combination of public key and a private parameter, and has small size and low computational overhead due to the use of Elliptic Curve Cryptography (ECC). The access is granted by storing a capability with access rights, device identifier, and a random number in each IoT device. This random number is the result of hashing device ID with access rights. The IACAC model does not completely prevent DoS attacks. However, it minimizes it since access of resource is granted to only one ID at a time. Most of the devices involved in the perception layer of the IoT are RFID and sensors. Such devices have extremely limited computational capability, which makes it difficult to apply any cryptography algorithms to ensure the security of the network. However, researchers in introduced a light weight authentication protocol to secure RFID tags. In unsecured RFID the attacker can gain access to the network by sniffing the Electronic Product Key (EPC) of the victim tag and program it to another tag. By applying the authentication protocol such attacks can be prevented. The protocol ensures mutual authentication between RFID readers and tagged items without introducing large overhead on these devices. Since, devices in IoT can physically move from one owner to another, trust should be established between both owners to enable a smooth transition of the IoT device with respect to access control and permissions. The work in presents the concept of mutual trust for inter-system security in IoT by creating an item-level access-control framework. It establishes trust from the creation to operation and transmission phase of IoT. This trust is established by two mechanisms; the creation key and the token. Any new device which is created is assigned a creation key by an entitlement system. This key is to be applied for by the manufacturer of the device. The token are created by the manufacturer, or current owner, and this token is combined with the RFID identification of the device. This mechanism ensures the change of permissions by the device itself if it is assigned a new owner, or it is going to be operated in a different department of the same company, thus reducing the overhead of the new owner. These tokens can be changed by the owners, provided that old token is provided, so as to supersede the permissions and access control of the previous one. This mechanism is similar to changing the old key when a new home is bought.
The IoT framework is susceptible to attacks at each layer; hence there are many security challenges and requirements that need to be addressed. Current state of research in IoT is mainly focused on authentication and access control protocols, but with the rapid advancement of technology it is essential to incorporate new networking protocols like IPv6 and 5G to achieve the dynamic mashup of IoT topology. The major developments witnessed in IoT are mainly on small scale i.e. within companies, some industries etc. To scale the IoT framework from one company to a group of different companies and systems, various security concerns need to be overcome. The IoT has great potential to transform the way we live today. But, the foremost concern in realization of completely smart frameworks is security. If security concerns like privacy, confidentiality, authentication, access control, end-to-end security, trust management, global policies and standards are addressed completely, we can witness the transformation of everything by IoT in the near future. There is need for new identification, wireless, software, and hardware technologies to resolve the currently open research challenges in IoT like the standards for heterogeneous devices, implementation of key management and identity establishment systems, and trust management hubs.