Privacy, trust and security matters. Search in Internet of Things is tricky.
Shodan.io is today the most popular search engine in the Internet of Things and its functionality reveals, that we have a serious security and privacy problem with connected devices. The search allows to filter devices types as IP Cameras or industrial SCADA gateways, which are visible by public IP addresses. Furthermore, it allows sometimes to have a look into the data streams of devices, when operators missed to hide them from rubbernecks. By that it becomes easy to watch the live video stream on your home computer in Europe, while innocent costumer of a hair dresser salon in Bangkok have no clue that they are stars in an internet live show. Even worse, when such unsecured IP camera is operated by parents to control and watch their baby in nursery. This is a massive intrusion into privacy with unforeseeable risks for the exposed victims. Privacy is basic principle of our society as Article 12 of the universal declaration of human rights states:
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Without privacy, we are losing a fundamental principle for individual freedom. Privacy is the mastic of human society. The example of privacy violation by a search engine is a symptom of a fundamental broken security chain in Internet of Things.
Something went terribly wrong with search in Internet of Things
Unsecured or insufficient hided connected devices are a daily reality. And the technical feasibility to index such devices and its data streams is leading into permanent attack vector towards privacy and security. Indexing devices is not exclusive for search, it is as well a basic functionality in building an aggressive and hostile IoT botnet. This is the dark side of the Internet of Things.
But on the other side, a search on Internet of Things devices and their data is needed for many smart services: for example, starting on predictive maintenance in industry 4.0, sport game analytics, smart cities environmental monitoring, smart building services and health monitoring of elderly or invalid persons. The functionality of such smart systems requires safe, secure and trusted service to index device and provide search service layers. To design such system is a challenge the eleven international Partners facing in the IoTCrawler research project.
IoT Crawler a new search in engine approach with respect of trust and privacy
Building a search engine in the Internet of Things is complex. As we are stepping into machine to machine economy, the search and the results will be used in highly automated systems. For example, in smart Buildings an IoT search engines allows to identify critical factors depending from environmental conditions and user interactions. Such conditions are changing dynamically: the energy consumption of a smart building based on microclimate, inhabitant’s headcount and activity. The system is not only highly interconnected inside the building but also outside with energy grids, traffic control or waste management of a smart cities ecosystem. While you have 10.000 sensor inside a single smart building the sensor quantity explodes in smart cities context. At IoTCrawler the partners are testing and strengthen this new smart service on real life testbeds. For example, Siemens Austria is working on a smart building testbed to optimize the energy consumption of a building in context of smart energy grid infrastructure. Energy grids are an element of critical infrastructure, which is a good example to exercise new concepts on safety and security in IoT search. Siemens Austria researcher Josiane Xavier quotes:
“The dynamic nature of the services landscape in combination with an ever-growing number of available devices and services makes the discovery and continuative utilization or provision of services a non-trivial task. IoTCrawler will ease these efforts by providing means to identify and consume services by significantly reducing the required engineering effort.”
Trust and cybersecurity has become critical for an industrial company as Siemens. While Josiane Xavier is working on solutions on a research level, the company’s board has set cybersecurity to a strategic core challenge.
Siemens CTO Roland Busch stated, “The industrial Internet of Things (IoT) would be inconceivable without cybersecurity.”
In 2018 the company has initiated the Charter of Trust (link: Charter of Trust to amplify cybersecurity on a broad level with a partner eco system.
Fighting for Cybersecurity has become a Mission of the European Digital Single Market
The industrial example shows very well, that the mission of IoTCrawler is embedded into a broader context towards better cybersecurity. It is not only about safe and secure search in Internet of Things. IoTCrawler is about supporting Europe to become a global forerunner on trust, security and privacy in digital economy and society. That’s why the European Commission has chosen IoTCrawler as one of eight Projects to compose a European IoT security and privacy cluster. By that the European Commission joins research forces on IoT security, knowledge exchange and capacity building. (link: https://ec.europa.eu/digital-single-market/en/blogposts/fighting-cybersecurity-eight-new-eu-funded-projects-more-secure-iot)
Search in Internet of Things needs to be more than exposing unsecured devices and data. The automated search in Internet of Things needs to respect security and privacy while providing highly trusted level for data sources and consumption. That’s what we are currently doing on IoTCrawler.
About the Author:
Mirko Ross (link: http://think.digital-worx.de/autoren/mirko/ )
is CEO of digital worx GmbH (link: https://www.digital-worx.de), a German based company with focus on Cybersecurity and Innovation in Internet of Things. digital worx is member of the IoTCrawler reseach consortium.
You can follow Mirko’s activities on Twitter (link: https://twitter.com/mirko_ross)