Report: Distributed IoT Security and Standards Workshop at NDSS 2018

Network and Distributed Systems Security (NDSS) Symposium is in full swing for its 25th anniversary year. As usual the NDSS program includes a really impressive array of great content on a wide range of topics. Prior to the main event there were four one-day workshops on themes related to the topic of NDSS: Binary Analysis Research, DNS Privacy, Usable Security, and the workshop I’d like to delve into here, Distributed IoT Security and Standards (DISS).

The DISS workshop received 29 submissions and accepted 12 papers. In an interesting twist on the usual scientific workshop format, the presented papers were all still in draft form and will now be revised based on the Q&A and offline discussions that took place as a result of the workshop. Revised papers will be published by the Internet Society in due course.

Introducing proceedings, co-chair Dirk Kutscher explained that it has become evident that the success of the Internet of Things (IoT) depends on sound and usable security and privacy. Device constraints, intermittent network connectivity, the scale of deployments, economic issues all combine to create an interesting and challenging environment for the research community to address.

A decentralised approach to IoT security is being pursued by multiple projects and several were presented during the workshop. Simultaneously, many IoT standards are under development in IETF, W3C, and elsewhere. It is therefore very timely to bring researchers together on the topic of DISS. The scope for the workshop was threefold:

  1. Enabling secure interoperability across IoT ecosystems;
  2. Security and privacy in ongoing IoT standardisation work, and;
  3. Other topics related to decentralised security and standardization in IoT

Ian Molloy gave a very interesting presentation on his work (with co-authors David Barrera and Heqing Huang) to monitor the connectivity profiles of different IoT devices and enforce network security policy to minimise the risks posed by insecure IoT devices to both the device owners and the wider Internet. The approach was described as ‘parental controls’ for IoT and brought to mind the work underway in the IETF on Manufacturer Usage Descriptions (MUD). An interesting difference between the two approaches is that Molloy’s explicitly does not require the user to trust the manufacturer to define a policy and provide a product that understands or respects the concerns of the end-user. There may be a place for a more distributed and crowdsourced approach.

Two papers addressed security reviews of existing standards. Michael McCool presented work (with co-author Elena Reshetova) to evaluate the security of the W3C Web of Things standard. Carsten Bormann presented an analysis of various developing standards for authorization solutions for the IoT. Both talks made clear that while standardisation for various pieces of a secure IoT ecosystem is underway, there is more work to be done to minimise the potential for implementation mistakes and the unintended consequences of exposing IoT device metadata.

Tomer Golomb presented a very interesting approach to anomaly detection including a great video demonstration of a wall of Raspberry Pis sharing state regarding normal operating conditions and then alarming when simulated exploits were run against known vulnerabilities.

The workshop also received an explicitly non-technical paper that considered the economic aspects of standardising security for the IoT. The authors tried to understand why IoT device manufacturers continue to ignore the findings of security research. They observed that consumers can’t determine the level of security provided by IoT products and are unwilling to pay for something they cannot assess. They identified a number of recommendations for ‘market-driven’ standardisation organisations:

  1. Define precise security model
  2. Stop consumer/business differentiation
  3. Add membership level for academic institutes
  4. Conduct security testing without conflict of interest
  5. Define and Enforce Update Policy

Lively discussion following this talk emphasised the importance of academic involvement, an open standards process with a multistakeholder ethos, and incorporating the development of reference implementations as part of the standards development life cycle. The need for regulation to help overcome the information asymmetry problem between industry and the consumers of IoT devices was also a hot topic of discussion.

Other topics discussed during the workshop included securing payments for outsourced computations, building a secure and open federation layer for IoT silos, authentication and key exchange protocols for IoT, practical implementation aspects and attestation.

To read more about NDSS, see our introductory blog post, our overview of the full NDSS 2018 program, and remember you can follow along via our social media channels – Twitter, Facebook, YouTube, and LinkedIn – or search/post using #NDSS18.

The post Report: Distributed IoT Security and Standards Workshop at NDSS 2018 appeared first on Internet Society.

Internet Society

Innovation-Based Technology Standards Are Under Threat

Our world faces challenges more intricate and abstract today than at any previous point in history. As these challenges grow ever more tangled and complex, governments and businesses strive to create innovative technological solutions.

Unfortunately, creativity is not a matter of will. And the need for solutions is not itself sufficient to bring them about. Innovation demands the proper conditions — a balanced mix of flexibility and stability, spontaneity and forethought, risk and return. Increasingly, these conditions are under threat from the very institutions that have come to rely most heavily on the technologies they produce. The patent system and the standards system — two vital contributors to U.S. economic growth and consumer prosperity, that have together kindled a generation of unparalleled technological advancement — are being wrongly targeted by regulators, academics, and special interests as impediments to future progress.

A movement has taken hold in the United States and elsewhere to reduce the benefits of patent protection and to limit royalties available to technology inventors who contribute their innovations to industry standards.1 This movement has gained traction in courts, universities and boardrooms based on the mistaken belief that inventor protections increase the cost of standards-based consumer technologies. In fact, the opposite is true,2 and public policies aimed at weakening the patent and standards systems risk stalling the pace of technological advancement.

It is far from granted that technological progress will continue at recent rates. The social, regulatory, and financial headwinds faced by inventors intensify every year. Absent the legal and economic conditions required to continually foster innovation, there is no reason to believe technological progress will continue at any particular pace, and serious cause for concern that the promises of the fourth industrial revolution will go unfulfilled.

Take the extraordinary potential of 5G wireless systems — steadily moving from the abstract promise of “next-generation” technology to concrete and widespread use — to connect drivers with roads and other vehicles around them, to connect patients with medical practitioners, and to digitize industries across a vast spectrum of commercial endeavors. Shared industry standards are necessary to make these communications instantaneous, reliable and secure, but their future is threatened by an economic and regulatory system that increasingly favors technology implementers to the detriment of technology creators.3 Companies like Ericsson and Nokia,4 leading innovators of 5G technology, have seen their licensing revenues and profits fall dramatically in recent years, due in large part to nonpayments from implementers and various government enforcement actions.5

The future of innovation — of smart, interoperable, and interconnected products — demands a sustainable system of investment, which in turn requires reliable facilitators of capital. Patents and standards are two proven accelerators of industry, and yet each faces growing pressure from regulators and technology implementers. If society is to benefit from a future of economic growth fueled by technological innovation, careful attention is required at the delicate interface between the patent and standards systems. An objective and informed balancing of the true costs and incentives of innovation, coupled with an appreciation for the exceptional opportunities for collaboration and growth made possible by patents and standards, is necessary to ensure that the inventors we have come to rely on have the resources they need to continue delivering on their potential.

Despite the truly profound societal interest in preserving incentives for technological investment, popular discussion of patent rights and standards is limited. This is because consumers are generally unaware of the process of value creation in high technology industries. Device manufacturers are customer-facing, so their contributions are readily recognized. But the inventors who enable device-level innovation through their contributions to underlying technologies go unseen, and their contributions unappreciated. Indeed, consumers often mistakenly attribute the technological achievements of modern devices to the device makers, when much of the credit should go to the inventors who create the foundational technologies from which the devices are built.

Consider the modern smartphone. The brilliant display, high-resolution camera, and full-motion video capability are all attributable not to the device manufacturers, but their upstream suppliers. And these tangible features are, themselves, useless without the profound innovations in cellular communications and processors required to run them — innovations generated by earlier inventors.

The underappreciation of upstream innovation becomes apparent where innovation is brought to market through industry standards. Once products that implement a given standard are put on the market, the only way inventors can receive compensation for the use of their inventions included in the standard — and, therefore, the only way inventors can realize a return on their substantial investments of time and money — is through the receipt of royalty payments. In contributing a technology to a given standard, and thus foregoing patent exclusivity, innovators surrender every other viable revenue opportunity. Unlike companies competing on nonstandardized products, innovators in standards-based industries cannot recoup research and development (R&D) expenses by simply raising the prices of the finished products they sell. This is because standards-based innovators, such as InterDigital and LG, sell in price competition with standards-implementing manufacturers, such as Apple and Samsung, who place comparatively fewer resources at risk to create the standards their products implement. These competitors have a dramatically lower cost basis and do not need to make up for time and money spent innovating. Yet they are able to enjoy and exploit the underlying product improvements resulting from the work of the inventors who created and contributed the standardized technologies.

The problem inventors face in recouping their investment costs is compounded by the fact that, in order for technologies to be included in a standard in the first instance, inventors must both disclose the technologies to industry groups and commit to license them on reasonable and nondiscriminatory terms to anyone manufacturing devices practicing the new standard. Such disclosures and commitments necessarily occur years before any product embodying the new standard will reach the market, meaning that new technologies are available for implementers’ use well in advance of making royalty payments on them. During that period, manufacturers and consumers forget the importance, desirability, and value of the standardized technologies and discount associated patents and compensation accordingly, while economic, judicial, administrative, social, and competitive pressures force inventors to accept royalty rates that are unfair. The current remuneration paradigm thus involves a fragile “give now, get paid much less, much later” dynamic with respect to intellectual property. And as royalties are the only means of compensation for inventors, this dynamic can render inventors unable to access the capital they need to continue inventing, stalling the cycle of innovation.

Leadership in Innovation Requires Incentivizing Innovation-Based Standards

“Innovation-based standards,” such as Wi-Fi, Bluetooth, and 4G LTE, are standards that incorporate truly inventive technological advancements, enabling implementers to build products that do more than simply follow convention. These standards represent technologies unequivocally superior to those previously available. The natural desire of device manufacturers to acquire these technologies at their lowest possible cost is at odds with the sound public policy of incentivizing investments in innovation and the contribution of innovations to standards. It pits a short-term gambit by implementers of standardized technologies to pay less than the value they receive against the inevitable long-term consequence of inventors of standardized technologies disappearing in the face of poor returns on their sizable investments in innovation.

Implementers who would restrict the ability of innovators in standards-reliant industries to recover reasonable royalties are building profitable businesses on a technological foundation to which they made no contribution. For instance, the best empirical research to date6 suggests that royalties on the sales of most mobile phones on the market today are around 3% or 4% — pennies on the R&D dollar. What certain implementers seem to be pushing for are completely royalty-free licenses. They are, in effect, standing on the shoulders of giants while striking them at the knees. And such “short-term win, long-term lose” scenarios rarely make for good public policy.

Companies that make massive investments in R&D to generate the modern wonders of the digital world, then willingly share their hard-won successes through standards for the benefit of all industry participants and consumers, offer prime value in what is perhaps mankind’s most constructive and nuanced form of commercial activity. These innovators should be celebrated, encouraged, and rewarded. They cannot be expected to sacrifice their innovations in return for vanishing economic opportunity. Resolute leadership in championing innovation-based standards requires the careful crafting and honoring of incentives that recognize the critical role, and yet perilous position, of innovators. Leadership in this context means resisting the efforts of standards-implementing manufacturers to take without paying, supporting policies that enable innovators to receive fair compensation for their contributions, and attaching significant consequences for those who fail to pay for the standards-based innovation from which they seek to benefit.

With innovation-based standards bringing unprecedented value to our economy, U.S. policy makers must recognize what makes these standards so valuable: voluntary contributions of technology by innovators who invested much in the creation of that technology. To pursue policies aimed at rewarding and encouraging these innovators is to add impetus to the highest order of human enterprise.

MIT Sloan Management Review

Open standards and interoperability are the key to Smart City growth

Smart City applications may still be in their infancy but the Internet of Things (IoT) is a true game changer in terms of the opportunity it presents to unlock operational efficiency and improve quality of life, says Phil Beecher, president of the Wi-SUN Alliance.

There is still some way to go before we see widespread adoption of Smart City technology, but it’s gathering pace and spearheading the charge are cities including Chicago, Copenhagen and Paris.

Recent research undertaken by the Wi-SUN Alliance to find out what the main challenges are for IT leaders in organisations in smart city and other IoT development sectors in the UK, US, Denmark and Sweden revealed that IoT implementation is happening further and faster than perhaps many would imagine: over half (51%) of those investing have already fully implemented an IoT strategy.

For a city to remain competitive in today’s global marketplace essential citizen services must be reliable, timely and efficient. Consequently, choosing the right communication network technology is a foundational step towards enabling a range of Industrial IoT and Smart City solutions

IoT networks, just like the internet, should be built on a set of standard protocols and structured to provide the flexibility to support this growing range of applications, as well as provide highly resilient connectivity. They must also be fault tolerant while providing the capacity to deal with very large numbers of devices.

Our own independent research also verified this with over half (52%) saying that standardisation is what they’re looking for when evaluating these technologies. Other key criteria included network topology (58%) and communication performance (53%).

It’s heartening to see respondents so advanced in their planning and understanding of networks — with most (53%) favouring a combination of star- and mesh-based networks.

Mesh-based architectures such as Wi-SUN have been designed with flexibility and adaptability in mind and to maintain highly reliable connectivity even in the most challenging environments. With star-based networks, a physical obstruction can cause localised loss of coverage to part of the network that will prevent these systems from operating.

Within a mesh network, any device can connect seamlessly with its peers and can create multiple redundant connection paths across the network. Thus, mesh networks become more reliable and resilient as they grow. If there happens to be a temporary outage, e.g. through power failure, the mesh will automatically re-route network traffic through an alternate connection path. Similarly, if the landscape changes, then the mesh will adapt to ensure continuous connectivity.

A mesh architecture provides greater resilience and flexibility than a star-based technology, making it a far better choice for Smart City networks.

The use of open standards is also important in IoT networks as it negates the need to be locked into one vendor and provides yet another advantage for Smart City applications. Solutions built on open standards, supported by a certification programme for interoperability, provide the network operator with a choice of vendors, competitive pricing and the confidence of a continuity of supply.

In order to support multi-service networks, it makes sense for a local authority or municipality to use the same communications infrastructure for a wide variety of applications, such […]

The post Open standards and interoperability are the key to Smart City growth appeared first on IoT Now – How to run an IoT enabled business.

Blogs – IoT Now – How to run an IoT enabled business

LTE Standards Lead to Massive Internet of Things

LTE Standards Lead to Massive Internet of Things

LTE Standards Lead to Massive Internet of Things

5G Americas announces new report on progress towards 5G Cellular IoT.

5G Americas*, today announced the publication of LTE Progress Leading to the 5G Massive Internet of Things to outline the technological advancements that will support the growing markets for wearables, health care, connected vehicles, and more Internet of Things (IoT).

This market is predicted to be a key business driver of the telecom industry and its upcoming next generation. IoT will require new technology requirements for its varied use cases. More recently, the industry has created the term Massive IoT (MIoT), referring to the connection for potentially tens of billions of devices and machines, that will require further definition in the standards for LTE and later for 5G.

“Some cellular service providers in the U.S. are already adding more IoT connections than mobile phone connections, and the efforts at 3GPP in defining standards for the successful deployment of a wide variety of services across multiple industries will contribute to the growing success for consumers and the enterprise,” noted Jean Au, Staff Manager, Technical Marketing, Qualcomm Technologies, Inc. and co-leader of 5G Americas whitepaper LTE Progress Leading to the 5G Massive Internet of Things.

Today, Low-Power Wide-Area (LPWA) is already gaining attention and it is anticipated that cellular-based technologies such as LTE-M (Machine) and Narrowband-IoT (NB-IoT) will become the leading LPWA standards by 2020. Operators can choose from several Cellular IoT (CIoT) technologies based on their spectrum portfolio, legacy networks, and requirements of their offered services.

LTE-M is the commercial term for enhanced Machine-Type Communication (eMTC) LPWA technology published in the 3GPP Release 13 specification along with NB-IoT. Both technologies will continue to evolve in subsequent releases. They are supported by the vast majority of all major mobile manufacturers and can co-exist with 2G, 3G, and 4G cellular networks. As they are 3GPP-standardized and run on licensed spectrum, they offer clear advantages over non-cellular IoT technologies with technical features such as carrier-grade security.

The generic requirements for IoT are low cost, energy efficiency, ubiquitous coverage, and scalability (ability to support a large number of connected machines in a network). In the 3GPP Release 13 standard, eMTC and NB-IoT meet the generic IoT requirements: they support in-band or guard band operations; device cost and complexity are reduced; a large quantity of IoT devices can be supported in a network; and battery life is extended. 3GPP Release 14 in 2017 introduces enhanced mobility, Voice-over-LTE (VoLTE), support of higher data rates, broadcast (enhanced Multicast Downlink transmission) and improved positioning capabilities, among other innovations for CIoT.

“Whereas 4G has been driven by device proliferation, bandwidth hungry mobile services, and dynamic information access, 5G will also be driven by IoT applications,” remarked Vicki Livingston, Head of Communications, 5G Americas. “There will be a wide range of IoT use cases in the future, and the market is now expanding toward both Massive IoT deployment as well as more advanced solutions that may be categorized as Critical IoT.”

To reach massive scale, which is defined by 3GPP as at least 1 million devices per square kilometer, mobile networks must more efficiently support the simplest devices that communicate infrequently, and are ultra-energy efficient so they can deliver an extremely long ten-year battery life. The requirement would be for low-cost devices with low energy consumption and good coverage. Alternatively, Critical IoT applications will have very high demands for reliability, availability, and low latency which could be enabled by LTE or 5G capabilities. Declining modem costs, evolving LTE functionality and 5G capabilities are all expected to extend the range of applications for critical IoT deployments. However, many use cases exist between these two extremes, which today rely on 2G, 3G or 4G connectivity.

Chris Pearson, President, 5G Americas, confirmed:

“Network connectivity is essential for the IoT and there are many wireless access technologies currently in use. However, given the wide variety of use cases, environments and requirements, no single connectivity technology or standard can adequately serve all use cases, so this is where development of multiple 3GPP cellular technology standards can cater to the future. 3GPP is keeping up with the growth of IoT to address the market demand.”

LTE Progress Leading to the 5G Massive Internet of Things was written by co-leaders Betsy Covell, Nokia Bell Labs Senior Standards Manager and Jean Au, Staff Manager, Technical Marketing, Qualcomm Technologies, Inc. as well as Vicki Livingston of 5G Americas and representatives from member companies on 5G Americas’ Board of Governors who participated in the development of this white paper. The “5G Massive Internet of Things” whitepaper is available for free download.
*the industry trade association and voice of 5G and LTE for the Americas

The post LTE Standards Lead to Massive Internet of Things appeared first on IoT Business News.

IoT Business News