IoT has a dirty little secret, they tend to only work if you connect via that devices hub; generally a cloud system. Should that hub go down, or the company simply decide not to support it any more, or go bust, then all you have is a non-functional brick.
This was recently brought home to the purchasers of the IoT devices from Best Buy who’s Insignia 'smart' home gear become very dumb (https://www.theregister.co.uk/2019/11/05/best_buy_iot/) or more recently “Pets 'go hungry' after smart feeder goes offline” (https://www.bbc.com/news/technology-51628795)
If that device was $20 and you got 5 years use of you may take the pragmatic view and simply buy the latest and greatest widget. But if you purchase a new car - and it’s Internet connected; it’s effectively an very expensive IoT device. Before you collected it the salesman told you to pre-install the app on your phone and create an account, and on collection you are walked through how to connect the app to the vehicle - only you actually didn’t; in effect you connected your app to the Volvo / BMW / Mercedes cloud service and that service paired your account to the vehicle.
The problem is the same, should Volvo / BMW / Mercedes decide to discontinue support, or (however unlikely) go bust, then I’ve gone from having a smart vehicle, to a dumb one! In essence I’m at their mercy, and the smarter these vehicles get and the more we rely on those smart features the more of a problem this becomes until the point that, although buying a car may seem like good value, in effect you are just being allowed to borrow it.
The problem gets worse when you get into the home - connecting a set of disparate IoT devices requires your control centre (typically a smart speaker) to connect to the cloud service. Then, in turn, you tell that cloud service how to talk to each device, via the cloud services of each individual device manufacturer.
Firstly, all of those devices are communicating through your home router, opening up multiple avenues of attack for the bad guys, but; Second, WHY? Surely when I turn on the light my intelligent light switch should talk directly to my intelligent light.
The challenge is that when I buy a new IoT light bulb, how do I make in “my light-bulb” or probably, and more realistically “my homes light bulb”, such that my homes IoT enabled light switch can control it - directly (on the same network) and without needing to go out to a cloud service.
The Identity 3.0 concepts of “personas” and “context” allow you to do just that. The (digital) join between Entity:Human Myself and Entity:Device Volvo XC90 creates a unique personal for the vehicle; “My Volvo XC90”, with a set of cryptographic keys that allow me to directly and securely connect the the vehicle.
In the house, the connection between Entity:Organization House and Entity:Human Myself gives me a persona as a member of the organization. In turn the new IoT light bulb and IoT light switch are also enrolled with personas making them the houses IoT devices. Now anyone (just as you do today) can operate the switch and the light turns on, but as a member of “house” I can also use my voice or smart-device to control that light.
Not only is this more secure, it is more logical to set up and maintain; and more importantly, keeps working even when the manufacturers cloud service goes off-line, or goes bust!
See: https://www.globalidentityfoundation.org/downloads/Briefing_-_Infrastructure+IoT.pdf
This was recently brought home to the purchasers of the IoT devices from Best Buy who’s Insignia 'smart' home gear become very dumb (https://www.theregister.co.uk/2019/11/05/best_buy_iot/) or more recently “Pets 'go hungry' after smart feeder goes offline” (https://www.bbc.com/news/technology-51628795)
If that device was $20 and you got 5 years use of you may take the pragmatic view and simply buy the latest and greatest widget. But if you purchase a new car - and it’s Internet connected; it’s effectively an very expensive IoT device. Before you collected it the salesman told you to pre-install the app on your phone and create an account, and on collection you are walked through how to connect the app to the vehicle - only you actually didn’t; in effect you connected your app to the Volvo / BMW / Mercedes cloud service and that service paired your account to the vehicle.
The problem is the same, should Volvo / BMW / Mercedes decide to discontinue support, or (however unlikely) go bust, then I’ve gone from having a smart vehicle, to a dumb one! In essence I’m at their mercy, and the smarter these vehicles get and the more we rely on those smart features the more of a problem this becomes until the point that, although buying a car may seem like good value, in effect you are just being allowed to borrow it.
The problem gets worse when you get into the home - connecting a set of disparate IoT devices requires your control centre (typically a smart speaker) to connect to the cloud service. Then, in turn, you tell that cloud service how to talk to each device, via the cloud services of each individual device manufacturer.
Firstly, all of those devices are communicating through your home router, opening up multiple avenues of attack for the bad guys, but; Second, WHY? Surely when I turn on the light my intelligent light switch should talk directly to my intelligent light.
The challenge is that when I buy a new IoT light bulb, how do I make in “my light-bulb” or probably, and more realistically “my homes light bulb”, such that my homes IoT enabled light switch can control it - directly (on the same network) and without needing to go out to a cloud service.
The Identity 3.0 concepts of “personas” and “context” allow you to do just that. The (digital) join between Entity:Human Myself and Entity:Device Volvo XC90 creates a unique personal for the vehicle; “My Volvo XC90”, with a set of cryptographic keys that allow me to directly and securely connect the the vehicle.
In the house, the connection between Entity:Organization House and Entity:Human Myself gives me a persona as a member of the organization. In turn the new IoT light bulb and IoT light switch are also enrolled with personas making them the houses IoT devices. Now anyone (just as you do today) can operate the switch and the light turns on, but as a member of “house” I can also use my voice or smart-device to control that light.
Not only is this more secure, it is more logical to set up and maintain; and more importantly, keeps working even when the manufacturers cloud service goes off-line, or goes bust!
See: https://www.globalidentityfoundation.org/downloads/Briefing_-_Infrastructure+IoT.pdf