| Glossary | Hardware | Internet of Things

Definition and delimitation

The Internet of Things (IoT) is a network of physical IT systems that are connected to the Internet and perform various control tasks. With the increasing networking of devices in various areas of life, other fields of application in IdD have also emerged. For example, intelligent sensors in home use or embedded systems from automation technology are counted as IdD. In comparison to classic control systems in industry, IdD devices have a connection to the outside world, so they can be accessed and configured by authorised persons via the internet, for example, after appropriate authentication.

History

The first known “thing” connected to the internet was already networked in the early 1980s. At Carnegie Mellon University in Pittsburgh (USA), a beverage vending machine was connected to the internet in 1982 so that its stock and cooling temperature could be checked remotely [1]. In the following years, networked devices were repeatedly taken up in science before the IdD term was used for the first time in 1999 [2] [3]. With the advancement of broadband expansion, the topic of IdD has also become increasingly important in recent years. Last but not least, IdD and its realisation also play an important role in the digitalisation of industry under the collective term Industry 4.0. Furthermore, innovations on the terminal device market also enable private individuals to use IdD devices, e.g. in the context of home automation.

Application and examples

Various networked devices from industry and private households can be summarised under the collective term IdD. A classic application in IdD is efficient production planning and control with the help of intelligent manufacturing systems. If production systems are appropriately networked, configured and supplied with sufficient information, it is possible, for example, to calculate and order the required raw materials (partially) autonomously. Furthermore, IdD is used by logistics companies, where the use of GPS transmitters makes live tracking of freight possible for the customer. Such systems also interact with the customer in that the customer can provide additional information about the delivery even after the order has been placed, which can then in turn be taken into account when scheduling the delivery and shipment.

In the private environment, IdD devices are mainly found in the context of automation. Manufacturers of a wide variety of control systems for home use now offer networked versions of their products. For example, the customer can regulate the room temperature or control roller shutters via a smartphone app while on the move. Intelligent refrigerators are also offered that can be connected to the internet and check or display stocks. Outdoors, too, private users can make use of networked systems, such as irrigation systems, to plan and control processes remotely.

Criticism and problems

The networking of industrial plants and various control systems makes them accessible from the outside. Thus, due to the development in IdD, many devices are now accessible via the internet that were previously only available in a local network. While this leads to advantages, especially in terms of automation, it also represents an additional attack vector for unauthorised access. Typically, access to control systems is secured via a login, for example, but in the past, security vulnerabilities in IdD devices have repeatedly become known that allowed attackers to gain unauthorised access. The effects of such a security flaw are particularly dramatic if the same flaw is present on many devices from the same manufacturer. In the worst case, this allows professional hackers to take over an entire fleet of IdD devices. If the hijacked devices are then used to bundle their computing power into a botnet, this can be used as a powerful tool to attack other systems. This is what happened with the well-known Mirai botnet and led to the temporary inaccessibility of many US websites after various attacks [4].

Apart from the dangers posed by potential botnets, the topic of IdD plays a particularly important role in connection with critical infrastructure. If safety-critical systems such as industrial control systems are connected to the internet, securing this connection is a top priority. Depending on the type of safety-critical system, an error in the system configuration leading to a security gap can mean the failure of an important service or even the endangerment of life and limb.

Another critical point in IdD concerns the collection of data and the protection of it. The networking of devices and their availability on the internet inevitably generates additional data. Depending on the application, these can be personal or system-related and more or less sensitive. When developing products for IdD, it is important to give special weight to the requirements of privacy and data protection in addition to the aspects of IT security and to include them in the development at an early stage.

Research

At bidt, the doctoral project “Secure lightweight authenticated encryption for critical infrastructures in the Internet of Things” is investigating which cryptographic methods are suitable for protecting networked devices in the Internet of Things against modern attacks.

Sources

[1] Palermo, Frank. Internet of Things Done Wrong Stifles Innovation. Information Week.

[2] Ashton, Kevin. That ‘internet of things’ thing. RFID journal 22.7.

[3] Magrassi, Paolo. Why a Universal RFID Infrastructure Would Be a Good Thing. Gartner research report G00106518. Gartner 2002.

[4] Woolfe, Nicki. DDoS attack that disrupted internet was largest of its kind in history, experts say. The Guardian.