The Internet of Trusted Things (IoTT) – between myth, reality and possibility

The term the Internet of Trusted Things or IoTT was originally mainly used in a context of IoT security. It will not come as a surprise that the IoT (Internet of Things) has to deal with security challenges as you undoubtedly know.

IoT security woes play on all levels of the IoT stack. It starts with the ‘things’ where security risks get most attention, whether it’s in a consumer IoT, business IoT or industrial IoT context. But of course it doesn’t stop there.

Security by design should be paramount in deploying IoT projects and building IoT applications. Given the many layers, standards, interoperability issues, devices, communication technologies, IoT platforms and post-platform aspects which are involved it’s clear that in this security sense, the Internet of Trusted Things isn’t what it should be yet. Moreover, there is the human factor, as per usual in anything related with security and with trust.

Internet of Trusted Things IoTT

There are those seeking to break and enter what you would prefer they wouldn’t break and enter. And that includes attacks on critical infrastructure, which is increasingly connected and IoT-enabled, too. Furthermore, there are people that make mistakes. Whether it’s in building IoT applications or setting up IoT projects on one hand and/or using them on the other.

The Internet  of Trusted Things: people, security and data reliability

Additionally, the IoT, nor its devices, technologies, platforms, standards, gateways, users, projects and applications stand on their own.

Essentially, most of what we do with IoT is related with data. Data are stored, shared, exchanged, analyzed, monetized and occasionally leaked or stolen. Data security and IoT data security are part of the broader context of the Internet of Trusted things in the security perspective. And as standardization and interoperability are still issues and essentially serve to connect all the data and other dots, security challenges are present here too, also on the standards level as such.

Many traditional security, data protection and privacy approaches are not fit for the de facto decentralized nature of IoT and IoT component capabilities

Trust is not a synonym of security. In the scope of a connected digital reality, such as IoT in its vast context of applications, use cases, related technologies and data, ‘trust’ needs to be realized on many other levels.

Take the reliability of the data we gather to begin with, for example. If the data can’t be trusted, the output can’t either, remembering good old GIGO (Garbage In, Garbage Out), albeit in another context.

Next, there are increasingly important issues that essentially boil down to trust regarding the protection of data and data privacy whereby the first can include personal data protection and the second by definition is about personal data.

IoTT and the human ecosystem

That brings us to the again broader ecosystem of people in the scope of IoT, data and so forth.

It isn’t just limited to the people whose data we capture, leveraging IoT and other technologies, and process for a reason whereby explaining the scope and purpose of processing to people, a.k.a. data subjects, is a matter of creating trust and delivering upon it, essentially what GDPR compliance is about a lot, for instance.

On a human level, trust in IoT and IoT data plays on many levels such as trust from the side of the user and community, trust in the sense of security and the user, security and the user as a weak link, trust in IoT ecosystems and trust in IoT data exchanges and IoT interactions and transactions overall

The University of Aberdeen has been – and is – working in this broader scope of a trusted IoT ecosystem from the data and user perspective, not just looking at trusted ‘things’ but also recognizing the need for solutions to strengthen trust whereby it uses an existing community IoT testbed. Moreover, the focus is not that much on what organizations can do with IoT but to “create a means by which a user can review the characteristics of an IoT device in terms of its impact on their personal data” as you can read here.

This so-called TrustLens project (whereby TrustLens is a vision of a future toolset that will enable individuals, and the communities of which they are a part, to better understand and manage the data about them in an IoT scope) touches upon topics such as IoT governance, the future of IoT and technologies in communities and more.

There are more stakeholders in the big Internet of Trusted Things picture as it is increasingly being used as a term for trust in a broader sense than security and a broader context of IoT.

An example: you need a trusted ecosystem of partners. Yet, you also need to be sure that when, for instance, exchanging (IoT) data there is trust that the different parties will respect the conditions under which this happens. And, so, we increasingly move further in the trust dimension of what IoT and data boil down to in a scope of innovation and business applications where interactions and transactions really start playing.

IoT security and encryption

You probably by now see where this is going, especially when we start adding other terms that, for instance pop up in areas ranging from cloud data protection and https or that mentioned GDPR data protection regulation to security, most certainly also on the level of IoT: encryption and other cryptographic means. We start talking about blockchain indeed.

When speaking about security, encryption and cryptography we’re at the center of one of the security aspects of blockchain technology (the distributed dimension being another).

Blockchain is a ‘new’ data model enabling trust and security in the scope of specific digital use cases with the trust between transacting, interacting and contracting parties and entities being behind many of its use cases

Encryption of course isn’t just becoming more important in the context of GDPR and encryption. The usage of encryption is also growing in cloud data protection and in data protection overall. Is has become easier to encrypt data and it gets done more often although there is still work ahead and now it mainly concerns sensitive data.

Encryption is also used in IoT, whether it concerns lightweight encryption tools, certificate-based authentication or others. One challenge is embedded encryption, yet that means changes on a level of, for example, chips (energy, speed, memory and so forth) are needed. However, it won’t take too long before that comes within reach as the push to make MEMS chips, actuators and sensors ever more powerful is high and new approaches are on the very close horizon.

The Internet of Trusted Things and blockchain

Back to blockchain beyond that encryption part. With reliability in data and transactions we are close to the ‘tamper-proof’ and ‘secure’ aspect of blockchain.

With transactions that do require some rules to be followed before ‘something’ happens we are pretty close to smart contracts. With regulations, audit trials and being sure that the information that is shared and collaboratively leveraged we are close to mechanisms, as provided by blockchain, to know we have a, let’s use a good old business intelligence term, single version of truth.

So, it is no wonder that the integration of IoT and blockchain increasingly is being added to that still very large reality of the Internet of Trusted Things.

The problem is that blockchain, despite all initiatives and good things, still has to deal with some challenges that aren’t impossible to overcome, yet need to be overcome. For starters, it isn’t that secure as we like to believe, at least if you look at it from the holistic security perspective. Just as is the case in IoT, there are also challenges on the level of interoperability (which are addressed in new blockchains).

Interest and investment in blockchain and distributed ledger technology is accelerating as enterprises aggregate data into secure, sequential, and immutable blockchain ledgers, transforming their businesses and operations (IDC)

In the scope of a series of 2018 IT industry forecasts of IDC, particulary on IoT 2018 predictions, as we tackled them before, IDC said that productivity gains made through IoT projects would be temporarily neutralized due to a pressure to increase IoT security spending for many large companies. However, these were mainly due to IoT devices. To what degree blockchain would play a role in IoT security overall is a subject of many debates but unknown.

What we do know, as among others, mentioned by IDC, is that security is strengthening as a blockchain use case and that several vendors push hard to realize IoT security leveraging blockchain.

What we also know is that, when IDC announced its findings on worldwide spending on blockchain solutions, data, security and the immutable nature of blockchain ledgers were mentioned as drivers but that doesn’t mean anything in the scope of IoT security and blockchain nor the Internet of Trusted Things (which, as you’ll see we find a bad term).

IoTT, interoperability and blockchain

A few more words on interoperability and the challenges of standards in previously siloed IoT environments (keeping in mind there are also blockchain interoperability challenges).

When interoperability comes in the picture often also security risks do as there is always ‘something’ that ensures it. What else are IoT platforms and gateways at the original core, for instance?

As mentioned, the same challenges regarding interoperability can be found in IoT and blockchain but also in cloud, data and all related technologies and use cases. This is especially so in areas where IT and OT converge and where IT, IoT and market evolutions driving a need for real-time insights and a degree of predictability meet traditional silos.

Think facility management but also logistics and myriad applications in the scope of what has become known as Industry 4.0, especially in a smart manufacturing context. Or think information systems, i-ERP (where blockchain, IoT and AI will play an increasing role) and business intelligence, for example in a scope of corporate performance management.

Blockchain technology is being tested and deployed on many levels. It shows ample benefits and promises, also in the scope of digital trustand, as said in the context of IoT and blockchain, among others from the IoT security viewpoint.

There are increasingly important IIoT issues in the context of the IoT data deluge, getting the right data, data usage and data protecion

Blockchain, however, still isn’t that trusted, let alone well-known, by organizations either. This is mainly but not solely due to the connotation with cryptocurrencies. As a technology it isn’t a technology of trust nor security either. It is a ‘new’ data model enabling trust and security in the scope of specific digital use cases with the trust between transacting, interacting and contracting parties and entities being behind many of its use cases.

While the Internet of Trusted Things is increasingly used to describe the convergence of IoT and blockchain, it’s important not to overlook the security and people dimension. And look at interoperability and standards.

Artificial intelligence and ‘trusted IoT’

Moreover, on top of all the mentioned technologies and as you might have guessed when we mentioned predictability and advanced analytics another technology comes in the picture (or, rather, just as blockchain and IoT an umbrella term for several underlying realities): artificial intelligence.

Needless to say that when it boils down to trust AI has some challenges too. However, from a perspective of security and data protection, artificial intelligence has a key role to play. Next generation security applications are about the possibilities offered by AI. And what better ways to really know where all important information, regardless of structure and type, sits and goes to than by deploying AI?

Security is strengthening as a blockchain use case

So, it shouldn’t come as a surprise that blockchain, IoT AND artificial intelligence are not just looked at from an Internet of Trusted Things perspective but also from the viewpoint of what their integration enables on various levels (which again leads to different stories and technologies).

While for AI and blockchain the IoT security possibilities are definitely there it is still a bit wait and see and a matter of on which levels it plays for which use cases (on top of the usual suspects) and most of all look at the IoT security solutions and technologies in a holistic perspective going beyond technologies alone.

Many traditional security, data protection and privacy approaches are not fit for the de facto decentralized nature of IoT.

However, traditional security approaches are not fit for a more mobile and decentralized technological reality overall and that is exactly why leading security companies have since long moved to approaches whereby the perimeter is ubiquitous, endpoints and users matter more and technologies such as AI are game-changers.

Still, with IoT the picture is somewhat different to say the least from the perimeter and endpoint perspective. It’s not a secret that far too many endpoints are vulnerable and have been used for massive breaches, for example.

The Internet of Trusted Things: when physical and digital worlds are bridged and collide

Back to the Internet of Trusted Things in its IoT context. In more than one sense it’s a misnomer.

However, given its mentioned relations with security in IoT, reliable data from connected things, data protection dimension and of course blockchain, touted as the technology enabling trust in (digital) transactions and interactions and key for the security of IoT, that can be understood.

Strictly speaking, however, trust is a human given. As we see for two years in a row now trust is on the decline in several areas, including trust regarding technologies and fast digitalization. Moreover, we are certainly not in a stage (yet) where connected things are deemed trustworthy in the broadest sense.

IoT enables bridging the digital and physical world – IIoT is not an answer when complex autonomous IoT-driven systems cause security and trust issues in the physical world or in social systems in unpredictable ways

This is even more so if we look at the impact of the so-called Internet of Trusted Things on society and even security. We don’t even have to look at the discussions about IoT, AI or blockchain: we previously mentioned Bruce Schneier in a post on why smart business requires smarter Internet of Things security and in a post on cybersecurity.

Bruce Schneier is not just a very famous cryptographer, security and privacy expert and author, he also, as written in the latter post repeatedly warns about the fact that we’re good in predicting the future of technology but far less in how it will impact us.

One of the areas he often mentions are the collision of the digital and physical world. While the bridging of both is, among others, enabled by IoT what is the impact of the so-called Internet of Trusted Things in the real world when machines get autonomous and cars can drive by themselves (‘cars can kill’). Schneier sees the solutions in a mix of, among others, disconnecting essential systems and move to distributed systems (that does sound like blockchain indeed), limits of data storage and regulation.

His words of warning trigger debates just as artificial intelligence triggers debates in the scope of AI fears.

Between reality and marketing spin: what the Internet of Trusted Things promises and where myths come in

However, they need to heard. Realizing a secure Internet of Things, among others leveraging  blockchain, is already a challenge on multiple levels. Building digital trust in interactions and transactions is a major challenge as well. And using AI for the benefit of humanity is again another thing.

Yet, achieving an Internet of Trusted Things? That seems more like a mission impossible as trust in connected things and technologies takes far more than technologies and IoT needs to be seen in its context.

However, let’s indeed continue to explore the use cases where IoT, blockchain, AI and so forth can lead to more trusted and secure applications and blockchain can be leveraged as a technology to enable ‘digital trust’ in areas of a digital economy, taking into account that trust is a highly human given and can disrupt the ways technologies are used and are not used.

By 2020, the potential cybersecurity and physical safety concerns associated with IoT devices will pressure CIOs at G2000 companies to increase IoT security spending by up to 25%, temporarily neutralizing business productivity gains (IDC  FutureScape: Worldwide IoT Predictions 2018)

Trust should not be a matter of words and terms such as the Internet of Trusted Things. Security, reliability and transparency is already hard enough.

When you hear or see vendors of IoT products or solutions and service providers proclaiming their offering builds the Internet of Trusted Things or, shorter, trusted IoT, ask them what they  mean by that though and why they need to speak about trust, other than for marketing reasons in times of distrust.

In the meantime we wait until the first IoT security solutions vendor leveraging the term trust hits the headlines because of vulnerabilities or worse.

What can we trust?

You cannot trust connected devices (until perhaps one day we project human emotions on robots), it is even hard to trust data, let alone information in an age where creating fake information can be done easier than ever, also using technologies such as AI.

You can trust that devices are secured, make sure that in these days of ever more IoT data, you use the right data, you can create trustworthy relationships and interactions, you can go for security, privacy and a touch of trust by design, you can leverage technologies such as blockchain and build holistic strategies, encompassing all aspects, to create a more trustworthy technology and IoT environment, you can trust the accuracy of a data set and you can research what it takes to build more trusted IoT devices if you mean secured IoT devices.

However, trust is too precious to confuse it with security and technologies enabling better security, protection, user empowerment, credibility, contractual agreements between ‘trusted partners’, distributed ledger database technologies, transparency and technology-driven use cases.

And you can of course NEVER trust there is such a thing as perfect security.


Top image: Shutterstock – Copyright: Zally – All other images belong to their mentioned owners.