How Texas Instruments and IBM Plan to Secure IoT Devices
Security is one of the biggest threats to the Internet of Things, and it should be designed into IoT devices starting at the beginning of their lifecycles. TI's Avner Goren explains why and how his company and IBM are pursuing a role in that process, by collaborating to build a framework for authenticating IoT devices.
May 04, 2015—
Last month, IBM and Texas Instruments have announced their intensions to collaboratively develop a cloud-hosted provisioning and lifecycle-management service for IoT devices. We spoke with Avner Goren, TI's general manager of embedded processing, in order to better understand what the companies are planning.
IOT Journal: Why do you think a provisioning service is needed?
Avner Goren: Say you buy a smart washing machine. You go home and want to connect it to the IoT. Today, it's a very manual process that involves connecting it to the home router or other gateway. Then you need to register the device with the cloud provider. And how do I know that Mr. John Smith, who says he bought an LG washing machine, is really who he says he is and not a hacker? It's very complicated right now.
There are workarounds, such as using codes on the washing machine to [authenticate that you are in possession of the machine]. But the issue is with scale. If I install one washing machine, I can [manually enter] codes [on the machine]. But if I have to install one million streetlights or sensors in a factory, I'm not doing this manually, one by one. So we wanted to solve this by making it an automated process. How do we make sure that when we provision, we know the device is what it says it?IOT Journal: So, how will you know? What will be the basic process?
Goren: Let's take a step back. When we look at the IoT, we see quite a few challenges. First, there's sensing. To connect to the physical world, you need many different sensors—[tracking] water flow, proximity, temperature, humidity, etc. So the first thing is for us at TI to be able to work with all of those sensing technologies. Some we make ourselves; sometimes, customers use existing sensors and we provide the analog front end.
Then there's power. We assume nodes are battery-operated—that's the way to get to the magnitude of [widely distributed] sensors you need. So we've done a lot, over the years, in process technology, architecture and system-on-a-chip design, and it's all about conserving power. Today, we're able to allow a Wi-Fi sensor to run on two AA batteries for one year. And in a ZigBee or sub-1 GHz sensor, such as those installed in water meters, those can run for 10 years on a coin cell battery.
So the next challenge is wireless connectivity. We support 14 different wireless technologies. This is because the IoT has many different use cases with respect to data rate, range, power and duty cycle. Wi-Fi is very different than ZigBee, and that is very different than Bluetooth, etc. The most complex thing is the wireless software stack. We spent a huge amount of time and energy to address this, and today connectivity devices have a complete software stack, up to layer 7—from the physical layer to the application layer. We call it Internet-on-a-chip.
The next challenge is that we need a cloud [service] provider, [such as IBM]. To interface a node within the IoT to a cloud [service provider], we need to add a thin layer of software that is specific to the cloud provider. We call it an IoT agent. Different cloud providers use different communication schemes.
Now comes the big challenge, and that is security. Each communication protocol has a specific type of security, Wi-Fi uses one type of encryption, Bluetooth uses another. Great. But then comes the point where I need a connection to a specific cloud provider. You need security specific to that cloud provider, and this is implemented in the IoT agent. But even this is not enough. We realized, together with IBM, that the industry is missing something: the original authentication of an IoT device, the first time you connect to the cloud.
IOT Journal: So is this why you're creating a cloud-hosted provisioning service for IoT devices? TI's and IBM's announcement refers to the use of "silicon tokens." What are these?
Goren: To enable this kind of service, there needs to be a hardware mechanism that includes a unique device ID, and this ID needs to be recognized by the cloud that is provisioning it.
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information