Privacy and security: Key requirements for sustainable IoT growth

As IoT moves beyond a catchphrase and starts to provide meaningful solutions in multiple fields, three of its critical pillars are now well understood: • Transducers are needed as means of interacting with the environment and machines, and in converting stimuli to data and vice versa. These sensors and actuators form the basis of contextual awareness. • Given that many end-node IoT devices are size and power constrained, local low-power computing is essential. The need for power-efficient end-node and edge computing becomes more apparent when latency, network bandwidth, and real time analytics are considered. • Low power communication links to transmit the data between IoT devices and local aggregators or cloud resources form the third pillar. Missing in this picture, and not fully appreciated yet, is the fourth pillar of IoT: privacy and security (P&S). If IoT is all about data, how P&S is treated will determine IoT's fate: a second phase of rapid proliferation or ultimate demise and collapse. Recent breaches in P&S are starting to change the industry's view on this issue. Even IoT end nodes that are low cost and have limited functionality pose significant risk to the entire system when their security is breached. This is due to the networking nature of the IoT that exposes a massive attack surface, making these devices ideal attack points for causing disruptions and stealing sensitive data. PC-era Internet security has been an expensive afterthought that has cost industry and consumers billions of dollars. Therefore, we should approach IoT differently, making P&S a key requirement at the design phase itself, and address all life-cycle aspects from initial deployment to in-field updates, to end-of-life decommissioning. This is a system level challenge that requires complete end-end HW/SW solutions, developed in partnership with the entire ecosystem.