I started my engineering career in oil and gas down in Texas back in the early ’80s. And I still have the Ideal Gas Law – which defines the relationship between pressure, volume and temperature (PV=nRT) – permanently stuck in my head .

In an oil refinery those properties are all closely measured and monitored using sensors. Then the proper values of those properties [for any given process] were maintained using things like pumps, heaters, chillers, and valves.

That said, I have kind of an old and abiding interest in process systems, sensors and controls. And when I made a career change ten years later and went from Texas to California, and swapped electrical systems for electronic systems it became apparent that many of the underlying engineering principles remained the same.

Namely a system is a system is a system. The systems might be chemical, electrical or a combination thereof. But all systems have a certain commonality in that they all contain processes that require measurement(s) and control management.

Anyway, I just replied to an EETimes (Electrical Electronic Times) article entitled, ‘Experts Call for Secure Sensors‘, about the concern over network security at the [network] fringe – the sensor level – of the upcoming Internet of Things; also commonly referred to as the machine to machine (M2M) communications piece of the internet.

I wrote that “This opinion is completely contrary to Francis daCosta’s very well written, comprehensive and authoritative book on the subject ‘Rethinking the Internet of Things: A Scalable Approach to Connecting Everything’.

And I agree with daCosta that non-related system sensors sharing data for security reasons (or any reason for that matter) seems absurd; and not to mention expensive.

And hacking a sensor  – something that is fundamentally unintelligent – seems absurd as well.

Protecting (and monitoring) the upstream controller is where the smart money should be spent – and not adding unnecessary  intelligence and security to the sensor.

And as deCosta points out, putting an IP stack – requiring memory and processing power – on sensors can’t be justified by the economics alone. And doing such would add to their vulnerability.

So methinks Intel’s crying wolf over security at the sensor level is their ploy to sell more processors.”

And I went on to say –
“PS – Let’s not forget what sensors really are. Sensors sense and then report their sensed values. That’s it. Other entities control the system based on those reported values. And the more complex the system, then the more built in systems’ checks they have. But their sensors – as in temperature, pressure, volume (or whatever) – should be left as unintelligent as possible. Ergo, as such they’re unhackable. Like how do you hack a thermometer? You can’t.”

Just in case you haven’t been following along on the whole internet growth thing, then here is a quick catch up for you.

One – Today, the present internet contains some number of networked entities numbering in the low billions. In ten years time that number could easily swell by two orders of magnitude; which would mean something like hundreds of billions of connected devices.

Two – Most of those new connections will be in the form of ‘fringe’ devices in the form of sensors.

Three – The internet is undergoing a fundamental addressing transition from IPv4 to IPv6. IPv4 can address 2^32 devices but IPv6 can address 2^128 devices. Punch those two numbers into your Base 2 calculator and convert them to Base 10 and you’ll see that the latter is almost infinitely larger.

Four – This address space upgrade was intended to forever end the argument of running out of IP addresses (which is presently happening); up to and including the IoT.

Five – But no one back in the ’90s – when IPv6 was being conceived – had sufficient insight to foresee the consequences of the IoT and that the architecture wouldn’t necessarily follow the existing peer – peer paradigm.

Last – This EETimes article primarily referenced an Intel executive’s presentation at a recent conference where he raised what I believe were unwarranted concerns over the security of sensors. But in fact, the entire article was entirely misleading – fear mongering if you will – speaking about things like the increase of ‘software based sensor attacks’. And how even home devices aren’t safe.

From my perspective the author needs to do four things: conduct real research if she wants to write authoritatively about something she apparently doesn’t understand. Then tone down the fear rhetoric, and quit mixing her metaphors (since when is an attack on a network workstation the same as an attack on a sensor?). And for goodness sakes get their terminology straightened out. For instance, a system controller is not a system sensor. A controller can get hacked but not a sensor.

Now if there are companies out there building and installing hybrid devices (sensor-controller combinations) into consumer devices like smart refrigerators then it is quite possible that your shinning new stainless clad frig could at some point in the future go all 1984 on your ass. But that’s presuming that your food containers at some point are all RFID tagged. Have a look at my first IoT post to see how that could happen.

But if you really want to cut to the chase and understand the emerging IoT then you should read the definitive book on the subject – one that was written by an expert, Francis daCosta‘s Rethinking the Internet of Things: A Scalable Approach to Connecting Everything. It is available right now for a free download from Amazon.

 

Advertisements