Internet of Things

What is Internet of Things?

The Internet of Things (IoT for short), also known as the Internet of Things, finds its origins in 1999.

The term understands the networking of devices that independently talk and exchange information with other devices via the Internet.

This includes device classes that cannot be assigned to the classic device classes, such as servers, desktop computers or smartphones (see Vollmer 2018).

Normally, a command that a human enters via the system triggers a process. With the Internet of Things, it is the devices themselves that issue the command. The basic prerequisite is, of course, that the device is connected to the Internet. The current term "smart" devices (translated: intelligent devices) is on everyone's lips these days. The basic setting of these devices makes it possible that the user does not have to take action himself, but the devices start communication as soon as a certain event has been reached or triggered.

Examples from practice

Nowadays, printers in private households independently check the ink level. When a certain limit is reached, the printer triggers the order to the manufacturer itself via the Internet.
Digital fitness wristbands ("fitness trackers"), so-called "wearables", are increasingly used in today's fitness industry. These fitness wristbands measure a person's movements and also collect information about the heartbeat, during sports or even during rest periods. The collected data can be analyzed with appropriate mobile devices and, in combination with sports applications, fitness plans can be created automatically or updated from time to time.
Amazon Dash was a pioneer of Internet of Things devices. The Amazon Dash wall was a device the size of a USB stick with WiFi function. In addition, the device could read barcodes from groceries and provide a description about the product to the user via integrated speakers. With the push of a button, the device could initiate an order through the Amazon-connected grocery store if the user wanted it.
Other examples in this segment include digital refrigerators, which regularly trigger the ordering of a pre-programmed supply by themselves via a grocer and are shipped to the customer by the grocer's delivery service.

You need IT security solutions?

Increase your business security now!

Go to page

Basic requirement

In order to efficiently connect functionally limited end devices to the Internet, the network settings also had to be standardized. The Internet Engineering Task Force (IETF for short) introduced a new IEEE 802.15.4 standard in 2004 specifically for this purpose. This standard supports an energy-efficient wireless connection of devices. Another basic requirement was the introduction of Bluetooth 4.0 for mobile devices. Bluetooth enables data to be exchanged between two devices that are located a short distance apart.

In addition, the standard of network protocols was raised from IPv4 to IPv6. This change supports a higher number of possible addresses on the Internet. As in real life, each device on the Internet is given its own address, through which the other devices can contact this device or the device itself can send packets to other addresses.

In addition, the Constrained Application Protocol (CoAP protocol for short), a simplified version of the HTML protocol, was introduced into the digital world. Here, too, the background to the introduction was that transmission is also possible with the lowest possible transmission rates. The CoAP protocol makes it possible to call up services on the Internet (for example, Web pages)¹.

¹ See complete paragraph Prehofer 2014.

Challenges:

The linking of many different end devices via the Internet, as well as the collection of personal information, in turn offers scope for criminal activity. Ensuring the protection of data during collection and transmission is therefore the central challenge in the Internet of Things area. The biggest problem in the area of "smart devices" is the purchase decision of customers, who are guided by the device functions and do not consider the security settings. Furthermore, most smart devices do not have sufficient basic security settings and manufacturers are not quick enough or do not even keep up with the necessary software updates for known vulnerabilities on their end products. This provides cybercriminals with easy entry doors to gain access to sensitive information from private individuals or companies (see Vollmer 2018).

IPv6 addresses

A major security vulnerability for private individuals, but especially for companies, is the handling and allocation of IPv6 addresses. Due to the technical characteristics and the differences between the two types of protocols, IPv4 and IPv6, new security vulnerabilities have arisen.². As mentioned in the chapter before, the IPv6 standard was introduced because the possible IP addresses in the IPv4 network had been used up since 2011. With the IPv6 standard, 19 times the number of possible IP addresses can now be assigned. This is now accompanied by talk among network architects of the "principle of small networks". Every device can be connected directly to the Internet and has global access. Due to the scarce IP addresses in the IPv4 standard, this was not possible for every device. Often these were coupled to a local network and this network had only one IP address, through which it communicated with the global Internet. With additional configurations of a so-called network address translation (NAT) between the global Internet and the local network, the security of the local network could be increased. This is because network address translation changes the address in the header of the Internet protocol when packets are sent.

The "principle of small networks" currently harbors the danger that any device, no matter how small, can be attacked from the outside because it is directly accessible from the Internet. Unless the user himself has configured a network address translation correctly. If the configuration is inadequate, movement profiles of individual devices can be created, for example, and this makes it easier for potential hacker groups to take over the devices.

Another disadvantage is also possible Denial of Service Attacks on individual devices; this can cause devices to crash. It is recommended that devices communicate with the Internet via a proxy (see BSI Guide 2012). Depending on the configuration of the proxy, an analysis or evaluation of the data traffic can be created afterwards.

The new IPv6 standard thus entails an increased configuration effort for the owners of the devices and also new security techniques, which in turn should be applied.

The BSI recommends that companies work with IT security companies to build the configurations and architecture of their networks (see BSI Guideline 2012, p. 13 Chapter 3.5).

²For more detailed information, ProSec Networks GmbH recommends the specified guide of the BSI in the sources listed below.

Future

In the coming years, we will face further exciting challenges in the area of Internet of Things in Germany. Through the implementation of 5G technology and the accompanying increase in network bandwidth. This will enable devices to transmit more information and data in less time via mobile data. This opens up completely new possibilities in logistics or even in the healthcare industry. Conversely, it also offers new challenges, especially in the area of IT security and the filtering and processing of extremely large volumes of data in order to draw the right conclusions from them.

Sources

Vollmer, Jörg (2018): "Fundamentals of IoT Security." (Date: Dec. 23, 2019).
Prehofer, Christian (2014): "From the Internet of Things to Apps for Things", (Date: 12/23/2019).
German Federal Office for Information Security (2012): "Leitfaden für seine sichere IPv6-Netzwerkarchitektur (ISi-L-IPv6)". Version 1.1, based on a draft by Hans-Peter Dittler and Benedikt Stockebrand.