It's the software, stupid!


31 January 2017
Vinton Cerf

Paraphrasing Bill Clinton in a talk at the Global Young Scientists’ Summit in Singapore recently, Internet pioneer Dr Vincent Cerf laid out some of the key challenges involved in “Preparing for the Internet of Things (IoT)”, and many of these had to do with software.

Who will fix the bugs?

“We have tried for 70 years, but nobody yet knows how to write software that does not have bugs,” said Cerf. This is going to have ramifications in an IoT world populated by cyber-physical systems driven by software.

“Who is going to fix the bugs and for how long are they going to fix the bugs? If a device is installed for the next 20-30 years, will the company be around to support the software? And if the company is not around, will the source code be available for others to work on it? It is not clear yet what commitments companies should make in the software and support of IoT devices,” he said.

How can we be sure that the software updates can be trusted?

The software dimension of IoT, which makes it easy for devices to receive functionality updates, also introduces another complication. While these updates are a powerful way of augmenting existing capabilities, devices have to be more suspicious of the software that they are taking in, said Cerf. “We need to strongly authenticate the source of information so that the recipient device can decide whether to receive the updates. Strong authentication should be a fundamental part of IoT.”

How do you automatically configure large numbers of devices in a secure way?

And authentication has to be enforced across the multitude of devices in the IoT ecosystem. In densely populated urban settings like Singapore where multiple households live in close proximity in high rise buildings, there is a risk that a household configures the neighbour’s equipment into its system. “We have to think about scaling and strong authentication, and how not to configure devices that don’t belong to you.”

The numbers will be an issue. “How do we deal with the large numbers of devices that are going to be deployed?” As Cerf pointed out, the smart home of the future is likely to have many IoT devices. In a manufacturing plant, the number could go up to tens of thousands. “We have to find a way to automatically configure large numbers of devices in a secure way.”

How do we deal with ephemeral access?

Another interesting problem is that of “ephemeral or episodic access”, which relates to control of devices and access to the data that they use.

Cerf cited the example of a home fire alarm going off. In such a scenario, it would be helpful for the fire department to access the web cams and temperature sensor data from the home. However, this access should only be granted during that particular emergency, and then disabled when the situation has been resolved. “We have to figure out how to do that, how to determine that a particular party such as the police department or emergency medical responders can have access during an emergency, and remove that access later.”

These considerations also apply to guests who come over to stay. “You would want them to have reasonable control over the house, but what does it take to introduce your guests to the control system? How do you authorise them? What are the mechanics involved? What happens when they leave?”

What harm can humble temperature data do?

Access control has a strong bearing on security. The data gathered by IoT devices in operation could be misused if they land in the wrong hands. “Even humble temperature data, collected over time, can be abused,” said Cerf. “If someone has access to six months’ worth of temperature data, he can figure out how many people there are in the house, and what rooms they are usually in.”

Greater thought needs to go into issues such as privacy and access control, he said. Lack of attention to this aspect of IoT led to distributed denial of service attacks on an unprecedented scale, targeting the domain name system provider DYN in October last year. In the absence of proper access control, hackers were able to take over Internet-connected printers, IP cameras, residential gateways and baby monitors and direct an estimated load of 1.2 Tbps at DYN, effectively disabling the Internet across huge swathes of Europe and the United States.

“It is a basic ethical responsibility to build in safety checks to protect innocent users from harm or devices from being used by others to cause harm,” said Cerf.

Do you want to scroll through 100 apps to turn a light on?

Next, Cerf turned his attention to the challenges of standardisation and interoperability. Everyone involved in IoT is rushing to get their products out of the door, resulting in a proliferation of standards and protocols and presenting a major obstacle to interoperability, safety, privacy and security, he said.

Underscoring the importance of interoperability in the IoT world, he pointed out that consumers do not want to buy different controllers for different manufacturers’ devices. “Imagine you have 100 devices, and you have to scroll through 100 apps to turn the light on.”

The standards discussion segued into the issue of backward compatibility. “Devices evolve over time,” said Cerf. “When people invest in something and expect to use it for a decade, engineers have a responsibility to make things as backward compatible if possible, so that their investment is preserved.”

Serious work is needed in the standards space, he said. “We don’t want to prematurely impose standards, but we want to standardise the things that work.”

This will be messy period, he acknowledged, but customers and businesses will eventually put pressure on vendors to drive security, safety, reliability, interoperability and standardisation in the IoT space.

And what if the battery’s broken?

Standradisation could also go some way in addressing the problem of broken dependency chains in the IoT world. Illustrating the dependency dilemma, Cerf gave the example of a connected digital picture frame, which allows photographs to be stored in the cloud. “What if the web site is broken into? So security is important. What if the power supply is broken and you have problems finding the right power supply with the right voltage? So you have invested in a digital picture frame but you have no power.”

Another example was his state-of-the-art hearing aid. “These don’t work unless they have these little batteries. And if the people who make these batteries decide not to produce them anymore, my $4,000 hearing aid is useless.”

“What you really want is more standardisation so that things can just run,” he said.

There are other dependencies that could show up in an IoT world where connectivity is everything. For example, what if an entertainment system is dependent on Wifi and the Wifi does not work? Or what if all the devices in a smart home work only if the house is connected to the Internet?  

Priorities in the IoT space

Putting these issues on the table, Cerf gave a summary of what he saw as the main priorities in the IoT space.

1)      Reliability. “Why do you want something in your house that is not reliable 24x7?”

2)      Ease of use. “You don’t want to have to stand in front of the lights with your mobile for 10 minutes to turn the lights on.”

3)      Safety. “We have to have a way to show that a product has been tested for safety. We need something like a cyber underwriters lab to look at software and study integrity.”

4)      Security and privacy. “We need to pay attention to these areas to make sure that consumers are properly protected.”

5)      Autonomy. “It is not okay if your mobile has to use the Internet to control the devices. You need to have local ability - a physical way or local connectivity so that the device can be accessed even if the Internet is not always working.”

6)      Interoperability. “The interoperability of ensembles of devices from multiple manufacturers working together can be a powerful way of igniting new ideas.”