YOU ARE AT:Internet of Things (IoT)Energy vs. security – the IoT tradeoff

Energy vs. security – the IoT tradeoff

Enterprises harnessing the IoT will need to strike a careful balance between security and power consumption

Amid all the buzz about the arrival of low power wide area connectivity and “internet of things” devices that can function for a decade on a single battery charge, there is an elephant in the room. Maintaining IoT security will need energy.
In simple terms, each layer of security increases the processing and power requirements of a connected device, adding to its complexity and reducing its battery life. Sending and receiving security-related traffic across a network consumes energy, as does processing network and application layer cryptography and installing security patches. In other words, security can be expensive, both directly in terms of the cost of the necessary software and hardware, and indirectly in terms of energy consumption.
That’s a problem: Low energy consumption and low maintenance costs are a prerequisite for the many industrial IoT applications, such as smart metering, smart supply chains and smart parking, which rely on the deployment of large numbers of connected sensors in inaccessible locations. If batteries need to be replaced every year, instead of every five years, the cost of such applications will spiral.
Of course, the energy and maintenance overhead needs to be weighed against the potential financial impact of security breaches. Juniper Research has predicted the total cost of data breaches will soar to $2.1 trillion globally by 2019 – almost four times the estimated cost of breaches in 2015. Some 68% of the 500 companies participating in AT&T’s CyberSecurity Insights study, conducted in October 2015, said they planned to invest in IoT security in 2016.

When the chips are secure

Given the size of the IoT security elephant, it is not surprising that players across the IoT value chain are scrambling to parade the security credentials of their solutions. A case in point is ARM, which licenses semiconductor designs and intellectual property that chipmakers can use to make the microcontrollers and wireless connectivity chips employed by IoT devices. ARM has made a series of acquisitions to beef up its security expertise. For example, last July it acquired Israel-based Sansa Security, a provider of hardware security IP and software for system-on-chip components for the IoT and mobile devices.
ARM said it is now introducing new processors designed for microcontrollers and smart sensors that will help secure data inside tiny chips costing less than $1 each. Indeed, U.K.-based ARM claims its new mbed operating system for IoT devices provides “banking-class end-to-end IP security across the communication channels through TLS & DTLS” in “energy constrained environments.” ARM reckons its chip designs accounted for 25% of the microcontroller market in 2015 and 60% of the wireless connectivity chip market. One of its main rivals, Intel, is also touting the advantages of chip-level security embedded in the hardware, noting that there is little capacity on a typical IoT device for running security software.
Indeed, chip designers could hold the key to making IoT security more affordable: Security features being integrated as much as possible into the hardware should reduce the amount of work that needs to be done by software, helping to minimize the power and cost overhead.

Telcos play the security card

At the other end of the value chain, AT&T and other leading telcos are highlighting the security advantages of using cellular networks in licensed spectrum to connect IoT devices. They point to the benefits of having a SIM card authenticate the device on the network, such as being able to remotely bar devices, where necessary. Without a secure link, IoT applications may be more vulnerable to attacks, such as spoofing, where a fraudulent end device injects false data into the network, or a fraudulent access point hijacks the data captured by a device.
But embedding a SIM card in each connected device has power and cost implications. For some applications, authentication may have to be carried out by a local gateway connected to a power supply, rather than at an individual device level.
In a recent report positioning the “mobile IoT” as the “trusted IoT,” the trade group GSMA outlined the various options: “Mobile operators can use very compact removable or embedded SIM cards, either in individual modules or in gateways, to securely provision and store device identity and credentials, and to authenticate devices connecting to the network and ensure they are legitimate.” Some carriers also hope enterprises will pay for data analytics services designed to spot unusual patterns of behavior on their networks that can indicate a problem or a security threat.
Although real-time data analytics, together with the ongoing integration of security features into hardware, should help to lower the cost of IoT security, they won’t provide a panacea. Some sensitive IoT applications, such as solutions that automate the control of city infrastructure or factories, will require multiple layers of security involving cryptography and regular bursts of data traffic. Those requirements could be difficult to meet, given the energy, bandwidth, processing power and memory constraints within a typical LPWA device. In other words, enterprises need to be aware that the price of a decade-long battery life may be greater vulnerability.

ABOUT AUTHOR

David Pringle
David Pringlehttp://industrialiot5g.com/
A highly experienced and accomplished business and technology journalist, David Pringle runs Pringle Media, which provides analytical, writing and editing services to organizations in the telecoms, media and technology sectors. A regular moderator of panel discussions at major industry conferences, David has worked on Mobile World Live television at the past six editions of the Mobile World Congress. Based in London, David also serves as an associate director at research and advisory firm STL Partners. Prior to founding Pringle Media in 2009, David worked at the GSMA, providing media relations support to the CEO, chairman and other senior executives in the mobile industry. Between 2000 and 2005, David was the European technology and telecommunications correspondent for The Wall Street Journal covering Vodafone, Nokia, Ericsson, British Telecom and other major multinationals. He has also served as deputy editor of Information Strategy, a pan-European title owned by The Economist Group.