Made Simple: How GlobalPlatform Supports the Internet-of-Things
What is the internet of things?
The internet of things (IoT) refers to ‘uniquely identifiable objects and their virtual representations in an internet like structure.’ Put simply, the IoT, often referred to as machine-to-machine (M2M) communications, refers to the increased trend for devices to be connected to the internet. For example, many of today’s automobiles, medical devices and home technologies contain devices that perform measurements (sensors) that are capable of gathering information and devices that perform measurements (actuators) capable of impacting the physical world. Specific examples include:
- Smart meters that measure utility consumption
- Control and monitoring systems in utility networks (gas, water, electricity, etc.)
- Industrial metering appliances that measure physical and chemical quantities
- Building and home automation systems that measure and control indoor environments
- Asset and cargo tracking systems
- Medical sensors for remote diagnostics
- Weather and traffic monitoring
- Vending machines
As the number of these connected devices increases, it will be possible to deliver entirely new services to consumers.
What are the security concerns for the IoT?
As IoT devices are often used in the context of critical infrastructure or potentially dangerous systems, such as transportation systems and medical devices with associated security issues, the concerns about security and privacy for the IoT are considerable.
The specific privacy issues stem from the fact that the technology is interacting with the physical world around us and can therefore potentially expose private data and / or impact the world we live in. Unattended devices, such as electricity meters, that can broadcast personal data without our awareness, are in particular need of protection from potential attackers.
Just as consumers will want to ensure that their personal and usage data are not misused; stakeholders – including device manufacturers, service providers, service subscribers, network providers and others – will want to ensure that their data is protected and that services are securely delivered.
What key principles must be addressed for the IoT to be successful?
GlobalPlatform identifies several important principles that must be addressed if the IoT market is to fully evolve:
- IoT devices must support a multi-actor environment that allows for different security and access settings for each stakeholder.
- Each service provider should be able to remotely manage its own security parameters or appoint an authorized party to act on its behalf.
- It must be possible to add services or service providers to a device after it is deployed in the field; similarly, a service subscriber must be able to change service providers.
- Critically, all security measures must be sufficiently robust and flexible to support a device’s deployed lifetime, which in some instances may exceed twenty years.
How can GlobalPlatform Specifications help?
GlobalPlatform’s prospective role in the IoT standardization landscape is as a provider of open standard technical specifications that improve the interoperability and security of these connected devices. GlobalPlatform Specifications offer several features that, if properly leveraged, address the privacy and security concerns in the IoT market:
- The secure element (SE), a separate chip hardened against physical and logical attacks, enables secure hosting of applications for various stakeholders.
- The security domain (SD) stores cryptographic content for a stakeholder on the SE and provides mechanisms to manage such content and establish secure communications with external entities.
- The trusted service manager (TSM) is a third party broker that establishes business agreements and technical relationships between different stakeholders in a service delivery.
- The controlling authority (CA) allows for confidential post-issuance introduction of new stakeholders onto a SE.
- The trusted execution environment (TEE) is a secure area residing on a mobile device that ensures that sensitive data is safely stored, processed, and protected in a trusted environment on that device.
The association has published a white paper, which examines how GlobalPlatform Specifications can address the key privacy and security concerns for the deployment of IoT and M2M devices.
The white paper, entitled: ‘Leveraging GlobalPlatform to Improve Security and Privacy in the Internet of Things’will be of particular value to professionals in industries such as healthcare, automotive, wearable devices and energy, that are interested in the use of embedded technologies for new forms of secure communication and data transmission. The document offers use cases for these markets, introducing the function of IoT devices and explains how vulnerabilities in security and privacy can be resolved.
What are the next steps?
As the IoT is still in its relative infancy, the existing proprietary solutions are sufficient for today’s environment. As the number of devices grows however, so does the number of security and privacy concerns, which could present a real danger to the general public and critical infrastructures.
Open standards are necessary to ensure interoperability between the connected devices as the IoT develops and as a means of ensuring that these devices are as secure as possible. GlobalPlatform will continue to evaluate its existing specifications and engage industry participants to ensure that the needs of the IoT market are met.
To drive this activity, GlobalPlatform has established a dedicated Internet of Things Task Force. The task force, which is open to all members of GlobalPlatform, convenes to discuss new business requirements for network-capable objects and to identify how GlobalPlatform technology can progress to meet these advancements. The association is also soliciting feedback from the industry on how it can best contribute to the IoT market. All comments or questions can be submitted to firstname.lastname@example.org.
To find out more about the IoT, including use cases which define the role of GlobalPlatform Specifications, read the ‘Leveraging GlobalPlatform to Improve Security and Privacy in the Internet-of-Things’white paper.