Sharp skills for IoT

Image: Pixabay

Image credits: Pixabay

Internet of Things (IoT), even though new, has captured the attention of professionals in a wide variety of fields of interest. The concept of IoT revolves around the inter-connectivity of Devices that are embedded with sensors, software, appropriate network connectivity and latest electronics within it; to create and collate an array of information exchange and making this entire grid of Devices responsive.

Interestingly enough, IoT encompasses the independent technologies and brings everything under one roof. So, there is no such thing as an ‘IoT Engineer’ (yet). During my research in IoT over the past few months, these are some of the things which I have come across, that are considered to be a ‘valuable set of skills’.

Embedded Systems Design

This is where we start digging deep, essentially we are starting to build computers from the scratch again. In other words, we are re-inventing the wheel. Having knowledge and ideas on how to build an Embedded System that can measure, perceive and communicate with other devices no matter how independent they can be – would be a valuable skill. Imagine a bed that can sense your sleep pattern, notify the alarm, open the curtains to let the sunlight in when you wake up, while it starts the coffee maker and plays songs from your playlist while heating up the water for the morning shower. Based on the interface & dependency factors, the system should be able to communicate. Circuit design is one of the most important things that acts as a baseline for IoT. Since, PCB (Printed Circuit Board) designers are adopting 3D printing, the convergence is a boon to many IoT manufacturers. So, knowledge of any of the above goes a long way in the field of IoT.

Networking

We talked about how IoT is about responsive devices in a grid; however, they are also predominantly resource-constrained. IoT networks differ from traditional wired computer networks where the TCP/IP protocol suite is being used; even though IoT devices have temporarily adopted the open standards of TCP/IP, they will be moving towards wireless communication and short-range wireless personal network (WPAN) technologies such as Bluetooth, which consume less power and less data. Lately, Mesh networking – which relies on an inexpensive decentralised architecture, is being considered as a commendable option currently. In addition to that, a possibility of a new protocol/standard could be designed – which means that knowledge in networking concepts and areas where wireless connectivity solutions (hardware & software) will play an effective and major role in the IoT.

Programming & Artificial Intelligence

Networking or rather communication cannot be established without adding some intelligence to the embedded systems, this intelligence can be added to the devices or the chips with programming. Choosing the right programming language is always a tough decision in IoT; Besides Python, Rust, B#, Parasail, Arduino programming languages – commonly used in building sensor and automation projects, open source environments such as Node.js, is becoming the language of choice for IoT. The early IoT devices are run by rule-driven programs/apps such as IFTTT or Tasker; AI that could pass the Turing Test would be required for complicated decisions.

Machine Learning & Analytics

The key concept behind IoT is to interconnect things, this we would be able to do it by Mesh Networking, which we discussed earlier. Imagine a scenario where a manufacturing unit/machinery in a factory senses which of its parts are faulty, and to which extent the unit or component could work and how it can impact the production; for such scenarios, data sensors play an important role, and Machine Learning helps predict the outcome by reviewing, analysing and identifying the patterns from these devices, keeping mesh networking in the backdrop, these sensors would generate immense amount of data that should be interpreted. That’s where Big Data comes into picture.

Big Data

We are moving towards a world where every bit of information is important, may it be for forensics, may it be for error detection, or even improving a system by predicting its patterns as discussed earlier. Organisations tend to collect data that is relevant while sifting the redundant data, and for this to work – Big Data skills would be required to improve the functionality of the IoT devices. In a way, Machine Learning and Big Data are interlinked and they strive towards streamlining the functionality of the IoT devices.

Information Security

The heart of every technology is Information Security; since IoT devices exchange an immense amount of data, and process the information between multiple devices – Privacy & Security become a major concern. The security of IoT and the vulnerabilities that they contain have been discussed several times at Security Conferences such as BackHat, DefCon, NullCon, etc. Security analysts have been finding vulnerabilities ranging from buffer overflows to command injections, from plaintext and hard-coded password to a vulnerable AP connection. The demand for VAPT and Security Analysis professionals is ever increasing day by day. Moreover, IoT is moving towards a Mesh Network as discussed previously, and one weak link in the chain can compromise the entire grid by opening up doors where there is a peep hole. A minor vulnerability in a thermostat that could leverage the attacker’s privileges, can open the doorway to the home/office’s smoke/fire alarms – when the alarms are activated, they would open the (access control) doors by design, which would pose a serious threat to the data within the organisation or the safety of the residents in an apartment complex. A few months back, Jeff Voas from NIST has released a publication that helps researchers understand IoT and its security challenges. The publication can be found here.

UI/UX Design

While Information Security is the heart of every technology, UI/UX Design (User Interface/User Experience) is how we can perceive or form a first impression of the device(s). A seamless design, that can interconnect multiple devices or options to create a smooth UX, with a minimal learning curve can change the way an end user can perceive ‘Things’. Considering that there would be a plethora of devices in IoT, having a different app or UI does not make sense to the end user who would have to re-learn every time a new device in added to his/her IoT. Adding on to that, IoT devices are cruising towards eye or hand gestures and even voice inputs; for such devices “it is critical to consider the aesthetics of the gestures or voice commands”. So, designers should start venturing into the deeper technological/hardware aspects, towards a world of sensors and holographs; to come up with a great UX. Designers who can encompass all of this, would prove a valuable asset to the field of IoT.

Cloud Computing

The idea of IoT is inter-connectivity, where in the machines are linked to web and constant data flows through it, thereby making it work on a real-time basis. In a world where every “thing” can be assigned with an IP address, cloud computing acts as a huge brain. Earlier, we talked about Big Data and how IoT would generate volumes of data for use. Data storage of this data would have to be considered and managed efficiently; in a way, “cloud computing and IoT are tightly coupled”. When data of this size that is easily captured, it also has to be re-worked upon to make it consistent and valuable to the devices and the entire infrastructure; that is where the ‘huge brain’ comes into picture. The data is transformed to be productive at real-time and assists in making decisions while optimising the inter-connectivity, especially with cloud providing the virtual infrastructure that is scalable – would assist organisations in accessing the applications/data on demand. Knowledge and experience in Cloud Computing Platforms such as AWS (Amazon Web Services), Microsoft Azure, Cisco IoT Cloud Connect, Salesforce IoT Cloud, IBM’s Watson, etc. can help the business grow.

© 2012 Ajan Kancharla

Hackers Extract Sensitive Data from Human Brain

In what might seem a sci-fi movie, researchers at the Usenix Security Conference have demonstrated that it is possible to hack into the human brain to extract information.

Scientists have made use of Brain-Computer Interfaces (BCI) which are popularly used in the gaming and life-sciences industries. In the past few decades, BCIs have been used in medical domains to help simulate neuro activities for patients with neuromuscular disorders. There are even cheaper BCI headsets for gamers which are less accurate versions of EEG (Electroencephalograph or Brain Electrical Activity) devices, available on the market by Emotiv and NeuroSky for $200-$300.

Emotiv Brain Control

Using a P300 response, a specific brainwave pattern that the brain undergoes when it recognizes something meaningful or familiar, a face, location of your home, your DOB, your card’s PIN etc., the researchers developed a program that utilized a modified brute force attack on the brain, this was done by flashing pictures of faces, banks, PINs etc while monitoring the subject’s brain activity for a P300 response.

P300 Response – Brain Hacking

The scientists tested their program on 28 participants who obviously didn’t know that they were being subjects to a brain-hack software. In general the experiments had a 10% to 40% chance of success of obtaining useful information.

Brain Hacking Accuracy Chart

The key ingredient to capture such sensitive information from the subject is to make sure that the subject remains unaware of the fact that they are being attacked. The P300 response is triggered sub-consciously, so, making use of social engineering techniques, sensitive information can be captured.

Imagine, using a BCI device you’re playing a game designed specifically for this purpose while the hidden software in the game is extracting sensitive information from your mind using the same BCI device. This is how the scientists think of a real-life scenario.

Your darkest secrets, deepest fears would be accessible to the hackers in the near future.

Research paper: On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces

© 2012 Ajan Kancharla

Un-Encrypted Company Laptops

Over the past few weeks, I’ve come across various cases where there was a data- breach due to a stolen laptop or a misplaced portable drive. There are cases where a particular company entrusts a laptop to its employee(s) and expect the data to be safe without attempting to provide any sort of data-encryption to the laptop or the sensitive data within the laptop.

Lets take health care places as an instance, usually a patient’s data would contain the following:-

  • Govt. IDs like SSN, Driving Licence, Voters ID etc
  • DOB
  • Health Ailments
  • Address
  • Card Details

The above are just a few that I can think of in less than a minute. A hospital or a health care system would obviously have more than that besides the kind of medicines the patient has been taking or the known side effects of the same.

A software company would have information on the kind of tools that their employees use or the type of data or clients they deal with and more.

There are many programs out in the market that help encrypt our data from hostile eyes. Windows 7 comes with a BitLocker, a tool that lets us encrypt the entire hard disk. BitLocker is only available to Ultimate or Business versions, however if your Windows 7 OS is neither Ultimate nor Business version then you may try using TrueCrypt, its open source and helps encrypt your entire hard drive, a portion of the hard drive or an external drive. Mac OSX has FileVault for the same purpose, although it encrypts only the Mac’s Home Folder. The new version of Mac OSX, Lion would contain FileVault 2, which would be able to encrypt the entire hard drive. If you’re willing to spend more, companies like Imation and Origin provide built-in encryption their portable drives that have a built-in 256bit AES encryption.

© 2012 Ajan Kancharla