by Ed Nutting
The Internet of Things and so-called Big Data projects (that often reside in cloud systems) are creating interesting networks. For the moment, many of them are closed, private systems which hackers have to gain access to illegaly to be able to do any damage. However, lots of current proposals include the idea of creating a vast, open network of devices to which any Tom, Dick or Harry can add their device and send data. On the face of it, this looks like a good idea. More data means more to analyse, more accurate info and making it open means anyone can analyse it. The more devices the merrier, right?
Wrong. There are three significant issues that I’ve yet to see anyone address properly:
- In an internet based system, as is currently developing, a device that knows the (open) data submission protocol can be anywhere in the world and report itself as being anywhere else in the world. There is no verification that data being submitted actually originates from where it says it is. For some data this may be fine, but for lots of applications it’s not. Take, for example, weather data. That has to come from the actual location and nowhere else.
- If you allow the network to be completely open, with no real-world identification of who added the device, you risk an individual dominating a local portion of a network (sticking with our location-based-data theme)
- With the above two established, it becomes possible for an individual to significantly influence the data submitted for a local area, with no easy way to verify its correctness (without adding your own trusted device – in which case, what was the point of making the network open in the first place?)
You may say: “Okay, who cares if one person dominates the local weather data for a small area, what difference does it make?” and most of the time, the answer would probably be “None.”. But I can name one very good example of when such a dominance of local data could lead to disastrous results.
Airports rely on localised weather data, particularly wind speed, for guiding planes in to land. In fact, increasingly planes are using auto land which starts the landing process miles out from the runway. Across the length of the glidepath, a cross wind of just 1 mile per hour could result in a significant drift if the aircraft doesn’t compensate. Crosswind speed data is provided by airport systems to assist with this. The plane also makes use of GPS data and the known intended location at points along the glide path to track whether it is staying on course, and adjust accordingly. However, just as a plane goes to touchdown, it will be countering potentially strong cross winds where GPS data isn’t accurate enough or available fast enough to be of any use in such a feedback-based system. Knowing the actual crosswind speed because more important. Other factors also have a significant part to play such as air pressure, temperature, humidity and so on.
It is not unreasonable to forsee a system in which airports use local weather data from the UK Met Office (as is probably the case already) to significantly supplement their own data. Bearing in mind we’re headed for automated systems, the real time data may not even be monitored by a human being. But it’s also perfectly possible to foresee the Met Office relying on open data from open IoT systems. Systems which, as described above, can be dominated by an individual and create massively skewed data. In this situation, an individual could have a major impact on the weather data being used but with no accountability and with potentially deadly consequences.
While there’s lots of ifs and buts in this vision of the future, the vision is no more or less likely than any of the alternatives. However, the hidden links between open IoT networks, supporting open big data systems which in turn supply critical systems (physical weather, mood trends leading to financial decisions, real time traffic data, etc.) leaves huge potential for major security flaws. These are flaws we must be concious of and act now, at the initial design stages, to eliminate. And the solutions ultimately will impact individual device design and thus embedded OSes, systems and related software.