By Mike Krygeris, Sr. Field Engineer at Plixer International
Internet connected thermostats, refrigerators, pet feeders, cameras, DVRs, etc. are all part of the Internet of Things (IoT). Numerous articles have been written detailing how these devices are being hacked and used for nefarious purposes like hosting illegal web sites to sell contraband, exfiltrating data from other devices and even participating in DDoS attacks. This information is all true and concerning, however there is something on the horizon that is potentially far more menacing called Smart Dust.
Gartner forecasting that the “connected things” market will grow from 6.4 billion devices in 2016 to 20.8 billion by 2020, this will be the driver pushing DDoS to a double digit growth in 2017.
Smart Dust is the term used to describe very small chips containing a system of tiny microelectromechanical systems (MEMS) such as sensors, robots, or other devices that can, for example, transmit temperature, vibration, GPS coordinates and more. Imagine attaching a small sticker of Smart Dust to every package shipped by UPS, FEDEX and US mail. These devices allow the consumer or the shipping company to track everywhere the package goes, measure the temperature, see if it is opened or dropped on the floor. Just add the Smart Dust chip to the shipping label, scan the hardware ID (I.e. IPv6 address) with a mobile application and track it on-line.
Bridges and buildings could contain sensors to help more accurately monitor wear and tear or even double in functionality to provide weather details to an entire industry of meteorologists. If a company has a problem with staplers disappearing from employee desks, just attach a piece of Smart Dust and start tracking them… “I believe you have my stapler.” Take a look at this article and it might change your idea of what IOT will be in 5-10 years.
Smart Dust Internet Connectivity
IOT vendors will have very specific machine to machine (M2M) communication scenarios. Unlike our mobile phones, customers won’t be providing the internet access for a lot of these devices. It will just be there. This type of communication is already in place in a few cities. The first being Amsterdam.
SIGFOX is one type of low bandwidth IoT communication technology. Other low bandwidth IoT technologies include LORA and 6LoWPAN, and they T all operate at layer2 to communicate directly with the internet. Although each MEMS can only communicate at speeds comparable to a modem, and as an aggregate, there is strength in numbers.
Powering Smart Dust
Today, Low Power Wide Area Network (LORA) radios can be powered for a few years with just a CR2032 battery but, what about when science develops a way to “harvest” ambient energy to power electronics? At that point, Smart Dust (MEMS) will never power down leaving the potential for a massive number of micro-computing devices remaining on-line indefinitely.
Internet of Zombies
To date, public discourse on Smart Dust has not included details around the identity, ownership and security of these devices. These are important topics that will need to be considered.
How do you deal with this type of IoT device if it were to become compromised by a hacker? Would UPS or FEDEX be responsible for millions of infected MEMS participating in DDoS attacks while they sit in landfills all over the world? Without a definitive end-of-life after their use, these objects could stay connected to the Internet forever! Without ownership and responsibility, some Smart Dust won’t be decommissioned properly and could end up as the Internet of Zombies, essentially becoming the trash on the side of the information superhighway.
Embedding security and defining end-of-life processes would add cost into the creation of MEMS, which is the reason it will likely not happen on its own. For current examples, you need only look to the IoT devices currently being compromised by the Mirai Botnet. There is simply little incentive for manufacturers to create strong security and identity management on IoT devices because it slows time-to-market and increases production cost.
The Future of Smart Dust
Today’s IoT still plays by the rules of perimeter security, ownership and a infrastructure management. The IoT of tomorrow will be much more like the meatspace of today and we need to plan for it accordingly. Smart Dust technology already exists and is likely being implemented without careful consideration to security.
A parallel internet meant just for IoT and Space Dust, and bound by a different set of rules, may be the safest way forward. This internet’s control plane might leverage a software defined network (SDN) approach with an open and decentralized traffic-forwarding paradigm similar to BGP. LISP for example, comes to mind as it can provide a standards based location while offering an independent network fully gated from the regular internet. MEMS manufacturers could consider defining a shelf life, similar to that of a gallon of milk. After a given time frame, the MEMS will simply stop working.
Monitoring systems will need to be put in place, such as those that consume NetFlow and IPFIX, to help service providers keep an eye on the traffic generated by these devices. These monitoring systems will measure the volume and traffic types generated by MEMS and will provide forensic data for the investigation of malicious and unwanted activity.