IoT and Security: Do We Need Standards For Securing Your IoT Gadgets?

| Yatin Trivedi, David Law

Letter from the Editor

With all the rage (hype?) about Internet of Things (IoT) and Cybersecurity, it is important that we look into the standards at the intersection of these two technologies. As various sensors collect data about people and their surroundings, there is increasing concern about privacy and security along with safety and protection. This is known as the “Quadruple Trust” system within the technical community that addresses Cybersecurity issues.

Among the questions that are often raised in the cybersecurity context, need and use of technical standards are typically at the top of the list. How can systems trust each other without having a common security protocol? The need for trusted communication protocols may be obvious, but when the trust is breached – “if” is no longer a question.  As we have seen frequent breaches, we must take steps to improve data security, system security, people’s security, business security and national security. In some cases, common sense use is sufficient such as having a ‘strong’ password and not sharing it with others. In some cases, double verification may be considered sufficient. And, in many cases, significantly higher standards of security must be maintained because entire business or national interests may be at stake.

On the other hand, IoT gadgets are often used as personal devices by people who may not be sufficiently tech-savvy to realize if and when their devices have been compromised. Inherently, IoT gadgets are end-nodes in a large network, and one compromised device can open up the possibility of compromising the entire network. The device makers often restrict its users to be on the networks controlled by them, which may use private/proprietary protocol to ensure greater security. But, do proprietary protocols and security schemes inherently increase the data security? Does it compromise interoperability and possibly limit the business opportunity for the device maker?

Then there are questions about ethics and governance, often dealt in the judicial context. How aware and informed are the policymakers and how capable is our judicial system to deal with the privacy and security issues? Each government is responsible for the safety and well-being of its citizens, yet spying and espionage have been used for millennia in the interest of national security. Where is the balance and how does one define it?

If you believe that standards are important in this area, naturally the questions are who develops these standards, how can I participate in it and how do I become aware of such standards? It is also important to know which standards development organizations (SDOs) are focused on this area and how do they collaborate among themselves to create an ecosystem of and around such standards.

This brings me to the need for standards and education in this important field. I firmly believe that you are as secure as you are informed and aware. Just as one has to be aware of pickpockets and robbers in the real world, one has to be informed and aware of cybersecurity issues while using gadgets in the digital world. So in this quarterly issue of the IEEE Standards Education eMagazine, we have contributors from the industry and academia sharing insightful information. We also have a list of existing standards as well as those under development shared by IEEE Standards Association. As always, we have included student paper, funny pages and links to a number of public articles and other information that you may find useful.

Happy reading, and be safe in the digital world!

Yatin TrivediYatin Trivedi

Director of Standards and Interoperability Programs, Synopsys

Yatin Trivedi, Editor-in-Chief, is Director of Standards and Interoperability Programs at Synopsys. He is a member of the IEEE Standards Association Board of Governors (BoG), Standards Board (SASB) and Standards Education Committee (SEC), vice chair of the Corporate Advisory Group (CAG), chair of the Industry Connections Committee (ICCom) and serves as vice-chair for Design Automation Standards Committee (DASC) under Computer Society. Since 2012 Yatin has served as the Standards Board representative to IEEE Education Activities Board (EAB). He represents Synopsys on the Board of Directors of the IEEE-ISTO and on the Board of Directors of Accellera. He represents Synopsys on several standards committees (working groups) and manages interoperability initiatives under the corporate strategic marketing group. He also works closely with the Synopsys University program.

In 1992, Yatin co-founded Seva Technologies as one of the early Design Services companies in Silicon Valley. He co-authored the first book on Verilog HDL in 1990 and was the Editor of IEEE Std 1364-1995™ and IEEE Std 1364-2001™. He also started, managed and taught courses in VLSI Design Engineering curriculum at UC Santa Cruz extension (1990-2001). Yatin started his career at AMD and also worked at Sun Microsystems.

Yatin received his B.E. (Hons) EEE from BITS, Pilani and the M.S. Computer Engineering from Case Western Reserve University, Cleveland. He is a Senior Member of the IEEE and a member of IEEE-HKN Honor Society.