Article by Kieren McCarthy in San Francisco , Register
The “Simon” and “Speck” cryptographic tools were designed for secure data to and from the next generation of internet-of-things gizmos and sensors, and were intended to become a global standard.
But the pair of techniques were formally rejected earlier this week by the International Organization of Standards (ISO) amid concerns that they contained a backdoor that would allow US spies to break the encryption. The process was also marred by complaints from encryption experts of threatening behavior from American snoops.”
For more information see:
The Eclipse Internet of Things Working Group IoT Developer Survey 2018 collected feedback from 502 individuals between January and March 2018.
The key findings in this year’s edition of the survey include the following:
- Amazon AWS and Microsoft Azure are the top 2 cloud services for IoT. Google Cloud Platform is failing to get traction.
- MQTT remains the standard of choice for IoT messaging, while AMQP is becoming more and more popular as companies scale their IoT deployments and backend systems.
- 93% of the databases and data stores used for IoT are open source software. Data collected and used in IoT applications is incredibly diverse, from time series sensor data to device information to logs.
For More Information see:
Key Trends from the IoT Developer Survey 2018
Building on concepts identified in the IIC Industrial Internet Security Framework, the Security Maturity Model (SMM) defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk. This enables decision makers to invest in only those security mechanisms that meet their specific requirements.
“The Internet of Things has brought a lot of innovation to industries, but it also introduces new security threats. The security landscape is complex and always changing,” said Ron Zahavi, IIC Security Applicability group co-chair, the white paper Co-Author and Chief Strategist for Azure IoT Standards at Microsoft. “It can be challenging for organizations to understand where to focus their security budgets, especially with limited resources. The Security Maturity Model provides organizations with an informed understanding of security practices and mechanisms applicable to their industry and scope of their IoT solution.”
Organizations apply the SMM by following a process. First, business stakeholders define security goals and objectives, which are tied to risks. Technical teams within the organization, or third-party assessment vendors, then map these objectives into tangible security techniques and capabilities and identify an appropriate security maturity level. Following this, organizations develop a security maturity target, which includes industry and system-specific considerations, and capture the current security maturity state of the system.
“By periodically comparing target and current states, organizations can identify where they should make improvements,” said Sandy Carielli, white paper Co-Author and Director of Security Technologies at Entrust Datacard. “Organizations achieve a mature system security state by making continued security assessments and improvements over time. They can repeat the cycle to maintain the appropriate security target as their threat landscape changes.”
National Institute of Standards and Technology (NIST) have published a report on Lightweight Cryptography.
NIST approved cryptographic standards were designed to perform well on general purpose computers. In recent years,there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When current
NIST approved algorithms can be engineered to fit into the limited resources of constrained environments, their performance may not be acceptable. For these reasons, NIST started a lightweight cryptography project that was tasked with learning more about the issues and developing a strategy for the standardization of lightweight cryptographic algorithms. This report provides an overview of the lightweight cryptography project at NIST, and describes plans for the standardization of
lightweight cryptographic algorithms.
To view this report, see:
NIST Report on Lightweight Cryptography
Local Authorities are becoming increasingly aware of how innovative, low cost Internet of Things solutions can help councils deliver better services and efficiently manage their local infrastructure. Low Power Wide Area Networks (LPWAN) can make that a reality, but Local Authorities struggle to identify the right technology partners that will meet their specific needs in a rapidly evolving market.
UK SMEs who develop LPWAN solutions are keen to work with Local Authorities, but they find it difficult to turn promising conversations with individual council staff into real business opportunities.
To remove this stumbling block, Digital Catapult’s third Things Connected Innovation Programme brings together Local Authorities and LPWAN innovators to work on real-world challenges and helps them fine tune their offerings for the Local Authority market.
Why you should get involved
UK SMEs working with LPWAN technologies are invited to apply to join the programme, to refine and pitch solutions to one of the specific challenges faced by four Local Authorities. Innovators with the best pitches go forward to conduct a live trial with the relevant council.
The Local Authorities and their challenges are:
- Croydon – Measuring the impact of construction sites on air pollution in the surrounding area.
- Suffolk – Monitoring footfall in a seaside town.
- Sutton – Independent travel for vulnerable young people with learning disabilities.
- Thurrock – More efficient waste management at municipal refuse tips.
For more information see:
Things Connected Innovation Programme for Local Authorities
Cryptography experts specializing in secure communications at the National Institute of Standards and Technology (NIST) are looking for ways to protect data created by tiny networked devices that are being used in Internet of Things applications and projects.
These tiny IoT devices, which include sensors, actuators (components of a machine that move or control a mechanism or system) and other micromachines will need a new class of defense mechanisms against cyberattacks.
The devices will work on scant electrical power and use less complex circuitry than chips found in the simplest cell phone, according to the NIST.
For more information see:
NIST seeks industry help to secure tiny IoT medical devices
Microsoft have announced the launch of a secure end-to-end IoT product that focuses on microcontroller-based devices — the kind of devices that use tiny and relatively low-powered microcontrollers (MCUs) for basic control or connectivity features. Typically, these kinds of devices, which could be anything from a toy to a household gadget or an industrial application, don’t often get updated and hence, security often suffers.
At the core of Azure Sphere is a new class of certified MCUs. As Microsoft president and chief legal officer Brad Smith stressed in today’s announcement, Microsoft will license these new Azure Sphere chips for free, in hopes to jump-start the Azure Sphere ecosystem.
For more information see the TechCrunch article:
Microsoft built its own custom Linux kernel for its new IoT service
Earlier this year Qualcom launched its new embedded platform for IoT developers; and it’s introducing two new systems-on-a-chip for IoT, the QCS605 and QCS603, that combine a multicore ARM processor with the company’s AI engine and an image signal processor.
The standard use for these chips is in smart security cameras for both consumers and industry, as well as sports cameras, wearable cameras, VR, robotics and smart displays — anywhere you need a good amount of computing power at the edge, as well as the ability to interpret images and run pre-trained machine learning models.
For more information see Techcrunch article:
Qualcomm launches its new vision intelligence platform for IoT devices:
Qualcomm launches its new vision intelligence platform for IoT devices
Wind River’s business is based on real-time operating systems and other high-reliability embedded software used in Internet of Things devices, ranging from sensors in connected cars to massive industrial machines that gather reams of data and send it to the cloud. And for the last decade, Wind River has been part of Intel.
But that will soon change. Wind River announced Tuesday that it had been sold to the investment firm TPG and will return to being an independent company. Jim Douglas, Wind River’s current president, will lead the company after the transaction closes in the second quarter. Other terms of the transaction were not announced.
See full article in Electronic Design:
Intel Divorces Wind River Subsidiary, a Decade After Acquisition
From the permissioned blockchain networks of IBM to the newly introduced Hashgraph technology, some of the largest technology and financial conglomerates have been testing the applicability and potential of blockchain with the Internet of Things (IoT) market since the beginning of 2016.
Yet, with nearly $4 billion invested in blockchain research and development, not a single company has been able to demonstrate the successful integration of blockchain technology with IoT.
…….For this sort of system to be deployed commercially, the scale of the blockchain-based IoT network would have to increase drastically in order to support hundreds of thousands of users. This would require the system to manage tens of thousands of data points per second, all of the which would need to go through the blockchain.
See full article at TNW:
Here is why nobody has succeeded at running IoT on the blockchain