The digitalisation of industrial processes dominates the present industrial developments and has started to change our lives dramatically. On the way to self-organising factories, smart cities and self-driving cars we are currently at the start of an artificial intelligence, transforming the real world into an intelligent virtual future, unifying everything under a common infrastructure using inter-connected computer networks: Internet of Things (IoT). This article presents the reader with an overview of IoT technology, key participants and technology requirements, and with the necessary steps to reach successful and secure applications. In addition, it serves as a guide into a complex topic, also pointing to the security aspects and ways of protection against misuse.

The introduction and first use of the internet, still bound to wire connections, had a huge impact on the exchange of information and communication. At the end of the 1980s it became possible to communicate and exchange information with others in almost near real-time. In parallel, the wireless communication driven by the so-called ‘mobile’ phones was established and became commercially available. The first, necessary goal was to reduce the size and weight of the ‘hand-held’ mobile phones before placing intelligence into these devices. This was possible through the enormous advancement in chip development, not only minia-turisation but also the efficiency and storage capacity of the integrated circuits. These laid the foundation for a highly effective exchange of infor-mation between all kinds of wireless devices. Finally, also the volume and velocity of data exchange have improved significantly, enabling the fast transfer of huge data volumes via high-capacity networks between the applications and/or to a data storage, such as clouds.

Stakeholders
The attempt to categorise the stakeholders of Internet of Things (IoT) into main groups leads to the following three clusters:

  1. the production industry, including smart supply chains, offering real-time controlling, reacting and auto-organising facilities;
  2. the telecommunications, administration and business management of banks, insurance companies and civil services with automated big data networks;
  3. the general public using IoT applications, such as self-driving cars and smart homes.

This article will mainly focus on the first group.

Present state of technology
Despite its premature state IoT has already reached a high level of awareness and can be regarded as the leading technology development for the next few years. There are promising solutions and individual products available for all three clusters, offered by the big players in the electronic, communication and IT technology industry. Following the news, we can read about self-organising factories that use continuously running machinery on a prototype level, the first tests done with self-driving cars, smart homes which are able to adjust the temperature and lighting before the resident comes home, with entrance gates opening just in time. Concerning road traffic, intelligent guidance systems that are based on traffic volume, weather conditions and construction works are expected to prevent accidents and traffic jams before they start, forming an important building block of future smart cities.

Electronic components and technologies
With regard to the components, there are a number of requirements for a seamlessly working IoT: electronics-based hardware with the ability to communicate, application-based software, a fast and powerful communication network, experienced data analysts and information/presentation systems for the visualisation, supervision and interpretation. Relating to the process, suitable business models, solution-adopted hardware and software architectures as well as security guidelines have to be in place.

To achieve successful IoT systems in for example production processes, quality control units and/or the operation mode of intelligent systems, a real-time cooperation between hard- and software is indispensable. On the hardware side identification or data storage elements (optical codes or RFID chips), sensors, readers, communication tools (DSL-router, internet gateways) and actuators are necessary.

Data storage elements
To find and identify a physical object (PO), it needs either an optical label in the form of a printed ID code (barcode or data string) or an electronic RFID device. In the case of a printed ID code the PO has to pass a reading device. The coding with an RFID tag allows the detection and identification of objects in a distance range of up to 10 meters, depending on the type. For a reading range of up to 1 meter no power supply is necessary. For distances over 10 meters, power-driven radio communication devices (e.g. XBee modules) are required on the object and the communication partner side. Another important factor is the amount of information to be exchanged between the PO and the communication partner. Simple passive elements do not require an RFID chip, a barcode or alphanumerical string will suffice.

Source: “Here’s how the Internet of Things will explode by 2020”, by BI Intelligence, dated 01.09.2016.

Communication tools
For the communication between the PO and the processors via the internet, sensors or readers and contactless communication technologies are required to gather the information of the PO and transfer it to the requesting application. In the case of optical coding, a scanner or a camera is necessary. For electronically coded POs, readers with a suitable antenna and frequency have to be used. Beside the reading hardware, the information from the PO has to be prepared for the transmission to the internet over a wireless signal. This can be done using contactless communication technologies such as Wi-Fi, NFC, Bluetooth or ZigBee.

Actuators
After the PO has been located and identified by a process application the central processor can, based on a request from an authenticated communication partner, induce an action or motion of the object. Depending on the size and mass of the PO different power sources are available. Most commonly electrically driven motors, magnetic switches and pneumatic and/or hydraulic systems are used as so-called actuators.

The selection of suitable systems is based on the information to be exchanged, the environment, the sensor(s) already used and the function of the PO. Simple mechanical parts will have a barcode, complex systems need at least an RFID tag up to an embedded controller with its own radio frequency-based communication system.

IT security
IoT can also be considered a huge IT project, with two major tasks. First of all, the data handling, communi-cation and information exchange between all partners has to be organised and managed in real time and between different systems. Secondly, the process data and exchange in smart factories such as real-time monitoring (e.g. by VPN) and teleoperation has to be protected against espionage and manipulation; a huge challenge for IT security experts and systems.

With regard to secure smart factories, a detailed security analysis and an end-to-end security concept are essential to detect and prevent or minimise cyberattacks at the possible earliest stage. Regardless of the complexity of the IoT system, for the communication, data analysis, external monitoring, maintenance and teleoperation cloud connected systems need:

  • a secure identity of each communicating unit
  • an identity and access management system end-to-end data encryption and integrity verification
  • network protection
  • 24/7 security monitoring
  • intrusion detection/prevention system
  • secure remote and predictive maintenance

Personal/system identification
One of the most important aspects to reduce and minimise attacks on internet-based computer networks is to make sure that all data and information exchanges are done between identified and authenticated communication partners based on verified digital signatures. In addition, details of each contact, data request and exchange have to be recorded, with information about the requiring partner and time. Without approved authentication, any request of information and data exchange has to be rejected, regardless of its nature (human, machine, system, …). Furthermore, to protect the data ‘on the air flow’ from for example a man-in-the-middle attack, the data has to be encrypted using available, asymmetric and state-of-the-art technology encryption algorithms. To optimise the process in regard to time and security, end-to-end encryption is strongly recommended.

The request for data or information in smart factories can be sourced by for example machines, devices, gateways, clouds, back-end systems and humans. Each source, participating in the information exchange process has to be listed and authenticated in an identity and access management system. Non-listed partners have to pass through an authentication process before specific information can be shared. Whereas the authentication of for example a machine can be performed on the basis of the verified/approved certificate, the authentication of a human partner in a smart application should be performed using knowledge (PIN or password), property (identification card) and accepted biometric features such as a fingerprint or an iris scan, as specified by the security concept.

In the case of B2C smart applications, numerous examples for ID-based identification could be listed. To the high-potential ones belong:

  • biometric based identification
  • travel and border management
  • event booking and entrance management

The biometric-based identification requires a preceding registration before the first use. This can be done online, if the infrastructure for a secure and certified registration process is available. If not, the registration has to be done one single time, at the area of appli-cation. Depending on the security level, different biometric features are deployable.

A smart travel or border management application can be considered a real IoT-topic, because it connects a number of different participating partners from the industry and government authorities. Although many travellers experience problems between their home, the airport and their final destination, most of the time the journey is performed anonymously, except at the check-in, passport control and sometimes at the airport gate. Although people are used to this relative respect of privacy and welcome it, the routine is actually counterproductive in regard to security aspects and it restrains the use of IoT applications. The identification of passengers in or even near the airports and the selection of non-identifiable persons may be a way to reduce the risk of an attack happening in less controlled areas such as concerts and other public events. Of course, this requires an effective and powerful back-ground system to handle this big data topic and the use of biometric data. Once the data are known to the system many IoT applications such as biometric-based booking, automatic person guidance at the airport, the flight and arrival, and the connecting transport to the final destination can be used to make travelling that much easier and secure.

Merits and objections
Referred advantages of the IoT are for example self-organised and supervised smart factories with flexible, robot-based just-in-time production without interruptions, without downtime and zero waste, or city centres and high streets without traffic jams. This sounds futuristic, and might be difficult to believe for people who have always experienced just the opposite. Additionally, it is general knowledge that all things done by humans are prone to failures and mistakes. These mistakes will be reduced by intelligent, continuously working and self-learning automated systems. But to maintain the high performance, the system has to be monitored in regard to its performance and any potential failure due to for example material or machine fatigue needs to be detected well before it occurs. Assuming a successful and all-embracing smart production system, possible major advantages are real-time asset tracking, a real-time visibility in the operational performance including production flow monitoring, remote equipment management and condition-based maintenance as well as a predictive analysis.

Despite the big advantages there will be delays, caused by the fact that many companies are neither prepared nor even willing to start using digital technologies. Neglecting the refusing parties, starting from zero can be an advantage because it reduces the variability of existing, even sometimes out-of-date systems that are not able to fullfil the technical requirements. Irrespective of the actual infrastructure, it is a huge package and it will take a long time for smart systems and technologies to achieve a fully automated working mode. A recommendation for interested companies is to anchorage the management commitment in the strategic plan, to define and specify the final system from the actual point of view and start with small projects, getting experiences and tools to actuate the process and transition.

Considering non-technical, sometimes irrational concerns such as the predominance of machines over human beings, the redundancy of staff and the scepticism against artificial intelligence have to be addressed and clarified to achieve the trust and support from the employees. Technical revolutions have always involved quite dramatic changes in many aspects, but most of them have led to a positive effect. Explaining about the IoT and its advantages in combination with the benefits for the individual and for society is the way to get the support from people necessary to establish successful smart solutions and systems.

Conclusions
The phrase ‘Internet of Things’ is a slightly misleading term, because it pretends to only deal with insignificant, everyday products. However, it includes all kinds of physical objects that can be tagged with any kind of physical response item for the identification, response and subsequent action, via an open and comprehensive global internet network based on a powerful internet provider and processors. The recommendation for businesses is to start with small applications and to keep the bigger picture in mind. They should proceed along an intelligent route and never neglect the security aspects, to warrant overall improvement with an optimised protection against cyberattacks. Once successful, intelligent solutions have been established, or even parallel to this process, neural networking (or artificial intelligence) will be able to support and improve the processes on its own mode of operation.

IoT can be regarded as the current most important technology development with innumerable and sur-prising applications to be expected. The big challenge will be to establish an intelligent crosslinking between products, production units, services and human beings, based on eligible IoT business models. In the future, the IoT will be driven by the big players in the IT industry, internet companies, innovative electronic concerns as well as telecommunications and logistic enterprises.

References
1 Madakam, S., Ramaswamy, R. and Tripathi, S. (2015). Internet of Things (IoT): A Literature Review. Journal of Computer and Communications, Vol. 3, No. 5, pp. 164-173. http://file.scirp.org/ Html/56616_56616.htm
2 Rose, K., Eldridge, S. and Chapin, L. (2015). White paper: The internet of things – an overview. The Internet Society (ISOC). https://www.internetsociety.org/doc/iot-overview

Dr Roland Gutmann
+ posts

Dr Roland Gutmann started his career in 1996 at the Bundesdruckerei in Berlin as an R&D project manager for new security systems for identity documents, visa and banknotes. In addition, he was responsible for customer-specific product developments, hardware and software-based new security features as well as the definition and specification of national and international identity documents, such as the German e‑ID card, residence card, e‑Passport and driving licence. Dr Gutmann is an active member of international (EU, ISO) standardisation groups for identity documents and driving licences.

Previous articleOptical security media
Next articleCan the grid protect us from terror?