First published 2017 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:
ISTE Ltd
27-37 St George’s Road
London SW19 4EU
UK
www.iste.co.uk
John Wiley & Sons, Inc.
111 River Street
Hoboken, NJ 07030
USA
www.wiley.com
© ISTE Ltd 2017
The rights of Dominique Paret and Jean-Paul Huon to be identified as the authors of this work have been asserted by them in accordance with the Copyright, Designs and Patents Act 1988.
Library of Congress Control Number: 2017932154
British Library Cataloguing-in-Publication Data
A CIP record for this book is available from the British Library
ISBN 978-1-78630-059-1
To begin with, I must applaud Dominique Paret and Jean-Paul Huon for this excellent initiative to write a book on the Internet of Things (IoT). There is a wealth of literature on this topic, but not a day goes by when we do not see numerous successful cyberattacks, which could endanger the large-scale rollout of IoT technologies if we are not conscious and cautious of the danger they pose. As Europe is projected to become the second biggest IoT market in the world by 2030, this represents an unmissable opportunity!
This very thorough book is written both for readers wishing to familiarize themselves with the complex issues surrounding networking objects and for those who design these connective “things”.
This book sets itself apart from the rest by: restating the fundamental elements, both software and hardware, of the technological building blocks, to describe service architectures; teaching the reader about the different protocols; making designers aware of the legal issues and the processing of sensitive data; and finally, discussing end-to-end security using an excellent technical basis.
Other points are highlighted in the discussion of numerous elements in the overall design of the IoT chain and the technical-economic realization of the so-called secure connected object.
Dominique and Jean-Paul have, for years, been recognized experts in the development of RFID technologies, contactless chip cards, NFC, IoT and software. The highly technical nature of the topics discussed herein must attest to their expertise.
EESTEL is proud to welcome these authors as members, to participate in the work of training, dissemination and security assessments, without which the electronic transaction market, and that of IoT in particular, could never develop.
Once again, bravo!
I hope that you, the reader, will enjoy this book and reap the benefits it has to offer.
Pierre CRÉGO
After a great deal of discussion on how to construct this essentially technical book, built around the concrete realization of secure connected Things in applications for the IoT (Internet of Things), we chose the following layout for the presentation:
Dominique PARET
Jean-Paul HUON
March 2017
As per usual, there are many people to whom thanks are due for their goodwill, for listening, for their remarks and constructive comments. Thus, to all those people, who know beyond a doubt who they are: a huge, warm and heartfelt thank you!
Now a few more specific acknowledgements and hat-tips to certain very longstanding friends:
All of these, in their own way, have provided us with many excellent examples as technical explanations, … and also with many shared golden moments.
As a preamble to this book, let us start as we mean to go on, and show the “color” of the coming discussion.
First of all, this book is not intended to be (and is not) an encyclopedia of connected Things and IoT/IoE. There are thousands of articles about the subject online (some better than others), providing a framework for wild and wonderful flights of theoretical fancy, enormous and varied future markets of all kinds, stupendous commercial figures, etc. For our part, as we are not keen on unproductive redundancies, we have focused only on those subjects about which far fewer articles are available: that is, the daily operation, on the ground, of this domain, between concrete discussion of the Designs, Applications and Realization of secure connected Things – IoT/IoE. Even so, the discussion will be plenty extensive!
As each word of the title has been considered at length, it is worth giving a brief explanation of each term.
IoT/IoE – Today, there is a great deal of talk about the “IoT” – the Internet of Things. For our part, we wished to skip over the (immense but) restricted field of IoT (“Things, Objects”) and move up to the level of the IoE – the Internet of Everything – i.e. absolutely everything, including animals, individuals, groups of individuals, and so on.
Things – This term serves as our starting point for the whole string of explanations… Thus, a “Thing” as meant here could also be called a “terminal”! In this book, when we speak of “Things”, with a capital “T”, the term includes everything that is found in everyday literature referred to as “devices”, “elements”, “nodes”, “end devices”, “endpoints”, “terminals”, etc. – in short, any “thing”, be it large or small, which serves as a point of origin for data which we have to or wish to exploit.
Connected – Connected, certainly… but connected to what? How? Why? At what cost? Furthermore, Things may be simply connected to one another by any type of connection, and we speak of “Connected Things”; or else they may be connected via a specific type of link – e.g. via the Internet (which complicates matters somewhat), in which case we speak of “IoT or IoE”… but this is not a goal in its own right. Beware of confusion between styles! We must not mix up cabbage and carrots… but we have not precisely defined what is a cabbage and what is a carrot! Please, dear reader, take care to avoid unwarranted confusion of the terminology.
Secured – Here, there is no doubt; there is no alternative. A connected Thing must be secure, and that security must be rigorously established from end to end of the chain, including in Cloud storage if such a service is used; otherwise it is all for naught. (Be careful: that one sentence encapsulates 35 years of security of banking transactions and high-level industrial exchanges). Security is not a luxury, but an absolute necessity, in terms of the operation of the whole system and in terms of individuals’ private lives, in today’s world and tomorrow’s, because there is too great a risk of piracy, hacking, phishing, etc. to which we are exposed.
Applications – Obviously, we cannot forget the vast domain of all kinds of applications.
Design – The aim of this book is to serve as a guide so readers forget nothing and avoid the pitfalls that could emerge in the process of designing secure connected Things.
Concrete realization – This is the true purpose and the very core of this book. It is all very well to speak about the Internet of Things; to discourse articulately on the subject (how many times have we seen and heard such speeches…?) but to concretely, physically create a connected Thing for commercial ends and successfully sell it in large quantities, at a reasoned and reasonable price is far better… Otherwise we may as well do nothing, without a lot of noise!
Here, then, is the express purpose of this book.
This first part is divided into a number of introductory chapters, always having a direct or semi-direct link to the Internet of Things – IoT.
By way of introduction to this book, Chapter 1 offers a brief overview of the relevant vocabulary, with a view to avoiding the misunderstandings which occur all too often in the field, and resolving the confusion between the terms “connected things”, “communicating things” and devices which do actually form part of the “Internet of Things” per se.
For its part, Chapter 2 touches on the (overly) vast mode of IoT, the catchall surrounding the IoT, the “buzz” in the media, in the specialized or general press, etc., and the concrete reality, which consists of defining, designing, manufacturing, perfecting and industrializing a product, and in particular, successfully selling it!
To conclude this first part, Chapter 3 employs a concrete example to present a view of the technical-economic situation, with the “why” leading to the conception and design of a communicating thing that uses the Internet.
This first part recaps fundamental and classic concepts of theories… but first, in order to clarify our approach, let us look at a little vocabulary and examine a few definitions of the “Who is Who” in the “IoX”.
What a marvellous term “Connected Thing” is, which conveys absolutely anything… and its opposite! How many people will delight in that name!
“Thing” is easy: it is easy to imagine that the term covers everything from an extremely miniature Thing to an enormous ocean liner!
“Connected” to what? How? Why? … etc. In this aspect, we are often still left searching for meaning!
Over the ages, connections have been established in different ways: in smoke signals, …, over wired connections, but today, all of this now seems somewhat retro to some people. The uni-directional or bi-directional, “wireless” or “contactless”, connection is much more in fashion.
That said, let us keep things simple and open our eyes. Radio-frequency identification (RFID) has been in use for a number of years (decades, even); so too have contactless chip cards, NFC, Zigbee, Bluetooth BT & BLE, Wi-Fi, etc. and, much like Mr Jourdain in Molière’s The Bourgeois Gentleman speaking prose all his life without even knowing it, we have been making “wireless” “Connected Things” –secure ones, even, and even highly secure!
An example from the public “automobile” market:
For 15 years, an electronic valve for cars has been a “Connected Thing” (using UHF), connected to the electronics of the car, but this is not an example of the IoT!
Thus, this current fashion is not truly groundbreaking, except for a certain faction of the press and avid “followers” of new words… even if those new words express the same things as the old ones!
What exactly does the IoT consist of, and what is the IoE (i.e. the Internet of Everything)?
It is a physical network of Things (or “devices/objects”) incorporating sensors, electronics, software and connectivity, enabling these Things to exchange data with an operator, a manufacturer, a service provider or other connected devices. Thus, it is based on a number of different things.
The IoT works under the auspices of the “ITU – the International Telecommunications Union – Global Standards Initiative (IoT-GSI)”. For information, IoT-GSI covers connected devices and Things (e.g. personal computerized devices, portable or office computers, tablets and smartphones, etc.) via multiples communication protocols connecting the elements to one another, such as Bluetooth, ZigBee, Long-Range Wide-Area Networks such as LoRa, SIGFOX, etc.
IoT devices (elements) or indeed what we define generally as Things, often function without a human interface, generally using the energy supplied by a battery, and are usually devoted to a single task. They are generally described as “smart objects”, or as “connected devices”. As it is, there is a whole host of such devices! For example:
This typically means that an IoT device falls into one or several of the following functional domains:
Having barely had the time to gain familiarity with the Internet of Things, suddenly we are talking about the Internet of Everything – IoE. What is the difference between these two concepts? We shall answer this excellent question shortly, but first, let us take something of a purist stance, and call a spade a spade. To begin with, in order for there to be an “Internet of x”, the “Internet” (and its structure) must be involved in the story – otherwise there could not be an IoT and certainly not an IoE; however, there are many, many Connected Things which operate with links other than the Internet… thus, it is important not to confuse cabbages and carrots*!!!
IoT, as the name indicates, implies that sooner or later we must use an Internet connection… but that is not always the case!
NOTE.–. We shall refrain from defining what cabbages and carrots respectively are in this story!
The “Internet of Things” is often defined as being the network of physical Things containing “embedded” technology (integrated, onboard), so as to communicate, detect or interact with their internal states and/or the external environment. Figure 1.1 shows a non-exhaustive example of the functional chain of such a structure.
Figure 1.1. Functional chain of IoT
Often, by default, in the eyes of many, the Internet of Things is all so-called connected products, monitored by mobile applications: watches, weighing scales, bracelets, toothbrushes, refrigerators, etc., which often do not use the Internet at all, instead using other means of communication such as NFC, BLE or Wi-Fi, for example.
The Internet of Everything – IoE, for short – goes far beyond “Things” (Connected Things). In fact, this is an expression invented in 2015 and promulgated by Cisco – one of the world leaders in network infrastructure. There is every chance that in tomorrow’s world, the Internet of Everything will become a reality, encapsulating not only the world of the Internet of Things, but also that of data, processes… and people (through their smartphones and social networks)! More broadly still, the Internet of Everything is based on the harvesting of the information that we share individually and collectively – that is, it operates at a much higher level than with simples Things in the Internet of Things. That data mining will be organized by private companies capable of processing enormous streams of data – known as “Big Data” (via the Internet) – and charged with turning those data to profit, selling them on either to advertising agencies or marketing networks, or to public-sector organizations wishing to optimize their services and territories, or indeed to public-interest private companies (transport operators, energy providers, works contractors, waste-management companies, etc.), and so on. In other words, the raw material used by this new industry will be our personal information, freely given, without us having any control over the use made of it… Of course, we must not neglect to mention the flip side of the coin: the danger of the servers hosting all these data being hacked!
The admirable goal of the Internet of Everything is to support numerous developments and improvements, such as smart homes, optimized control of energy consumption and natural-resource consumption, smart parking, more appropriate road tolls, etc. and also help improve administrative performances by enhancing agents’ productivity and reducing operating expenditure. That, at least, is the dream…
The Internet of Everything makes it possible for cities to ultimately become “Smart Cities”, and for public administrations to hinge their efforts on the following three axes:
EXAMPLE.– sensors built into trash cans send a message to indicate that they need to be emptied. Such a system in Finland has already delivered a 40% saving on the waste collection budget.
EXAMPLE.– in New York, urban screens operating 24/7 are used for surveillance in the city, dissemination of information, offering means of communication (e.g. Wi-Fi), but also generating revenue through advertising.
EXAMPLE.– “smart parking” employs an intelligent system to inform drivers of the number of free spaces left in the different parking lots in the city.
In Nice, this system has reduced traffic jams by 30%, increased parking revenue and reduced CO2 emissions.
Having come to the end of these few introductory remarks about our near future, let us now turn our attention to the enormous world of IoT.
Over the past five years, the media has been inundating us with news of Connected Things, in enormous tidal waves of hype for each and every successive one! What does this represent, and where are we to situate this book and its content within this quagmire of information?
Anything and everything! It is true that the dawn of connected Things and the generalized use of digital technology have led to the production of vast quantities of data, creating new opportunities to improve operational efficiency, to reinvent the customer experience and to create new services. Therefore, in all major fields of activity, IoT plans are being announced with a great deal of fanfare, with enticing slogans:
Is this market for Connected Things a bubble, as we saw only a few years ago in other areas (e.g. property, dot-com businesses, and so on)? Can it last? What does our crystal ball say (see Figure 2.1)?
Figure 2.1. Is the IoT market a short-lived buzz, or will it endure?
Taking, as a starting point, the hypotheses of Cisco and Ericsson, and in the knowledge that between 2015 and 2021, the number of IoT-connected devices is projected to grow by 23% annually, peaking at almost 16 billion units out of a total of 28 billion connected products (taking account of PCs, portable computers, tablets, mobile telephones and landline phones), here are a few nuggets of information.
As our crystal ball has offered us the point of view elucidated above – which is merely one more projection amongst others – wisdom leads us to point out that the concept of the hype cycle has a well-known shape, which, whilst it is unequivocal, is not always too close to the mark, though not too far wide of it either!
New technologies offer numerous admirable, wonderful ideas, but how are we to know whether or not they will achieve real commercial success? In addition, it is very difficult to estimate the financial risk that a company will have to endure (often over the course of several years of R&D) for the commercial launch of a new product on a market with no point of reference, as the product is a so-called disruptive innovation – a technological breakthrough.
Each year, the Gartner group, made up of specialist consultants in the prospective development of emerging technologies, offers its clients a view of the life cycles of their innovations, the different phases of adoption and maturity, to try and project when the product should (finally) become profitable!
Every summer, Gartner polishes off its crystal ball, and for the coming year, publishes its “Hype cycle” (registered trademark of Gartner) for the technological products currently in fashion. This helps everyone to gain an idea of how to position their product and glimpse its evolution over time, and thus enable companies to estimate the kind of sales effort they will need to implement alongside the development, with a view to planning the product’s rollout.
Every innovation/technological product is believed to obey a hype cycle, made up of five key phases in terms of visibility and maturity (see Figure 2.2).
Figure 2.2. Hype cycle
(source: Gartner)
As at the start of any branch of activity, there are many innovative ideas around: good ones, bad ones, ones which are idealistic but not particularly constructive, etc. This creates a “buzz” and draws interest from the media. This is the stage where teams of future engineering students doing their final-year projects are itching to create their future “start-ups”.
In general, at this stage, all we have are models/prototypes (POC – Proof of Concept), and the commercial viability of the products has not yet been proven.
The publicity created when the idea was launched has given rise to numerous emulating products. There are many new entrants to the race and numerous startups, SO/HOs, SMEs, SMIs, and this is the stage when a few “success stories” begin to flourish… but there is also a certain amount of “bad buzz”.
It is at this moment when innovators need to take concrete action, and move on to real production to make the product available, because the public’s expectations are high.
After this significant phase of hope in the market, we see a phase of depression, stemming from the fact that the products are not always available or do not live up to the expectations people had of them, or indeed because there are far too many disparate offers and solutions, the price is still a little too high and, because of the lack of norms for the market, there are too many protocols and standards and/or proprietary standards, little or no interoperability, etc.
At this stage, public interest takes a nosedive, and companies have to decide whether they are willing/able to invest to truly adapt the product to the demands of the “early adopters” of the market.
It is often at this stage when numerous start-ups fail, through lack of liquidity, funding, aid, a solid financial position. Thus, there are “crashes” and a few/many decomposed bodies of companies wash up on the shoreline.
The project begins to reach its final development phase. Companies come to have an increasingly good understanding of the market they are dealing with. It is a time when groups of complementary interests come together to form joint ventures; the best start-ups are bought up by larger companies/groups, either to develop and help these SMIs grow, or to bring their own products up to speed in the domain… or indeed to better be able to smother them in the longer term (this approach is deeply unkind, but it is done, and it is a very effective strategy!).
This is when the second or third generations of the product are released.
Finally, a genuine market emerges; the technology begins to be more widely used, and it is finally adopted by the “cautious majority” (Rodgers’ model states that the number of people adopting a new product obeys a Gaussian curve. Once the cautious majority has been won over, the product has reached half its level of salability).
Viability criteria begin to become clearer; the relevance of the innovation is more convincing, and profitability comes shining through. Hurrah! We are saved!
These five phases have different durations and amplitudes depending on the technologies and the markets in which they arise. Some products may reach the plateau of productivity in two years; others in ten; others still may become obsolete before ever reaching it!
With experience, Gartner has managed to define around a hundred reference curves for the technology sector: e-commerce, telemedicine, transport, software, etc. For instance, as regards the subject of interest to us here, Figure 2.3 shows the results of Gartner’s crystal ball for 2015.
Figure 2.3. Hype cycle in mid-2015
(source: Gartner - july 2015)
In short, we see here the well-known industrial and economic projection, which overlaps with the hype cycle! Consider yourselves warned!
Let us return now to our initial question: What does this represent, and where are we to situate this book and its content within this quagmire of information? Elementary, my dear readers… allow me to explain!
The next part of this book describes the steps to be taken and respected so that your project avoids the trough of disillusionment (parts 2 and 3 of the hype cycle), so you can skip over that part and go directly from the phase of reflection on innovation (or innovation trigger, part 1) to the slope of enlightenment (part 4) – i.e. the way from innovation to a stage of healthy production, or indeed the move from the virtual to the real world!
Quite some challenge, is it not?
Thus, as we progress through this book, we shall offer you the path of reasoned wisdom, constructed on the basis of true integration of the worlds of legislation, technology, economics, ergonomics, etc.… rather than a boulevard of broken dreams!