How Texas Instruments and IBM Plan to Secure IoT Devices

By Mary Catherine O'Connor

Security is one of the biggest threats to the Internet of Things, and it should be designed into IoT devices starting at the beginning of their lifecycles. TI's Avner Goren explains why and how his company and IBM are pursuing a role in that process, by collaborating to build a framework for authenticating IoT devices.

Last month, IBM and Texas Instruments have announced their intensions to collaboratively develop a cloud-hosted provisioning and lifecycle-management service for IoT devices. We spoke with Avner Goren, TI's general manager of embedded processing, in order to better understand what the companies are planning.

IOT Journal: Why do you think a provisioning service is needed?

Avner Goren: Say you buy a smart washing machine. You go home and want to connect it to the IoT. Today, it's a very manual process that involves connecting it to the home router or other gateway. Then you need to register the device with the cloud provider. And how do I know that Mr. John Smith, who says he bought an LG washing machine, is really who he says he is and not a hacker? It's very complicated right now.

There are workarounds, such as using codes on the washing machine to [authenticate that you are in possession of the machine]. But the issue is with scale. If I install one washing machine, I can [manually enter] codes [on the machine]. But if I have to install one million streetlights or sensors in a factory, I'm not doing this manually, one by one. So we wanted to solve this by making it an automated process. How do we make sure that when we provision, we know the device is what it says it?

Avner Goren

IOT Journal: So, how will you know? What will be the basic process?

Goren: Let's take a step back. When we look at the IoT, we see quite a few challenges. First, there's sensing. To connect to the physical world, you need many different sensors—[tracking] water flow, proximity, temperature, humidity, etc. So the first thing is for us at TI to be able to work with all of those sensing technologies. Some we make ourselves; sometimes, customers use existing sensors and we provide the analog front end.

Then there's power. We assume nodes are battery-operated—that's the way to get to the magnitude of [widely distributed] sensors you need. So we've done a lot, over the years, in process technology, architecture and system-on-a-chip design, and it's all about conserving power. Today, we're able to allow a Wi-Fi sensor to run on two AA batteries for one year. And in a ZigBee or sub-1 GHz sensor, such as those installed in water meters, those can run for 10 years on a coin cell battery.

So the next challenge is wireless connectivity. We support 14 different wireless technologies. This is because the IoT has many different use cases with respect to data rate, range, power and duty cycle. Wi-Fi is very different than ZigBee, and that is very different than Bluetooth, etc. The most complex thing is the wireless software stack. We spent a huge amount of time and energy to address this, and today connectivity devices have a complete software stack, up to layer 7—from the physical layer to the application layer. We call it Internet-on-a-chip.

The next challenge is that we need a cloud [service] provider, [such as IBM]. To interface a node within the IoT to a cloud [service provider], we need to add a thin layer of software that is specific to the cloud provider. We call it an IoT agent. Different cloud providers use different communication schemes.

Now comes the big challenge, and that is security. Each communication protocol has a specific type of security, Wi-Fi uses one type of encryption, Bluetooth uses another. Great. But then comes the point where I need a connection to a specific cloud provider. You need security specific to that cloud provider, and this is implemented in the IoT agent. But even this is not enough. We realized, together with IBM, that the industry is missing something: the original authentication of an IoT device, the first time you connect to the cloud.

IOT Journal: So is this why you're creating a cloud-hosted provisioning service for IoT devices? TI's and IBM's announcement refers to the use of "silicon tokens." What are these?

Goren: To enable this kind of service, there needs to be a hardware mechanism that includes a unique device ID, and this ID needs to be recognized by the cloud that is provisioning it.

IOT Journal: Will the token be a discrete chip?

Goren: It's too early to say exactly what the token or mechanism will be. When we made the announcement, we said it's a collaboration to develop a secure cloud. It is too early to disclose the implementation details.

We announced that it's our intension to make the APIs [application programming interfaces—needed to access such a service] available to the public to allow any silicon provider and any cloud provider to use this and implement it. The idea is that we both believe that to fuel the deployment of the IoT, we need to minimize fragmentation, and the way to do that is to create one standard way to provision IoT devices. But we have not yet decided how we'll make it available—such as through a standards body or by opening up the spec. Others are trying to solve it. This problem is not unique to us. Clearly, this is a problem looking for a solution.

IOT Journal: TI and IBM also mentioned that the service will provide lifecycle management of IoT devices.

Goren: To think about lifecycle, let's go back to washing machine. If you look at the steps, it starts with the silicon vendor, building the device or the thing that controls the machine. Then we sell this to an OEM [original equipment manufacturer] that is building the machine. Then it is sold to a channel. Maybe this is Best Buy, or some other retailer. There might also be an OEM ecosystem, and the OEM might have its own IoT portal to make his washing machine communicate with his dishwasher, etc. Then the washing machine goes to the consumer, who installs and activates it. But that is not the end of the story.

You need software upgrades, and you need to make sure you're doing those right. And then, two years later, the end user might want to sell this washing machine. Then you'd have to change the ownership to another person. You need to do it securely. What if the machine is connected to the Amazon cloud, but we want to change the cloud provider? How do we change that? There is no standard way to manage the ownership and identity of the machine in the cloud.

A washing machine might last 20 years and go through multiple owners and cloud providers. You need to be able to use standard APIs to [switch ownership]. What we're defining with IBM is the part of the service that manages the ID of the end points on the network.

IOT Journal: So what is the role of a company like TI?

Goren: The idea is to allow hardware to communicate [securely] to [software hosted in] the cloud. To define this in a way that addresses security, we need the cooperation of experts in silicon and cloud computing.

IOT Journal: Do you need gatekeepers in this process?

Goren: Not necessarily. Compliance to the API and the specification should be enough. Over time, there could be the emergence of a certifying body. But there are many things not certified on the Internet, even today. There are many things that are de facto standards.

What IBM and TI announced is the intention and fact that work is ongoing and we are not talking about a schedule for release of the API or specification. It's too early to commit to a specific schedule—but we are not talking about a 10-year period. It will be a reasonable amount of time, as this service is needed to allow a secure and scalable IoT ecosystem.