5G is never far from the headlines, but what about privacy by design in the context of devices that make up the Internet of Things? Then, as things develop, privacy issues mount, as do opportunities for data insights. Dr Yevhenii Karpliuk, who has ten years plus experience with biomedical systems development, embedded systems and IoT solutions design, spoke to Information Age. We started with the issues of the IoT and privacy.

Information Age: As IoT and 5G continue to rapidly evolve, is enough attention being paid to privacy and security?

Dr Karpliuk:

Definitely there is not enough attention being paid to privacy and security.

IoT and connectivity are growing rapidly, so more and more potential vulnerabilities may be introduced if no security strategy was applied during the design phase.

Just a few examples: IoT platforms provide basic HTTPS/SSL transport, but not keys deployment during manufacturing,

5G enables high throughput that means that more and more private information may be cached quite quickly in the background without any user alerts.

Security is a great concern with IoT deployment, but what about edge security?

Processing IoT data at the edge is a must for businesses. But, both IoT security and edge security are serious concerns for the adopters

Information Age: From a developer’s point of view, how is privacy and security being built into services and devices?

Dr Karpliuk: The common approach for IoT is to use factory provisioned security keys and store them in some secure OTP area in the device. Then these keys are used as the basis for all encryption, authentication and OTA operations.

But the IoT core development and architecture design should follow a Secure-by-Design approach. It means that new IoT product needs to integrate security into product development as early as possible.

Architecture and data storage should be designed in such way that enables GDPR compliance.

So keys and IoT device provisioning should comply with security and privacy data management guidelines.

Processing IoT data at the edge: the right business decision

In the below Q&A, Rob Milner, head of Connectivity at Cambridge Consultants, explores the importance of processing IoT data at the edge

Information Age: As the IoT ecosystem evolves and expands, will new levels of security and privacy provisions be needed?

Dr Karpliuk: To make IoT solutions secure and enable privacy data protection architecture design and development have to include security features at early phases.

IoT systems are distributed, so it’s crucial to have unified and well-designed security guidelines that enable encryption on transport layer, security keys, and certificates generation, distribution and validation.

Integration with third-party services may introduce new security breaches. So is crucial to check that all components comply with security guidelines principles and provide interfaces that are secure and could be provisioned in a proper way.

It’s more and more beneficial to include security and privacy monitoring components into IoT ecosystem. With AI/Data-driven approach these components enable not only reporting of existing security issues but also can generate some insights to prevent security incidents.

The trouble with enterprise IoT and its identity management problem

The Internet of Things (IoT) encompasses a growing number of connected devices ranging from security cameras to smart thermostats, this is creating an identity management challenge

Information Age: Any insight into data collection and analytics in the IoT space?

Dr Karpliuk: IoT and data collection are linked together. Data consumed and produced keeps growing at an ever-expanding rate.

The data generated from IoT devices brings the value only if it gets subjected to analysis, which brings data analytics into a floor.

Data Analytics is defined as a service or process that is used to analyze big and small data sets to extract meaningful conclusions and actionable insights.

These conclusions are usually in the form of trends, patterns, and statistics that aid business organizations in proactively engaging with data to implement effective decision-making processes.

Device twins or shadow are becoming important in the design for IoT devices management, data caching and metadata storage.

But still, there is no unified approach or standart on how to handle metadata.

Integrating IoT with blockchain: a trust and security game changer

Integrating IoT with blockchain sounds complex, perhaps unnecessary? But, with the right use cases, the combination of the technologies could be a security game changer

Yevhenii Karpliuk, Ph.D, is the IoT Technical Lead at Ciklum. He has over 10 years of experience in biomedical systems development, embedded systems and IoT solutions design. His background is in medical-grade devices development including certification assistance, distributed monitoring systems, IoT solutions architecture. His current research interests include biomedical signal processing, biomedical devices design, high-resolution ECG systems, adaptive signal processing, patient monitoring, e-Health and Industry 4.0.