Researchers warn that security is historically an afterthought. With everything from thermostats to drones likely belonging to IoT-device swarms in the near future, that's not wise.
To futurists, the Internet of Things (IoT) is so yesterday. They're excited about "the swarm."
Merriam-Webster defines swarm as a large number of honeybees emigrating together from a hive in company with a queen to start a new colony elsewhere. It also defines swarm as a significant number of animate or inanimate things massed together and usually in motion.
Unless you are a beekeeper, the likely definition of interest pertains to inanimate objects belonging to IoT: devices capable of information gathering, data processing, sharing information inter-device and with command and control servers via the internet.
SEE: Ebook—Cybersecurity in an IoT and mobile world (TechRepublic)
That said, there is an interesting relationship between the intelligence of natural swarms and the artificial intelligence built into IoT-device swarms. "It [swarm intelligence] is derived from nature by examining how colonies of insects and creatures interact," write coauthors Mohammad Vahidalizadehdizaj, Jigar Jadav, Lixin Tao, and Meikang Qiu (members of the Pace University department of computer science) in their research paper Security Challenges In Swarm Intelligence.
"The Swarm leverages the paradigm of independent, cross-niche, and heterogeneous devices that can cooperate with each other in order to execute tasks synergistically," according to UC Berkeley's Swarm Lab. "The Swarm gives rise to the true emergence of concepts such as cyber-physical and cyber-biological systems, immersive computing, and augmented reality."
Learn from past mistakes
As exciting as IoT-device swarm intelligence seems, Vahidalizadehdizaj, Jadav, Tao, and Qiu are concerned; they feel we have not learned from past mistakes when it comes to emergent technologies. "We tend to think about security issues after the technology becomes popular," write the co-authors. As evidence, the team's paper refers to cloud computing and all the after-the-fact effort required to secure the technology.
The Pace University team members are wondering if the following issues may be overlooked once again:
- Device authentication/identification: Identifying and authenticating IoT devices comprising the swarm.
- Confidentiality and integrity: Protecting and allowing only authorized methods of manipulating the data.
- Service availability: Only authorized personnel have access, and access is not maliciously denied.
The researchers concede that some of the above issues are not peculiar to swarm technology, and security solutions are available. "However there are some unique security issues in this field [swarm intelligence] that cannot be found elsewhere," note the researchers. "Swarm robotics can employ a wide variety of communication channels. It also deals with special considerations and types of identity. And, it exhibits adaptive behavior that can be changed and controlled by an intruder."
One issue affecting security that''s more applicable to IoT devices is the amount of on-board computing resources. IoT devices are usually computationally challenged—in particular when it comes to data-storage capacity, communications bandwidth, processing power, and stable energy supply. With limited resources, device developers perform a balancing act between functionality and security, with function trumping security being a fact of business. Put simply, if the device does not work as advertised, it will not sell.
Gaming how swarm intelligence learns
Another unique security challenge is how devices using swarm intelligence learn and react in an ever-changing environment. "A malicious entity may present some changes in the environment causing the robot to adapt itself in a undesired way," suggest Vahidalizadehdizaj, Jadav, Tao, and Qiu. "For example, if an on-board process uses typical learning behavior, then a malicious system or individual could change the behavior pattern in order to gain entry to the system."
SEE: The Super-Sized Ethical Hacking Bundle (TechRepublic Academy)
Challenges of detecting intrusions
Intrusion detection is difficult at best when it comes to high-powered computers and servers. So, IoT-device swarms are behind right from the start, and even more so when the autonomous nature and collective behavior of swarm intelligence are factored in. "Intrusion detection can be very challenging in swarm-intelligence security," concede the team members.
A proactive warning
The researchers from Pace University do not have answers as of yet; however, that is not their immediate concern nor reason for their research. "As we mentioned earlier, many new applications in swarm intelligence are emerging," write Vahidalizadehdizaj, Jadav, Tao, and Qiu. "As a result of this, we should know our security challenges in this field before its widespread acceptance."
- Enterprise IoT Research 2017: Benefits, Trends, and Security Concerns (Tech Pro Research)
- How 'artificial swarm intelligence' uses people to make better predictions than experts (TechRepublic)
- Creating malevolent AI: A manual (TechRepublic)
- 5 ways robots are vulnerable to cyberattacks (TechRepublic)
- Video: GCS 2017 panel: What does the future of IoT look like? (TechRepublic)
- Edge computing: The smart person's guide (TechRepublic)
- Artificial intelligence and machine learning offer new possibilities for improving IoT security (ZDNet)
- Swarm Technology, Ants, Robots, IoT and Parallel Processing (Alfonso Iniguez's YouTube video)