In just one year alone, we went from having 5 million IoT devices connected to the internet to billions. The future is happening now, and these devices are getting smarter every day through machine learning and artificial intelligence. To prove that IoT is taking off rapidly, Target opened up a store in San Francisco that exclusively sells IoT devices. There is big money in the IoT space currently, and it will only continue to grow as technology improves.
The more data that IoT devices collect, the smarter they will become. Cities will transform into smart cities through the use of IoT connected devices. Think of smart traffic lights that collect data on traffic, and use that data to sync lights to peak traffic times.
Overall, this improves cities overall efficiency and saves the government money since everything can be remotely managed. Smart homes, thermostats, lighting systems and coffee makers will all collect data on your habits and patterns of usage. All this data will be collected to help facilitate machine learning.
How do we keep these devices secure?
With the billions of IoT devices connected to the open internet, how do we ensure these devices are secure?
Encryption: AES vs. TLS/SSL
Encryption solves a very complicated problem. When people think about encryption, many will turn to TLS/SSL, however, these protocols don’t cut it for encryption and processing. The reason these protocols aren’t optimal is they are point-to-point solutions and not end-to-end solutions. When data has to go through many different points on the chain, you are going to have to account for different security protocols and devices. This requires a security solution like AES since it provides end-to-end security, and encrypts the message all the way through. Only devices with the encryption keys can decrypt the encrypted data as it’s sent and received.
AES also allows you to wrap the message body with AES and leave all the actionable data in TLS. Actionable data, for instance, would be temperature information that you are trying to read. In addition, we need to prevent all inbound ports from being open at all costs since this can leave your IoT devices open to vulnerabilities and DDOS attacks. Devices should only make outbound connections, so that way the door is closed to accessing applications and services behind those open ports. The connection outward can be left open so the device can listen in with a secure tunnel back from the network.
Publish-Subscribe Paradigm
A great solution to many of these problems is the publish-subscribe paradigm. Sending info through MQTT, Websockets, or Streaming HTTP allows connections to be secure, however, on a large scale, many of these protocols can have issues.
That’s where PubNub comes in since we keep a globally secure network running and support secure message delivery among devices. Through the publish-subscribe model, the publisher is given a write token and the subscriber a read token. Each token can be revoked at any time and tokens can also have an expiry. In addition, tokens can be set to work with only certain datastream (in this case channel names), that way you can control what is going in and out of your network.
Learn more about IoT security in our whitepaper 5 Key Requirements for Securing IoT Communication
We Make IoT Easy
PubNub makes connecting IoT devices easy. With other protocols or solutions, you would have to setup your own servers and then write custom code to communicate with your backend. With PubNub, all you need is the code below to publish information to any devices subscribed to the channel:
<script src="https://cdn.pubnub.com/sdk/javascript/pubnub.4.20.2.js"></script> <script> $(function() { var channel = "pubnub_iot_house"; const pubnub = new PubNub({ publishKey : 'demo', subscribeKey : 'demo' }) $('button').click(function(){ var value = $(this).val(); var module = $(this).parent().parent().attr('id'); pubnub.publish({ channel: channel, message: { name: module, value: value } }); }); }); </script>
This code is from the open source GitHub repo that allows you to control an IoT house from your smartphone or laptop. The application is a simple web app with different buttons to control different parts of the house. Lights can be switched on and off using the publish-subscribe model, and it’s incredibly fast. In most cases, there are only 40ms of a delay which is incredibly fast and makes the entire user experience seamless.
If you would like to learn more about this project, check out this article. In addition, PubNub supports over 70+ SDKs, so whether you are working with Arudino, Raspberry Pi or any other language we can support your whole application stack. Check out the entire repo here and if you would like to continue reading about the PubNub IoT house project, click here.