Category: Internet Of Things

Wi-Fi HaLow being pushed as the Wi-Fi network for the Internet of Everything

Articles

Wi-Fi HaLow waveband diagram courtesy of Wi-Fi Alliance

Where Wi-Fi HaLow fits in with other Wi-Fi technologies

This new Wi-Fi technology with a 1km range is the future of long range IoT applications | Business Insider India

‘The Wi-Fi portfolio is unmatched’: Wi-Fi Alliance on Wi-Fi Certified HaLow (rcrwireless.com)

Wi-Fi HaLow could be the next IoT enabler – TechRepublic

From the horse’s mouth

Wi-Fi Alliance

Wi-Fi CERTIFIED HaLow™ delivers long range, low power Wi-Fi® | Wi-Fi Alliance

Wi-Fi CERTIFIED HaLow (Product Page)

My Comments

A Wi-Fi network technology that is being put on the map at the moment is Wi-Fi CERTIFIED HaLow a.k.a Wi-Fi Halow.

This network technology is based on IEEE 802.11ah wireless network technology and works on the 900MHz waveband. It is about long-range operation of approximately 1 kilometre from the access point and very low power operation that allows devices to run for a year on commodity batteries like a single 3V coin-size cell or a pair of AA-size Duracells.

The power requirement may be a non-issue for devices like HVAC thermostats that are wired to the heating system they control. But they may be an issue with devices like movement sensors or smart locks that are dependent on their own battery power. As well, the low power requirements that Wi-Fi HaLow offer could be of benefit towards devices that implement energy-harvesting technology like solar power or kinetic energy.

Wi-Fi HaLow feature list courtesy of Wi-Fi Alliance

This low-bandwidth Wi-Fi specification is intended to complement the other Wi-Fi specifications used with your home or business network. But it is focused towards the Internet of Everything especially where the devices are to be operated across a wide radius like a farm or campus.

The network topography for a Wi-Fi HaLow network segment will be very similar to the standard Wi-Fi network. That is where multiple client devices link to an access point, but there should be the ability for a mobile device to roam between access points associated with the same Wi-Fi network.

Compared to the likes of 802.15 Zigbee, Z-Wave, DECT-ULE, Bluetooth LE and similar Internet-of-Things wireless technologies, this is meant to avoid the need for special routers when there is a desire to link them to IP-based networks.

This is because this technology effectively uses the same protocol stack as our Wi-Fi networks save for the layers associated with the radio medium. It also means that the same security, connectivity and quality-of-service protocols that are part of Wi-Fi nowadays like EasyConnect and WPA3 can be implemented in Wi-Fi HaLow devices.

At the moment, you would need to use a Wi-Fi HaLow access point to get any Internet-of-Things devices on to your network and the Internet. It may be a small device that plugs in to your existing home network router or network infrastructure. But a subsequent Wi-Fi access point or router design could have built-in support for this standard thus making it more ubiquitous.

The use cases being positioned for Wi-Fi HaLow technology would encompass the smart home, the smart building and the smart city where all sorts of “Internet-of-Things” devices are acting as controllers or sensors. It is also encompassing vertical use cases like agriculture, industry and medicine where sensors come in to play here.

At the moment, this kind of connectivity will exist as an alternative to Zigbee, Z-Wave and similar technologies especially where IP-level connectivity and functionality is wanted at the device. It may not have ready appeal in use cases where a direct connection to Internet-based technology may not be required.

On the other hand, a use case could allow for a “hub and spoke” approach to the Internet of Things where a device can connect to accessory peripheral devices using Zigbee or Bluetooth but link to the home network and Internet via WI-Fi HaLow. An example of this could be a retrofit-install smart lock which supports the use of accessory input devices like keypads, NFC card/fob readers and contact sensors.

Wi-Fi HaLow could be seen as a direction towards capable low-power long-distance wireless networking for Internet of Things, especially where direct Internet / LAN network connectivity is desired out of the application.

Google Nest Mini uses edge computing to improve search performance

Articles

Google Nest Mini smart speaker press picture courtesy of Google

The Google Nest Mini smart speaker – a follow on from the Home Mini smart speaker and having its own local processing to improve Google Assistant’s responsiveness

Google Nest Mini gets louder and gains onboard Assistant processing | SlashGear

Google debuts Nest Mini with wall mount and dedicated ML chip | VentureBeat

From the horse’s mouth

Google

Nest Mini

Nest Mini brings twice the bass and an upgraded Assistant (Product Blog Post)

My Comments

The Google Nest Mini smart speaker, which is the successor to the Google Home Mini smart speaker, shows up a significant number of improvements including a richer sound. But it has also come about with the idea of locally processing your voice commands for better Google Assistant performance.

The traditional approach to processing voice commands that are said to a smart speaker or similar device is for that device to send them out as a voice recording to the cloud servers that are part of the voice-driven assistant platform. These servers then implement their artificial-intelligence and machine-learning technology to strip background noise, interpret the commands and supply the appropriate replies or actions back to that device.

But Google has improved on this by using a leaf out of the book associated with edge-computing technology. This is where some of the data storage or processing is performed local to the user before the data is sent to a cloud computing system. Here, Google uses a dedicated machine-language processor chip in their Nest Mini smart speaker to do some of the command processing before sending data about the user’s command to the Google Assistant cloud system.

It reduces the idea of your Google Nest Mini smart speaker being a simple conduit between your home network and the Google Assistant cloud. The key benefit is that you see a quicker response from the Google Assistant via that device. You also have the benefit of reducing the Internet bandwidth associated with handling the voice-driven home assistant activity, avoiding reduced performance for online gaming or multimedia streaming.

Google is working on taking this further with having Google-Assistant-based devices that have this kind of local processing process logic associated with user requests and programmable actions locally. It also includes keeping the logic associated with the Assistant liaising with other smart devices local to your home network, allowing for improvements to performance, user privacy and data security.

It could be seen by Amazon and others as a way to improve the performance of their voice-driven home-assistant platforms. This is more so where the competition between these platforms becomes more keen. As well, there could be a chance for third-party Google Assistant (Home) implementations to look towards using local processing to improve the Assistant’s response.

An issue that will crop up is having multiple devices that have this kind of local processing existing on the same home network help each other to increase the voice-driven assistant’s performance. This can also include using a software approach to make the devices equipped with the local processing provide improved performance for those that don’t have this processing. It will be an issue with the likes of Google Nest Mini and similar entry-level devices that appeal to the idea of having many installed around the house, along with the idea of equipping smart displays with this kind of local processing.

What I see of this is that the use of edge-computing technology is coming to the fore as far as improving responsiveness in the common voice-driven home-assistant platforms.

HID Global uses Bluetooth for emergency signalling in the health sector

Article – From the horse’s mouth

Ekahau Wi-Fi Pager Tag panic button

Bluetooth 4.1 now becoming a connection path for newer wearable emergency-alert devices

HID Global

HID Global Helps Hospitals Keep Doctors, Nurses and Staff Safe from Workplace Violence with New IoT-Based Duress Badge (Press Release)

Product Page with Healthcare use case (PDF)

My Comments

A key use case for Internet-of-Everything technology are wearable devices that have an emergency-signalling function. In the workplace, they are intended to be used by lone workers to signal for help from a security team in an emergency situation, with use cases being focused towards situations where they are at risk of being attacked. In the home, the primary use case is for elderly or disabled people who need to summon help, but it may also be applied to people at risk of falling victim to family violence or similar situations.

They are also being integrated in indoor-navigation technology so it is feasible to quickly locate the person who is at risk and provide help to them. There was a device offered by Ekahau that worked on multiple-access-point Wi-Fi networks and used the access points as a location means.

But HID Global have taken a different path with devices pitched to this use case. Here, their new Bluevision BEEKs Duress Badge Beacon, which is in a staff-badge form, is based on the same Bluetooth Smart 4.1 Low Energy technology as Bluetooth beacons. This device can also be integrated with building-access-control systems at the card level. Pressing the back of the badge can allow them to seek help from security who would know where they are in pre-defined areas thanks to the beacon-based technology.

It could be feasible to implement this technology with the badges as peripherals for smartphones, answering the needs of mobile workers for example. In this case, the device takes advantage of the phone linking to either a Wi-Fi LAN or a mobile broadband network.

As far as the home network is concerned, the Bluevision BEEKs badge would have to work with Wi-Fi to Bluetooth bridge devices. This could be a function that could be asked of with smart speakers or home AV that supports Wi-Fi (or Ethernet) and Bluetooth functionality, especially if the device is about working with peripherals including remote controls. But there could be the imperative to have Bluetooth 4.1 or 5 technology within Wi-Fi access points that are part of a distributed Wi-Fi system, typically to court IoT use cases.

This could lead to wearable emergency-call devices like this one that are pitched to workplace use being pitched towards home use especially with “ageing at home”  which would be the main use case.

I also see the possibility of this kind of emergency-call functionality being integrated within smartwatches and other wearables, whether the wearable uses a Bluetooth link to the smartphone or has its own mobile-broadband connection. This can easily be delivered in a software form for platform-based wearables like watchOS (Apple Watch) or WearOS (Android Wear) or Fitbit Versa.

Here, it may encourage the user to have this kind of functionality always available without needing to wear other items, encouraging you to wear it more. Also having emergency / duress call functionality in a smartwatch or similar wearable allows you to signal for help without doing something obvious, something that may be of importance in a highly-charged situation.

Connected novelties and toys–security and useability issues that affect this product class

Giftware chook (rooster)

Connected versions of classic novelties and giftware will be subject to severe scrutiny

An issue that is rearing its ugly head is the rise in availability of connected novelties and toys. They are toys, novelties, giftware, seasonal decorations and other items that are able to connect with your computer or network. This connectivity function is often sold as one of the key marketing features with it able to work with an online service of some sort.

When I talk of toys, I don’t just talk of what children play with with but also other toys that adults end up playing with. These can include the so-called “executive toys” that live on the office desk for one to keep the other hand busy while they are on the phone.

Who typically sells these products

Toys and novelties are typically sold through a large range of online and bricks-and-mortar retailers, whether they be toy stores, gift stores, souvenir outlets or multi-facet outlets including department and discount stores. In some cases such as rural areas, a store like a newsagent’s could even sell novelties or toys.

Another factor is that novelties are given away to people and businesses as a gift or premium. This can typically happen as part of a “loot bag” offered out at conferences or tradeshows or simply used as a giveaway during a presentation to encourage audience participation.

Christmas wreath

Seasonal decorations that connect to the Internet can also be a security or setup risk

The common factor here is that most of the outlets that sell this kind of product are staffed by people who don’t have much technological know-how. This can affect the procurement process affecting whether the item exhibited at the gift fair should be stocked, or providing customer advice during and after the sale including how to get the connected novelty fully operational.

Artisans who make these gifts and novelties

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

Your Amazon Echo will soon be expected to work with a wide range of toys and novelties

There is also the fact that craftspeople like to make various toys, novelties, gifts and other items and sell them directly to customers or on a wholesale basis. But they do want to add some extra functionality like musicality or flashing lights to some of their product lines.

Typically, if they want this extra functionality in these gifts that they make, they have someone else make and supply the necessary components like clockwork movements or electronic-circuit kits to fulfil the extra functionality in a pre-assembled form.  Then the artisan installs the pre-assembled mechanisms or circuits in the toy or gift as part of putting the whole thing together.

It allowed these artisans to focus on their craftwork and build the items they want to sell, while being able to offer a wide range of goods. The same comments that apply to finished goods also apply to the various components and kits that are being sold to these artisans for their projects.

In this case, the artisans have to be aware of what they procure when they are being sold a “connected functionality” kit for installation in their projects. For them, they have to be aware of customer-support issues including setup and data-security issues regarding this extra functionality.

Connected modules for construction sets and similar hobbies

The same concept also extends to construction-set platforms like Meccano, Lego and FischerTechnik where children and adults build items using the pieces that are part of the respective platforms. In this case, anyone to do with these platforms could offer connected modules or kits that have the ability to control one or more items in their platform-based project like a motor, light or solenoid using an “Internet Of Things” approach. Here, these modules have to be able to seen as equivalent to a connected toy or novelty, especially if the idea is to implement cameras, microphones or GPS sensors.

It also applies to model railways, track-based car-racing sets and the like where they can be extended with functionality modules sold by the set’s vendor or a third party catering to these hobbies. Again the modules also need to be designed for security if they are capable of being part of the Internet of Things.

Use of these items

There is the desire for people to buy these toys and novelties as gifts for others in their life. It also includes the fact that the recipient wants to get the item “up and running” as soon as possible.

This will involve having the device connected to a host device through Bluetooth or USB or to a home network for proper reliable use. It should be about a standard process that is implemented for onboarding including the installation of any extra software.

Key security issues

A key security issue concerning the connected toy, novelty or similar device is that it can be an espionage item presented in an innocuous form. It can concern us both at home and in the office because we can easily be talking about items that are confidential and sensitive in our personal and business lives.

This was highlighted in a crime-fiction form to the Germanic viewership in Europe through the Munich-based Tatort “Wir Kriegen Euch Alle” (We Get You All) episode shown there on Sunday 9 December 2018. This story was focused around a connected doll that was given by strangers to various childrens’ families in middle-class Munich and was used as a surveillance tool to facilitate crimes against the families.

It underscored that Germany has some very strict policies where the sale of surveillance devices that are disguised as innocuous items isn’t allowed in that country. But, in the story, these dolls were imported in to Munich from a location in Austria which is a short drive away and facilitated by the Schengen Agreement in the European Union.

Let’s not forget the recent cyberattacks such as the Mirai botnet that were facilitated by dedicated-purpose devices like network-infrastructure equipment and videosurveillance cameras which were running compromised software. Then there are factors regarding data-storage devices and “bag-stuffer” novelties given away during business conferences where there is the possibility of them being loaded with questionable software.

What would I like to see

Security

There has to be identification on the toy’s or novelty’s packaging about what kind of sensors like location sensors, microphones or cameras that the device has, as well as whether the device transmits data to online services. This includes whether the device does this directly or via intermediary software running on other computer devices such as mobile devices running companion mobile-platform apps. Even a hang tag attached ti the novelty could highlight what kind of sensors or online services it uses which would be important for those items sold without packaging.

Preferably, this can be achieved through standard graphical symbols indicating the presence of particular sensors or the use of online services and social networks. It can also identify whether the toy’s or novelty’s functionality are dependent on these sensors or online services.

App stores and other software platforms that host “connector” software have to implement stringent permissions for these kind of devices especially if they use a microphone, camera or location sensor. There could be standards on whether the software is allowed to record from these sensors over a long time or keep the recording persistent on the host device or online service.

A limitation I would also like to see for connected toys and novelties that if they work with another computing device including a smart speaker, the connection can only be effectively within the same premises. This can be tested through the use of a peripheral-grade connection like Bluetooth or USB to a computing device or limiting the range of discovery for network-based devices to that of the same logical private network or subnet. Here, it represents all the devices on the LAN side of a home-network’s router and excludes devices existing on other logical networks served by the same physical device like “guest” or “community” networks.

As far as Bluetooth is concerned, the toys should implement authentication processes during the setup phases. Then the device ceases to be able to be discovered once it is paired with a host device. It is like what we are seeing with Bluetooth headsets and similar devices that have been recently released. They may also have to work on a limited radio range to prevent successful connection from a distance.

There should also be a simple “factory-reset” process to allow the user to place the toy or novelty in to setup mode, effectively wiping data from the device. This allows a recipient to effectively “claim possession” of the device as if it is new, avoiding the situation where they may be given something that is compromised to do what someone else wants it to do. It also applies to situations where you are dealing with ex-demo stock or gift-fair samples.

This should also apply to online services associated with these toys or novelties where the user has proper account control for the device’s presence on that service and any data collected by that device.

There are devices that observe particular functions according to a particular device class supported by many platforms like a novelty nightlight or illuminated Nativity scene that works with a “smart-home” setup or a novelty Bluetooth speaker. These devices have to work according to the standards in force for that device class and its connection to the host device or network. It is more important where the device may perform further tricks while running alongside dedicated vendor-created software but is able to have basic functionality without this software.

A software-level security approach could be achieved through an open-source or peer-reviewed baseline software that ticks the necessary boxes. This would apply to the firmware installed in the device and any apps or other companion software that is required to be run on other computing devices for the novelty to operate. It also includes a requirement that this software be reviewed regularly for any bugs or weaknesses that could be exploited, along with compliance requirements.

This could be assessed according to a set of European norms because the continental-European countries are very concerned regarding privacy thanks to their prior history.

As far as modules for integration in to toys, novelties and giftware is concerned, the modules should meet the same requirements as finished products that would have the same functionality. Craftspeople should also be aware of data security and user privacy issues when it comes to choosing modules for their projects that are dependent on computer devices or networks.

Setup and Connectivity

Another area that is a sore point for connected toys and novelties is bringing these devices on board for you to use. In a lot of cases, this is exacerbated through awkwardly-written instructions that can test one’s patience and not much knowledge about what is needed for the device to work fully.

The device packaging could use Wi-Fi, Bluetooth or other standard logos to indicate what kind of connectivity it needs to operate fully. This is to be highlighted with the “app store” logos for various operating-system app stores if the device is dependent on companion apps for full functionality. Similarly, use of other official platform logos can be used to identify compatibility with platforms like smart-TVs or voice-driven home-assistants.

Simple-yet-secure setup and onboarding procedures are to be paramount in the design of these devices. For Bluetooth-based devices, they should use “simple-pairing” such as pressing a button on the device to make them discoverable. This is even made easier with a trend towards “out-of-the-box” discoverability if the device isn’t paired with any host. Then the user activates their host device in “Bluetooth Scan” mode to discover the device,  subsequently with them selecting the device through its presentation name.

Windows, Android and iOS are even implementing simplified device-discovery routines for Bluetooth devices, with the ability to lead users to visit the app store to install complementary software. This will make things easier for users to get the toy or novelty up and running.

Wi-Fi-based devices would have to use WPS-PBC push-button setup, Wi-Fi Easy Connect, or other simplified setup processes for integration with the home network. It also applies to other network connection standards where you have to enrol the device on to that network.

Smart-home devices that implement Zigbee, Z-Wave and similar standards also have to implement simplified discovery protocols implemented in these standards to bring them on-board.

In relationship to security, I underscored the need for use of device-class standards as much as possible. But it also applies to connectivity and useability where a device that honours device-class standards is also easier to use because you are operating it the same for its peers.

Conclusion

This year will become a time where security and useability will be of critical importance when toys, novelties and other similar goods that connect to the home network and the Internet are designed and sold to consumers. Here, these issues may avoid these kind of toys ending up in disuse due to security or setup issues.

Staff panic buttons to drive networks to handle the Internet of Things

Article

Ekahau Wi-Fi Pager Tag panic button

Emergency-alert buttons like this Ekahau Wi-Fi name-tag panic-button setup will be influencing network architecture for the Internet Of Things

The Hotel Panic Button Could Redefine Hospitality Networking | IoT World Today

My Comments

In some workplaces where staff work alone at night or other times where they are in danger, portable emergency-call buttons are often used. Initially they were the same size as an older garage-door opener but they are becoming the size of a pendant, badge or fob. As well, rather than these devices lighting up a separate alert panel, they light up a message or “throw up” a map with an indicator on a regular computer running building-security software to show where the danger is.

Initially, they were being positioned for very-high-risk workplaces like psychiatric care or the justice and allied settings. But other workplaces where staff work alone are seeing these devices as an important safety measure, usually due to various occupational health-and-safety requirements.

For example, hotels in the USA are moving towards having Housekeeping staff use these devices in response to workplace agreements, industry safe-work safe-premises initiatives or city-based legal requirements. But these systems are being required to work in conjunction with the Wi-Fi networks used by staff and guests for business and personal data transfer.

A device of the kind that I had covered previously on HomeNetworking01.info was the Ekahau Real Time Location System. This was a pendant-style “panic-button” device, known as the T301BD Pager Tag which had an integrated display and call button. It also had a setup that if the tag was pulled at the nexkstrap, it would initiate an emergency response.  I also wrote an article about these Ekahau devices being deployed in a psychiatric hospital as a staff emergency-alert setup in order to describe Wi-Fi serving a security/safety use case with the home network.

This application is being seen as a driver for other “Internet-of-Things” and smart-building technologies in this usage case, such as online access-control systems, energy management or custom experiences for guests. As I have said before when talking about what the smart lock will offer, the hotel may be seen as a place where most of us may deal with or experience one or more of the smart-building technologies. Also I see these places existing as a proving ground for these technologies in front of many householders or small-business owners who will be managing their own IT setups.

One of the issues being drummed up in this article is quality-of-service for the Internet Of Things whereupon the device must be able to send a signal from anywhere on the premises with receiving endpoints receiving this signal with no delay. It will become an issue as the packet-driven technologies like the Internet replace traditional circuit-based technologies like telephone or 2-way radio for signalling or machine-to-machine communication.

The hotel application is based around the use of multiple access points, typically to provide consistent Wi-Fi service for staff and guests. Such a setup is about making sure that staff and guests aren’t out of range of the property’s Wi-Fi network and the same quality of service for all network and Internet use cases is consistent throughout the building. Here, concepts like mesh-driven Wi-Fi, adaptive-antenna approaches, load-balancing and smart smooth roaming are effectively rolled in to the design of these networks.

Wi-Fi access points in the smart-building network will also be expected to serve as bridges between IP-based networks and non-IP “Internet-of-Things” networks like Bluetooth Low Energy (Bluetooth Smart), Zigbee, Z-Wave or DECT-ULE. These latter networks are pushed towards this application class due to the fact that they are designed to support very long battery runtimes on commodity batteries like AA Duracells or coin-style watch batteries. There will be an emphasis on localised bridging and the IP-network-as-backbone to provide better localisation and efficient operation.

These systems are being driven towards single-screen property-specific dashboards where you can see the information regarding the premises “at a glance”. I would reckon that operating-system-native applications and, perhaps, Progressive Web App versions will also be required to use operating-system-specific features like notification-panels to improve their utility factor in this context.

As far as the home network is concerned, I do see most of these technological concepts being rolled out to the smart home with an expectation to provide a similar service for householders and small businesses. This is more important as ISPs in competitive markets see the “Internet of Things” and improved Wi-Fi as a product differentiator.

The use of multiple Wi-Fi access points to cover an average home being made real for a home network thanks to HomePlug wireless access points, Wi-Fi range extenders and distributed-Wi-Fi systems that will bring this kind of localised Wi-Fi to the smart home. Typically this is to rectify Wi-Fi coverage shortcomings that crop up in particular architecture scenarios like multi-storey / split-level premises and use of building materials and furniture that limit RF throughput. It is also brought about thanks to the use of higher-frequency wavebands like 5GHz as Wi-Fi network wavebands.

There will be an industry expectation to require access points and similar devices to provide this kind of “open-bridging” for Internet-of-Things networks. This is more so where battery-operated sensor or controller devices like thermostatic radiator valves and smart locks will rely on “low-power” approaches including the use of Zigbee, Z-Wave or similar network technology.

It will also be driven typically by carrier-supplied routers that have home-automation controller functionality which would work with the carrier’s or ISP’s home-automation and security services.

To the same extent, it may require “smart-home / building-automation” networks to support the use of IP-based transports like Wi-Fi, HomePlug and Ethernet as an alternative backhaul in addition to their meshing or similar approaches these technologies offer to extend their coverage.

In some cases, it may be about Zigbee / Z-Wave setups with very few devices located at each end of the house or with devices that can’t always be “in the mesh” for these systems due to them entering a “sleep mode” due to inactivity, or there could be the usual RF difficulties that can plague Wi-Fi networks affecting these technologies.

DECT-ULE, based on the DECT cordless-phone technology and is being championed by some European technology names, doesn’t support meshing at all and IP-based bridging and backhauls could work as a way to extend its coverage.

Such situation may be rectified by access points that use a wired backbone like Ethernet or HomePlug powerline.

In the context of the staff panic button use-case, it will roll out to the home network as part of a variety of applications. The common application that will come about will be to allow the elderly, disabled people, convalescents and the like who need continual medical care to live at home independently or with support from people assuming a carer role.

This will be driven by the “ageing at home” principle and similar agendas that are being driven by the fact that people born during the post-war baby boom are becoming older as well as the rise of increased personal lifespans.

Similarly, this application may also be underscored as a security measure for those of us who are concerned about our loved ones being home alone in a high-risk environment. This is more so in neighbourhoods where the risk of a violent crime being committed is very strong.

But I would see this concept work beyond these use cases. For example, a UK / European central-heating system that is set up with each radiator equipped with a “smart” thermostatic radiator valve that is tied in with the smart-home system. Or the use of many different control surfaces to manage lighting, comfort and home-entertainment through the connected home. This is something that will rise up as most of us take on the concept of the smart home as the technology standardises and becomes more affordable.

What is being highlighted is the requirement for high quality-of-service when it comes to sending “Internet-of-Things” signalling or control data as our networks become more congested with more gadgets. Similarly, it is about being able to use IP-based network technology as a backhaul for non-IP network data that is part of the Internet-of-Things but providing the right kind of routing to assure proper coverage and quality-of-service.

Germany to set a minimum security standard for home-network routers

Article

Telstra Gateway Frontier modem router press picture courtesy of Telstra

Germany has defined a minimum standard for secure broadband router design

Germany proposes router security guidelines | ZDNet

From the horse’s mouth

BSI (German Federal Office for Information Security)

TR-03148 Secure Broadband Router 1.0 (PDF)

My Comments

It is being identified that network connectivity devices and devices that are part of the Internet-Of-Things are being considered the weakest point of the secure Internet ecosystem. This is due to issues like security not being factored in to the device’s design along with improper software quality assurance when it comes to the devices’ firmware.

The first major incident that brought this issue to the fore was the Mirai botnet attack on some Websites and dynamic-DNS servers through the use of compromised firmware installed in network videosurveillance cameras. Recently in 2016, a similar Mirai-style attack attempt was launched by the “BestBuy” hacker involving home-network routers built by Zyxel and Speedport.There was a large installed base of these routers because they were provided as standard customer-premises equipment by Deutsche Telekom in Germany. But the attempt failed due to buggy software and the routers crashed.

Now the BSI who are Germany’s federal information-security government department have taken steps towards a baseline set of guidelines concerning security-by-design for these home-network routers. It addresses both the Internet-based attacker sithation and the local-network-based attacker situation such as a computer running malware.

Key requirements

Wi-Fi segments

There are requirements concerning the LAN-side private and guest Wi-Fi segments created by these devices. They have to work using WPA2 or newer standards as the default security standard and the default ESSIDs (wireless network names) and Wi-Fi passphrases can’t relate to the router itself like its make or model or any interface’s MAC address.

As well, guest Wi-Fi and community / hotspot Wi-Fi have to be treated as distinct separate logical networks on the LAN side and they have to be “fenced off” from each other. They will still have access to the WAN interfaces which will be the Internet service. The standard doesn’t address whether these networks should implement client-device isolation because there may be setups involving a requirement to discover printers or multimedia devices on these networks using client software.

Router management

The passwords for the management account or the Wi-Fi segment passphrases have to be tested against a password-strength algorithm when a user defines a new password. This would be to indicate how strong they are, perhaps through a traffic-light indicator. The minimum requirement for a strong password would be to have at least eight characters with at least 2 each of uppercase, lowercase, number and special characters.

For the management account, there has to be a log of all login attempts along with lockout-type algorithms to deter brute-force password attacks. It would be similar to a code-protected car radio that imposes a time delay if the wrong passcode is entered in the radio. There will be an expectation to have session-specific security measures like a session timeout if you don’t interact with the management page for a certain amount of time.

Other requirements for device management will include that the device management Webpage be only accessible from the main home network represented by the primary private Wi-Fi segment or the Ethernet segment. As well, there can’t be any undocumented “backdoor” accounts on the router when it is delivered to the customer.

Firmware updating

But the BSI TR-03148 Secure Broadband Router guidelines also addresses that sore point associated with router firmware. They address the issue of updating your router with the latest firmware whether through an online update or a file you download to your regular computer and upload to the router.

But it is preferred that automatic online updates take place regarding security-related updates. This will most likely extend to other “point releases” which address software quality or device performance. Of course, the end-user will need to manually update major versions of the firmware, usually where new functionality or major user-interface changes take place.

The router manufacturer will be required to rectify newly-discovered high-severity security exploits without undue delay once they are notified. Here, the end users will be notified about these software updates through the manufacturer’s own public-facing Website or the router’s management page.

Like with most regular-computer and mobile operating systems, the use of software signatures will be required to authenticate new and updated firmware. Users could install unsigned firmware like the open-source highly-functional firmware of the OpenWRT kind but they will need to be warned about the deployment of unsigned firmware on their devices as part of the deployment process. The ability to use unsigned firmware was an issue raised by the “computer geek” community who liked to tinker with and “soup up” their network hardware.

Users will also need to be notified when a manufacturer ceases to provide firmware-update support for their router model. But this can hang the end-user high and dry especially if there are newly-discovered weaknesses in the firmware after the manufacturer ceases to provide that software support.

The standard also places support for an “anti-bricking” arrangement where redundant on-device storage of prior firmware can exist. This is to avoid the router from “bricking” or irreversibly failing if downloaded firmware comes with software or file errors.

Other issues that need to be addressed

There are still some issues regarding this standard and other secure-by-design mandates.

One of these is whether there is a minimum length of time for a device manufacturer to continue providing security and software-quality firmware updates for a router model or series after it is superseded. This is because of risks like us purchasing equipment that has just been superseded typically to take advantage of lower prices,  or us keeping a router in service for as long as possible. This may be of concern especially if a new generation of equipment is being released rather than a model that was given a software-compatible hardware refresh.

Solutions that could be used include open-sourcing the firmware like what was done with the Linksys WRT-54G or establishing a known-to-be-good baseline firmware source for these devices while continuing to rectify exploits that are discovered in that firmware.

Another is the existence of a logo-driven “secure-by-design” campaign directed at retailers and the general public in order to encourage us to buy or specify routers that are compliant to this standard.

An issue that needs to be raised is whether to require that the modem routers or Internet-gateways supplied as standard customer-premises-equipment by German ISPs and telcos have a “secure-by-design” requirement. This is more of an issue with Internet service provided to the average household where these customers are not likely to fuss about anything beyond getting Internet connectivity.

Conclusion

The BSI will definitely exert market clout through Europe, if not just the German-speaking countries when it comes to the issue of a home network that is “secure by design”. Although the European Union has taken some action about the Internet Of Things and a secure-by-design approach, they could have the power to make these guidelines a market requirement for equipment sold in to the European, Middle Eastern and African areas.

It could also be seen by other IT bodies as an expected minimum for proper router design for home, SOHO and SME routers. Even ISPs or telcos may see it as an obligation to their customers to use this standard when it comes to specifying customer-premises equipment that is supplied to the end user.

At least the issue of “secured by design” is being continually raised regarding home-network infrastructure and the Internet Of Things to harden these devices and prevent them from being roped in to the next Mirai-style botnet.

Another attempt at security for the Internet Of Things

Article

Google and others back Internet of Things security push | Engadget

My Comments

An issue that is perplexing the personal-computing scene is data security and user privacy in the context of dedicated-function devices including the Internet Of Things. This has lately come to the fore thanks to the KRACK WPA2 wireless-network security exploit which mainly affects Wi-Fi client devices. In this situation, it would be of concern regarding these devices due to the fact that the device vendors and the chipset vendors don’t regularly update the software for their devices.

But ARM Holdings, a British chipmaker behind the ARM RISC microarchitecture used in mobile devices and most dedicated-function devices has joined with Google Cloud Platform and others to push for an Internet-Of-Things data security platform. This is very relevant because the ARM RISC microarchitecture satisfies the needs of dedicated-function device designs due to the ability to yield greater functionalities using lean power requirements compared to traditional microarchitecture.

Here, the effort is centred around open-source firmware known as “Firmware-M” that is to be pitched for ARMv8-M CPUs. The Platform Security Architecture will allow the ability for hardware / software / cloud-system designers to tackle IoT threat models and analyse the firmware with a security angle. This means that they can work towards hardware and firmware architectures that have a “best-practice approach” for security and user-friendliness for devices likely to be used by the typical householder.

There is still the issue of assuring software maintenance over the lifecycle of the typical IoT and dedicated-function device. This will include how newer updated firmware should be deployed to existing devices and how often such updates should take place. It will also have to include practices associated with maintaining devices abandoned by their vendors such as when a vendor ceases to exist or changes hands or a device reaches end-of-life.

But at least it is another effort by industry to answer the data-security and user-privacy realities associated with the Internet Of Things.

What is Bluetooth Mesh networking all about

Articles

Bluetooth mesh networking could connect smart devices city-wide | Engadget

Bluetooth Mesh Networking will usher in huge connected environments | Android Authority

From the horse’s mouth

Bluetooth SIG

Blog Post

Video – click or tap to play

My Comments

Bluetooth SIG have publicly launched the Bluetooth Mesh specification which adds on to the Bluetooth Low Energy specification to create a multi-device wireless mesh network, It is in addition to the “one-to-one” Bluetooth topology typically used for linking your smartphone to that Bluetooth speaker or the “one-to-many” broadcast-driven Bluetooth topology used for Bluetooth wayfinding beacons.

Such networks place importance on a “many-to-many” network topology where data can be shared amongst multiple network member devices while a member device can receive data from multiple other member devices. The signal paths effectively represent the lines of wire that make up a piece of wire meshing like “chicken wire” while each corner in that mesh represents the member devices in that network.

The “Internet Of Things” is being seen as a key application driver and I see it as a competing wireless-link technology to Zigbee and Z-Wave which are used for this similar application. Security will be designed in to this network technology to protect data from being listened to or modified by unauthorised parties, thanks to improved link-level encryption technology.

It will still have the same use cases as other technologies pitched at the “Internet-of-Things” space such as the smart home, building automation, health monitoring and industrial automation. But it takes advantage of the fact that Bluetooth technology is commonly integrated into the design of highly-portable host computing devices like smartphones, tablets and laptops, something that has been taken advantage of with some Bluetooth-based “smart-home” devices like the Kwikset Kevo smart deadbolt lock. Here, the host device can interact directly with one or more of these sensor or controller devices no matter how far it is from the host.

What will this mean for existing Bluetooth LE setups

The new Bluetooth Mesh network technology will be based on Bluetooth 4.0 LE Smart technology and extant Bluetooth chipsets that support in-field firmware updates can benefit from this functionality. Issues that may be faced include the memory capacity and computing power that the chipset may have, which may affect some designs, and will raise its head with chipsets deployed in a lot of sensor or controller devices.

Devices like smartphones or computers will need to be equipped with mesh-specific add-on software as part of their Bluetooth application-programming interface. Initially this may be delivered in the form of extra software tied to Bluetooth chipsets. But this functionality would be rolled in to operating systems through a subsequent functionality update.

The act of provisioning new Bluetooth Mesh devices will be driven by a host device running a configuration app or, more likely, an extra setup option in the host’s operating system. This is more about enrolling new devices to a Bluetooth Mesh network as well as removing devices surplus to need from that network, which also includes obliterating security keys associated with that network frim the surplus device.

The Bluetooth Mesh technology will be rolled out over the subsequent few years as newer capable chipsets come on board with this functionality and the firmware is made available for suitable extant chipsets. As well it may require each of the major operating systems to acquire a major functionality update to take place before more host devices can work in the Bluetooth Mesh.

At least the Bluetooth Mesh technology will be on a similar position to Zigbee and Z-Wave for wireless infrastructure that answers the needs of the Internet Of Things.

Amazon chasing the numbers when it comes to Alexa’s Skills

Article

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

Amazon needs to assure quality for the skills they offer to Echo users

Alexa is learning more new skills every day | Engadget

My Comments

At the moment, Amazon is adding many skills to the Alexa voice-activated home assistant ecosystem every day with at least 15,000 skills available for your Echo by the time this article is published. This is in contrast to Google offering 378 apps and Cortana offering 65 apps. Apple yet hasn’t shown up the number of skills or apps that they have added to Siri as part of her role as a voice-driven home assistant.

But the problem with this approach is that Amazon can easily end up “chasing the numbers” where they don’t care about software quality. This is very similar to what has happened with the app stores like Microsoft Store where these stores filled up with many poor-quality and, in some cases, worthless apps. Here it is seen as a quick way for Amazon to dominate the voice-driven home assistant landscape alongside offering the multiple devices and extra capabilities.

Amazon yet haven’t had much experience in building up a platform app store with a goal towards achieving a significant number of quality apps. This is compared to Google, Microsoft and Apple who have learnt by experience when it came to building up their platform app stores which Google Home, Cortana and Siri will be based on. In most cases, it was about leaving the gates wide open and admitting too much trash or “dribbling in” very little software and putting across an image of very little choice. It is symptomatic of a technology being at an immature state where much hasn’t been worked on to have the right mix of features and software.

As regards with the software quality of skills or apps for a voice-driven home assistant platform, there will be issues about preserving proper software behaviour, assuring proper taste and decency in a family environment, along with assuring end-users’ data-security and privacy. It is more so with the fact that these skills will be relating to smart-home devices and these devices can be used to represent a household’s lifestyle. This will need to be achieved through software and consumer-protection policies and a feedback loop between end-users and the platform developer.

Of course, there needs to be the ability for Amazon and co to highlight high-quality skills and apps to users such as through an “editor’s choice” or “product spotlight”, along with a user review and rating system.

Other issues yet to be raised include how a developer can monetise a skill, whether through having customers buy the skill through Amazon’s storefront or through an advertising platform. In the case of advertising, there will be issues regarding user privacy, the kind of advertising that appears along with when the ads appear in your interaction with that skill.

I would see the sign of maturity for the voice-driven home assistant technology as higher-quality skills or apps being available along with the platforms being offered in more territories on more devices with the expected feature sets.

Amazon gives Alexa intercom abilities for their Echo devices

Article

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

The Amazon Echo to replace that intercom you bought from Radio Shack

Amazon is turning every Echo device into an intercom | Engadget

Your Amazon Echo-Filled House Now has an Alexa Intercom System | Droid Life

Amazon wants the Echo to replace your home intercom | VentureBeat

My Comments

As the battle heats up between Amazon, Google and, very soon, Apple and Microsoft for the voice-driven home assistant platform, there is a strong likelihood that these platforms will acquire new features “out of the box” at a regular pace without the need to add a “skill” or app.

Initially Amazon added a telephony function to their Alexa platform with video telephony for the Echo Show videophone device.  Now they are introducing an intercom function for their Echo devices. It is due to the fact that a lot of the households that buy Amazon Echo devices will end up equipping their home with many of these devices, such as to kit out a pair of computer speakers or old boombox with an Echo Dot.

This may be similar to an intercom system that you may have used in your home, be it that little portable box that plugs in to the wall and uses your AC wiring as a communications path or that fancy radio-intercom setup integrated in your home with one of the units having an integrated radio tuner.

Here, you have to name each Echo device with a room-unique name when you set it up or revise its settings. Then you have to enable the “drop-in” functionality on the Alexa app, whereupon you can tell Alexa to call a specific device. You can set up the “drop-in” functionality to monitor a particular room such as to monitor a sleeping baby or hear if your older parent is calling out.

The system even works across the Internet rather than just your home network, which can come in handy with families and neighbours who want to keep in touch with each other in the same community.

You can upgrade your existing Amazon Echo equipment towards this functionality by simply updating the software in the Echo devices and the Alexa app to the latest version. But I wouldn’t put it past Amazon to roll this function out to other devices that are based on the Alexa platform or to work out ways to improve on it. Similarly, I wouldn’t put it past Google, Apple and Microsoft to answer Amazon with an intercom feature of their own.