Internet of Things (IoT): Web Architecture, Interoperability and Security Challenges
The Internet of Things (IoT) presents an environment for information systems to communicate and share data over networks. The business environment has increasingly evolved and the demand for data and information has shifted to real time data capture and transmission for decision making processes. The Internet of Things provides a basis for businesses, organizations, governments and non-government firms to acquire, share and communicate data across networks and devices (Madakam, Ramaswamy & Tripathi, 2015). The management of information systems in view of IoTs technologies requires critical web infrastructures and skilled personnel to manage and control its applications.
IoT systems can be described in terms of where they fall on the spectrum from general to specific (Cunningham, 2014). General IoTs are designed to be able to interface with anything, while specific IoTs are designed for discrete and limited purposes. An important element of generality is how easily new devices can be added to the system. If the system is designed to incorporate a new device at the instant the device appears, it will typically be extremely general (Cunningham, 2014). On the other hand, if it incorporates new devices only with some effort, or cannot incorporate new devices at all, it is likely a more specific IoT. The generality of a system can be measured roughly by its openness; for example, how easily and automatically it accepts unexpected devices.
Although specific IoTs may not enable as extraordinary a vision as general IoTs, they are far easier to develop and implement. Even beyond that, they may actually avert, at least partially, some substantial drawbacks of a grand-scale IoT. Given the diverse nature of IoT, the challenges emerge in its reliability for businesses to communicate and transmit data in a secure, authentic and private manner. Businesses have integrated management information systems as a core component that informs and directs decisions making processes; however, the implications of IoT have made such systems to have a wider scope and reach in data management. The Internet of Things facilitates the creation of communication systems that make it possible to make multi-platform data and information sharing via interconnected networks (Evans, 2011). These have significant implications for businesses including the current risk management, data integrity; audit and assurance challenges. This paper examines the Internet of Things and its implications for management information systems for businesses.
Madakam, Ramaswamy and Tripathi, (2015), argue that among the challenges facing IoTs is its broad nature making it difficult to develop a uniform architecture that is applicable across the board. The researchers argue that the concept of IoTs can be effectively implemented if it integrated diverse technologies including “sensors, network, communications and computing technologies, amongst others.” The Internet of Things creates a world where billions of things are interconnected. The necessity for adequate web architecture that allows easy communication, control, connectivity and creation of productive applications cannot be overlooked. According to BOSCH, (2014), the connection of new devices to a network does not in itself accomplish anything unless the objective it to “unlock new potential.” For instance, the connection of new devices in a home network that integrate applications such as “predictive maintenance, fleet management, or smart home solutions” must be done in a sustainable criteria that would result in the creation of synergic relationships between different devices (BOSCH, 2014).
Research in this area seeks to establish how diverse things interact across web architectures and applications. Research in web architecture has focused on issues such as the “design of distributed open architecture with end-end-to-end characteristics and interoperability of heterogeneous systems” (IERC, 2013). These are critical elements of IoT (Gubbi, Buyya, Marusic, & Palaniswami, 2013). IoT technologies such as Radio Frequency Identification (RFID) have made significant progress in the development of wireless communication systems. In addition Wireless Sensor Networks (WSN) has been instrument in the delivery of IoT in remote locations through deployment of sensor networks and applications (IERC, 2013).
The web architecture of the Internet of Things spans from personal and home applications, enterprise applications, utilities and mobile applications. These create a comprehensive and intricate interconnectivity of millions of devices across platforms and networks. The foundation that was set by Web 2.0 technologies has led to the creation of Internet of Things that has shifted “web applications and service concepts” towards a new paradigm of accessible and integrated (Cestellani et al., 2010).
Thus far, standardization among IoT technologies has mostly happened around existing IEEE 19 or ISO/IEC standards. These standards have been designed to be broadly interoperable, although in some cases non-interoperable standards have been revised to make them compatible. Two technologies are worthy of mention with regard to standardization of RFID and wireless networks.
RFID was originally standardized under an ISO/IEC standard, ISO 180000. EPC global, an organization with a significant stake in RFID technologies, originally wrote their own standards for RFID tags in the ultra-high frequency band, believing that ISO 180000 standardization process would be complex and thus drive up tag costs. Eventually they chose to revise their standards to a new protocol called Gen 2, which was reconcilable with ISO 180000 (Violino, 2005). There are several other ISO/IEC standards related to RFID tags, such as ISO/IEC 14443, which enable Near Field Communication, a technology designed to allow mobile phones to emulate RFID tags or RFID readers or short ranges.
The physical layer of most wireless network systems currently being designed is standardized under IEEE 802.15.4-2006, which lays out specifications for low-power wireless personal area networks. There are numerous private or proprietary upper-layer specifications, which are generally mutually non-interoperable. The most important exception is the non-proprietary IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN), which is designed to interoperate with most other potentially applicable wireless network standards (IETF, 2015).
Semantic and Technical Interoperability
IoTs require object-to-object communication. Objects will need to both transmit information and comprehend transmissions. These two needs describe technical and semantic interoperability on IoTs, respectively. Technical interoperability means that a signal can get from object A to object B. Semantic interoperability, on the other hand, means that object B can understand object A’s message. In other words, technical interoperability requires that objects be able to speak and be heard; semantic interoperability requires that they speak the same language. Having both kinds of interoperability may also require that objects be able to carry out commands and transmit data.
Not every object will need to both speak and listen. Some objects will be transmitters; they will only need to be able to speak. For example, an RFID tag embedded in a can of beans will probably not have much reason to listen to other cans of beans on the shelves. Other objects, receivers, will only need to listen. Picture a black box device monitoring a factory. It would only need to listen for signals from other devices and record them; it would not necessarily need to talk back (Evans, 2011).
The degree of interoperability in an IoT grows as it grows in both size and flexibility. In that sense, general IoTs will usually be more interoperable than specific IoTs. Since a general IoT will deal with far more unpredictable events and interactions stemming from its complex system, it should have much greater potential for interconnection to begin with. One critical component for semantic interoperability between devices in a general IoT is device identification. Object A, detecting object B’s presence, may need to be able to quickly evaluate what object B is in order to make a decision about how to interact with it or parse data that object B sends. Device or object naming standards will thus be a key component of building general IoTs (Castellani et al., 2010). Human and organizational interoperability simply refer to the ability of people or groups to work together, but in reality they do not work out as simply as they sound. There can be any number of different forces opposing collaboration: differing cultural norms, opposing market forces, or legal inhibitions. Human and organizational interoperability enable either more extensive use of IoT data or more far-ranging systems on the IoT.
Development of Interoperability on IoT
The development of interoperability on IoT has thus far been uneven; it has varied mostly on how open the IoT system is. For instance, the contrast between Pachube and HP’s plans for involvement in the IoT market illustrates both ends of the spectrum. Pachube is an IoT-based community. It is an open application programming interface intended to serve as a back-end for IoT systems. Users can either contribute a data stream or use an existing one. Thus, the data generated is not closed or limited to use to only the people generating it. HP, by contrast, offers IoT-based services (Lindsay, 2010). HP plans to form specific partnerships to provide technical expertise to solve problems such as seismic measurement (Wylie, 2009).
In these partnerships, HP’s job is to deploy sensors and gather data to analyze on behalf of their clients. The entire process is handled in-house; they essentially act as a consultancy. A major difference between Pachube and HP is the openness of their systems (Ali & Frew, 2013). Pachube’s system allows any data to be used for any purpose that anyone could want to use that data for. Its goal is to provide a one-size-fits-all seamless join between any data layer and any application layer. HP, on the other hand, tries to control both the data layer and the application layer. The only devices they are integrating, and the only applications they are supporting, are their own.
Overall, the development of IoTs, particularly grand-scale IoTs, is just beginning. The U.S. took a useful step forward in late “2010 when the Federal Communications Commission (FCC) opened an unused portion of the TV spectrum to be used for wireless data and Internet services” (Melanson, 2010). Specific and limited IoTs, like the ones mentioned earlier, are beginning to be researched, developed, prototyped, and implemented. Some are further along than others; hospitals and supply chains increasingly use IoT technologies, while the idea remains in its infancy with prisons or coffee mugs.
Because many IoT systems are being developed separately, by different firms under different proprietary standards, it is unclear how interoperability will emerge on the systemic level, or if it ever will. So far, systemic interoperability within individual development communities seems to have existed in different degrees depending on how densely firms in those fields interact. Supply chain systems, in which objects will pass between many different firms, have seen much more “systemic interoperability than the specialized technical solutions provided by Intel or HP have” (Ali & Frew, 2013). In spite of such differences in the development of IoT, a common factor remains in that it is developing at a rather rapid rate.
Barriers to Development of Interoperability on and among Internet of Things
It seems likely that the most substantive barriers to developing systemic interoperability among IoTs would come from problems regarding human and organizational interoperability. Currently, individual firms develop distinct and limited IoTs, with internal technical and semantic interoperability. Since many of these firms rely or will rely on proprietary standards or closed systems, and want to protect their market share, it is not clear that they would be able to integrate at meta-levels.
A similar problem will probably be observed on both cultural and legal levels as IoTs attempt to spread between governments. This could happen on both provincial and international levels. Hypothetically, if Massachusetts required different levels of data protection than New Hampshire, it might be difficult to convince operators of systems in MA and NH to interoperate, even if all other incentives are aligned.
In the vast majority of cases, the benefits of IoTs derive fundamentally from interoperability. IoTs typically act out two principles: making unmapped data visible and networking data streams. Of these two, many more benefits derive from the networking of data, which is simply interoperability in action. To see why communicating data has far greater benefits than merely observing it; for instance, the Internet of Coffee Mugs (Chui, Loffler, & Roberts, 2010). Identifying a coffee mug via RFID itself may be little more than an expensive vanity. Now give the coffee shops RFID readers. The RFID tag can now be used to quickly pay for coffee, yielding tangible benefits. Even when observation alone is valuable, communication is usually necessary to enable use of the data (Evans, 2011). A small sensor in a water pipe which can tell whether the pipe is failing is essentially useless unless it can report the data somewhere else. All of the benefits of IoTs derive from technical and semantic interoperability, insofar as IoTs require both of those to operate. Many types of benefits expand with increased systemic or organizational interoperability; the more coffee shops accept, the more useful the Internet of coffee mugs become. Other types of benefits do not; connecting one house’s energy management systems with another’s does little to benefit either homeowner’s efforts to control their energy costs (Evans, 2011).
Mapping the World
The world consists of data; for instance, the temperature, light level, and humidity in different parts of a building are all data. The same case applied to the statuses of a city’s water pipes, the amount of power drawn by each appliance in a house, and where and how often someone buys coffee. IoT systems and technologies help track this data, improving our knowledge about the state of the world. Various online sources and academic writing website give the next definition: “Internet of Things can be realized in three paradigms—internet-oriented (middleware), things oriented (sensors) and semantic-oriented (knowledge). Although this type of delineation is required due to the interdisciplinary nature of the subject, the usefulness of IoT can be unleashed only in an application domain where the three paradigms intersect” (Gubbi, Buyya, Marusic & Palaniswami, 2013)
Understanding how the world moves in both space and time is invaluable. In water management, it is desirable to know both whether any pipes are failing right now and which parts of the system are more likely to fail over time. Granular data about energy use can help customers make both short-term cuts such as turning the lights and long-term reductions such as buying more efficient light bulbs. In hospitals, short-term data on patient health can help hospitals necessary care, and long-term data can help solve the difficult problem of hospital quality metrics (Zeng, Guo, & Cheng, 2011).
However, in most cases it is only practical to tap into these streams of data if it can be aggregated in real time at low cost. This requires efficient communications from point to point, which is precisely the job of technical and semantic interoperability. The benefits that come from a deeper understanding of the world may also expand in the presence of systemic, human, or organizational interoperability. There are two major ways in which these forms of interoperability generate benefits. Firstly, when different systems operate in the same real-world space, interoperability between those systems increases the magnitude of each system’s short-term benefits (IERC, 2013). For instance, if there were two companies building Internet of Cars technologies in the U.S., they would be able to create substantial benefits by interoperating, since both companies’ customers share the same roads.
Secondly, putting different datasets together, as these forms of interoperability often enable, can advance understanding of the world by giving access to a more expansive or detailed picture of the world. For example, consider again the two firms working on the Internet of Cars. If one wanted to study traffic patterns in the United States, it would be much more valuable to have data from both firms than from just one.
Automation based on IoT principles has the potential to create huge benefits. Embedded devices do not just allow systems to receive data about the world; they allow those same systems to feed back into the world. Similar to the benefits that come from gathering information, these benefits fundamentally rely on technical and semantic interoperability (Zeng, Guo, & Cheng, 2011).
Autonomous systems can yield benefits across a wide variety of real-world problems. Manufacturing systems that automatically gather precise knowledge about all of their components can control the quality of their products more tightly (Evans, 2011). A water management system that can mechanically sense when a pipe fails can potentially shut off the pipe before the larger water supply becomes contaminated. A house which can control its energy use on a device-by-device basis can cut its power consumption automatically to respond to increases in energy prices.
If IoT development on a small scale is accessible enough, people can even build personalized IoT applications (Zeng, Guo, & Cheng, 2011). It would be possible to make the doors to open or the lights to turn on the house at arrival; the lights to go off two minutes after you turn a DVD player on; a car to run the heat or air conditioning automatically as soon as you start the motor based on the outside temperature; or alarm clock to go off several minutes earlier or later based on traffic conditions.
The benefits of automated systems can expand with the presence of systemic, organizational, or human interoperability. Returning to the previous example of two Internet of Cars firms, it is plain to see that any automated system related to traffic patterns will be measurably better if it can receive data from all of the cars on the road, not just from those that are integrated into the IoT systems. As such, there would be a need to develop ways to collect information on non-IoT cars and feed it into the automated systems.
Implications for Innovation, Competition and Consumer Empowerment
While there are many technical benefits to IoT interoperability, some of its effects on consumer empowerment and competition may not all be clearly positive and somewhat ambiguous, but there are clear positive effects, such as reduced switching costs and increased competition. If IoT technologies are broadly interoperable, consumers would be more empowered as switching costs fall. “Switching costs,” in the context of IoTs, refer to the costs to replace one device or application with another. Switching costs are lower when choices about devices or applications are not bundled (Zeng, Guo, & Cheng, 2011).
For instance as IoT technologies become more interoperable, consumers using home automation networks for energy should be able to replace appliances without being constrained to appliances built by certain companies. If a consumer wants to buy a new toaster, but their energy management system only interoperates with toasters developed by one company, then they have to either buy a toaster from that company or replace their entire energy management system. On the other hand, if their energy management system can interoperate with any toaster using common standards, they should have no problems. The more open and interoperable IoT systems are, the easier it will be for consumers to use custom arrangements of technology for maximum personal benefit.
Interoperability should also enhance competition (Gubbi, Buyya, Marusic & Palaniswami, 2013). The creation and adoption of IoTs will increase competition by creating an entirely new market for devices and services. As evidenced by the fact that the market for goods and services already includes a blend of established giants and smaller, newer companies, there will never be only one type of technology or device to achieve a certain function (Evans, 2011). Greater interoperability will mean that people can pick and choose their preferred technologies, leading to greater competition in this new marketplace. Further, the more interoperable systems in this marketplace are, the more room there will be for competition across marketplaces.
Interoperability should yield great benefits in innovation (Evans, 2011). The more open and interoperable IoT systems are, the greater the ability to build individually customized IoT applications and functions will be. The more the potential for communication between disparate devices increases, the more the individual consumers can design systems to fulfill idiosyncratic needs. In spite of the positive outcomes expected from the implementation of IOT, the real impacts of interoperability in the creation of competition and empowering consumers remains unclear. IoTs have the impact of creating numerous data and information about the world; however, such information will remain in the control of companies that own or control IoT technologies. Consequently, firms will use the information resource at their disposal to influence market and industry dynamics with the objecting of increasing their control and benefits at the expense of consumers.
Even if the information is freely available, individual consumers are typically not as good as large firms at capitalizing on large amounts of information. The effect of interoperability on this problem is ambiguous. Increasing interoperability will give each firm in the market more information (Evans, 2011). This may increase competition between them but decrease the overall welfare of all consumers. Alternatively, one firm may be better at capitalizing than another, and use their advantage in information to substantially increase their market power, reducing both competition and consumer welfare. The development of “IoT environments for Internet-connected objects will greatly facilitate the deployment and delivery of applications” (IERC, 2013). These will allow people to identify the reliable service providers for their data and information needs instead of deploying sensors that may incur excessive costs in terms of resources, man power and time.
IoT technologies integrate diverse communication systems that function at a cost. The processes of preparing, packaging, sending and receiving information requires costs to be incurred. Every aspect of IoT has an associated cost considering the limitations in the capacity of IoT technologies, devices and systems. Since devices have processing power that is limited to certain parameters, the communication of all devices would result in high noise levels. The noise level can be delineated as the degree within which meaningful and meaningless communication is undertaken. However, this is not always a serious problem considering that single vendors often design, create and implement the deployment of IoTs. These vendors can design systems that are impermeable to such challenges.
The noise problem illustrates the significance of differentiating between real and potential interoperation of IoTs. It is not prudent or practical to assume at the current technology integration level among diverse populations, that a world where everything communicates automatically is realistic. For instance, a scenario where a fridge and an oven need to automatically communication would be a mere waste of resources in most people’s perspective considering that there are more pressing issues to be addressed in society. On the other hand, you should be able to program the two to talk to each other if need be. Maybe a person always drink morning coffee in the living room and want the lights to come on automatically, or want the lights in the house to flash to let him know when the coffee is ready. People may want to use IoT systems in different ways to address their own unique set of issues and preferences.
Security and Privacy Concerns for IoTs
IoTs face serious security issues, mostly from having interoperability as its inherent principle. The security issues that emerge from the development of IoTs is based on fears that threats will present in the form of attacks that target a section of IoTs and threats that will penetrate critical systems and operate in the background undetected while corrupting and sabotaging it. For instance, deployment of threats such as StuxNet or a DDOS-like attack (Gudymenko, 2011). If critical infrastructure is targeted and shut down, either by taking advantage of holes in the system or merely by overwhelming it with communications, the results can be catastrophic. This risk can be reduced somewhat by retaining manual control and high levels of safeguards in such systems, but only to a limited extent.
The second category includes data-collecting malware or hidden control systems. Someone who could take control of IoT devices under their owners’ noses could create a huge botnet that is nearly impossible to detect, or acquire terrifyingly detailed pictures of peoples’ lives or other states of the world (Gudymenko, 2011). For instance, a scenario in which the U.S. military deployed troops with personal GPS units; anyone who could hack those GPS units would be able to acquire a detailed picture of U.S. troop movements, giving them a considerable edge in combat situations, with profound national security implications. According to Cunningham (2014), “Digital data—including personal information—can be many places at once, travel thousands of miles in fractions of seconds from one nation to the next, and can be readily collected without notice or consent.”
The potential security challenges for IOT are numerous and can only be managed through the development of systems that are security conscious. It would probably reduce interoperability in the system. Care should be taken, of course, so that these measures do not quash the potential innovation enabled by IoT technologies (Cestellani et al., 2010). The degree of security, also, will of course vary on the system in question; greater care should be taken to protect IoT systems involving systems that are more vulnerable to attack and hacks, rather than home energy management IoT systems (Gudymenko, 2011).
The Internet of Things collects large volumes of data that are unprecedented considering that there are no existing systems to compare it with. However, the privacy implications of IoTs are numerous considering that there are not guarantees that information being communication from device to device or device to person is safeguarded from prying eyes. The more the system becomes complex and large, the higher the risk of losing information privacy becomes. Simple information such as room temperature in offices and stationary choices may not be relevant or cause for concern to anyone. However, the data kept by other systems can be much more dangerous especially when systems and devices are breached leading to the loss of financial and personal data, there is a chance that it can be used for malicious or criminal purposes. “One practical consideration in enabling widespread adoption of web of things arises in ensuring security of shared resources against misuse, protecting the privacy of users who share parts of their data, and providing estimates of reliability or verifiability of web service against malicious intervention or inadvertent errors” (Zeng, Guo and Cheng, 2011).
Future Directions for Research
The security and privacy challenges of IoT where smart devices and objects are connected on an interoperable framework are among the key concerns of current research. Significantly, the development of IoT research in view of pervasive applications that include critical technology drivers and the expected outcomes of applications is an area that requires further research. The web architecture research will need to conduct further considering that IoT technologies are progressively evolving and being improved. Consequently, “A generalized framework is required for data collection and modeling that effectively exploits spatial and temporal characteristics of the data, both in the sensing domain as well as the associated transform domains”(Gubbi, Buyya, Marusic & Palaniswami, 2013).
IoT is continuously growing with new applications being developed leading to the possibility of reaching critical mass especially in its application within different functions, operations and sectors. Though current applications are yet to attain critical mass status, research should focus on the development of business models, standards and ethical frameworks associated with diverse applications of IoT.
Significantly, development of productive technological change integrates a synergetic relationship between organizational and technical innovations. However, disconnect in the pace of development between technical infrastructures and organizational functions exist. IoT technologies develop and change at a faster rate when compared to organizational and social innovation which is often left behind. Research should focus on the development of strategies that will ensure organizations and human resources will change at the same pace with technology.
The Internet of Things is a new technological paradigm for information communication technologies especially management information systems in business environments. The Internet is evolving at a rapid rate bring interconnectivity of people and devices across multi-networks irrespective of geolocation. The connection of things creates intelligent systems that aid in the management of critical systems in business, health care, security and other applications. While a significant percent of the components that make up the IoT are not new, it is developing at a pace that most people and firms are unable to keep up. Essentially, the sophistication, scale and application of IoT presents various challenges that people and firms are yet to overcome; hence the need for more research towards the identification of solutions. A multi-disciplinary outlook is required to identify and challenge critical assumptions with respect to the implementation, designs and outcomes of IoT. The Internet of Things presents numerous opportunities for businesses; however, the potential security and privacy threats to transmitted data cannot be overlooked. The issue of open systems that devices can connect without restrictions could derail the development of IoT since people and organizations will be reluctant to send or receive critical data on the premise of its integrity being compromised along the way. However, once the issues of privacy, security and data integrity are solved, IoT will present a critical value adding resource.