Internet of Things (IoT): Societal Challenges & Scientific Research Fields for IoT

International audienceJust as the Internet radically reshaped society, the Internet of Things (IoT) willhave an impact on all areas of human life: from our homes, vehicles, workplacesand factories, to our cities and towns, agriculture and healthcare systems. It willalso affect all levels of society (individuals, companies and state-level), from urbanto rural and the natural world beyond. This makes it essential to have a properunderstanding of IoT and the challenges which relate to it. The primary aims ofthis document are to (i) determine the scope of IoT, its origins, current developments and perspectives, and (ii) identify the main societal, technical and scientific challenges linked to IoT.It seems inevitable that IoT will become increasingly omnipresent. Indeed, itis set to penetrate every aspect of all of our lives, connecting everything (billionsof new heterogeneous machines communicating with each other) and measuringeverything: from the collective action we take at a global level, right down to oursmallest individual physiological signals, in real-time. This is a double-edged sword,in that it simultaneously gives people cause for hope (automation, ­optimisation,innovative new functionalities etc.) and cause for fear (surveillance, dependency,cyberattacks, etc.). Given the ever-evolving nature of the IoT, new challenges linked to privacy, transparency, security appear, while new civil and industrialresponsibilities are starting to emerge.IoT is centred around an increasingly complex set of interlinked concepts andembedded technologies. At an industrial level, this growing complexity is makingthe idea of having full control over all components of IoT increasingly difficult, oreven infeasible. However, as a society, we must get to grips with the technologicalfoundations of IoT. One challenge for education will therefore be to graduallyincrease awareness of IoT, both in order to protect individuals’ sovereignty andfree will, and to initiate the training of our future scientists and technicians. Apublic research institute such as Inria can contribute towards understandingand explaining the technological foundations of IoT, in addition to preservingsovereignty in Europe.IoT will inevitably increase dependency on certain types of embeddedt ­ echno­logy. It is hence necessary to identify the new risks that entail, and todevise new strategies in order to take full advantage of IoT, while minimising theserisks. Similarly to the situation in other domains where one must continually seekto preserve ethics without hindering innovation, creating a legal framework forIoT is both necessary and challenging. It nevertheless seems clear already thatthe best way of facing up to industrial giants or superpowers is to take action atthe EU level, as shown by recent examples such as GDPR. Furthermore, given thegrowing influence of technological standards on society, playing an active rolein the process of standardising IoT technology is essential. Open standards andopen source – conceived as a common public good – will be pivotal for IoT, justas they have been for the Internet. Last but not least, massive use of IoT can helpbetter capture and understand the environmental challenges we are ­currentlyfacing – it is also expected IoT will help to mitigate these challenges. The goals inthis context are not only to reduce the quantities of natural resources consumedby IoT (for production, deployment, maintenance and recycling). We must alsoaim to more accurately evaluate the overall net benefit of IoT on the environment,at a global level. This requires determining and subtracting IoT’s environmentalcosts from its (measured) benefits, which is currently a challenge. The growingimpact of IoT underscores the importance of remaining at the cutting edge whenit comes to scientific research and technological development. This documenttherefore aims to (i) highlight the wide range of research fields which are fundamental to IoT, and(ii) take stock of current and future research problems in each of these fields. A number of links are made throughout the document to contributionsmade by Inria. These contributions are, by their nature, diverse (basic and appliedresearch, open source software, startup incubation) and concern the majority ofresearch fields on which IoT is based

How Physicality Enables Trust: A New Era of Trust-Centered Cyberphysical Systems

Multi-agent cyberphysical systems enable new capabilities in efficiency, resilience, and security. The unique characteristics of these systems prompt a reevaluation of their security concepts, including their vulnerabilities, and mechanisms to mitigate these vulnerabilities. This survey paper examines how advancement in wireless networking, coupled with the sensing and computing in cyberphysical systems, can foster novel security capabilities. This study delves into three main themes related to securing multi-agent cyberphysical systems. First, we discuss the threats that are particularly relevant to multi-agent cyberphysical systems given the potential lack of trust between agents. Second, we present prospects for sensing, contextual awareness, and authentication, enabling the inference and measurement of ``inter-agent trust" for these systems. Third, we elaborate on the application of quantifiable trust notions to enable ``resilient coordination," where ``resilient" signifies sustained functionality amid attacks on multiagent cyberphysical systems. We refer to the capability of cyberphysical systems to self-organize, and coordinate to achieve a task as autonomy. This survey unveils the cyberphysical character of future interconnected systems as a pivotal catalyst for realizing robust, trust-centered autonomy in tomorrow's world

An Observer-Based Key Agreement Scheme for Remotely Controlled Mobile Robots

Remotely controlled mobile robots are important examples of Cyber-Physical Systems (CPSs). Recently, these robots are being deployed in many safety critical applications. Therefore, ensuring their cyber-security is of paramount importance. Different control schemes that have been proposed to secure such systems against sophisticated cyber-attacks require the exchange of secret messages between their smart actuators and the remote controller. Thus, these schemes require pre-shared secret keys, or an established Public Key Infrastructure (PKI) that allows for key agreement. Such cryptographic approaches might not always be suitable for the deployment environments of such remotely mobile robots. To address this problem, in this paper, we consider a control theoretic approach for establishing a secret key between the remotely controlled robot and the networked controller without resorting to traditional cryptographic techniques. Our key agreement scheme leverages a nonlinear unknown input observer and an error correction code mechanism to allow the robot to securely agree on a secret key with its remote controller. To validate the proposed scheme, we implement it using a Khepera-IV differential drive robot and evaluate its efficiency and the additional control cost acquired by it. Our experimental results confirm the effectiveness of the proposed key establishment scheme.Comment: This preprint has been submitted to the 2023 IFAC World Congres

Encrypted control for networked systems -- An illustrative introduction and current challenges

Cloud computing and distributed computing are becoming ubiquitous in many modern control systems such as smart grids, building automation, robot swarms or intelligent transportation systems. Compared to "isolated" control systems, the advantages of cloud-based and distributed control systems are, in particular, resource pooling and outsourcing, rapid scalability, and high performance. However, these capabilities do not come without risks. In fact, the involved communication and processing of sensitive data via public networks and on third-party platforms promote, among other cyberthreats, eavesdropping and manipulation of data. Encrypted control addresses this security gap and provides confidentiality of the processed data in the entire control loop. This paper presents a tutorial-style introduction to this young but emerging field in the framework of secure control for networked dynamical systems.Comment: The paper is a preprint of an accepted paper in the IEEE Control Systems Magazin

Security Hazards when Law is Code.

As software continues to eat the world, there is an increasing pressure to automate every aspect of society, from self-driving cars, to algorithmic trading on the stock market. As this pressure manifests into software implementations of everything, there are security concerns to be addressed across many areas. But are there some domains and fields that are distinctly susceptible to attacks, making them difficult to secure? My dissertation argues that one domain in particular—public policy and law— is inherently difficult to automate securely using computers. This is in large part because law and policy are written in a manner that expects them to be flexibly interpreted to be fair or just. Traditionally, this interpreting is done by judges and regulators who are capable of understanding the intent of the laws they are enforcing. However, when these laws are instead written in code, and interpreted by a machine, this capability to understand goes away. Because they blindly fol- low written rules, computers can be tricked to perform actions counter to their intended behavior. This dissertation covers three case studies of law and policy being implemented in code and security vulnerabilities that they introduce in practice. The first study analyzes the security of a previously deployed Internet voting system, showing how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be defeated in practice, allowing attackers to conceal contraband such as weapons or high explosives past airport checkpoints. Finally, this dissertation also studies how an Internet censorship system such as China’s Great Firewall can be circumvented by techniques that exploit the methods employed by the censors themselves. To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by human auditors. By combining the strengths of computers (speed and cost) and humans (ability to interpret and understand), systems can be made more secure and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd

Fully Homomorphic Encryption-enabled Distance-based Distributed Formation Control with Distance Mismatch Estimators

This paper considers the use of fully homomorphic encryption for the realisation of distributed formation control of multi-agent systems via edge computer. In our proposed framework, the distributed control computation in the edge computer uses only the encrypted data without the need for a reset mechanism that is commonly required to avoid error accumulation. Simulation results show that, despite the use of encrypted data on the controller and errors introduced by the quantization process prior to the encryption, the formation is able to converge to the desired shape. The proposed architecture offers insight on the mechanism for realising distributed control computation in an edge/cloud computer while preserving the privacy of local information coming from each agent