Connected Devices Need a Trust Architecture
The Internet of Things (IoT) has brought about innovative technologies whose impacts can be felt in almost every industry. As a result, there are billions of connected devices in existence. We are now being faced with the question of how to safely scale all of these devices to serve the applications that rely on their data. This task has proved to be challenging with existing service-oriented designs. Developers have thought to solve this problem by changing the design in their web applications such that they adopt trust architecture principles when building their application stacks.
Service-oriented designs have been the standard for building applications, and can usually be found in the form of APIs or microservices. Most of these designs are based on flexible code that is broken up into smaller components. These components can be found in other parts of the system and function to make the components discoverable as well as interoperable. This type of structure allows the microservices to be reused in the future via simple program APIs and enables cloud-native applications to adapt quickly.
However, this architecture exposes IoT devices to certain risks. Current IoT devices have been designed using service-oriented systems that are considered to be lacking. A key issue associated with their traditional design is that networks comprised of many interoperable systems need more power than what service-oriented designs offer on their own. They were also designed from the inside out, meaning that they had monolithic code bases built to communicate with back end web applications for specific manufacturers. These devices are usually located outside of the cloud, making them insecure and more susceptible to attacks.
In order to improve these designs, developers have started implementing trust architectures. These architectures provide service-oriented systems with a framework that allows trusted data to flow through them. The idea is that any device needs to be able to send data from anywhere in the application stack to another device or application in a way that can be trusted. They function by requiring connected devices that want to provide data to another system participant to prove cryptographically both its identity and sign all the data it sends into the rest of the system. The receiving devices have a common way to verify the origin and cryptographic signatures of all the data.
As the IoT movement continues to expand and evolve, developers must adopt service-oriented designs that include trust architectures. This is the best way to enable secure interoperability between the multitude of networks with connected devices. It is clear we are moving towards a future in which there are a vast number of autonomous systems containing billions of connected devices. These systems will require devices or applications to have a way of determining the trustworthiness of the data that is being sent.