{{announcement.body}}
{{announcement.title}}

Will IoT Standards Finally Solve the Pain Points of Interoperability and Security?

DZone 's Guide to

Will IoT Standards Finally Solve the Pain Points of Interoperability and Security?

The aim is to help ensure a secure and interoperable IoT for the future by simplifying highly secure, scalable, low-power IP-based IoT product development.

· IoT Zone ·
Free Resource

security camera

Solve your security issues with IoT.

I've long contended that until all things Internet of Things can get their security pains and interoperability challenges between IoT devices sorted, all the efforts at innovation are wasted and consumers are being short-changed.

We've seen in the news this week of the “Connected Home over IP” working group, a collaboration of Amazon, Apple, Google, and the Zigbee Alliance, but I've recently been even more interested to hear the recent announcement of OCF-over-Thread, a collaboration between two leading IoT standards bodies — Open Connectivity Foundation and The Thread Group and implemented by Cascoda. This is a huge collaboration for not only existing stalwarts but also hardware startups that are yet to be created.

You may also like: Multi-Cloud Interoperable Cloud Services

The aim is to help ensure a secure and interoperable IoT for the future by simplifying highly secure, scalable, low-power IP-based IoT product development. I spoke to J. Clarke Stephens, Board Member and Technical Contributor of the Open Connectivity Foundation to found out more.

The Open Connectivity Foundation is dedicated to ensuring secure interoperability for consumers, businesses, and industries by delivering a standard communications platform, a bridging specification, an open-source implementation and a certification program allowing devices to communicate regardless of form factor, operating system, service provider, transport technology or ecosystem. The OCF IoT standard (unlike most other standards) is an open standard, free of cost and independent of any underlying hardware protocol. Clarke explained:

"You could use, for example, a single controller to control devices from different companies. It goes beyond things like IFTTT or, or the skills in Amazon because it does things at a more fundamental layer. So you don't have to write extra code. It means you have in practice competitors controlling each other's devices through their applications."

OCF has over 400 members meaning that even consumers of even competitors like LG and Samsung could technically control both devices. International collaboration means that devices based on OCF standards will work with all others that are compliant. This means a hardware company doesn't need to make individual deals with a lot of different companies.

The other big differentiator a holistic approach that goes beyond open-source implementation. The OCF has a fantastic great developer program that even suits devs new to IoT. There is (free) working code and "You can, in fact, build and control a completely secure IoT device in 15 minutes".

Specifically, OCF specifications mean any complex device can be created from a simple collection of open source components, allowing developers to easily design and scale their devices. There's a code generator based on data models that automatically generates code that is almost ready to have certification tests, and then it compiles that code. You have a working device ready to go right there.

If you take the open-source Android application, you will discover that device, onboard with top-level security and automatic generation of the UI meaning you could effectively have a working prototype without a lot of pain.

How the Heck Did You Manage to Get All These Players to Work Together?

IoT embedded software is a highly competitive space and I was extremely interested in how OCF and the Thread Group managed to get so many competitors working in partnership. Clarke explained:

"I like to compare it a little bit to the genesis of the internet or maybe cellphones. Every company started off wanting to do their own thing with a 'ours is better than yours, don't use my stuff' mentality. But they eventually learned that they get more pie if they have a bigger partnership. The more things that are on the network, the more valuable your piece of that network. So we kind of followed that same strategy."

The Power of Public Key Infrastructure Security

OCF makes security front of mind, ensuring devices are secured to the highest standard there is - Public Key Infrastructure. Through public and private cryptographic key pairs, PKI facilitates the secure electronic transfer of information through authenticating and encrypting data using digital certificates.

Clarke detailed their approach of security-first, inbuilt security where "to not have it there, you have to physically go and remove it. This means you're relying on the natural nature of software developers, they don't want to do more than they have to."

OCF and the Thread Group's partnership creates compatibility between OCF’s secure application layer and Thread’s low-power and scalable IPv6-based network layer protocol. Thread is built on open standards to create IEEE 802.15.4 mesh networks that can easily and securely connect thousands of devices.

There are not as many single points of failure, it's more robust, and reaches further. It means that not only do you get the upper layers of security from OCF, but you also get the lower layers of security from Thread.

Using proven, open IoT standards, the industry can start to use OCF-over-Thread with little investment, completing products in as few as six months. Cascoda has recently shown live demos of OCF-over-Thread running on its Chili2 Module, a low-cost, pre-certified IP-based module, providing scalability, PKI and TEE security, more range, and lower power.

Interestingly the alliance is also considering pursuing safe harbour certification meaning, if you are certified as OCF then you already reach all of those standards, there's no other protocol that comes close.


Further Reading

State of API Security

Security Use Cases by Industry

Security Best Practices for Open-Source APIs

Topics:
cybersecurity, interoperability, iot accelerator marketplace, iot developers, open connectivity foundation

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}