O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Internet of Risky Things

Book Description

By 2020, the Internet of Things (IoT) will consist of millions of computational devices intimately connected to real-world aspects of human life. In this insightful book, Professor Sean Smith, who worked in information security long before the web appeared, explains that if we build the IoT the way we built the current internet and other information technology initiatives, we’re headed for trouble.

With a focus on concrete solutions, The Internet of Risky Things explains how we can avoid simple flaws that have plagued several dramatic IT advances in recent decades. Developers, engineers, industrial designers, makers, and researchers will explore "design patterns of insecurities" and learn what’s required to route around or fix them in the nascent IoT.

  • Examine bugs that plague large-scale systems, including integer overflow, race conditions, and memory corruption
  • Look at successful and disastrous examples of previous quantum leaps in health IT, the smart grid, and autonomous vehicles
  • Explore patterns in coding, authentication, and cryptography that led to insecurity
  • Learn how blunders that led to spectacular IT disasters could have been avoided

Table of Contents

  1. Preface
    1. O’Reilly Safari
    2. How to Contact Us
    3. Acknowledgments
  2. 1. Brave New Internet
    1. Worst-Case Scenarios: Cyber Love Canal
    2. What’s Different?
      1. Lifetimes
      2. The IoT in the Physical World
    3. Inevitable and Unfortunate Decay
      1. Zero-Days and Forever-Days
      2. The Fix is In?
    4. The IoT’s Impact on the Physical World
      1. Houses
      2. Cars
      3. Traffic
      4. Airplanes
      5. Infrastructure
      6. Medicine
    5. The Physical World’s Impact on the IoT
      1. Missing Things
      2. Large Attack Surface
      3. Jumping Across Boundaries
    6. Worst-Case Scenarios: Cyber Pearl Harbor
      1. Targeted Malicious Attacks in the IoT
    7. Where to Go Next
      1. What Do We Do?
      2. What Comes Next
    8. Works Cited
  3. 2. Examples and Building Blocks
    1. Computing Devices
      1. Basic Elements
      2. Moore’s Law
      3. How IoT Systems Differ
    2. Architectures for an IoT
      1. Connection to Other Computers
      2. Connection to the Physical World
      3. The Backend
    3. The Bigger Picture
    4. What’s Next
    5. Works Cited
  4. 3. The Future Has Been Here Before
    1. Bug Background
      1. Integer Overflow
      2. Race Conditions
      3. Memory Corruption
      4. Impossible Scenarios
    2. Smart Health IT
      1. The Therac-25
      2. The Sad Story
      3. Today
      4. Past and Future
    3. Smart Grid
      1. The Balancing Act
      2. Lights Out in 2003
      3. Root Causes
      4. Today
      5. Past and Future
    4. Smart Vehicles
      1. The Dawn of Fly-by-Wire
      2. Fear of the A320
      3. What Happened Next
      4. Past and Future
      5. Today
    5. Not Repeating Past Mistakes
    6. Works Cited
  5. 4. Overcoming Design Patterns for Insecurity
    1. Anti-Pattern: Doing Too Much
      1. Instance: Failure of Input Validation
      2. Instance: Excess Power
      3. Instance: Differential Parsing
    2. Anti-Pattern: Coding Blunders
    3. Anti-Pattern: Authentication Blunders
      1. Instance: No Authentication
      2. Instance: Default Credentials
      3. Instance: Permanent Credentials
      4. Instance: No Delegation
      5. Instance: Easy Exposure
      6. Moving Forward
    4. Anti-Pattern: Cryptography Blunders
      1. Instance: Bad Randomness
      2. Instance: Common Keys
      3. Instance: Bad PKI
      4. Instance: Aging of Cryptography and Protocols
    5. A Better Future
    6. Works Cited
  6. 5. Names and Identity in the IoT
    1. Who Is That, Really?
      1. Beyond Bits
      2. Authorization
    2. The Standard Cryptographic Toolkit
      1. The Somewhat Impossible
      2. Symmetric Cryptography
      3. Public Key Cryptography
      4. Public Key Infrastructure
      5. Cryptographic Hashing
      6. The Price Tag
    3. The Newer Toolkit
      1. Macaroons
      2. Blockchains
      3. PUFs
      4. Addresses and Names
    4. IoT Challenges
      1. Ontologies of Association
      2. Ontologies of Interaction
      3. PKI and Large Populations
      4. Constrained Devices and Channels
      5. Privacy Side Effects
      6. Cryptographic Decay
    5. Moving Forward
    6. Works Cited
  7. 6. The Internet of Tattletale Devices
    1. Cautionary Tales
      1. IoC Privacy Spills
      2. IoT Privacy Worries
    2. When Things Betray Their Owners
      1. Your Things May Talk to Police
      2. Your Things May Phone Home
      3. Your Things May Talk to the Wrong People
    3. Emerging Infrastructure for Spying
      1. Wearables and Health
      2. Internet of Big Brother’s Things
    4. Getting What We Want
      1. Saying What We Want
      2. Law and Standards
      3. Technological Enforcement
    5. Works Cited
  8. 7. Business, Things, and Risks
    1. How the IoT Changes Business
      1. Disrupting Business Operations
      2. Disrupting the Profit Paradigm
      3. “Google Moments”?
    2. Profit and Safety
      1. In History
      2. In the IoT
      3. In the Human Mind
    3. When the User Is the Product
      1. In History
      2. In the IoT
    4. Profit and Technological Choices
      1. In History
      2. In the IoT
      3. Hacking and Business
    5. Businesses and Things and People
    6. Works Cited
  9. 8. Laws, Society, and Things
    1. When Technology Evades Law
      1. Case Study: VW Emissions
      2. “Weasel Words”
    2. When Law Stops Scrutiny of Technology
      1. Case Study: The DMCA
    3. When New Things Don’t Fit Old Paradigms
      1. Send in the Drones
      2. License to Self-Drive
      3. Healthy Entertainment
      4. Things “on the Witness Stand”
    4. Looking Forward
    5. Works Cited
  10. 9. The Digital Divide and the IoT
    1. How Digital Divides Emerged in the IoC
      1. The Digital Divide
    2. How Digital Divides May Continue in the IoT
      1. Connectivity to Machines
      2. Connectivity Between People
    3. When IT Is Required to Support Basic Rights
      1. Certificates
      2. Entitlements and Risks
      3. In the Smart City
    4. The IoT Enforcing Preexisting Socioeconomic Divides
    5. The IoT Creating Divides Among Connected Classes
    6. Looking Forward
    7. Works Cited
  11. 10. The Future of Humans and Machines
    1. A Framework for Interconnection
      1. Semiotic Triads, in 2013
      2. Semiotic Triads, in the 1920s
    2. Human/Machine Interconnection in the IoT
      1. Mapping, Literally
      2. Mapping, Figuratively
      3. Uncanny Descents
    3. Ethical Choices in the IoT Age
    4. Perception of Boundaries in the IoT Age
    5. Human Work in the IoT Age
    6. Brave New Internet, with Brave New People in It
    7. Works Cited
  12. Index