The Internet of Things (IoT), with Nisarg Desai, MSEM ’15

Tufts Gordon Institute sat down with Nisarg Desai, MSEM ’15 and Product Manager of loT (Internet of Things) at GlobalSign, to talk about the Internet of Things. He leads product R&D for the industrial IoT product portfolio at GlobalSign. GlobalSign is a software security company that provides identity and security based solutions for enterprises. “We are trying to leverage our experience and expertise in security in trying to solve tomorrow’s IoT security problems,” Desai says.

IoT is already making a significant impact on society. From agriculture, energy, healthcare, transportation to automation, the potential is limitless. Wirelessly connected sensors, actuators and other hardware are now found in most industries and continue to be increasingly deployed. Smart thermostats regulate home temperature. Intelligent traffic cameras automatically report accidents to emergency services. Connected farming equipment adjusts fertilizer delivery based on real-time conditions. And pill-sized cameras collect and share data with doctors from the inside of people’s digestive tracts. IoT is everywhere and improving efficiencies through intelligent resource usage.

IoT is an idea that was conceptualized at MIT in 1999 as part of their RFID Project (Radio-Frequency Identification Project) at the Auto-ID center, and is now transforming company processes, business models and industries around the globe. The idea of IoT is that a user wants to be able to connect everything (users, device, and systems), make connectivity ubiquitous, and then leverage this connectivity for either personal or industry gain.

According to Desai, “IoT is still extremely greenfield – there is no blue-print in place. Industrial IoT will likely drive one half to two thirds of realized value.” and the United States is extremely well-positioned to lead this Industrial IoT development. However, competition from manufacturing hubs in Germany, with their efforts in Plattform Industrie 4.0 (smart manufacturing for mass customization) and some great work done by the larger electric and motor companies in Japan, are close behind. By some estimates, in 2025 IoT will have a global economic impact of between $5-15 trillion USD.

Another big issue with IoT is security. “It’s an extremely important part of the puzzle,” says Desai.  At his company, GlobalSign, questions like, “How do you secure the IoT” and, “How do you trust the source of the data?” come up a lot. Desai and his team are working to drive security in an ever-increasingly connected world. For example, traditional endpoint protection software like anti-virus and anti-malware, or firewall systems cannot be used for all IoT deployments. Now that every small device is connected, it does not make sense to run this whole suite of products, since they do not cater to many of these devices or use-cases.

Desai and his team ask, “How can I make it possible to have protection for devices that use all the various platforms that are out there, different protocols and various processors across the world? This is an extremely difficult problem to solve.”

Desai focuses on the problem of identifying an IoT device. How can one be sure that the data coming from a sensor is trusted and that it has not been compromised by a rogue actor? How does one prove that the device is actually what it claims to be?

“Creating an ‘intrinsic id’ – unique identifiers (think, digital fingerprints or signatures) that safely verify the identity of objects and devices is critical,” Desai says. For example, imagine if there were a compromised sensor in an energy turbine. Incorrect data could report that the turbine was functioning normally, when in reality the turbine was at the point of breaking down. Securing critical infrastructure and sensitive data is of the utmost importance.

“We are trying to solve the problem by establishing trust with and within the device,” Desai says. “We do that by establishing a very secure identity, almost a fingerprint for the device. The ownership of the identity lies with the device, but the control lies with the company or organization.”

Desai’s work is augmenting security technologies for digital fingerprinting of devices with Hardware Root of Trust based on newer technologies including: TPMs (Trusted Platform Modules) or PUFs (Physically Unclonable Functions). These are different hardware and software technologies that can be implemented on the device itself, so that the device can generate its own unique fingerprint that is controllable by the owner. They then take this identifier and apply a signature to create a secure, unchangeable fingerprint for the device. Thinking to the future, Desai says, “I encourage people to realize that IoT will disrupt and transform every industry and technology. Everyone should be ready to talk about IoT and apply these concepts to their daily work, and overall technical or business strategy.”